Solved Possible threat, just removed SoftwareBundler:Win32/Stallmonitz

Palindox

Posts: 19   +0
Microsoft Security Essentials found SoftwareBundler:Win32/Stallmonitz. Malwarebytes did not detect it. I used MSE to remove it, but wanted to make sure my PC was clean.

Any help is appreciated, thank you!
 
Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
FRST.txt 1

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-05-2016 03
Ran by Alexa (administrator) on ALEXA-PC (07-05-2016 00:24:06)
Running from C:\Users\Alexa\Documents
Loaded Profiles: Alexa & (Available Profiles: Alexa & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Windows\System32\AESMSr64.exe
(Scarlet.Crush Productions) C:\Program Files\Scarlet.Crush Productions\bin\ScpService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\PSIService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Spotify Ltd) C:\Users\Alexa\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(NVIDIA Corporation) C:\Users\Alexa\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Users\Alexa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Alexa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Alexa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Alexa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Alexa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Alexa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Alexa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Alexa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Alexa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Alexa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Alexa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Alexa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Alexa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Alexa\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2396096 2016-03-29] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [ThpSrv] => C:\Windows\system32\thpsrv /logon
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-09] (Realtek Semiconductor)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1051028164-3291638393-1546100382-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-04-29] (Valve Corporation)
HKU\S-1-5-21-1051028164-3291638393-1546100382-1000\...\Run: [Google Update] => C:\Users\Alexa\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-1051028164-3291638393-1546100382-1000\...\Run: [Spotify Web Helper] => C:\Users\Alexa\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-04-23] (Spotify Ltd)
HKU\S-1-5-21-1051028164-3291638393-1546100382-1000\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-1051028164-3291638393-1546100382-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-04-29] (Valve Corporation)
HKU\S-1-5-21-1051028164-3291638393-1546100382-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Alexa\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-1051028164-3291638393-1546100382-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\Alexa\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-04-23] (Spotify Ltd)
HKU\S-1-5-21-1051028164-3291638393-1546100382-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-1051028164-3291638393-1546100382-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Alexa\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-1051028164-3291638393-1546100382-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1051028164-3291638393-1546100382-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-1051028164-3291638393-1546100382-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite] => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\S-1-5-21-1051028164-3291638393-1546100382-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-04-29] (Valve Corporation)
HKU\S-1-5-21-1051028164-3291638393-1546100382-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarenaPlus] => "C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe" -autolaunch
HKU\S-1-5-21-1051028164-3291638393-1546100382-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\Alexa\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-04-23] (Spotify Ltd)
HKU\S-1-5-21-1051028164-3291638393-1546100382-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {21c5ab61-3fe4-11e2-83c9-b870f461cd42} - F:\TL_Bootstrap.exe
HKU\S-1-5-21-1051028164-3291638393-1546100382-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {41b6d82e-2515-11e4-81a8-b870f461cd42} - E:\StartSetup.exe
HKU\S-1-5-21-1051028164-3291638393-1546100382-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6fa8c7d0-e645-11e2-9e53-b870f461cd42} - E:\CDSAMPLE\AUTORUN\AUTORUN.EXE
HKU\S-1-5-21-1051028164-3291638393-1546100382-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {7f8b9f28-7099-11e2-b256-b870f461cd42} - E:\TL_Bootstrap.exe
HKU\S-1-5-21-1051028164-3291638393-1546100382-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ba52c30d-606b-11e3-8a29-b870f461cd42} - E:\bunnyust.exe
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [175368 2016-03-22] (NVIDIA Corporation)
AppInit_DLLs: , C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175368 2016-03-22] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [153392 2016-03-22] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2A77207D-9187-45CE-84B0-45CC7A8836F9}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{EE151819-AF49-4285-B232-B1EBB01E6C7D}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1051028164-3291638393-1546100382-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1051028164-3291638393-1546100382-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1051028164-3291638393-1546100382-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1051028164-3291638393-1546100382-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000 -> {2D531E59-C11D-4046-8F38-FE100299082B} URL =
SearchScopes: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2D531E59-C11D-4046-8F38-FE100299082B} URL =
SearchScopes: HKU\S-1-5-21-1051028164-3291638393-1546100382-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2D531E59-C11D-4046-8F38-FE100299082B} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Alexa\AppData\Roaming\Mozilla\Firefox\Profiles\9seab2en.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll [No File]
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1051028164-3291638393-1546100382-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-1051028164-3291638393-1546100382-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-1051028164-3291638393-1546100382-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-1051028164-3291638393-1546100382-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Shockwave Flash) - C:\Users\Alexa\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Users\Alexa\AppData\Local\Google\Chrome\Application\50.0.2661.94\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Alexa\AppData\Local\Google\Chrome\Application\50.0.2661.94\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Users\Alexa\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-04-20]
CHR Extension: (YouTube) - C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Turk Assist) - C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Extensions\boaodomjkjehcobmcehliafmodimcidg [2016-05-04]
CHR Extension: (uBlock Origin) - C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-05-04]
CHR Extension: (Google Search) - C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Tampermonkey) - C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-04-11]
CHR Extension: (MindMup - Free Mind Map web site) - C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnenaecjcgeppfpaokiifokeieopppej [2015-03-12]
CHR Extension: (Ippei Gyoubu) - C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhmnnbcakddemboenjellhhnodkfffgm [2015-03-12]
CHR Extension: (HTTPS Everywhere) - C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2016-04-05]
CHR Extension: (Google Docs Offline) - C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Mibbit webchat) - C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbadbkkklnhamjjeagmknajgmbgcmnpi [2015-03-12]
CHR Extension: (Last.fm Scrobbler) - C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhinaapppaileiechjoiifaancjggfjm [2016-03-14]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2015-03-12]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-03-12]
CHR Extension: (Flashcontrol) - C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2016-04-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Gmail) - C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR HKU\S-1-5-21-1051028164-3291638393-1546100382-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1051028164-3291638393-1546100382-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.4BQPYKWXWROPFAUMEKZ7DIFUZM - C:\Users\Alexa\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESMFilters; C:\Windows\system32\AESMSr64.exe [103112 2015-04-21] (Andrea Electronics Corporation)
R2 Ds3Service; C:\Program Files\Scarlet.Crush Productions\bin\ScpService.exe [388352 2013-05-05] (Scarlet.Crush Productions)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [239904 2016-02-04] (EasyAntiCheat Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164672 2016-02-17] (NVIDIA Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5317936 2014-01-13] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-03-29] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-03-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-03-29] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-03] (Electronic Arts)
R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation)
S4 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-07] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-03-29] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-03-21] (NVIDIA Corporation)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-06-12] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]
S3 X6va028; \??\C:\Windows\SysWOW64\Drivers\X6va028 [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
S3 X6va031; \??\C:\Windows\SysWOW64\Drivers\X6va031 [X]
S3 X6va035; \??\C:\Windows\SysWOW64\Drivers\X6va035 [X]
 
FRST.txt 2

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-07 00:24 - 2016-05-07 00:24 - 00024737 _____ C:\Users\Alexa\Documents\FRST.txt
2016-05-06 14:16 - 2016-05-07 00:24 - 00000000 ____D C:\FRST
2016-05-06 14:16 - 2016-05-06 14:16 - 00000000 ____D C:\Users\Alexa\Documents\FRST-OlderVersion
2016-05-06 11:41 - 2016-05-06 14:16 - 02379264 _____ (Farbar) C:\Users\Alexa\Documents\FRST64.exe
2016-05-05 00:44 - 2016-05-05 00:44 - 01610816 _____ (Malwarebytes) C:\Users\Alexa\Documents\JRT.exe
2016-05-05 00:43 - 2016-05-05 00:43 - 03615296 _____ C:\Users\Alexa\Documents\adwcleaner_5.115.exe
2016-05-05 00:43 - 2016-05-05 00:43 - 01610816 _____ (Malwarebytes) C:\Users\Alexa\Downloads\D5F0.tmp
2016-05-05 00:42 - 2016-05-05 00:42 - 19779656 _____ C:\Users\Alexa\Documents\RogueKiller.exe
2016-05-04 23:31 - 2016-05-04 23:31 - 00000000 ____D C:\Users\Alexa\AppData\Local\Electronic Arts
2016-05-04 23:30 - 2016-05-04 23:30 - 00000000 ____D C:\Users\Alexa\Documents\Electrontic Arts
2016-05-04 21:10 - 2016-03-21 16:01 - 00100416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-05-04 21:10 - 2016-03-21 16:01 - 00056384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-04-30 16:03 - 2016-04-30 16:03 - 00000000 ____D C:\Users\Alexa\Documents\SEGA Mega Drive Classics
2016-04-16 18:47 - 2016-04-16 18:47 - 10167467 _____ C:\Users\Alexa\Downloads\294142-Ambler_Dinner_Menu.pdf
2016-04-16 18:01 - 2016-03-17 19:04 - 05551336 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-04-16 18:01 - 2016-03-17 19:04 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-04-16 18:01 - 2016-03-17 19:04 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-04-16 18:01 - 2016-03-17 19:04 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-04-16 18:01 - 2016-03-17 19:01 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-04-16 18:01 - 2016-03-17 19:01 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-04-16 18:01 - 2016-03-17 18:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-04-16 18:01 - 2016-03-17 18:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-04-16 18:01 - 2016-03-17 18:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-04-16 18:01 - 2016-03-17 18:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-04-16 18:01 - 2016-03-17 18:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-04-16 18:01 - 2016-03-17 18:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-04-16 18:01 - 2016-03-17 18:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-04-16 18:01 - 2016-03-17 18:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-04-16 18:01 - 2016-03-17 18:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-04-16 18:01 - 2016-03-17 18:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-04-16 18:01 - 2016-03-17 18:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-04-16 18:01 - 2016-03-17 18:57 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-04-16 18:01 - 2016-03-17 18:57 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-04-16 18:01 - 2016-03-17 18:57 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-04-16 18:01 - 2016-03-17 18:57 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-04-16 18:01 - 2016-03-17 18:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-16 18:01 - 2016-03-17 18:56 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-04-16 18:01 - 2016-03-17 18:54 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-04-16 18:01 - 2016-03-17 18:54 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-04-16 18:01 - 2016-03-17 18:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-04-16 18:01 - 2016-03-17 18:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-04-16 18:01 - 2016-03-17 18:53 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-04-16 18:01 - 2016-03-17 18:53 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-04-16 18:01 - 2016-03-17 18:53 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-16 18:01 - 2016-03-17 18:53 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:36 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-04-16 18:01 - 2016-03-17 18:36 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-04-16 18:01 - 2016-03-17 18:33 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-04-16 18:01 - 2016-03-17 18:31 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-04-16 18:01 - 2016-03-17 18:31 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-04-16 18:01 - 2016-03-17 18:31 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-04-16 18:01 - 2016-03-17 18:31 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-04-16 18:01 - 2016-03-17 18:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-04-16 18:01 - 2016-03-17 18:30 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-04-16 18:01 - 2016-03-17 18:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-04-16 18:01 - 2016-03-17 18:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-04-16 18:01 - 2016-03-17 18:29 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-04-16 18:01 - 2016-03-17 18:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-04-16 18:01 - 2016-03-17 18:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-04-16 18:01 - 2016-03-17 18:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-04-16 18:01 - 2016-03-17 18:27 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-04-16 18:01 - 2016-03-17 18:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-04-16 18:01 - 2016-03-17 18:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-04-16 18:01 - 2016-03-17 18:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-04-16 18:01 - 2016-03-17 18:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-04-16 18:01 - 2016-03-17 18:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 17:53 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-04-16 18:01 - 2016-03-17 17:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-04-16 18:01 - 2016-03-17 17:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-04-16 18:01 - 2016-03-17 17:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-04-16 18:01 - 2016-03-17 17:44 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-04-16 18:01 - 2016-03-17 17:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-04-16 18:01 - 2016-03-17 17:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-04-16 18:01 - 2016-03-17 17:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-04-16 18:01 - 2016-03-17 17:37 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-04-16 18:01 - 2016-03-17 17:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-04-16 18:01 - 2016-03-17 17:35 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-04-16 18:01 - 2016-03-17 17:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-04-16 18:01 - 2016-03-17 17:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-04-16 18:01 - 2016-03-17 17:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-04-16 18:01 - 2016-03-17 17:30 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-04-16 18:01 - 2016-03-17 17:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-04-16 18:01 - 2016-03-17 17:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-04-16 18:01 - 2016-03-17 17:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 17:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 17:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 17:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-04-16 18:01 - 2016-03-06 14:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-16 18:01 - 2016-03-06 14:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-04-16 18:01 - 2016-03-06 14:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-04-16 18:01 - 2016-03-06 14:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-04-16 18:00 - 2016-03-31 15:25 - 00394952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-04-16 18:00 - 2016-03-31 14:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-04-16 18:00 - 2016-03-30 20:54 - 25817600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-04-16 18:00 - 2016-03-30 20:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-04-16 18:00 - 2016-03-30 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-04-16 18:00 - 2016-03-30 20:31 - 02892800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-04-16 18:00 - 2016-03-30 20:28 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-04-16 18:00 - 2016-03-30 20:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-04-16 18:00 - 2016-03-30 20:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-04-16 18:00 - 2016-03-30 20:27 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-04-16 18:00 - 2016-03-30 20:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-04-16 18:00 - 2016-03-30 20:25 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-04-16 18:00 - 2016-03-30 20:22 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-04-16 18:00 - 2016-03-30 20:21 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-04-16 18:00 - 2016-03-30 20:19 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-04-16 18:00 - 2016-03-30 20:17 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-04-16 18:00 - 2016-03-30 20:17 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-04-16 18:00 - 2016-03-30 20:17 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-04-16 18:00 - 2016-03-30 20:17 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-04-16 18:00 - 2016-03-30 20:11 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-04-16 18:00 - 2016-03-30 20:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-04-16 18:00 - 2016-03-30 20:03 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-04-16 18:00 - 2016-03-30 20:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-04-16 18:00 - 2016-03-30 20:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-04-16 18:00 - 2016-03-30 19:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-04-16 18:00 - 2016-03-30 19:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-04-16 18:00 - 2016-03-30 19:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-04-16 18:00 - 2016-03-30 19:55 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-04-16 18:00 - 2016-03-30 19:53 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-04-16 18:00 - 2016-03-30 19:53 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-04-16 18:00 - 2016-03-30 19:52 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-04-16 18:00 - 2016-03-30 19:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-04-16 18:00 - 2016-03-30 19:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-04-16 18:00 - 2016-03-30 19:52 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-04-16 18:00 - 2016-03-30 19:51 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-04-16 18:00 - 2016-03-30 19:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-04-16 18:00 - 2016-03-30 19:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-04-16 18:00 - 2016-03-30 19:46 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-04-16 18:00 - 2016-03-30 19:45 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-04-16 18:00 - 2016-03-30 19:45 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-04-16 18:00 - 2016-03-30 19:45 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-04-16 18:00 - 2016-03-30 19:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-04-16 18:00 - 2016-03-30 19:43 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-04-16 18:00 - 2016-03-30 19:43 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-04-16 18:00 - 2016-03-30 19:42 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-04-16 18:00 - 2016-03-30 19:42 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-04-16 18:00 - 2016-03-30 19:39 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-04-16 18:00 - 2016-03-30 19:38 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-04-16 18:00 - 2016-03-30 19:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-04-16 18:00 - 2016-03-30 19:33 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-04-16 18:00 - 2016-03-30 19:31 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-04-16 18:00 - 2016-03-30 19:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-04-16 18:00 - 2016-03-30 19:30 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-04-16 18:00 - 2016-03-30 19:30 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-04-16 18:00 - 2016-03-30 19:30 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-04-16 18:00 - 2016-03-30 19:29 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-04-16 18:00 - 2016-03-30 19:24 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-04-16 18:00 - 2016-03-30 19:23 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-04-16 18:00 - 2016-03-30 19:23 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-04-16 18:00 - 2016-03-30 19:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-04-16 18:00 - 2016-03-30 19:21 - 13811712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-04-16 18:00 - 2016-03-30 19:18 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-04-16 18:00 - 2016-03-30 19:06 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-04-16 18:00 - 2016-03-30 19:05 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-04-16 18:00 - 2016-03-30 19:02 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-04-16 18:00 - 2016-03-30 19:00 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-04-16 18:00 - 2016-03-29 13:53 - 03216896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-04-16 18:00 - 2016-03-15 20:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-16 18:00 - 2016-03-15 20:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-16 18:00 - 2016-03-15 19:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-04-16 18:00 - 2016-03-11 14:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-04-16 18:00 - 2016-03-11 14:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-04-10 21:51 - 2016-04-10 21:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories
2016-04-10 21:51 - 2016-04-10 21:51 - 00000000 ____D C:\Program Files\Microsoft Xbox 360 Accessories
2016-04-10 21:36 - 2016-04-10 21:36 - 07878008 _____ (Microsoft Corporation) C:\Users\Alexa\Downloads\Xbox360_64Eng.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-07 00:22 - 2014-07-21 00:59 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-07 00:22 - 2013-01-18 16:49 - 00000000 ____D C:\Program Files (x86)\Steam
2016-05-07 00:22 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-06 14:18 - 2009-07-14 00:45 - 00023568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-06 14:18 - 2009-07-14 00:45 - 00023568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-06 13:43 - 2012-09-28 18:18 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1051028164-3291638393-1546100382-1000UA.job
2016-05-06 13:19 - 2012-10-19 23:05 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-06 11:45 - 2009-07-14 01:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-06 11:45 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-05-05 00:47 - 2012-12-31 06:38 - 00000000 ____D C:\Program Files (x86)\Google
2016-05-05 00:23 - 2015-05-14 12:22 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2016-05-05 00:21 - 2016-02-15 02:09 - 00000000 ____D C:\Program Files (x86)\DSPRobotics
2016-05-05 00:21 - 2016-02-15 02:05 - 00000000 ____D C:\Program Files (x86)\Image-Line
2016-05-05 00:21 - 2014-07-04 18:19 - 00000000 ____D C:\Users\Alexa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2016-05-05 00:21 - 2014-07-04 18:19 - 00000000 ____D C:\Program Files\Image-Line
2016-05-05 00:04 - 2015-06-14 21:57 - 00000000 ____D C:\Users\Alexa\AppData\Local\CrashDumps
2016-05-04 23:31 - 2013-08-28 17:34 - 00000000 ____D C:\Users\Alexa\Documents\Electronic Arts
2016-05-04 22:34 - 2015-12-07 22:18 - 00000000 ____D C:\Users\Alexa\AppData\Local\Last.fm
2016-05-04 22:09 - 2012-09-28 20:15 - 00000000 ____D C:\Users\Alexa\AppData\Local\Spotify
2016-05-04 21:58 - 2012-09-28 20:10 - 00000000 ____D C:\Users\Alexa\AppData\Roaming\Spotify
2016-05-04 21:45 - 2012-09-28 18:18 - 00002376 _____ C:\Users\Alexa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-04 21:43 - 2012-09-28 18:18 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1051028164-3291638393-1546100382-1000Core.job
2016-05-04 21:07 - 2012-12-31 06:40 - 00000000 ___RD C:\Users\Alexa\Google Drive
2016-04-30 23:47 - 2012-09-28 19:33 - 00000000 ____D C:\Users\Alexa\AppData\Roaming\Skype
2016-04-30 14:37 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2016-04-26 20:22 - 2016-03-07 23:00 - 00000000 ____D C:\Users\Alexa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-04-26 20:22 - 2016-03-07 23:00 - 00000000 ____D C:\Users\Alexa\AppData\Local\SquirrelTemp
2016-04-26 20:22 - 2016-03-07 23:00 - 00000000 ____D C:\Users\Alexa\AppData\Local\Discord
2016-04-22 03:57 - 2012-09-28 16:15 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-04-17 19:31 - 2009-07-14 00:45 - 00343376 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-17 02:45 - 2013-08-14 01:20 - 00000000 ____D C:\Windows\system32\MRT
2016-04-17 02:38 - 2012-09-28 16:51 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-10 21:33 - 2013-03-03 22:43 - 00000000 ____D C:\Users\Alexa\AppData\Local\ElevatedDiagnostics
2016-04-07 22:19 - 2012-10-19 23:05 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-07 22:19 - 2012-10-19 23:05 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-07 22:19 - 2012-10-19 23:05 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

==================== Files in the root of some directories =======

2015-05-08 03:12 - 2015-05-08 03:49 - 0007597 _____ () C:\Users\Alexa\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Alexa\AppData\Local\Temp\dsp_ipp.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-28 23:04

==================== End of FRST.txt ============================
 
Addition.txt 1

Additional scan result of Farbar Recovery Scan Tool (x64) Version:06-05-2016 03
Ran by Alexa (2016-05-07 00:24:43)
Running from C:\Users\Alexa\Documents
Windows 7 Home Premium Service Pack 1 (X64) (2012-09-26 22:03:53)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1051028164-3291638393-1546100382-500 - Administrator - Disabled)
Alexa (S-1-5-21-1051028164-3291638393-1546100382-1000 - Administrator - Enabled) => C:\Users\Alexa
Guest (S-1-5-21-1051028164-3291638393-1546100382-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-1051028164-3291638393-1546100382-1008 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer System Information (HKLM-x32\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Alien: Isolation (HKLM-x32\...\Steam App 214490) (Version: - Creative Assembly)
Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version: - Frictional Games)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Audition (HKLM-x32\...\{EA9B4B3E-4C46-4A5F-8D12-6A1331C114A6}) (Version: 1.00.0000 - Redbana)
AVG 2013 (Version: 13.0.2677 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.2740 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.2741 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.2742 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.2793 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.2805 - AVG Technologies) Hidden
Bastion (HKLM-x32\...\Steam App 107100) (Version: - Supergiant Games)
Bejeweled 3 (HKLM-x32\...\Steam App 78000) (Version: - PopCap Games, Inc.)
BioShock (HKLM-x32\...\Steam App 7670) (Version: - 2K Boston)
BioShock 2 (HKLM-x32\...\Steam App 8850) (Version: - 2K Marin)
BIT.TRIP RUNNER (remove only) (HKLM-x32\...\BIT.TRIP RUNNER) (Version: 1.0 - Gaijin Games, Inc.)
Borderlands (HKLM-x32\...\Steam App 8980) (Version: - Gearbox Software)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.42 - Broadcom Corporation)
CameraHelperMsi (x32 Version: 13.50.854.0 - Logitech) Hidden
CDisplayEx 1.10.28 (HKLM\...\CDisplayEx_is1) (Version: - Progdigy Software S.A.R.L.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Claire (HKLM-x32\...\Steam App 252830) (Version: - Hailstorm Games)
Combined Community Codec Pack 2011-11-11 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2011.11.11.0 - CCCP Project)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Cry of Fear (HKLM-x32\...\Steam App 223710) (Version: - Team Psykskallar)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version: - FromSoftware)
Dead Island: Epidemic (HKLM-x32\...\Steam App 222900) (Version: - Stunlock Studios)
Dead Space (HKLM-x32\...\Steam App 17470) (Version: - EA Redwood Shores)
Deus Ex: Game of the Year Edition (HKLM-x32\...\Steam App 6910) (Version: - Ion Storm)
DiscJuggler (HKLM-x32\...\DiscJuggler) (Version: 6.0.0.1400 - Padus Incorporated)
Discord (HKU\S-1-5-21-1051028164-3291638393-1546100382-1000\...\Discord) (Version: 0.0.288 - Hammer & Chisel, Inc.)
Discord (HKU\S-1-5-21-1051028164-3291638393-1546100382-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Discord) (Version: 0.0.288 - Hammer & Chisel, Inc.)
Do you like horny bunnies? (HKLM-x32\...\Do you like horny bunnies?) (Version: 1.1 - ZyX)
Downfall version 1.4 (HKLM-x32\...\{7DA02DDE-932E-4F14-9076-079A50E27E28}_is1) (Version: 1.4 - Screen 7)
Dropbox (HKU\S-1-5-21-1051028164-3291638393-1546100382-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 1.6.17 - Dropbox, Inc.)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version: - SCS Software)
Fallout (HKLM-x32\...\GOGPACKFALLOUT_is1) (Version: 2.0.0.14 - GOG.com)
Fallout 2 (HKLM-x32\...\GOGPACKFALLOUT2_is1) (Version: 2.0.0.12 - GOG.com)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
Gone Home (HKLM-x32\...\Steam App 232430) (Version: - The Fullbright Company)
Google Chrome (HKU\S-1-5-21-1051028164-3291638393-1546100382-1000\...\Google Chrome) (Version: 50.0.2661.94 - Google Inc.)
Google Chrome (HKU\S-1-5-21-1051028164-3291638393-1546100382-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Google Chrome) (Version: 50.0.2661.94 - Google Inc.)
Google Chrome (HKU\S-1-5-21-1051028164-3291638393-1546100382-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Grim Fandango Remastered (HKLM-x32\...\Steam App 316790) (Version: - Double Fine Productions)
Guns of Icarus Online (HKLM\...\Steam App 209080) (Version: - Muse Games)
Half-Life (HKLM-x32\...\Steam App 70) (Version: - Valve)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version: - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version: - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version: - Valve)
Half-Life: Blue Shift (HKLM-x32\...\Steam App 130) (Version: - Gearbox Software)
Half-Life: Opposing Force (HKLM-x32\...\Steam App 50) (Version: - Gearbox Software)
Harvester (HKLM-x32\...\Steam App 287020) (Version: - DigiFX Interactive)
Hotline Miami (HKLM-x32\...\Steam App 219150) (Version: - Dennaton Games)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
I Have No Mouth, and I Must Scream (HKLM-x32\...\Steam App 245390) (Version: - Cyberdreams)
ILLUSION RapeLay (HKLM-x32\...\{D1E1F028-1953-43A3-BFD8-D2A00EC06E36}) (Version: 1.00.0000 - ILLUSION)
Intel(R) Chipset Device Software (x32 Version: 10.0.27 - Intel(R) Corporation) Hidden
Intel(R) Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{eddf4201-b72e-4e94-9e7b-ac1ba97c029f}) (Version: 16.11.0 - Intel Corporation)
Katawa Shoujo (HKLM-x32\...\Katawa Shoujo) (Version: - )
Last.fm Scrobbler 2.1.37 (HKLM-x32\...\LastFM_is1) (Version: - Last.fm)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Life Is Strange™ (HKLM-x32\...\Steam App 319630) (Version: - DONTNOD Entertainment)
LIMBO (HKLM-x32\...\Steam App 48000) (Version: - Playdead)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
Lone Survivor: The Director's Cut (HKLM-x32\...\Steam App 209830) (Version: - Jasper Byrne)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.0.162.0 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mount and Blade (HKLM-x32\...\1207666893_is1) (Version: 2.0.0.4 - GOG.com)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
Neverending Nightmares (HKLM-x32\...\Steam App 253330) (Version: - Infinitap Games)
NVIDIA GeForce Experience 2.10.2.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.10.2.40 - NVIDIA Corporation)
NVIDIA Graphics Driver 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.72 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
NVIDIA Update 2.11.2.55 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 2.11.2.55 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.3.2.2730 - Electronic Arts, Inc.)
Outlast (HKLM-x32\...\Steam App 238320) (Version: - Red Barrels)
paint.net (HKLM\...\{DF3A46D9-67B3-44B2-9D01-25C8BA772C8A}) (Version: 4.0.6 - dotPDN LLC)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version: - )
Penumbra: Black Plague (HKLM-x32\...\Steam App 22120) (Version: - Frictional Games)
Penumbra: Overture (HKLM-x32\...\Steam App 22180) (Version: - Frictional Games)
Penumbra: Requiem (HKLM-x32\...\Steam App 22140) (Version: - Frictional Games)
Portal (HKLM-x32\...\Steam App 400) (Version: - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.1 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.1 - Renesas Electronics Corporation) Hidden
Risk of Rain (HKLM-x32\...\Steam App 248820) (Version: - )
Rust (HKLM-x32\...\Steam App 252490) (Version: - Facepunch Studios)
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.7 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Sanitarium (HKLM-x32\...\GOGPACKSANITARIUM_is1) (Version: 2.0.0.25 - GOG.com)
Savage Lands (HKLM-x32\...\Steam App 307880) (Version: - Signal Studios)
SEGA Genesis & Mega Drive Classics (HKLM\...\Steam App 34270) (Version: - Sega)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.10.2.40 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
Sierra Utilities (HKLM-x32\...\Sierra Utilities) (Version: - )
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version: - Valve)
Spotify (HKU\S-1-5-21-1051028164-3291638393-1546100382-1000\...\Spotify) (Version: 1.0.27.75.gdc223232 - Spotify AB)
Spotify (HKU\S-1-5-21-1051028164-3291638393-1546100382-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Spotify) (Version: 1.0.27.75.gdc223232 - Spotify AB)
Spotify (HKU\S-1-5-21-1051028164-3291638393-1546100382-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Spotify) (Version: 1.0.2.6.g9977a14b - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Super Hexagon (HKLM-x32\...\Steam App 221640) (Version: - Terry Cavanagh)
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version: - Team Meat)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synergy (HKLM-x32\...\Steam App 17520) (Version: - Synergy Team)
System Shock 2 (HKLM-x32\...\Steam App 238210) (Version: - Irrational Games)
The 11th Hour (HKLM-x32\...\Steam App 255940) (Version: - Trilobyte Games)
The 7th Guest (HKLM-x32\...\Steam App 255920) (Version: - Trilobyte Games)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version: - Edmund McMillen and Florian Himsl)
The Cat Lady (1.4) version 1.4 (HKLM-x32\...\{006CA75D-81D6-454C-9DB8-95B9274E63D7}_is1) (Version: 1.4 - Screen 7)
The Impossible Game (HKLM-x32\...\Steam App 251630) (Version: - Grip Games)
The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.69.36.024017 - Electronic Arts Inc.)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts)
The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version: - Galactic Cafe)
The Typing of The Dead: Overkill (HKLM-x32\...\Steam App 246580) (Version: - Modern Dream)
The Ultimate DOOM (HKLM-x32\...\Steam App 2280) (Version: - id Software)
Thomas Was Alone (HKLM-x32\...\Steam App 220780) (Version: - Mike Bithell)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.1.2.4 - TOSHIBA Corporation)
Transmission-Qt (HKLM-x32\...\8538E49A-6FE5-4FDB-8649-922BB839F21F) (Version: 2.77 - transmissionbt.com)
Ultra Street Fighter IV (HKLM-x32\...\Steam App 45760) (Version: - Capcom)
Undertale (HKLM-x32\...\Steam App 391540) (Version: - tobyfox)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.5.1 (HKLM\...\VulkanRT1.0.5.1) (Version: 1.0.5.1 - LunarG, Inc.)
VVVVVV (HKLM-x32\...\Steam App 70300) (Version: - Terry Cavanagh)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
XPatcher (HKU\S-1-5-21-1051028164-3291638393-1546100382-1000\...\b357ffb973943035) (Version: 3.4.2.31 - XPatcher)
XPatcher (HKU\S-1-5-21-1051028164-3291638393-1546100382-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\b357ffb973943035) (Version: 3.4.2.31 - XPatcher)
XPatcher (HKU\S-1-5-21-1051028164-3291638393-1546100382-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\b357ffb973943035) (Version: 3.4.2.31 - XPatcher)
Yume Nikki 0.10 English (HKU\S-1-5-21-1051028164-3291638393-1546100382-1000\...\Yume Nikki 0.10 English) (Version: - )
Yume Nikki 0.10 English (HKU\S-1-5-21-1051028164-3291638393-1546100382-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Yume Nikki 0.10 English) (Version: - )
Yume Nikki 0.10 English (HKU\S-1-5-21-1051028164-3291638393-1546100382-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Yume Nikki 0.10 English) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Alexa\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Alexa\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {32DAB3FF-DDE5-40AB-9A31-6617BB2C81AD} - System32\Tasks\{BC98BCCC-2999-4EDD-AF21-1E70CE27BDFA} => pcalua.exe -a "C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\bin\addoninstaller.exe" -d "C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2" -c /register
Task: {330EB290-688F-495E-B16C-73E88FA0C319} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2012-11-02] (Microsoft Corporation)
Task: {41D551B2-C151-49F4-B485-E5E5534F64B8} - System32\Tasks\{5742BBF3-5739-4CF7-AC7D-2A7B7FCAD051} => pcalua.exe -a "C:\Program Files (x86)\Last.fm\UninsHs.exe" -c /u0=LastFM
Task: {50C8D3D1-F3F6-4AD4-A3D5-0C10F11A34CA} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2012-11-02] (Microsoft Corporation)
Task: {A396B0AB-8F7C-4B80-81C5-0CD890236EC2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {C829C921-7374-4E6B-B5BE-3B5A18CBFAF8} - System32\Tasks\{E7BFF0F5-C254-408A-A53B-53AE74F0D494} => pcalua.exe -a "C:\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/570
Task: {D118A910-D1E3-45B4-84EC-0B909F07DB55} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2012-11-02] (Microsoft)
Task: {DC0310CC-7F5E-4BE5-837C-78DD150280F6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1051028164-3291638393-1546100382-1000Core => C:\Users\Alexa\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {E4842BE0-7590-42B4-8695-3318212C4642} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-07] (Adobe Systems Incorporated)
Task: {E4F4D9F8-7236-4819-909C-355BD9B1002C} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {E9407586-FA4F-4830-82C0-67E03A3125EC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1051028164-3291638393-1546100382-1000UA => C:\Users\Alexa\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1051028164-3291638393-1546100382-1000Core.job => C:\Users\Alexa\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1051028164-3291638393-1546100382-1000UA.job => C:\Users\Alexa\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2012-11-02 13:35 - 2016-03-21 22:25 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-03-01 23:22 - 2016-03-29 21:21 - 00366528 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-05-04 21:12 - 2016-03-29 21:21 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-03-01 23:22 - 2016-03-29 21:22 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2015-12-23 23:07 - 2016-03-29 21:21 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2007-06-05 13:20 - 2007-06-05 13:20 - 00177704 _____ () C:\Windows\SysWOW64\PSIService.exe
2016-05-04 21:12 - 2016-03-29 21:21 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-05-04 21:12 - 2016-03-29 21:21 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-05-04 21:12 - 2016-03-29 21:22 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-01-27 19:33 - 2016-03-29 21:22 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2011-04-05 02:18 - 2011-04-05 02:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-05-04 21:12 - 2016-03-29 21:20 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-05-04 21:12 - 2016-03-29 21:20 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2015-03-30 18:47 - 2016-03-29 21:28 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2013-08-31 00:12 - 2016-04-29 16:10 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-19 21:51 - 2015-07-03 12:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-19 21:51 - 2015-07-03 12:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-19 21:51 - 2015-07-03 12:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-05-21 20:41 - 2016-04-29 20:10 - 02549840 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-28 20:04 - 2016-02-08 19:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-28 20:04 - 2016-02-08 19:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-28 20:04 - 2016-02-08 19:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-28 20:04 - 2016-02-08 19:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-28 20:04 - 2016-02-08 19:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-08-31 00:12 - 2016-04-29 20:10 - 00829008 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-08 23:10 - 2016-02-17 18:25 - 00281088 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2013-08-31 00:12 - 2016-04-27 21:00 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2016-05-04 21:45 - 2016-04-27 19:25 - 01738904 _____ () C:\Users\Alexa\AppData\Local\Google\Chrome\Application\50.0.2661.94\libglesv2.dll
2016-05-04 21:45 - 2016-04-27 19:25 - 00086168 _____ () C:\Users\Alexa\AppData\Local\Google\Chrome\Application\50.0.2661.94\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2015-06-12 03:48 - 00000768 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1051028164-3291638393-1546100382-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Alexa\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1051028164-3291638393-1546100382-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Alexa\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1051028164-3291638393-1546100382-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AcronisTibMounterMonitor => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: EaseUS TB Tray Agent => "C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe"
MSCONFIG\startupreg: GarenaPlus => "C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe" -autolaunch
MSCONFIG\startupreg: Google Update => "C:\Users\Alexa\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Alexa\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
 
Addition.txt 2

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{4CE73CEA-FCF8-4840-B893-53E410CC0C15}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{2B369800-2B7E-4587-B7D6-3ACEC86A1454}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{6A05E2B3-8A97-42DF-80D7-DF3B721230B4}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{6591A389-C84A-43CD-9B4E-D0E364790AC7}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{E03F13EE-72AE-43FC-84B6-505A5F34057D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{EE94262F-291B-4F90-8E2C-BDB92D7389BC}C:\users\alexa\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\alexa\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{2A5C22A3-3A7D-413D-B164-85E29F0DD803}C:\users\alexa\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\alexa\appdata\roaming\spotify\spotify.exe
FirewallRules: [{5A1F2F30-E36D-4314-A6AB-B6F3694AA95B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C1AF04AD-56C8-42FF-A5A0-867B0930D8E2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{49015933-BF6E-446E-83AB-33CF670358A1}C:\program files (x86)\steam\steamapps\eccentric_ebonics\team fortress 2\hl2.exe] => (Block) C:\program files (x86)\steam\steamapps\eccentric_ebonics\team fortress 2\hl2.exe
FirewallRules: [UDP Query User{AE8E12AC-7E31-4EDB-BE16-C248F81A43CC}C:\program files (x86)\steam\steamapps\eccentric_ebonics\team fortress 2\hl2.exe] => (Block) C:\program files (x86)\steam\steamapps\eccentric_ebonics\team fortress 2\hl2.exe
FirewallRules: [{E2D8487D-082F-4B6B-8145-F1C52EF0F18E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\eccentric_ebonics\half-life\hl.exe
FirewallRules: [{40FEF2FE-EAD7-4D88-8A58-5FFC9D5E5577}] => (Allow) C:\Program Files (x86)\Steam\steamapps\eccentric_ebonics\half-life\hl.exe
FirewallRules: [{098BD959-AD79-4F98-97E1-C24B8DE23128}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{0AEE10B4-7BBD-4FA6-A126-BD6932F269F7}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{0CA5BCFA-627F-45B3-B757-CF0A2EAAF1AB}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{3E03B3C7-A899-43EC-9084-8C29E6A236EF}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [TCP Query User{80BA1A30-20DD-4104-9DF7-CFADA5EEF420}C:\users\alexa\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\alexa\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{D5E4D3A0-1EFF-41C3-AAB9-4DF5EB7DD0BC}C:\users\alexa\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\alexa\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{30EDA368-68A3-43EF-9D4E-3635EAED6AE4}] => (Allow) C:\Program Files (x86)\MSN Messenger\msnmsgr.exe
FirewallRules: [{EBC89B27-DDCB-4CB6-962E-CFE6617BD5CB}] => (Allow) C:\Program Files (x86)\MSN Messenger\msnmsgr.exe
FirewallRules: [{8CD4552A-4A80-4F7D-B8AD-4CD72E68EC88}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{FEF13BD2-B325-4D9A-8752-BEFA6B1FAAFF}] => (Allow) svchost.exe
FirewallRules: [{F4882FBC-0227-4212-BA4B-1DB6B56E4EE7}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\livecall.exe
FirewallRules: [{F89D4EE7-CA47-4035-ACDA-7E37713E394A}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{7F36BCB6-8520-41EB-818F-408F03368A82}] => (Allow) svchost.exe
FirewallRules: [{FE2324F9-65A4-4789-80ED-C6EA66A0D0D0}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\livecall.exe
FirewallRules: [{FCB8F651-E4E9-41E0-AACE-77A6059886B6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{FB11BF0C-4822-497F-9A35-64DABF4F674C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [TCP Query User{82FAD8E0-9762-4958-8E35-18CA42CB2BC9}C:\program files (x86)\transmission-qt\transmission-qt.exe] => (Block) C:\program files (x86)\transmission-qt\transmission-qt.exe
FirewallRules: [UDP Query User{F0589240-4FC6-457F-A8BF-16F9C3B2EB07}C:\program files (x86)\transmission-qt\transmission-qt.exe] => (Block) C:\program files (x86)\transmission-qt\transmission-qt.exe
FirewallRules: [TCP Query User{09E61412-882A-4432-9FF0-604B3BA7B176}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Block) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [UDP Query User{CD841EF4-3D6C-4BBC-8279-DC85153273F1}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Block) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [{89FF8299-E819-4F70-A561-E73F8350CBCD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{5F357D42-BC0B-466D-8B59-A7E1FAEBF4AA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [TCP Query User{68672C05-0A67-430E-87DF-DAA872C5AA80}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Block) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [UDP Query User{EEF9AB21-893F-414A-85FC-0ED62B0BD074}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Block) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [{856E3538-E027-4932-A453-CC6FCCFBB896}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [{7D45C4D4-DF3C-498E-9129-182DB7FD4A3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [{8C3B1731-4913-4707-9251-4756A779C031}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{04EAB062-44BF-40CF-95D0-A365E0E405A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{D3D29C32-68E8-4581-9020-DC4537287184}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [{4FF67B62-6D9E-4F55-A2A0-55976588D5BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [{900B0BF5-F863-4C81-81F7-D92AD4380677}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Hexagon\superhexagon.exe
FirewallRules: [{9A9AC392-AFB5-4AF6-80D5-01FB89214907}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Hexagon\superhexagon.exe
FirewallRules: [{471829E1-922A-435D-9076-963C24F61CF4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{AC50E285-C3D9-41FE-961C-EDE230EF4298}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{2BFAA679-8980-4FF7-B8B3-A343334D709C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{53338B04-E9AB-4150-BE3A-A6D416ACDBF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{04E5F2DB-195F-4D76-AD3C-0EB0E4F7E413}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gone Home\GoneHome.exe
FirewallRules: [{9E514707-B3B0-452D-A8F6-BC25C74E37C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gone Home\GoneHome.exe
FirewallRules: [{95AD1F2F-2E73-47FC-A6AF-6583BEA20596}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Stanley Parable\stanley.exe
FirewallRules: [{3CBDDB69-328A-4905-AA1B-62B31A486DEA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Stanley Parable\stanley.exe
FirewallRules: [{EB952442-0C11-438A-8BAE-C6D8EEE28D83}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{1B59183F-4898-414D-9DBE-F2127A6E5719}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{610626B9-0B78-4B11-A66D-84A9EE3A6894}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\hotline_miami\HotlineMiami.exe
FirewallRules: [{E52703E6-1F94-47E9-A785-04C446D1A585}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\hotline_miami\HotlineMiami.exe
FirewallRules: [TCP Query User{75A8AD4E-513F-4EC9-AB48-28E076FDAF9F}C:\users\alexa\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\alexa\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{EAF5B981-4B5B-4223-9E21-D4FB47E1C905}C:\users\alexa\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\alexa\appdata\roaming\spotify\spotify.exe
FirewallRules: [{03AC60CC-9BA0-47D6-9226-76A15B7A022F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{23313942-0C0F-4174-8918-09A04C02BF49}] => (Allow) LPort=2869
FirewallRules: [{1C03408C-AF36-4631-AD01-CA6DBB61B72A}] => (Allow) LPort=1900
FirewallRules: [{53DA531F-C357-4786-B772-160CCAEA2315}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Typing of the Dead Overkill\HOTD_NG.exe
FirewallRules: [{AB0B02D8-A06C-4F6F-A40A-D60A673BA35B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Typing of the Dead Overkill\HOTD_NG.exe
FirewallRules: [{13EDCC1E-2904-474F-BFBF-40C435AA4003}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\IHNMAIMS\ScummVM_Windows\scummvm.exe
FirewallRules: [{405D5446-EF13-48EA-B879-13A2AF40E93C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\IHNMAIMS\ScummVM_Windows\scummvm.exe
FirewallRules: [{8FCA29AC-6F59-4C82-91C9-4B56349300C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{56CE9B17-0B81-45D4-BA40-257C308ABBED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{786E24B7-BF9D-4FEA-8EDF-676D583E2E86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Limbo\limbo.exe
FirewallRules: [{CEF754D0-9BEF-4CAF-86B5-9E08A5D72CB5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Limbo\limbo.exe
FirewallRules: [{425FC6B8-E934-4ADB-8873-565951E0DD16}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\thomaswasalone\ThomasWasAlone.exe
FirewallRules: [{4A954DCD-7035-4988-9FA1-5F4269E67BCB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\thomaswasalone\ThomasWasAlone.exe
FirewallRules: [TCP Query User{3B1A7FA9-C8A5-44B5-BCCB-3C152B4F647D}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [UDP Query User{4CC82FA3-814D-49F7-9BB7-5B37FF1E57B8}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [{F7790C0D-3106-4EE9-ABD5-C4D2B311B3F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{75BD6EBA-8739-41B1-B66B-9057D636F0D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{AFC10E11-193B-4B27-9E77-C81A53C715CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{5D9B89D6-4BD3-494F-922B-E94C86003F7D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{D9D0D582-057B-4447-A8E3-CBFAC9692AA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock 2\MP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{78FE87AD-44C2-4806-A972-BF1420A48D53}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock 2\MP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{7C682F4A-9BAB-45B5-B81A-6F7ED4D721A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\vvvvvv\VVVVVV.exe
FirewallRules: [{AD4B41AC-1518-4B87-BC4E-B107BC432911}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\vvvvvv\VVVVVV.exe
FirewallRules: [{79CDA0BF-B798-4F96-889D-71D85E95A572}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bastion\Bastion.exe
FirewallRules: [{43F2D36E-DB70-425F-9B75-8A5AE3E125B6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bastion\Bastion.exe
FirewallRules: [{7FB9BBDC-AFCA-4007-BF68-B08AC68FBB16}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{8CCBF985-74BC-462A-911A-E6F83AE4E892}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{1FFB424A-82A4-4E05-A5BA-BDFC900F50C8}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\livecall.exe
FirewallRules: [{496CD40B-D9AD-472D-92AA-EA267ACE0EA2}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\livecall.exe
FirewallRules: [{AF9E3028-AA04-43D9-8F11-A8D3B2F738D2}] => (Allow) svchost.exe
FirewallRules: [{2796723C-A82B-4FB3-AE3A-DFA4F1127FF2}] => (Allow) svchost.exe
FirewallRules: [{6750FEB3-07BF-45DD-9CCF-67F6DC54DC54}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe
FirewallRules: [{BEEF7D34-AAAE-4826-A679-B2D1A24487B5}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe
FirewallRules: [{0C1E0A4C-8301-4909-ACE8-224C4702BE57}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2BBBA796-6611-4D71-A16D-445EA99403F6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{171623B4-10EB-4F15-8887-EA23EB5B93B0}] => (Allow) C:\Users\Alexa\Downloads\MstarInstaller.exe
FirewallRules: [{2F262014-08E6-4A9B-BDF8-3C5FD6F7B725}] => (Allow) C:\Users\Alexa\Downloads\MstarInstaller.exe
FirewallRules: [{D11B2EF9-0632-4732-B530-412CC7277D09}] => (Allow) C:\Program Files (x86)\Garena Plus\ggdllhost.exe
FirewallRules: [TCP Query User{F6DE2FA1-D9EF-4E49-8705-330DF7204A12}C:\program files (x86)\garena plus\garenamessenger.exe] => (Allow) C:\program files (x86)\garena plus\garenamessenger.exe
FirewallRules: [UDP Query User{CA64B2E7-8D63-4659-8D0A-DCB3FC9B7637}C:\program files (x86)\garena plus\garenamessenger.exe] => (Allow) C:\program files (x86)\garena plus\garenamessenger.exe
FirewallRules: [TCP Query User{4D1EB51C-A52A-4AC8-AFAE-4897E877DBF9}C:\program files (x86)\garenamstar\gamedata\apps\mstar\binaries\nurien.exe] => (Allow) C:\program files (x86)\garenamstar\gamedata\apps\mstar\binaries\nurien.exe
FirewallRules: [UDP Query User{2CB68FFE-0A76-4788-800A-F3D554D7CDBB}C:\program files (x86)\garenamstar\gamedata\apps\mstar\binaries\nurien.exe] => (Allow) C:\program files (x86)\garenamstar\gamedata\apps\mstar\binaries\nurien.exe
FirewallRules: [{48F1E6B5-3BBD-4EDF-97D9-7131B36EDFDE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{525DD5BD-DFF6-4DE5-84A8-498D52B6B28B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{C4B6375E-78D5-47E1-99E7-AC85E7902C09}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{7B5E3C4E-0615-4CEA-AFAA-AECB1E16380E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{4CAD1BED-76E4-48EE-8757-01DF62B89AB7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SS2\Shock2.exe
FirewallRules: [{24339D6B-89C2-45B0-9063-7B2318FD5FB7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SS2\Shock2.exe
FirewallRules: [{B75A1169-1A8A-4BB7-B23E-196F681EC544}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The7thGuest\ScummVM_Windows\scummvm.exe
FirewallRules: [{043019E2-B045-4772-A254-983C88C7EE97}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The7thGuest\ScummVM_Windows\scummvm.exe
FirewallRules: [{6E4482F3-22B4-4EEB-A3AE-BB32BCC96BAB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The11thHour\v32win.exe
FirewallRules: [{125580B5-29F4-4577-B33B-D95C0E1F9FAA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The11thHour\v32win.exe
FirewallRules: [{5C9552B9-3524-451D-8EB1-CE8FB60C9ED3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Claire\Claire.exe
FirewallRules: [{F1AC0248-5EAE-43BC-B3C8-63F6DA43F074}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Claire\Claire.exe
FirewallRules: [TCP Query User{1836C0A3-8123-49C8-A53D-474D4290F097}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{47E6D63C-06BC-4852-A09E-E2590B819E0E}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{0DB251A8-69C8-4ED7-9282-E32DB72CEAD0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{85F323BB-8711-4B08-9CDB-69FD2BE417F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{2DB261CA-BAF4-4539-8CA2-8C49BF1CFF6D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Synergy\hl2.exe
FirewallRules: [{7FBCBF88-1A4F-4DAF-98F3-94D3F3353AF4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Synergy\hl2.exe
FirewallRules: [{82AA6DE4-F98C-4A6D-B07F-7777D97836BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{5564E007-D493-427F-B737-9CE5A9D95680}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{C1FED637-5339-4AED-B4AC-61ECDEA2B7C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Island Epidemic\Dead Island Epidemic - Launcher.exe
FirewallRules: [{F200CA07-5747-4180-AC09-F789F960B3C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Island Epidemic\Dead Island Epidemic - Launcher.exe
FirewallRules: [{4FF28671-1722-48CB-9C03-A5000887E4F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{B34F2BC6-62D7-40FE-AA3B-F12371FA2992}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{0CC71D56-942C-4783-BBBF-CA62E1F2E2DC}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{615E6052-5CDC-49EA-8DB0-B4027873FA62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{D6944609-EE99-4A49-93FF-13104A694E27}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{39F27B84-2FB0-42DF-913F-33C33F3CCED8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{9CC79E20-569C-45BD-B51C-121C75334600}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{3B777E15-35D6-46F2-93BE-31B5B74C2B3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{4E9BF447-1CC4-43EE-8C0C-A6BED02E7FF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{AB59E31D-89E2-4B18-92EC-07F154963E63}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Neverending Nightmares\nightmare.exe
FirewallRules: [{9CC1CE57-A2BF-4062-ADF8-58830015A228}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Neverending Nightmares\nightmare.exe
FirewallRules: [{881B0906-0B09-4FF9-905B-997D5F7DA288}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{78900925-793C-4E74-864B-6254891F3531}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{271A2AE1-00A6-43A2-AA07-D6C7F12B78F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{0E42B386-B2E5-4DDB-AB48-5219E7632837}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{1A9FB8E4-8133-483D-9A19-3BBD43745C8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{6EA3B40C-2631-4533-B639-9E9ADFCBBE6D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{7E52F9C8-02F0-4CD0-A9B4-A7B9510B3712}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{21CCC12F-49C9-4C0B-ACFE-8A788F278BFF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{936BA3C1-6142-4D24-A3D0-B51C77C2759E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{8EEC82FD-9C43-44AF-8D3A-24071E2F2609}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{2F2578CC-E867-4074-B868-1A08163ED626}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{4EC58E83-DD96-4242-BF8A-1AD08E24D132}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{30E8F4A3-8685-4D74-8E37-25E2968A3138}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{6FF8E439-6FAC-4735-8B00-44F90EC6FEBA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{5EBFCDBA-7B86-4043-A537-12AD2ECA8D13}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
FirewallRules: [{9E7C88BB-B1CC-4214-9C29-E5F16049833A}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{89CDFCC2-5678-4A2A-96C1-3C28EB0292B3}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{8B049330-5369-4749-ACCC-239D46F35161}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheImpossibleGame\ImpossibleGame.exe
FirewallRules: [{2EB238AF-2E7A-4818-B024-B090CEEBED7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheImpossibleGame\ImpossibleGame.exe
FirewallRules: [{5468B159-3E72-49B6-8C98-5D85D440B0D1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{2B09BEF0-5C09-448C-9FE4-3065BEA50C45}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{4CAE3651-49DD-4F82-8C0A-8C442C64A072}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{2DF88F29-B2B8-4C83-9F9A-7CBB4E4BA5CB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9BE2F257-3082-4B7E-B94E-594F70243945}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{838A8EDF-CB50-4763-98FC-4D2A6B5B575C}C:\users\alexa\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\alexa\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{1B8A6E68-7320-40B9-8C4A-B8793981E37F}C:\users\alexa\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\alexa\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{5298F135-AEE7-4629-83AF-0E53750586BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Street Fighter IV - Arcade Edition\SSFIV.exe
FirewallRules: [{D7D233B9-256A-432F-BF1F-43D0C5C31B42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Street Fighter IV - Arcade Edition\SSFIV.exe
FirewallRules: [{B114EF92-B870-49F8-81F7-AAB44DF391F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{D6A5083A-B68F-49DE-AFB1-566C8605BC81}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{7C75EA10-7F22-4382-B6A7-7933FC94F083}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Outlast\OutlastLauncher.exe
FirewallRules: [{D6C027B5-05CA-4244-B149-B2539C76222A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Outlast\OutlastLauncher.exe
FirewallRules: [{689B7E18-9510-4225-8EB6-71B82CFDB46A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Penumbra Black Plague\redist\Penumbra.exe
FirewallRules: [{742DAB12-BF7F-4AB7-BCC8-CC668B1A0C40}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Penumbra Black Plague\redist\Penumbra.exe
FirewallRules: [{29E3E35E-9A1B-4335-A579-A2A67328ADAB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Penumbra Overture\redist\Penumbra.exe
FirewallRules: [{F63EC119-8E8A-4FB5-A084-864E2321A417}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Penumbra Overture\redist\Penumbra.exe
FirewallRules: [{478087CC-87C6-4E45-89E4-F6C3DF8189DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Penumbra Black Plague\redist\Requiem.exe
FirewallRules: [{5F53AD05-A902-4D68-A898-44212EED62B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Penumbra Black Plague\redist\Requiem.exe
FirewallRules: [{DD7A001E-26A8-4144-AA7F-1074E2E599D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{B928759C-1579-4663-80B3-1AA3D62EE14C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [TCP Query User{B67ED089-1B0C-40E1-9FA2-0FDCCA456B68}C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [UDP Query User{EAA69EB4-1064-47BE-9816-35D81CA4340C}C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [{F00E7DA9-196B-40D1-A1C6-D5BD6F350488}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{11E8FB0D-6933-4E38-8603-7F4CD579B39C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{DEEEC7DA-197E-4328-8699-DB3AAB07E110}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Harvester\dosbox_windows\dosbox.exe
FirewallRules: [{14563D2A-C40A-40F6-A680-BB131031DE51}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Harvester\dosbox_windows\dosbox.exe
FirewallRules: [{15EE30C4-DC49-467E-BFB7-B4E55A98DF78}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Harvester\dosbox_windows\daum\dosbox.exe
FirewallRules: [{E84C21FE-F7C9-4335-97F9-C9A869B57200}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Harvester\dosbox_windows\daum\dosbox.exe
FirewallRules: [{23A61DFA-4F9E-4754-9B06-C9FEB8761136}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grim Fandango Remastered\GrimFandango.exe
FirewallRules: [{2DF06D4E-A5D5-4A0E-96AF-B2BB1AE24321}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grim Fandango Remastered\GrimFandango.exe
FirewallRules: [{E3A7BE0F-7FB1-49CF-B4BC-24A7D05EBF6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lone Survivor\LoneSurvivor\LoneSurvivor.exe
FirewallRules: [{C5B826B4-373B-4564-8FC1-B0599E26EFF4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lone Survivor\LoneSurvivor\LoneSurvivor.exe
FirewallRules: [{14B22680-B3EB-4C90-AC09-8B0A3DD5EFAF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Alien Isolation\AI.exe
FirewallRules: [{6EADD980-7E26-4750-BDC4-263AFE60FB89}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Alien Isolation\AI.exe
FirewallRules: [TCP Query User{FC1C25E9-EA19-4BD1-8BB1-9CF1D363D386}C:\users\alexa\documents\games\halo 3 online\eldorado.exe] => (Block) C:\users\alexa\documents\games\halo 3 online\eldorado.exe
FirewallRules: [UDP Query User{05A6D940-A9BF-4907-820F-B0A831923D76}C:\users\alexa\documents\games\halo 3 online\eldorado.exe] => (Block) C:\users\alexa\documents\games\halo 3 online\eldorado.exe
FirewallRules: [{78053687-C6FB-49DF-AA19-42C0266BF259}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{C3C7BF27-7F07-4F4B-B9DD-6FD59CB09EEF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{2C08E63C-FA8A-4DE7-821A-64CE904F94C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Space\Dead Space.exe
FirewallRules: [{FD4938E2-734F-494B-AF59-384B58F749A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Space\Dead Space.exe
FirewallRules: [{E3384B40-4BB0-4442-BB13-E604D445C3BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ultimate Doom\base\dosbox.exe
FirewallRules: [{D6FE1555-5795-4DA6-ACD3-F54A6ECC6AF0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ultimate Doom\base\dosbox.exe
FirewallRules: [{FB24363A-D97A-4DC4-9C06-316545007217}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex\System\DeusEx.exe
FirewallRules: [{A4EFA97F-DB45-4B84-9DAB-5F46883CB1A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex\System\DeusEx.exe
FirewallRules: [{E2C72E4E-4F97-4D47-A1CC-3A000729B638}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Savage Lands\SavageLands.exe
FirewallRules: [{98B14255-C53A-4F65-94F1-BC925E0B1E8C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Savage Lands\SavageLands.exe
FirewallRules: [{EE6F4452-9200-4722-AE06-BA8AE4463891}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{A80DD383-3F94-4B8C-9A4E-E525DE02BC72}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{FD277F6A-444E-4254-B10D-9D999010B863}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [{E045DBA3-0F24-494D-87F7-B8BEA8253486}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [{1C6E43A4-C9F4-48B6-99C9-39C2C17AB40F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{5EA03784-0FEE-4F02-9A38-321085898AE6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [TCP Query User{47EFB772-7440-49C0-AE28-5061ABBC2D27}C:\program files (x86)\glyph\games\atlas reactor\live\win32\atlasreactor.exe] => (Block) C:\program files (x86)\glyph\games\atlas reactor\live\win32\atlasreactor.exe
FirewallRules: [UDP Query User{DCDEF389-A62B-4385-8FC6-4DDCE37A6B83}C:\program files (x86)\glyph\games\atlas reactor\live\win32\atlasreactor.exe] => (Block) C:\program files (x86)\glyph\games\atlas reactor\live\win32\atlasreactor.exe
FirewallRules: [{A3FC46BD-76E4-4C67-BCF4-4A9221C0D2A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{08044059-EF55-42A5-98B5-C4AD4FFFF37A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{8B19E8CE-CDDE-4C00-B512-4146CCD3360E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{C5E67B01-3EEB-42FB-AAB8-6595CC4CCC88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{FD1C274A-115F-40DD-9248-C2ABDFA04D7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sega Classics\SEGAGameRoom.exe
FirewallRules: [{908C3549-6947-484F-BBAE-51AA149E6F97}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sega Classics\SEGAGameRoom.exe
FirewallRules: [{B67BF4AE-A6C1-4DAA-93D9-3D9B3238FF53}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sega Classics\SEGAGenesisClassics.exe
FirewallRules: [{6220AA50-09D5-40D2-8472-2B701D8F9314}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sega Classics\SEGAGenesisClassics.exe
FirewallRules: [{38908F04-F4FB-42B9-A3AB-38F19AD51B01}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{548FC1BC-EC16-40D2-8090-35473A138696}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{8CE9A836-617A-4A6A-AE86-E651CC2E164E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{2D9C5120-9338-4D49-963D-8BBF5C1244FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe

==================== Restore Points =========================

30-04-2016 14:36:56 Scheduled Checkpoint
30-04-2016 16:02:21 Installed DirectX
04-05-2016 21:20:31 Windows Update
04-05-2016 23:30:32 Installed DirectX
05-05-2016 00:06:52 Removed Google Drive

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/05/2016 12:04:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Dead Space.exe, version: 1.0.0.222, time stamp: 0x493e043a
Faulting module name: Dead Space.exe, version: 1.0.0.222, time stamp: 0x493e043a
Exception code: 0xc0000005
Fault offset: 0x0031e660
Faulting process id: 0x21c4
Faulting application start time: 0xDead Space.exe0
Faulting application path: Dead Space.exe1
Faulting module path: Dead Space.exe2
Report Id: Dead Space.exe3

Error: (05/05/2016 12:00:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Dead Space.exe, version: 1.0.0.222, time stamp: 0x493e043a
Faulting module name: Dead Space.exe, version: 1.0.0.222, time stamp: 0x493e043a
Exception code: 0xc0000005
Fault offset: 0x0039ccd8
Faulting process id: 0x418
Faulting application start time: 0xDead Space.exe0
Faulting application path: Dead Space.exe1
Faulting module path: Dead Space.exe2
Report Id: Dead Space.exe3

Error: (04/10/2016 09:45:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SuperMeatBoy.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1a7c

Start Time: 01d19393d4d2a4c8

Termination Time: 44

Application Path: C:\Program Files (x86)\Steam\steamapps\common\Super Meat Boy\SuperMeatBoy.exe

Report Id: 17096c56-ff87-11e5-ada2-b870f461cd42

Error: (04/10/2016 08:41:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Dolphin.exe, version: 0.0.0.0, time stamp: 0x560819f3
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000be8ce000
Faulting process id: 0xea8
Faulting application start time: 0xDolphin.exe0
Faulting application path: Dolphin.exe1
Faulting module path: Dolphin.exe2
Report Id: Dolphin.exe3

Error: (04/06/2016 09:26:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_Shell32.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc9e0
Faulting module name: ntdll.dll, version: 6.1.7601.19160, time stamp: 0x56bcd74c
Exception code: 0xc0000374
Fault offset: 0x00000000000c0aa2
Faulting process id: 0x1af0
Faulting application start time: 0xrundll32.exe_Shell32.dll0
Faulting application path: rundll32.exe_Shell32.dll1
Faulting module path: rundll32.exe_Shell32.dll2
Report Id: rundll32.exe_Shell32.dll3

Error: (04/05/2016 07:22:58 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).

Error: (04/03/2016 08:24:41 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).

Error: (04/03/2016 04:55:14 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).

Error: (04/01/2016 10:07:26 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).

Error: (03/31/2016 10:11:01 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).


System errors:
=============
Error: (05/07/2016 12:23:39 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/06/2016 11:39:52 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/04/2016 11:33:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (05/04/2016 11:33:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (05/04/2016 09:11:24 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NvNetworkService service.

Error: (05/04/2016 09:07:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/01/2016 02:12:47 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (05/01/2016 02:12:46 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (05/01/2016 02:12:45 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (04/30/2016 12:23:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)


CodeIntegrity:
===================================
Date: 2015-08-05 00:03:59.548
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NETwsw00.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-08-05 00:03:59.380
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NETwsw00.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-08-04 23:52:09.888
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NETwsw00.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-08-04 23:52:09.724
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NETwsw00.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-08-04 22:42:20.175
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NETwsw00.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-08-04 22:42:19.675
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NETwsw00.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-08-04 22:42:09.580
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NETwsw00.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-08-04 22:42:09.268
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NETwsw00.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-08-04 06:08:00.825
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NETwsw00.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-08-04 06:08:00.622
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NETwsw00.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz
Percentage of memory in use: 53%
Total physical RAM: 6050.69 MB
Available physical RAM: 2820.62 MB
Total Virtual: 12099.57 MB
Available Virtual: 8663.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:416.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: F68D5142)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
redtarget.gif
Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.
  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
If you already have MBAM 2.0 installed:
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs:
(Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.
redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
RogueKiller V12.1.5.0 [May 2 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Alexa [Administrator]
Started from : C:\Users\Alexa\Desktop\RogueKiller.exe
Mode : Scan -- Date : 05/07/2016 13:09:01

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 850 EVO 1TB ATA Device +++++
--- User ---
[MBR] 722a395ef2acef60f44e74e2ef398358
[BSP] fded7c3e4bbad5f63605ee1002139d0b : HP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953766 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/7/2016
Scan Time: 1:18 PM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.05.07.04
Rootkit Database: v2016.05.06.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Alexa

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 373524
Time Elapsed: 18 min, 28 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
 
# AdwCleaner v5.115 - Logfile created 07/05/2016 at 13:42:45
# Updated 01/05/2016 by Xplode
# Database : 2016-05-04.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Alexa - ALEXA-PC
# Running from : C:\Users\Alexa\Desktop\adwcleaner_5.115.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1051028164-3291638393-1546100382-1000\Software\SweetIM
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2D531E59-C11D-4046-8F38-FE100299082B}

***** [ Web browsers ] *****

[-] [C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : veoh.com
[-] [C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : wayfair.com
[-] [C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : stubhub.com
[-] [C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : netflix.com
[-] [C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : pricegrabber.com

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1901 bytes] - [07/05/2016 13:42:45]
C:\AdwCleaner\AdwCleaner[R0].txt - [3354 bytes] - [11/06/2015 00:33:11]
C:\AdwCleaner\AdwCleaner[R1].txt - [3413 bytes] - [12/06/2015 02:42:06]
C:\AdwCleaner\AdwCleaner[R2].txt - [967 bytes] - [12/06/2015 04:52:40]
C:\AdwCleaner\AdwCleaner[S0].txt - [3458 bytes] - [12/06/2015 02:43:41]
C:\AdwCleaner\AdwCleaner[S1].txt - [3378 bytes] - [12/06/2015 04:56:16]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2338 bytes] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Home Premium x64
Ran by Alexa (Administrator) on Sat 05/07/2016 at 13:48:24.64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 40

Successfully deleted: C:\Users\Alexa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Alexa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1IFUXQ2F (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Alexa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1QJIX6A2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Alexa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1YPQEWB6 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Alexa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\22XLB1WW (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Alexa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3RVPCYT4 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Alexa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5TFRK9MR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Alexa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5VMLXVGU (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Alexa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Alexa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6FB0BLDY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Alexa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E162CZ5U (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Alexa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHD27W1H (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Alexa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Alexa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I9PQSBWG (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Alexa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JU3PPD5I (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Alexa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6OLUL3M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Alexa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Alexa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\USXP71IP (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Alexa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X8RQ9LSG (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Alexa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XMX3AIXZ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1IFUXQ2F (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1QJIX6A2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1YPQEWB6 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\22XLB1WW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3RVPCYT4 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5TFRK9MR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5VMLXVGU (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6FB0BLDY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E162CZ5U (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHD27W1H (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I9PQSBWG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JU3PPD5I (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6OLUL3M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\USXP71IP (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X8RQ9LSG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XMX3AIXZ (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 05/07/2016 at 13:52:16.82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix 16-04-29.01 - Alexa 05/07/2016 16:47:45.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6051.4461 [GMT -4:00]
Running from: c:\users\Alexa\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
SP: Microsoft Security Essentials *Disabled/Updated* {CDE0C533-D3CD-62A1-E772-AFADDF863628}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\msdownld.tmp
.
.
((((((((((((((((((((((((( Files Created from 2016-04-07 to 2016-05-07 )))))))))))))))))))))))))))))))
.
.
2016-05-07 20:57 . 2016-05-07 20:57 -------- d-----w- c:\users\Public\AppData\Local\temp
2016-05-07 20:57 . 2016-05-07 20:57 -------- d-----w- c:\users\Guest\AppData\Local\temp
2016-05-07 20:57 . 2016-05-07 20:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-05-07 20:57 . 2016-05-07 20:57 -------- d-----w- c:\users\Dad\AppData\Local\temp
2016-05-07 20:43 . 2016-05-07 20:43 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA88E6B5-DEB9-40F7-BBA5-14649511EE7A}\offreg.992.dll
2016-05-07 17:53 . 2016-04-20 01:13 11695896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA88E6B5-DEB9-40F7-BBA5-14649511EE7A}\mpengine.dll
2016-05-06 18:16 . 2016-05-07 04:26 -------- d-----w- C:\FRST
2016-05-06 15:52 . 2016-04-20 01:13 11695896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-05-05 03:31 . 2016-05-05 03:31 -------- d-----w- c:\users\Alexa\AppData\Local\Electronic Arts
2016-05-05 01:21 . 2015-07-05 16:04 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5EF5E8B0-D4D2-45BA-86B6-9EAFFCD86CB9}\gapaengine.dll
2016-05-05 01:10 . 2016-03-21 20:01 56384 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2016-05-05 01:10 . 2016-03-21 20:01 100416 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2016-04-16 22:00 . 2016-03-29 17:53 3216896 ----a-w- c:\windows\system32\win32k.sys
2016-04-11 01:51 . 2016-04-11 01:51 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-05-07 20:41 . 2014-07-21 04:59 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-05-07 16:39 . 2015-06-12 07:39 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-04-22 07:57 . 2012-09-28 20:15 453288 ------w- c:\windows\system32\MpSigStub.exe
2016-04-17 06:38 . 2012-09-28 20:51 135176864 ----a-w- c:\windows\system32\MRT.exe
2016-04-08 02:19 . 2012-10-20 03:05 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-04-08 02:19 . 2012-10-20 03:05 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-03-22 04:12 . 2016-03-29 22:06 8659472 ----a-w- c:\windows\SysWow64\nvptxJitCompiler.dll
2016-03-22 04:12 . 2016-03-29 22:06 39992 ----a-w- c:\windows\system32\drivers\nvpciflt.sys
2016-03-22 04:12 . 2016-03-29 22:06 31555008 ----a-w- c:\windows\system32\nvoglv64.dll
2016-03-22 04:12 . 2016-03-29 22:06 21355248 ----a-w- c:\windows\system32\nvopencl.dll
2016-03-22 04:12 . 2016-03-29 22:06 19004040 ----a-w- c:\windows\system32\nvwgf2umx.dll
2016-03-22 04:12 . 2016-03-29 22:06 17748712 ----a-w- c:\windows\SysWow64\nvopencl.dll
2016-03-22 04:12 . 2016-03-29 22:06 16446032 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2016-03-22 04:12 . 2016-03-29 22:06 10550736 ----a-w- c:\windows\system32\nvptxJitCompiler.dll
2016-03-22 04:12 . 2016-03-29 22:06 889400 ----a-w- c:\windows\system32\NvIFR64.dll
2016-03-22 04:12 . 2016-03-29 22:06 753208 ----a-w- c:\windows\SysWow64\NvFBC.dll
2016-03-22 04:12 . 2016-03-29 22:06 695864 ----a-w- c:\windows\SysWow64\NvIFR.dll
2016-03-22 04:12 . 2016-03-29 22:06 678520 ----a-w- c:\windows\system32\nvfatbinaryLoader.dll
2016-03-22 04:12 . 2016-03-29 22:06 571912 ----a-w- c:\windows\SysWow64\nvfatbinaryLoader.dll
2016-03-22 04:12 . 2016-03-29 22:06 42923576 ----a-w- c:\windows\system32\nvcompiler.dll
2016-03-22 04:12 . 2016-03-29 22:06 37567424 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2016-03-22 04:12 . 2016-03-29 22:06 3235896 ----a-w- c:\windows\system32\nvcuvid.dll
2016-03-22 04:12 . 2016-03-29 22:06 2809280 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2016-03-22 04:12 . 2016-03-29 22:06 25321408 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2016-03-22 04:12 . 2016-03-29 22:06 20897416 ----a-w- c:\windows\system32\nvcuda.dll
2016-03-22 04:12 . 2016-03-29 22:06 1924152 ----a-w- c:\windows\system32\nvdispco6436472.dll
2016-03-22 04:12 . 2016-03-29 22:06 17342392 ----a-w- c:\windows\SysWow64\nvcuda.dll
2016-03-22 04:12 . 2016-03-29 22:06 17248408 ----a-w- c:\windows\system32\nvd3dumx.dll
2016-03-22 04:12 . 2016-03-29 22:06 1573432 ----a-w- c:\windows\system32\nvdispgenco6436472.dll
2016-03-22 04:12 . 2016-03-29 22:06 151368 ----a-w- c:\windows\system32\nvoglshim64.dll
2016-03-22 04:12 . 2016-03-29 22:06 129208 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2016-03-22 04:12 . 2016-03-29 22:06 12567608 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2016-03-22 04:12 . 2016-03-07 21:22 473592 ----a-w- c:\windows\system32\nvumdshimx.dll
2016-03-22 04:12 . 2016-03-07 21:22 175368 ----a-w- c:\windows\system32\nvinitx.dll
2016-03-22 04:12 . 2016-02-18 03:13 959544 ----a-w- c:\windows\system32\NvFBC64.dll
2016-03-22 04:12 . 2015-06-01 21:25 3286992 ----a-w- c:\windows\SysWow64\nvapi.dll
2016-03-22 04:12 . 2014-02-19 04:22 14128840 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2016-03-22 04:12 . 2014-01-22 23:24 391632 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2016-03-22 04:12 . 2014-01-22 23:24 153392 ----a-w- c:\windows\SysWow64\nvinit.dll
2016-03-22 04:12 . 2012-10-26 00:02 3714472 ----a-w- c:\windows\system32\nvapi64.dll
2016-03-22 02:25 . 2012-11-02 17:35 2993088 ----a-w- c:\windows\system32\nvsvc64.dll
2016-03-22 02:25 . 2012-11-02 17:35 6369728 ----a-w- c:\windows\system32\nvcpl.dll
2016-03-22 02:25 . 2012-11-02 17:35 2561472 ----a-w- c:\windows\system32\nvsvcr.dll
2016-03-22 02:25 . 2012-11-02 17:35 1264064 ----a-w- c:\windows\system32\nvvsvc.exe
2016-03-22 02:25 . 2012-11-02 17:35 81856 ----a-w- c:\windows\system32\nv3dappshextr.dll
2016-03-22 02:25 . 2012-11-02 17:35 69568 ----a-w- c:\windows\system32\nvshext.dll
2016-03-22 02:25 . 2012-11-02 17:35 532536 ----a-w- c:\windows\system32\nv3dappshext.dll
2016-03-22 02:25 . 2012-11-02 17:35 393784 ----a-w- c:\windows\system32\nvmctray.dll
2016-03-21 20:01 . 2016-01-27 23:32 109632 ----a-w- c:\windows\system32\nvaudcap64v.dll
2016-03-18 18:10 . 2012-11-02 17:35 6253721 ----a-w- c:\windows\system32\nvcoproc.bin
2016-03-17 22:24 . 2016-04-16 22:01 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-03-16 21:30 . 2016-03-16 21:30 128792 ----a-w- c:\windows\SysWow64\vulkan-1-1-0-5-1.dll
2016-03-16 21:30 . 2016-03-11 04:08 128792 ----a-w- c:\windows\SysWow64\vulkan-1.dll
2016-03-16 21:29 . 2016-03-16 21:29 41752 ----a-w- c:\windows\SysWow64\vulkaninfo-1-1-0-5-1.exe
2016-03-16 21:29 . 2016-03-11 04:08 41752 ----a-w- c:\windows\SysWow64\vulkaninfo.exe
2016-03-16 21:29 . 2016-03-16 21:29 127768 ----a-w- c:\windows\system32\vulkan-1-1-0-5-1.dll
2016-03-16 21:29 . 2016-03-11 04:08 127768 ----a-w- c:\windows\system32\vulkan-1.dll
2016-03-16 21:28 . 2016-03-16 21:28 45848 ----a-w- c:\windows\system32\vulkaninfo-1-1-0-5-1.exe
2016-03-16 21:28 . 2016-03-11 04:08 45848 ----a-w- c:\windows\system32\vulkaninfo.exe
2016-03-10 18:09 . 2014-07-21 04:59 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-03-10 18:08 . 2014-07-21 04:59 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-03-10 18:08 . 2012-09-29 00:05 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-03-08 10:07 . 2016-03-11 04:06 1924152 ----a-w- c:\windows\system32\nvdispco6436451.dll
2016-03-08 10:07 . 2016-03-11 04:06 1571776 ----a-w- c:\windows\system32\nvdispgenco6436451.dll
2016-03-03 12:20 . 2016-03-07 21:22 1922496 ----a-w- c:\windows\system32\nvdispco6436447.dll
2016-03-03 12:20 . 2016-03-07 21:22 1573432 ----a-w- c:\windows\system32\nvdispgenco6436447.dll
2016-02-23 23:58 . 2016-03-02 03:25 1571776 ----a-w- c:\windows\system32\nvdispgenco6436200.dll
2016-02-23 23:58 . 2016-03-02 03:25 1922496 ----a-w- c:\windows\system32\nvdispco6436200.dll
2016-02-17 06:40 . 2014-06-02 19:31 1316184 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2016-02-17 06:40 . 2014-01-22 23:28 1571624 ----a-w- c:\windows\SysWow64\nvspcap.dll
2016-02-17 06:40 . 2015-11-24 01:07 112216 ----a-w- c:\windows\system32\NvRtmpStreamer64.dll
2016-02-17 06:40 . 2014-06-02 19:31 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll
2016-02-17 06:40 . 2014-01-22 23:28 1903344 ----a-w- c:\windows\system32\nvspcap64.dll
2016-02-14 01:47 . 2016-02-14 01:47 125720 ----a-w- c:\windows\SysWow64\vulkan-1-1-0-3-0.dll
2016-02-14 01:46 . 2016-02-14 01:46 126232 ----a-w- c:\windows\system32\vulkan-1-1-0-3-0.dll
2016-02-14 01:45 . 2016-02-14 01:45 42264 ----a-w- c:\windows\SysWow64\vulkaninfo-1-1-0-3-0.exe
2016-02-14 01:45 . 2016-02-14 01:45 45848 ----a-w- c:\windows\system32\vulkaninfo-1-1-0-3-0.exe
2016-02-12 18:52 . 2016-03-09 03:50 98816 ----a-w- c:\windows\system32\wudriver.dll
2016-02-12 18:52 . 2016-03-09 03:50 3169792 ----a-w- c:\windows\system32\wucltux.dll
2016-02-12 18:52 . 2016-03-09 03:50 192512 ----a-w- c:\windows\system32\wuwebv.dll
2016-02-12 18:44 . 2016-03-09 03:50 91136 ----a-w- c:\windows\system32\WinSetupUI.dll
2016-02-12 18:39 . 2016-03-09 03:50 174080 ----a-w- c:\windows\SysWow64\wuwebv.dll
2016-02-12 18:22 . 2016-03-09 03:50 2610688 ----a-w- c:\windows\system32\wuaueng.dll
2016-02-12 18:19 . 2016-03-09 03:50 709120 ----a-w- c:\windows\system32\wuapi.dll
2016-02-12 18:18 . 2016-03-09 03:50 37888 ----a-w- c:\windows\system32\wuapp.exe
2016-02-12 18:18 . 2016-03-09 03:50 140288 ----a-w- c:\windows\system32\wuauclt.exe
2016-02-12 18:18 . 2016-03-09 03:50 36864 ----a-w- c:\windows\system32\wups.dll
2016-02-12 18:18 . 2016-03-09 03:50 37888 ----a-w- c:\windows\system32\wups2.dll
2016-02-12 18:18 . 2016-03-09 03:50 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2016-02-12 18:06 . 2016-03-09 03:50 573440 ----a-w- c:\windows\SysWow64\wuapi.dll
2016-02-12 18:05 . 2016-03-09 03:50 93696 ----a-w- c:\windows\SysWow64\wudriver.dll
2016-02-12 18:05 . 2016-03-09 03:50 30208 ----a-w- c:\windows\SysWow64\wups.dll
2016-02-12 18:05 . 2016-03-09 03:50 35328 ----a-w- c:\windows\SysWow64\wuapp.exe
2016-02-09 09:57 . 2016-03-09 03:49 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2016-02-09 09:57 . 2016-03-09 03:49 14634496 ----a-w- c:\windows\system32\wmp.dll
2016-02-09 09:56 . 2016-03-09 03:49 5120 ----a-w- c:\windows\system32\msdxm.ocx
2016-02-09 09:56 . 2016-03-09 03:49 5120 ----a-w- c:\windows\system32\dxmasf.dll
2016-02-09 09:55 . 2016-03-09 03:49 30720 ----a-w- c:\windows\system32\seclogon.dll
2016-02-09 09:54 . 2016-03-09 03:49 9728 ----a-w- c:\windows\system32\spwmp.dll
2016-02-09 09:51 . 2016-03-09 03:49 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2016-04-30 3077712]
"Spotify Web Helper"="c:\users\Alexa\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [2016-04-23 1525360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R3 X6va017;X6va017;c:\windows\SysWOW64\Drivers\X6va017;c:\windows\SysWOW64\Drivers\X6va017 [x]
R3 X6va028;X6va028;c:\windows\SysWOW64\Drivers\X6va028;c:\windows\SysWOW64\Drivers\X6va028 [x]
R3 X6va029;X6va029;c:\windows\SysWOW64\Drivers\X6va029;c:\windows\SysWOW64\Drivers\X6va029 [x]
R3 X6va031;X6va031;c:\windows\SysWOW64\Drivers\X6va031;c:\windows\SysWOW64\Drivers\X6va031 [x]
R3 X6va035;X6va035;c:\windows\SysWOW64\Drivers\X6va035;c:\windows\SysWOW64\Drivers\X6va035 [x]
R4 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]
S1 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
S2 AESMFilters;Andrea Samson Filters Service64;c:\windows\system32\AESMSr64.exe;c:\windows\SYSNATIVE\AESMSr64.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Ds3Service;SCP DS3 Service;c:\program files\Scarlet.Crush Productions\bin\ScpService.exe;c:\program files\Scarlet.Crush Productions\bin\ScpService.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 ScpVBus;Scp Virtual Bus Driver;c:\windows\system32\DRIVERS\ScpVBus.sys;c:\windows\SYSNATIVE\DRIVERS\ScpVBus.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2015-12-18 15:42 286904 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2016-05-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-20 02:19]
.
2016-05-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1051028164-3291638393-1546100382-1000Core.job
- c:\users\Alexa\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-28 04:09]
.
2016-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1051028164-3291638393-1546100382-1000UA.job
- c:\users\Alexa\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-28 04:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-05 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-05 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-05 418840]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2016-01-30 1340192]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2016-03-30 2396096]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2016-02-17 1903344]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-05-09 13672152]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Alexa\AppData\Roaming\Mozilla\Firefox\Profiles\9seab2en.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-GoogleDriveSync - c:\program files (x86)\Google\Drive\googledrivesync.exe
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va017]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va017"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va028]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va028"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va029]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va029"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va031]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va031"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va035]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va035"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1051028164-3291638393-1546100382-1000\Software\SecuROM\License information*]
"datasecu"=hex:26,9e,fc,f1,05,e5,3d,9f,9e,14,d8,a3,d2,aa,65,fb,00,da,8e,d6,72,
ab,dd,15,f3,4c,85,5b,54,15,8b,ab,cf,2a,2a,31,5a,7c,4b,3b,1a,77,d7,86,ff,bb,\
"rkeysecu"=hex:59,7e,f3,17,8f,30,20,05,a6,84,98,7e,d6,62,f5,c6
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.21"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-05-07 17:00:18
ComboFix-quarantined-files.txt 2016-05-07 21:00
ComboFix2.txt 2015-06-07 18:49
.
Pre-Run: 451,266,625,536 bytes free
Post-Run: 451,595,108,352 bytes free
.
- - End Of File - - E93348B0166F4183F5DD81D56BE166E9
A36C5E4F47E84449FF07ED3517B43A31
 
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
FRST.txt 1

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-05-2016 03
Ran by Alexa (administrator) on ALEXA-PC (07-05-2016 17:13:28)
Running from C:\Users\Alexa\Desktop
Loaded Profiles: Alexa (Available Profiles: Alexa & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Windows\System32\AESMSr64.exe
(Scarlet.Crush Productions) C:\Program Files\Scarlet.Crush Productions\bin\ScpService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\PSIService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2396096 2016-03-29] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [ThpSrv] => C:\Windows\system32\thpsrv /logon
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-09] (Realtek Semiconductor)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1051028164-3291638393-1546100382-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-04-29] (Valve Corporation)
HKU\S-1-5-21-1051028164-3291638393-1546100382-1000\...\Run: [Spotify Web Helper] => C:\Users\Alexa\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-04-23] (Spotify Ltd)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [175368 2016-03-22] (NVIDIA Corporation)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [175368 2016-03-22] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [153392 2016-03-22] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2A77207D-9187-45CE-84B0-45CC7A8836F9}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{EE151819-AF49-4285-B232-B1EBB01E6C7D}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1051028164-3291638393-1546100382-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1051028164-3291638393-1546100382-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Alexa\AppData\Roaming\Mozilla\Firefox\Profiles\9seab2en.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll [No File]
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1051028164-3291638393-1546100382-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-1051028164-3291638393-1546100382-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Shockwave Flash) - C:\Users\Alexa\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Users\Alexa\AppData\Local\Google\Chrome\Application\50.0.2661.94\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Alexa\AppData\Local\Google\Chrome\Application\50.0.2661.94\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Users\Alexa\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-04-20]
CHR Extension: (YouTube) - C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Turk Assist) - C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Extensions\boaodomjkjehcobmcehliafmodimcidg [2016-05-04]
CHR Extension: (uBlock Origin) - C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-05-04]
CHR Extension: (Google Search) - C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Tampermonkey) - C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-04-11]
CHR Extension: (MindMup - Free Mind Map web site) - C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnenaecjcgeppfpaokiifokeieopppej [2015-03-12]
CHR Extension: (Ippei Gyoubu) - C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhmnnbcakddemboenjellhhnodkfffgm [2015-03-12]
CHR Extension: (HTTPS Everywhere) - C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2016-04-05]
CHR Extension: (Google Docs Offline) - C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Mibbit webchat) - C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbadbkkklnhamjjeagmknajgmbgcmnpi [2015-03-12]
CHR Extension: (Last.fm Scrobbler) - C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhinaapppaileiechjoiifaancjggfjm [2016-03-14]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2015-03-12]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-03-12]
CHR Extension: (Flashcontrol) - C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2016-04-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Gmail) - C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR HKU\S-1-5-21-1051028164-3291638393-1546100382-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.4BQPYKWXWROPFAUMEKZ7DIFUZM - C:\Users\Alexa\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESMFilters; C:\Windows\system32\AESMSr64.exe [103112 2015-04-21] (Andrea Electronics Corporation)
R2 Ds3Service; C:\Program Files\Scarlet.Crush Productions\bin\ScpService.exe [388352 2013-05-05] (Scarlet.Crush Productions)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [239904 2016-02-04] (EasyAntiCheat Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164672 2016-02-17] (NVIDIA Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5317936 2014-01-13] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-03-29] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-03-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-03-29] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-03] (Electronic Arts)
U2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation)
S4 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-07] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-03-29] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-03-21] (NVIDIA Corporation)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-05-07] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]
S3 X6va028; \??\C:\Windows\SysWOW64\Drivers\X6va028 [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
S3 X6va031; \??\C:\Windows\SysWOW64\Drivers\X6va031 [X]
S3 X6va035; \??\C:\Windows\SysWOW64\Drivers\X6va035 [X]
 
FRST.txt 2

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-07 17:00 - 2016-05-07 17:00 - 00028293 _____ C:\ComboFix.txt
2016-05-07 16:42 - 2016-05-07 16:42 - 05658358 ____R (Swearware) C:\Users\Alexa\Desktop\ComboFix.exe
2016-05-07 13:52 - 2016-05-07 13:52 - 00007123 _____ C:\Users\Alexa\Desktop\JRT.txt
2016-05-07 00:24 - 2016-05-07 17:13 - 00017629 _____ C:\Users\Alexa\Desktop\FRST.txt
2016-05-07 00:24 - 2016-05-07 00:26 - 00081919 _____ C:\Users\Alexa\Desktop\Addition.txt
2016-05-06 14:16 - 2016-05-07 17:13 - 00000000 ____D C:\FRST
2016-05-06 14:16 - 2016-05-06 14:16 - 00000000 ____D C:\Users\Alexa\Documents\FRST-OlderVersion
2016-05-06 11:41 - 2016-05-06 14:16 - 02379264 _____ (Farbar) C:\Users\Alexa\Desktop\FRST64.exe
2016-05-05 00:44 - 2016-05-05 00:44 - 01610816 _____ (Malwarebytes) C:\Users\Alexa\Desktop\JRT.exe
2016-05-05 00:43 - 2016-05-05 00:43 - 03615296 _____ C:\Users\Alexa\Desktop\adwcleaner_5.115.exe
2016-05-05 00:43 - 2016-05-05 00:43 - 01610816 _____ (Malwarebytes) C:\Users\Alexa\Downloads\D5F0.tmp
2016-05-05 00:42 - 2016-05-05 00:42 - 19779656 _____ C:\Users\Alexa\Desktop\RogueKiller.exe
2016-05-04 23:31 - 2016-05-04 23:31 - 00000000 ____D C:\Users\Alexa\AppData\Local\Electronic Arts
2016-05-04 23:30 - 2016-05-04 23:30 - 00000000 ____D C:\Users\Alexa\Documents\Electrontic Arts
2016-05-04 21:10 - 2016-03-21 16:01 - 00100416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-05-04 21:10 - 2016-03-21 16:01 - 00056384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-04-30 16:03 - 2016-04-30 16:03 - 00000000 ____D C:\Users\Alexa\Documents\SEGA Mega Drive Classics
2016-04-16 18:47 - 2016-04-16 18:47 - 10167467 _____ C:\Users\Alexa\Downloads\294142-Ambler_Dinner_Menu.pdf
2016-04-16 18:01 - 2016-03-17 19:04 - 05551336 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-04-16 18:01 - 2016-03-17 19:04 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-04-16 18:01 - 2016-03-17 19:04 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-04-16 18:01 - 2016-03-17 19:04 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-04-16 18:01 - 2016-03-17 19:01 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-04-16 18:01 - 2016-03-17 19:01 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-04-16 18:01 - 2016-03-17 18:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-04-16 18:01 - 2016-03-17 18:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-04-16 18:01 - 2016-03-17 18:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-04-16 18:01 - 2016-03-17 18:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-04-16 18:01 - 2016-03-17 18:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-04-16 18:01 - 2016-03-17 18:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-04-16 18:01 - 2016-03-17 18:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-04-16 18:01 - 2016-03-17 18:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-04-16 18:01 - 2016-03-17 18:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-04-16 18:01 - 2016-03-17 18:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-04-16 18:01 - 2016-03-17 18:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-04-16 18:01 - 2016-03-17 18:57 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-04-16 18:01 - 2016-03-17 18:57 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-04-16 18:01 - 2016-03-17 18:57 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-04-16 18:01 - 2016-03-17 18:57 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-04-16 18:01 - 2016-03-17 18:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-16 18:01 - 2016-03-17 18:56 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-04-16 18:01 - 2016-03-17 18:54 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-04-16 18:01 - 2016-03-17 18:54 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-04-16 18:01 - 2016-03-17 18:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-04-16 18:01 - 2016-03-17 18:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-04-16 18:01 - 2016-03-17 18:53 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-04-16 18:01 - 2016-03-17 18:53 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-04-16 18:01 - 2016-03-17 18:53 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-16 18:01 - 2016-03-17 18:53 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:36 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-04-16 18:01 - 2016-03-17 18:36 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-04-16 18:01 - 2016-03-17 18:33 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-04-16 18:01 - 2016-03-17 18:31 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-04-16 18:01 - 2016-03-17 18:31 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-04-16 18:01 - 2016-03-17 18:31 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-04-16 18:01 - 2016-03-17 18:31 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-04-16 18:01 - 2016-03-17 18:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-04-16 18:01 - 2016-03-17 18:30 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-04-16 18:01 - 2016-03-17 18:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-04-16 18:01 - 2016-03-17 18:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-04-16 18:01 - 2016-03-17 18:29 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-04-16 18:01 - 2016-03-17 18:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-04-16 18:01 - 2016-03-17 18:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-04-16 18:01 - 2016-03-17 18:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-04-16 18:01 - 2016-03-17 18:27 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-04-16 18:01 - 2016-03-17 18:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-04-16 18:01 - 2016-03-17 18:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-04-16 18:01 - 2016-03-17 18:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-04-16 18:01 - 2016-03-17 18:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-04-16 18:01 - 2016-03-17 18:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 17:53 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-04-16 18:01 - 2016-03-17 17:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-04-16 18:01 - 2016-03-17 17:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-04-16 18:01 - 2016-03-17 17:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-04-16 18:01 - 2016-03-17 17:44 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-04-16 18:01 - 2016-03-17 17:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-04-16 18:01 - 2016-03-17 17:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-04-16 18:01 - 2016-03-17 17:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-04-16 18:01 - 2016-03-17 17:37 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-04-16 18:01 - 2016-03-17 17:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-04-16 18:01 - 2016-03-17 17:35 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-04-16 18:01 - 2016-03-17 17:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-04-16 18:01 - 2016-03-17 17:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-04-16 18:01 - 2016-03-17 17:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-04-16 18:01 - 2016-03-17 17:30 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-04-16 18:01 - 2016-03-17 17:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-04-16 18:01 - 2016-03-17 17:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-04-16 18:01 - 2016-03-17 17:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 17:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 17:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-04-16 18:01 - 2016-03-17 17:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-04-16 18:01 - 2016-03-06 14:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-16 18:01 - 2016-03-06 14:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-04-16 18:01 - 2016-03-06 14:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-04-16 18:01 - 2016-03-06 14:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-04-16 18:00 - 2016-03-31 15:25 - 00394952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-04-16 18:00 - 2016-03-31 14:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-04-16 18:00 - 2016-03-30 20:54 - 25817600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-04-16 18:00 - 2016-03-30 20:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-04-16 18:00 - 2016-03-30 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-04-16 18:00 - 2016-03-30 20:31 - 02892800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-04-16 18:00 - 2016-03-30 20:28 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-04-16 18:00 - 2016-03-30 20:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-04-16 18:00 - 2016-03-30 20:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-04-16 18:00 - 2016-03-30 20:27 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-04-16 18:00 - 2016-03-30 20:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-04-16 18:00 - 2016-03-30 20:25 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-04-16 18:00 - 2016-03-30 20:22 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-04-16 18:00 - 2016-03-30 20:21 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-04-16 18:00 - 2016-03-30 20:19 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-04-16 18:00 - 2016-03-30 20:17 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-04-16 18:00 - 2016-03-30 20:17 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-04-16 18:00 - 2016-03-30 20:17 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-04-16 18:00 - 2016-03-30 20:17 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-04-16 18:00 - 2016-03-30 20:11 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-04-16 18:00 - 2016-03-30 20:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-04-16 18:00 - 2016-03-30 20:03 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-04-16 18:00 - 2016-03-30 20:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-04-16 18:00 - 2016-03-30 20:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-04-16 18:00 - 2016-03-30 19:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-04-16 18:00 - 2016-03-30 19:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-04-16 18:00 - 2016-03-30 19:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-04-16 18:00 - 2016-03-30 19:55 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-04-16 18:00 - 2016-03-30 19:53 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-04-16 18:00 - 2016-03-30 19:53 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-04-16 18:00 - 2016-03-30 19:52 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-04-16 18:00 - 2016-03-30 19:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-04-16 18:00 - 2016-03-30 19:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-04-16 18:00 - 2016-03-30 19:52 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-04-16 18:00 - 2016-03-30 19:51 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-04-16 18:00 - 2016-03-30 19:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-04-16 18:00 - 2016-03-30 19:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-04-16 18:00 - 2016-03-30 19:46 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-04-16 18:00 - 2016-03-30 19:45 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-04-16 18:00 - 2016-03-30 19:45 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-04-16 18:00 - 2016-03-30 19:45 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-04-16 18:00 - 2016-03-30 19:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-04-16 18:00 - 2016-03-30 19:43 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-04-16 18:00 - 2016-03-30 19:43 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-04-16 18:00 - 2016-03-30 19:42 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-04-16 18:00 - 2016-03-30 19:42 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-04-16 18:00 - 2016-03-30 19:39 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-04-16 18:00 - 2016-03-30 19:38 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-04-16 18:00 - 2016-03-30 19:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-04-16 18:00 - 2016-03-30 19:33 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-04-16 18:00 - 2016-03-30 19:31 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-04-16 18:00 - 2016-03-30 19:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-04-16 18:00 - 2016-03-30 19:30 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-04-16 18:00 - 2016-03-30 19:30 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-04-16 18:00 - 2016-03-30 19:30 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-04-16 18:00 - 2016-03-30 19:29 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-04-16 18:00 - 2016-03-30 19:24 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-04-16 18:00 - 2016-03-30 19:23 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-04-16 18:00 - 2016-03-30 19:23 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-04-16 18:00 - 2016-03-30 19:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-04-16 18:00 - 2016-03-30 19:21 - 13811712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-04-16 18:00 - 2016-03-30 19:18 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-04-16 18:00 - 2016-03-30 19:06 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-04-16 18:00 - 2016-03-30 19:05 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-04-16 18:00 - 2016-03-30 19:02 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-04-16 18:00 - 2016-03-30 19:00 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-04-16 18:00 - 2016-03-29 13:53 - 03216896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-04-16 18:00 - 2016-03-15 20:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-16 18:00 - 2016-03-15 20:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-16 18:00 - 2016-03-15 19:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-04-16 18:00 - 2016-03-11 14:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-04-16 18:00 - 2016-03-11 14:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-04-10 21:51 - 2016-04-10 21:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories
2016-04-10 21:51 - 2016-04-10 21:51 - 00000000 ____D C:\Program Files\Microsoft Xbox 360 Accessories
2016-04-10 21:36 - 2016-04-10 21:36 - 07878008 _____ (Microsoft Corporation) C:\Users\Alexa\Downloads\Xbox360_64Eng.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-07 17:02 - 2014-07-21 00:59 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-07 17:02 - 2012-09-28 18:18 - 00000000 ____D C:\Users\Alexa\AppData\Local\Apps\2.0
2016-05-07 17:00 - 2015-06-07 14:28 - 00000000 ____D C:\Qoobox
2016-05-07 16:57 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
2016-05-07 16:49 - 2009-07-14 00:45 - 00023568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-07 16:49 - 2009-07-14 00:45 - 00023568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-07 16:48 - 2009-07-14 01:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-07 16:48 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-05-07 16:43 - 2013-01-18 16:49 - 00000000 ____D C:\Program Files (x86)\Steam
2016-05-07 16:43 - 2012-09-28 18:18 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1051028164-3291638393-1546100382-1000UA.job
2016-05-07 16:41 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-07 13:42 - 2015-06-11 00:32 - 00000000 ____D C:\AdwCleaner
2016-05-07 13:19 - 2012-10-19 23:05 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-07 12:39 - 2015-06-12 03:39 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-05-05 00:47 - 2012-12-31 06:38 - 00000000 ____D C:\Program Files (x86)\Google
2016-05-05 00:23 - 2015-05-14 12:22 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2016-05-05 00:21 - 2016-02-15 02:09 - 00000000 ____D C:\Program Files (x86)\DSPRobotics
2016-05-05 00:21 - 2016-02-15 02:05 - 00000000 ____D C:\Program Files (x86)\Image-Line
2016-05-05 00:21 - 2014-07-04 18:19 - 00000000 ____D C:\Users\Alexa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2016-05-05 00:21 - 2014-07-04 18:19 - 00000000 ____D C:\Program Files\Image-Line
2016-05-05 00:04 - 2015-06-14 21:57 - 00000000 ____D C:\Users\Alexa\AppData\Local\CrashDumps
2016-05-04 23:31 - 2013-08-28 17:34 - 00000000 ____D C:\Users\Alexa\Documents\Electronic Arts
2016-05-04 22:34 - 2015-12-07 22:18 - 00000000 ____D C:\Users\Alexa\AppData\Local\Last.fm
2016-05-04 22:09 - 2012-09-28 20:15 - 00000000 ____D C:\Users\Alexa\AppData\Local\Spotify
2016-05-04 21:58 - 2012-09-28 20:10 - 00000000 ____D C:\Users\Alexa\AppData\Roaming\Spotify
2016-05-04 21:45 - 2012-09-28 18:18 - 00002376 _____ C:\Users\Alexa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-04 21:43 - 2012-09-28 18:18 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1051028164-3291638393-1546100382-1000Core.job
2016-05-04 21:07 - 2012-12-31 06:40 - 00000000 ___RD C:\Users\Alexa\Google Drive
2016-04-30 23:47 - 2012-09-28 19:33 - 00000000 ____D C:\Users\Alexa\AppData\Roaming\Skype
2016-04-30 14:37 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2016-04-26 20:22 - 2016-03-07 23:00 - 00000000 ____D C:\Users\Alexa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-04-26 20:22 - 2016-03-07 23:00 - 00000000 ____D C:\Users\Alexa\AppData\Local\SquirrelTemp
2016-04-26 20:22 - 2016-03-07 23:00 - 00000000 ____D C:\Users\Alexa\AppData\Local\Discord
2016-04-22 03:57 - 2012-09-28 16:15 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-04-17 19:31 - 2009-07-14 00:45 - 00343376 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-17 02:45 - 2013-08-14 01:20 - 00000000 ____D C:\Windows\system32\MRT
2016-04-17 02:38 - 2012-09-28 16:51 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-10 21:33 - 2013-03-03 22:43 - 00000000 ____D C:\Users\Alexa\AppData\Local\ElevatedDiagnostics
2016-04-07 22:19 - 2012-10-19 23:05 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-07 22:19 - 2012-10-19 23:05 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-07 22:19 - 2012-10-19 23:05 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

==================== Files in the root of some directories =======

2015-05-08 03:12 - 2015-05-08 03:49 - 0007597 _____ () C:\Users\Alexa\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-28 23:04

==================== End of FRST.txt ============================
 
Addition.txt 1

Additional scan result of Farbar Recovery Scan Tool (x64) Version:06-05-2016 03
Ran by Alexa (2016-05-07 17:14:10)
Running from C:\Users\Alexa\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-09-26 22:03:53)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1051028164-3291638393-1546100382-500 - Administrator - Disabled)
Alexa (S-1-5-21-1051028164-3291638393-1546100382-1000 - Administrator - Enabled) => C:\Users\Alexa
Guest (S-1-5-21-1051028164-3291638393-1546100382-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-1051028164-3291638393-1546100382-1008 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer System Information (HKLM-x32\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Alien: Isolation (HKLM-x32\...\Steam App 214490) (Version: - Creative Assembly)
Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version: - Frictional Games)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Audition (HKLM-x32\...\{EA9B4B3E-4C46-4A5F-8D12-6A1331C114A6}) (Version: 1.00.0000 - Redbana)
AVG 2013 (Version: 13.0.2677 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.2740 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.2741 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.2742 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.2793 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.2805 - AVG Technologies) Hidden
Bastion (HKLM-x32\...\Steam App 107100) (Version: - Supergiant Games)
Bejeweled 3 (HKLM-x32\...\Steam App 78000) (Version: - PopCap Games, Inc.)
BioShock (HKLM-x32\...\Steam App 7670) (Version: - 2K Boston)
BioShock 2 (HKLM-x32\...\Steam App 8850) (Version: - 2K Marin)
BIT.TRIP RUNNER (remove only) (HKLM-x32\...\BIT.TRIP RUNNER) (Version: 1.0 - Gaijin Games, Inc.)
Borderlands (HKLM-x32\...\Steam App 8980) (Version: - Gearbox Software)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.42 - Broadcom Corporation)
CameraHelperMsi (x32 Version: 13.50.854.0 - Logitech) Hidden
CDisplayEx 1.10.28 (HKLM\...\CDisplayEx_is1) (Version: - Progdigy Software S.A.R.L.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Claire (HKLM-x32\...\Steam App 252830) (Version: - Hailstorm Games)
Combined Community Codec Pack 2011-11-11 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2011.11.11.0 - CCCP Project)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Cry of Fear (HKLM-x32\...\Steam App 223710) (Version: - Team Psykskallar)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version: - FromSoftware)
Dead Island: Epidemic (HKLM-x32\...\Steam App 222900) (Version: - Stunlock Studios)
Dead Space (HKLM-x32\...\Steam App 17470) (Version: - EA Redwood Shores)
Deus Ex: Game of the Year Edition (HKLM-x32\...\Steam App 6910) (Version: - Ion Storm)
DiscJuggler (HKLM-x32\...\DiscJuggler) (Version: 6.0.0.1400 - Padus Incorporated)
Discord (HKU\S-1-5-21-1051028164-3291638393-1546100382-1000\...\Discord) (Version: 0.0.288 - Hammer & Chisel, Inc.)
Do you like horny bunnies? (HKLM-x32\...\Do you like horny bunnies?) (Version: 1.1 - ZyX)
Downfall version 1.4 (HKLM-x32\...\{7DA02DDE-932E-4F14-9076-079A50E27E28}_is1) (Version: 1.4 - Screen 7)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version: - SCS Software)
Fallout (HKLM-x32\...\GOGPACKFALLOUT_is1) (Version: 2.0.0.14 - GOG.com)
Fallout 2 (HKLM-x32\...\GOGPACKFALLOUT2_is1) (Version: 2.0.0.12 - GOG.com)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
Gone Home (HKLM-x32\...\Steam App 232430) (Version: - The Fullbright Company)
Google Chrome (HKU\S-1-5-21-1051028164-3291638393-1546100382-1000\...\Google Chrome) (Version: 50.0.2661.94 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Grim Fandango Remastered (HKLM-x32\...\Steam App 316790) (Version: - Double Fine Productions)
Guns of Icarus Online (HKLM\...\Steam App 209080) (Version: - Muse Games)
Half-Life (HKLM-x32\...\Steam App 70) (Version: - Valve)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version: - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version: - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version: - Valve)
Half-Life: Blue Shift (HKLM-x32\...\Steam App 130) (Version: - Gearbox Software)
Half-Life: Opposing Force (HKLM-x32\...\Steam App 50) (Version: - Gearbox Software)
Harvester (HKLM-x32\...\Steam App 287020) (Version: - DigiFX Interactive)
Hotline Miami (HKLM-x32\...\Steam App 219150) (Version: - Dennaton Games)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
I Have No Mouth, and I Must Scream (HKLM-x32\...\Steam App 245390) (Version: - Cyberdreams)
ILLUSION RapeLay (HKLM-x32\...\{D1E1F028-1953-43A3-BFD8-D2A00EC06E36}) (Version: 1.00.0000 - ILLUSION)
Intel(R) Chipset Device Software (x32 Version: 10.0.27 - Intel(R) Corporation) Hidden
Intel(R) Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{eddf4201-b72e-4e94-9e7b-ac1ba97c029f}) (Version: 16.11.0 - Intel Corporation)
Katawa Shoujo (HKLM-x32\...\Katawa Shoujo) (Version: - )
Last.fm Scrobbler 2.1.37 (HKLM-x32\...\LastFM_is1) (Version: - Last.fm)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Life Is Strange™ (HKLM-x32\...\Steam App 319630) (Version: - DONTNOD Entertainment)
LIMBO (HKLM-x32\...\Steam App 48000) (Version: - Playdead)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
Lone Survivor: The Director's Cut (HKLM-x32\...\Steam App 209830) (Version: - Jasper Byrne)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.0.162.0 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mount and Blade (HKLM-x32\...\1207666893_is1) (Version: 2.0.0.4 - GOG.com)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
Neverending Nightmares (HKLM-x32\...\Steam App 253330) (Version: - Infinitap Games)
NVIDIA GeForce Experience 2.10.2.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.10.2.40 - NVIDIA Corporation)
NVIDIA Graphics Driver 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.72 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
NVIDIA Update 2.11.2.55 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 2.11.2.55 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.3.2.2730 - Electronic Arts, Inc.)
Outlast (HKLM-x32\...\Steam App 238320) (Version: - Red Barrels)
paint.net (HKLM\...\{DF3A46D9-67B3-44B2-9D01-25C8BA772C8A}) (Version: 4.0.6 - dotPDN LLC)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version: - )
Penumbra: Black Plague (HKLM-x32\...\Steam App 22120) (Version: - Frictional Games)
Penumbra: Overture (HKLM-x32\...\Steam App 22180) (Version: - Frictional Games)
Penumbra: Requiem (HKLM-x32\...\Steam App 22140) (Version: - Frictional Games)
Portal (HKLM-x32\...\Steam App 400) (Version: - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.1 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.1 - Renesas Electronics Corporation) Hidden
Risk of Rain (HKLM-x32\...\Steam App 248820) (Version: - )
Rust (HKLM-x32\...\Steam App 252490) (Version: - Facepunch Studios)
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.7 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Sanitarium (HKLM-x32\...\GOGPACKSANITARIUM_is1) (Version: 2.0.0.25 - GOG.com)
Savage Lands (HKLM-x32\...\Steam App 307880) (Version: - Signal Studios)
SEGA Genesis & Mega Drive Classics (HKLM\...\Steam App 34270) (Version: - Sega)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.10.2.40 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
Sierra Utilities (HKLM-x32\...\Sierra Utilities) (Version: - )
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version: - Valve)
Spotify (HKU\S-1-5-21-1051028164-3291638393-1546100382-1000\...\Spotify) (Version: 1.0.27.75.gdc223232 - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Super Hexagon (HKLM-x32\...\Steam App 221640) (Version: - Terry Cavanagh)
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version: - Team Meat)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synergy (HKLM-x32\...\Steam App 17520) (Version: - Synergy Team)
System Shock 2 (HKLM-x32\...\Steam App 238210) (Version: - Irrational Games)
The 11th Hour (HKLM-x32\...\Steam App 255940) (Version: - Trilobyte Games)
The 7th Guest (HKLM-x32\...\Steam App 255920) (Version: - Trilobyte Games)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version: - Edmund McMillen and Florian Himsl)
The Cat Lady (1.4) version 1.4 (HKLM-x32\...\{006CA75D-81D6-454C-9DB8-95B9274E63D7}_is1) (Version: 1.4 - Screen 7)
The Impossible Game (HKLM-x32\...\Steam App 251630) (Version: - Grip Games)
The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.69.36.024017 - Electronic Arts Inc.)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts)
The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version: - Galactic Cafe)
The Typing of The Dead: Overkill (HKLM-x32\...\Steam App 246580) (Version: - Modern Dream)
The Ultimate DOOM (HKLM-x32\...\Steam App 2280) (Version: - id Software)
Thomas Was Alone (HKLM-x32\...\Steam App 220780) (Version: - Mike Bithell)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.1.2.4 - TOSHIBA Corporation)
Transmission-Qt (HKLM-x32\...\8538E49A-6FE5-4FDB-8649-922BB839F21F) (Version: 2.77 - transmissionbt.com)
Ultra Street Fighter IV (HKLM-x32\...\Steam App 45760) (Version: - Capcom)
Undertale (HKLM-x32\...\Steam App 391540) (Version: - tobyfox)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.5.1 (HKLM\...\VulkanRT1.0.5.1) (Version: 1.0.5.1 - LunarG, Inc.)
VVVVVV (HKLM-x32\...\Steam App 70300) (Version: - Terry Cavanagh)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
XPatcher (HKU\S-1-5-21-1051028164-3291638393-1546100382-1000\...\b357ffb973943035) (Version: 3.4.2.31 - XPatcher)
Yume Nikki 0.10 English (HKU\S-1-5-21-1051028164-3291638393-1546100382-1000\...\Yume Nikki 0.10 English) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Alexa\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {32DAB3FF-DDE5-40AB-9A31-6617BB2C81AD} - System32\Tasks\{BC98BCCC-2999-4EDD-AF21-1E70CE27BDFA} => pcalua.exe -a "C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\bin\addoninstaller.exe" -d "C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2" -c /register
Task: {330EB290-688F-495E-B16C-73E88FA0C319} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2012-11-02] (Microsoft Corporation)
Task: {41D551B2-C151-49F4-B485-E5E5534F64B8} - System32\Tasks\{5742BBF3-5739-4CF7-AC7D-2A7B7FCAD051} => pcalua.exe -a "C:\Program Files (x86)\Last.fm\UninsHs.exe" -c /u0=LastFM
Task: {50C8D3D1-F3F6-4AD4-A3D5-0C10F11A34CA} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2012-11-02] (Microsoft Corporation)
Task: {A396B0AB-8F7C-4B80-81C5-0CD890236EC2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {C829C921-7374-4E6B-B5BE-3B5A18CBFAF8} - System32\Tasks\{E7BFF0F5-C254-408A-A53B-53AE74F0D494} => pcalua.exe -a "C:\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/570
Task: {D118A910-D1E3-45B4-84EC-0B909F07DB55} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2012-11-02] (Microsoft)
Task: {DC0310CC-7F5E-4BE5-837C-78DD150280F6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1051028164-3291638393-1546100382-1000Core => C:\Users\Alexa\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {E4842BE0-7590-42B4-8695-3318212C4642} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-07] (Adobe Systems Incorporated)
Task: {E4F4D9F8-7236-4819-909C-355BD9B1002C} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {E9407586-FA4F-4830-82C0-67E03A3125EC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1051028164-3291638393-1546100382-1000UA => C:\Users\Alexa\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1051028164-3291638393-1546100382-1000Core.job => C:\Users\Alexa\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1051028164-3291638393-1546100382-1000UA.job => C:\Users\Alexa\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2012-11-02 13:35 - 2016-03-21 22:25 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-04-05 02:18 - 2011-04-05 02:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-03-01 23:22 - 2016-03-29 21:21 - 00366528 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-05-04 21:12 - 2016-03-29 21:21 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-03-01 23:22 - 2016-03-29 21:22 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2015-12-23 23:07 - 2016-03-29 21:21 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2007-06-05 13:20 - 2007-06-05 13:20 - 00177704 _____ () C:\Windows\SysWOW64\PSIService.exe
2016-05-04 21:12 - 2016-03-29 21:21 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-05-04 21:12 - 2016-03-29 21:21 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-05-04 21:12 - 2016-03-29 21:22 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-01-27 19:33 - 2016-03-29 21:22 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-05-04 21:12 - 2016-03-29 21:20 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-05-04 21:12 - 2016-03-29 21:20 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2015-03-30 18:47 - 2016-03-29 21:28 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2016-05-07 16:57 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1051028164-3291638393-1546100382-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Alexa\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AcronisTibMounterMonitor => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: EaseUS TB Tray Agent => "C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe"
MSCONFIG\startupreg: GarenaPlus => "C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe" -autolaunch
MSCONFIG\startupreg: Google Update => "C:\Users\Alexa\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Alexa\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
 
Addition.txt 2

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{4CE73CEA-FCF8-4840-B893-53E410CC0C15}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{2B369800-2B7E-4587-B7D6-3ACEC86A1454}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{6A05E2B3-8A97-42DF-80D7-DF3B721230B4}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{6591A389-C84A-43CD-9B4E-D0E364790AC7}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{E03F13EE-72AE-43FC-84B6-505A5F34057D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{EE94262F-291B-4F90-8E2C-BDB92D7389BC}C:\users\alexa\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\alexa\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{2A5C22A3-3A7D-413D-B164-85E29F0DD803}C:\users\alexa\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\alexa\appdata\roaming\spotify\spotify.exe
FirewallRules: [{5A1F2F30-E36D-4314-A6AB-B6F3694AA95B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C1AF04AD-56C8-42FF-A5A0-867B0930D8E2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{49015933-BF6E-446E-83AB-33CF670358A1}C:\program files (x86)\steam\steamapps\eccentric_ebonics\team fortress 2\hl2.exe] => (Block) C:\program files (x86)\steam\steamapps\eccentric_ebonics\team fortress 2\hl2.exe
FirewallRules: [UDP Query User{AE8E12AC-7E31-4EDB-BE16-C248F81A43CC}C:\program files (x86)\steam\steamapps\eccentric_ebonics\team fortress 2\hl2.exe] => (Block) C:\program files (x86)\steam\steamapps\eccentric_ebonics\team fortress 2\hl2.exe
FirewallRules: [{E2D8487D-082F-4B6B-8145-F1C52EF0F18E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\eccentric_ebonics\half-life\hl.exe
FirewallRules: [{40FEF2FE-EAD7-4D88-8A58-5FFC9D5E5577}] => (Allow) C:\Program Files (x86)\Steam\steamapps\eccentric_ebonics\half-life\hl.exe
FirewallRules: [{098BD959-AD79-4F98-97E1-C24B8DE23128}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{0AEE10B4-7BBD-4FA6-A126-BD6932F269F7}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{0CA5BCFA-627F-45B3-B757-CF0A2EAAF1AB}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{3E03B3C7-A899-43EC-9084-8C29E6A236EF}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [TCP Query User{80BA1A30-20DD-4104-9DF7-CFADA5EEF420}C:\users\alexa\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\alexa\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{D5E4D3A0-1EFF-41C3-AAB9-4DF5EB7DD0BC}C:\users\alexa\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\alexa\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{30EDA368-68A3-43EF-9D4E-3635EAED6AE4}] => (Allow) C:\Program Files (x86)\MSN Messenger\msnmsgr.exe
FirewallRules: [{EBC89B27-DDCB-4CB6-962E-CFE6617BD5CB}] => (Allow) C:\Program Files (x86)\MSN Messenger\msnmsgr.exe
FirewallRules: [{8CD4552A-4A80-4F7D-B8AD-4CD72E68EC88}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{FEF13BD2-B325-4D9A-8752-BEFA6B1FAAFF}] => (Allow) svchost.exe
FirewallRules: [{F4882FBC-0227-4212-BA4B-1DB6B56E4EE7}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\livecall.exe
FirewallRules: [{F89D4EE7-CA47-4035-ACDA-7E37713E394A}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{7F36BCB6-8520-41EB-818F-408F03368A82}] => (Allow) svchost.exe
FirewallRules: [{FE2324F9-65A4-4789-80ED-C6EA66A0D0D0}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\livecall.exe
FirewallRules: [{FCB8F651-E4E9-41E0-AACE-77A6059886B6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{FB11BF0C-4822-497F-9A35-64DABF4F674C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [TCP Query User{82FAD8E0-9762-4958-8E35-18CA42CB2BC9}C:\program files (x86)\transmission-qt\transmission-qt.exe] => (Block) C:\program files (x86)\transmission-qt\transmission-qt.exe
FirewallRules: [UDP Query User{F0589240-4FC6-457F-A8BF-16F9C3B2EB07}C:\program files (x86)\transmission-qt\transmission-qt.exe] => (Block) C:\program files (x86)\transmission-qt\transmission-qt.exe
FirewallRules: [TCP Query User{09E61412-882A-4432-9FF0-604B3BA7B176}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Block) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [UDP Query User{CD841EF4-3D6C-4BBC-8279-DC85153273F1}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Block) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [{89FF8299-E819-4F70-A561-E73F8350CBCD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{5F357D42-BC0B-466D-8B59-A7E1FAEBF4AA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [TCP Query User{68672C05-0A67-430E-87DF-DAA872C5AA80}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Block) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [UDP Query User{EEF9AB21-893F-414A-85FC-0ED62B0BD074}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Block) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [{856E3538-E027-4932-A453-CC6FCCFBB896}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [{7D45C4D4-DF3C-498E-9129-182DB7FD4A3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [{8C3B1731-4913-4707-9251-4756A779C031}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{04EAB062-44BF-40CF-95D0-A365E0E405A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{D3D29C32-68E8-4581-9020-DC4537287184}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [{4FF67B62-6D9E-4F55-A2A0-55976588D5BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [{900B0BF5-F863-4C81-81F7-D92AD4380677}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Hexagon\superhexagon.exe
FirewallRules: [{9A9AC392-AFB5-4AF6-80D5-01FB89214907}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Hexagon\superhexagon.exe
FirewallRules: [{471829E1-922A-435D-9076-963C24F61CF4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{AC50E285-C3D9-41FE-961C-EDE230EF4298}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{2BFAA679-8980-4FF7-B8B3-A343334D709C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{53338B04-E9AB-4150-BE3A-A6D416ACDBF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{04E5F2DB-195F-4D76-AD3C-0EB0E4F7E413}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gone Home\GoneHome.exe
FirewallRules: [{9E514707-B3B0-452D-A8F6-BC25C74E37C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gone Home\GoneHome.exe
FirewallRules: [{95AD1F2F-2E73-47FC-A6AF-6583BEA20596}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Stanley Parable\stanley.exe
FirewallRules: [{3CBDDB69-328A-4905-AA1B-62B31A486DEA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Stanley Parable\stanley.exe
FirewallRules: [{EB952442-0C11-438A-8BAE-C6D8EEE28D83}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{1B59183F-4898-414D-9DBE-F2127A6E5719}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{610626B9-0B78-4B11-A66D-84A9EE3A6894}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\hotline_miami\HotlineMiami.exe
FirewallRules: [{E52703E6-1F94-47E9-A785-04C446D1A585}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\hotline_miami\HotlineMiami.exe
FirewallRules: [TCP Query User{75A8AD4E-513F-4EC9-AB48-28E076FDAF9F}C:\users\alexa\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\alexa\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{EAF5B981-4B5B-4223-9E21-D4FB47E1C905}C:\users\alexa\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\alexa\appdata\roaming\spotify\spotify.exe
FirewallRules: [{03AC60CC-9BA0-47D6-9226-76A15B7A022F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{23313942-0C0F-4174-8918-09A04C02BF49}] => (Allow) LPort=2869
FirewallRules: [{1C03408C-AF36-4631-AD01-CA6DBB61B72A}] => (Allow) LPort=1900
FirewallRules: [{53DA531F-C357-4786-B772-160CCAEA2315}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Typing of the Dead Overkill\HOTD_NG.exe
FirewallRules: [{AB0B02D8-A06C-4F6F-A40A-D60A673BA35B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Typing of the Dead Overkill\HOTD_NG.exe
FirewallRules: [{13EDCC1E-2904-474F-BFBF-40C435AA4003}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\IHNMAIMS\ScummVM_Windows\scummvm.exe
FirewallRules: [{405D5446-EF13-48EA-B879-13A2AF40E93C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\IHNMAIMS\ScummVM_Windows\scummvm.exe
FirewallRules: [{8FCA29AC-6F59-4C82-91C9-4B56349300C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{56CE9B17-0B81-45D4-BA40-257C308ABBED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{786E24B7-BF9D-4FEA-8EDF-676D583E2E86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Limbo\limbo.exe
FirewallRules: [{CEF754D0-9BEF-4CAF-86B5-9E08A5D72CB5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Limbo\limbo.exe
FirewallRules: [{425FC6B8-E934-4ADB-8873-565951E0DD16}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\thomaswasalone\ThomasWasAlone.exe
FirewallRules: [{4A954DCD-7035-4988-9FA1-5F4269E67BCB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\thomaswasalone\ThomasWasAlone.exe
FirewallRules: [TCP Query User{3B1A7FA9-C8A5-44B5-BCCB-3C152B4F647D}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [UDP Query User{4CC82FA3-814D-49F7-9BB7-5B37FF1E57B8}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [{F7790C0D-3106-4EE9-ABD5-C4D2B311B3F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{75BD6EBA-8739-41B1-B66B-9057D636F0D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{AFC10E11-193B-4B27-9E77-C81A53C715CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{5D9B89D6-4BD3-494F-922B-E94C86003F7D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{D9D0D582-057B-4447-A8E3-CBFAC9692AA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock 2\MP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{78FE87AD-44C2-4806-A972-BF1420A48D53}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock 2\MP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{7C682F4A-9BAB-45B5-B81A-6F7ED4D721A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\vvvvvv\VVVVVV.exe
FirewallRules: [{AD4B41AC-1518-4B87-BC4E-B107BC432911}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\vvvvvv\VVVVVV.exe
FirewallRules: [{79CDA0BF-B798-4F96-889D-71D85E95A572}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bastion\Bastion.exe
FirewallRules: [{43F2D36E-DB70-425F-9B75-8A5AE3E125B6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bastion\Bastion.exe
FirewallRules: [{7FB9BBDC-AFCA-4007-BF68-B08AC68FBB16}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{8CCBF985-74BC-462A-911A-E6F83AE4E892}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{1FFB424A-82A4-4E05-A5BA-BDFC900F50C8}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\livecall.exe
FirewallRules: [{496CD40B-D9AD-472D-92AA-EA267ACE0EA2}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\livecall.exe
FirewallRules: [{AF9E3028-AA04-43D9-8F11-A8D3B2F738D2}] => (Allow) svchost.exe
FirewallRules: [{2796723C-A82B-4FB3-AE3A-DFA4F1127FF2}] => (Allow) svchost.exe
FirewallRules: [{6750FEB3-07BF-45DD-9CCF-67F6DC54DC54}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe
FirewallRules: [{BEEF7D34-AAAE-4826-A679-B2D1A24487B5}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe
FirewallRules: [{0C1E0A4C-8301-4909-ACE8-224C4702BE57}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2BBBA796-6611-4D71-A16D-445EA99403F6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{171623B4-10EB-4F15-8887-EA23EB5B93B0}] => (Allow) C:\Users\Alexa\Downloads\MstarInstaller.exe
FirewallRules: [{2F262014-08E6-4A9B-BDF8-3C5FD6F7B725}] => (Allow) C:\Users\Alexa\Downloads\MstarInstaller.exe
FirewallRules: [{D11B2EF9-0632-4732-B530-412CC7277D09}] => (Allow) C:\Program Files (x86)\Garena Plus\ggdllhost.exe
FirewallRules: [TCP Query User{F6DE2FA1-D9EF-4E49-8705-330DF7204A12}C:\program files (x86)\garena plus\garenamessenger.exe] => (Allow) C:\program files (x86)\garena plus\garenamessenger.exe
FirewallRules: [UDP Query User{CA64B2E7-8D63-4659-8D0A-DCB3FC9B7637}C:\program files (x86)\garena plus\garenamessenger.exe] => (Allow) C:\program files (x86)\garena plus\garenamessenger.exe
FirewallRules: [TCP Query User{4D1EB51C-A52A-4AC8-AFAE-4897E877DBF9}C:\program files (x86)\garenamstar\gamedata\apps\mstar\binaries\nurien.exe] => (Allow) C:\program files (x86)\garenamstar\gamedata\apps\mstar\binaries\nurien.exe
FirewallRules: [UDP Query User{2CB68FFE-0A76-4788-800A-F3D554D7CDBB}C:\program files (x86)\garenamstar\gamedata\apps\mstar\binaries\nurien.exe] => (Allow) C:\program files (x86)\garenamstar\gamedata\apps\mstar\binaries\nurien.exe
FirewallRules: [{48F1E6B5-3BBD-4EDF-97D9-7131B36EDFDE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{525DD5BD-DFF6-4DE5-84A8-498D52B6B28B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{C4B6375E-78D5-47E1-99E7-AC85E7902C09}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{7B5E3C4E-0615-4CEA-AFAA-AECB1E16380E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{4CAD1BED-76E4-48EE-8757-01DF62B89AB7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SS2\Shock2.exe
FirewallRules: [{24339D6B-89C2-45B0-9063-7B2318FD5FB7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SS2\Shock2.exe
FirewallRules: [{B75A1169-1A8A-4BB7-B23E-196F681EC544}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The7thGuest\ScummVM_Windows\scummvm.exe
FirewallRules: [{043019E2-B045-4772-A254-983C88C7EE97}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The7thGuest\ScummVM_Windows\scummvm.exe
FirewallRules: [{6E4482F3-22B4-4EEB-A3AE-BB32BCC96BAB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The11thHour\v32win.exe
FirewallRules: [{125580B5-29F4-4577-B33B-D95C0E1F9FAA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The11thHour\v32win.exe
FirewallRules: [{5C9552B9-3524-451D-8EB1-CE8FB60C9ED3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Claire\Claire.exe
FirewallRules: [{F1AC0248-5EAE-43BC-B3C8-63F6DA43F074}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Claire\Claire.exe
FirewallRules: [TCP Query User{1836C0A3-8123-49C8-A53D-474D4290F097}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{47E6D63C-06BC-4852-A09E-E2590B819E0E}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{0DB251A8-69C8-4ED7-9282-E32DB72CEAD0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{85F323BB-8711-4B08-9CDB-69FD2BE417F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{2DB261CA-BAF4-4539-8CA2-8C49BF1CFF6D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Synergy\hl2.exe
FirewallRules: [{7FBCBF88-1A4F-4DAF-98F3-94D3F3353AF4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Synergy\hl2.exe
FirewallRules: [{82AA6DE4-F98C-4A6D-B07F-7777D97836BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{5564E007-D493-427F-B737-9CE5A9D95680}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{C1FED637-5339-4AED-B4AC-61ECDEA2B7C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Island Epidemic\Dead Island Epidemic - Launcher.exe
FirewallRules: [{F200CA07-5747-4180-AC09-F789F960B3C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Island Epidemic\Dead Island Epidemic - Launcher.exe
FirewallRules: [{4FF28671-1722-48CB-9C03-A5000887E4F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{B34F2BC6-62D7-40FE-AA3B-F12371FA2992}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{0CC71D56-942C-4783-BBBF-CA62E1F2E2DC}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{615E6052-5CDC-49EA-8DB0-B4027873FA62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{D6944609-EE99-4A49-93FF-13104A694E27}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{39F27B84-2FB0-42DF-913F-33C33F3CCED8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{9CC79E20-569C-45BD-B51C-121C75334600}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{3B777E15-35D6-46F2-93BE-31B5B74C2B3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{4E9BF447-1CC4-43EE-8C0C-A6BED02E7FF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{AB59E31D-89E2-4B18-92EC-07F154963E63}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Neverending Nightmares\nightmare.exe
FirewallRules: [{9CC1CE57-A2BF-4062-ADF8-58830015A228}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Neverending Nightmares\nightmare.exe
FirewallRules: [{881B0906-0B09-4FF9-905B-997D5F7DA288}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{78900925-793C-4E74-864B-6254891F3531}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{271A2AE1-00A6-43A2-AA07-D6C7F12B78F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{0E42B386-B2E5-4DDB-AB48-5219E7632837}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{1A9FB8E4-8133-483D-9A19-3BBD43745C8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{6EA3B40C-2631-4533-B639-9E9ADFCBBE6D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{7E52F9C8-02F0-4CD0-A9B4-A7B9510B3712}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{21CCC12F-49C9-4C0B-ACFE-8A788F278BFF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{936BA3C1-6142-4D24-A3D0-B51C77C2759E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{8EEC82FD-9C43-44AF-8D3A-24071E2F2609}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{2F2578CC-E867-4074-B868-1A08163ED626}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{4EC58E83-DD96-4242-BF8A-1AD08E24D132}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{30E8F4A3-8685-4D74-8E37-25E2968A3138}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{6FF8E439-6FAC-4735-8B00-44F90EC6FEBA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{5EBFCDBA-7B86-4043-A537-12AD2ECA8D13}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
FirewallRules: [{9E7C88BB-B1CC-4214-9C29-E5F16049833A}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{89CDFCC2-5678-4A2A-96C1-3C28EB0292B3}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{8B049330-5369-4749-ACCC-239D46F35161}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheImpossibleGame\ImpossibleGame.exe
FirewallRules: [{2EB238AF-2E7A-4818-B024-B090CEEBED7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheImpossibleGame\ImpossibleGame.exe
FirewallRules: [{5468B159-3E72-49B6-8C98-5D85D440B0D1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{2B09BEF0-5C09-448C-9FE4-3065BEA50C45}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{4CAE3651-49DD-4F82-8C0A-8C442C64A072}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{2DF88F29-B2B8-4C83-9F9A-7CBB4E4BA5CB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9BE2F257-3082-4B7E-B94E-594F70243945}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{838A8EDF-CB50-4763-98FC-4D2A6B5B575C}C:\users\alexa\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\alexa\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{1B8A6E68-7320-40B9-8C4A-B8793981E37F}C:\users\alexa\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\alexa\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{5298F135-AEE7-4629-83AF-0E53750586BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Street Fighter IV - Arcade Edition\SSFIV.exe
FirewallRules: [{D7D233B9-256A-432F-BF1F-43D0C5C31B42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Street Fighter IV - Arcade Edition\SSFIV.exe
FirewallRules: [{B114EF92-B870-49F8-81F7-AAB44DF391F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{D6A5083A-B68F-49DE-AFB1-566C8605BC81}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{7C75EA10-7F22-4382-B6A7-7933FC94F083}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Outlast\OutlastLauncher.exe
FirewallRules: [{D6C027B5-05CA-4244-B149-B2539C76222A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Outlast\OutlastLauncher.exe
FirewallRules: [{689B7E18-9510-4225-8EB6-71B82CFDB46A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Penumbra Black Plague\redist\Penumbra.exe
FirewallRules: [{742DAB12-BF7F-4AB7-BCC8-CC668B1A0C40}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Penumbra Black Plague\redist\Penumbra.exe
FirewallRules: [{29E3E35E-9A1B-4335-A579-A2A67328ADAB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Penumbra Overture\redist\Penumbra.exe
FirewallRules: [{F63EC119-8E8A-4FB5-A084-864E2321A417}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Penumbra Overture\redist\Penumbra.exe
FirewallRules: [{478087CC-87C6-4E45-89E4-F6C3DF8189DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Penumbra Black Plague\redist\Requiem.exe
FirewallRules: [{5F53AD05-A902-4D68-A898-44212EED62B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Penumbra Black Plague\redist\Requiem.exe
FirewallRules: [{DD7A001E-26A8-4144-AA7F-1074E2E599D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{B928759C-1579-4663-80B3-1AA3D62EE14C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [TCP Query User{B67ED089-1B0C-40E1-9FA2-0FDCCA456B68}C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [UDP Query User{EAA69EB4-1064-47BE-9816-35D81CA4340C}C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [{F00E7DA9-196B-40D1-A1C6-D5BD6F350488}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{11E8FB0D-6933-4E38-8603-7F4CD579B39C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{DEEEC7DA-197E-4328-8699-DB3AAB07E110}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Harvester\dosbox_windows\dosbox.exe
FirewallRules: [{14563D2A-C40A-40F6-A680-BB131031DE51}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Harvester\dosbox_windows\dosbox.exe
FirewallRules: [{15EE30C4-DC49-467E-BFB7-B4E55A98DF78}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Harvester\dosbox_windows\daum\dosbox.exe
FirewallRules: [{E84C21FE-F7C9-4335-97F9-C9A869B57200}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Harvester\dosbox_windows\daum\dosbox.exe
FirewallRules: [{23A61DFA-4F9E-4754-9B06-C9FEB8761136}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grim Fandango Remastered\GrimFandango.exe
FirewallRules: [{2DF06D4E-A5D5-4A0E-96AF-B2BB1AE24321}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grim Fandango Remastered\GrimFandango.exe
FirewallRules: [{E3A7BE0F-7FB1-49CF-B4BC-24A7D05EBF6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lone Survivor\LoneSurvivor\LoneSurvivor.exe
FirewallRules: [{C5B826B4-373B-4564-8FC1-B0599E26EFF4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lone Survivor\LoneSurvivor\LoneSurvivor.exe
FirewallRules: [{14B22680-B3EB-4C90-AC09-8B0A3DD5EFAF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Alien Isolation\AI.exe
FirewallRules: [{6EADD980-7E26-4750-BDC4-263AFE60FB89}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Alien Isolation\AI.exe
FirewallRules: [TCP Query User{FC1C25E9-EA19-4BD1-8BB1-9CF1D363D386}C:\users\alexa\documents\games\halo 3 online\eldorado.exe] => (Block) C:\users\alexa\documents\games\halo 3 online\eldorado.exe
FirewallRules: [UDP Query User{05A6D940-A9BF-4907-820F-B0A831923D76}C:\users\alexa\documents\games\halo 3 online\eldorado.exe] => (Block) C:\users\alexa\documents\games\halo 3 online\eldorado.exe
FirewallRules: [{78053687-C6FB-49DF-AA19-42C0266BF259}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{C3C7BF27-7F07-4F4B-B9DD-6FD59CB09EEF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{2C08E63C-FA8A-4DE7-821A-64CE904F94C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Space\Dead Space.exe
FirewallRules: [{FD4938E2-734F-494B-AF59-384B58F749A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Space\Dead Space.exe
FirewallRules: [{E3384B40-4BB0-4442-BB13-E604D445C3BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ultimate Doom\base\dosbox.exe
FirewallRules: [{D6FE1555-5795-4DA6-ACD3-F54A6ECC6AF0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ultimate Doom\base\dosbox.exe
FirewallRules: [{FB24363A-D97A-4DC4-9C06-316545007217}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex\System\DeusEx.exe
FirewallRules: [{A4EFA97F-DB45-4B84-9DAB-5F46883CB1A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex\System\DeusEx.exe
FirewallRules: [{E2C72E4E-4F97-4D47-A1CC-3A000729B638}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Savage Lands\SavageLands.exe
FirewallRules: [{98B14255-C53A-4F65-94F1-BC925E0B1E8C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Savage Lands\SavageLands.exe
FirewallRules: [{EE6F4452-9200-4722-AE06-BA8AE4463891}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{A80DD383-3F94-4B8C-9A4E-E525DE02BC72}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{FD277F6A-444E-4254-B10D-9D999010B863}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [{E045DBA3-0F24-494D-87F7-B8BEA8253486}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [{1C6E43A4-C9F4-48B6-99C9-39C2C17AB40F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{5EA03784-0FEE-4F02-9A38-321085898AE6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [TCP Query User{47EFB772-7440-49C0-AE28-5061ABBC2D27}C:\program files (x86)\glyph\games\atlas reactor\live\win32\atlasreactor.exe] => (Block) C:\program files (x86)\glyph\games\atlas reactor\live\win32\atlasreactor.exe
FirewallRules: [UDP Query User{DCDEF389-A62B-4385-8FC6-4DDCE37A6B83}C:\program files (x86)\glyph\games\atlas reactor\live\win32\atlasreactor.exe] => (Block) C:\program files (x86)\glyph\games\atlas reactor\live\win32\atlasreactor.exe
FirewallRules: [{A3FC46BD-76E4-4C67-BCF4-4A9221C0D2A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{08044059-EF55-42A5-98B5-C4AD4FFFF37A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{8B19E8CE-CDDE-4C00-B512-4146CCD3360E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{C5E67B01-3EEB-42FB-AAB8-6595CC4CCC88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{FD1C274A-115F-40DD-9248-C2ABDFA04D7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sega Classics\SEGAGameRoom.exe
FirewallRules: [{908C3549-6947-484F-BBAE-51AA149E6F97}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sega Classics\SEGAGameRoom.exe
FirewallRules: [{B67BF4AE-A6C1-4DAA-93D9-3D9B3238FF53}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sega Classics\SEGAGenesisClassics.exe
FirewallRules: [{6220AA50-09D5-40D2-8472-2B701D8F9314}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sega Classics\SEGAGenesisClassics.exe
FirewallRules: [{38908F04-F4FB-42B9-A3AB-38F19AD51B01}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{548FC1BC-EC16-40D2-8090-35473A138696}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{8CE9A836-617A-4A6A-AE86-E651CC2E164E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{2D9C5120-9338-4D49-963D-8BBF5C1244FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe

==================== Restore Points =========================

30-04-2016 14:36:56 Scheduled Checkpoint
30-04-2016 16:02:21 Installed DirectX
04-05-2016 21:20:31 Windows Update
04-05-2016 23:30:32 Installed DirectX
05-05-2016 00:06:52 Removed Google Drive
07-05-2016 13:48:25 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/05/2016 12:04:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Dead Space.exe, version: 1.0.0.222, time stamp: 0x493e043a
Faulting module name: Dead Space.exe, version: 1.0.0.222, time stamp: 0x493e043a
Exception code: 0xc0000005
Fault offset: 0x0031e660
Faulting process id: 0x21c4
Faulting application start time: 0xDead Space.exe0
Faulting application path: Dead Space.exe1
Faulting module path: Dead Space.exe2
Report Id: Dead Space.exe3

Error: (05/05/2016 12:00:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Dead Space.exe, version: 1.0.0.222, time stamp: 0x493e043a
Faulting module name: Dead Space.exe, version: 1.0.0.222, time stamp: 0x493e043a
Exception code: 0xc0000005
Fault offset: 0x0039ccd8
Faulting process id: 0x418
Faulting application start time: 0xDead Space.exe0
Faulting application path: Dead Space.exe1
Faulting module path: Dead Space.exe2
Report Id: Dead Space.exe3

Error: (04/10/2016 09:45:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SuperMeatBoy.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1a7c

Start Time: 01d19393d4d2a4c8

Termination Time: 44

Application Path: C:\Program Files (x86)\Steam\steamapps\common\Super Meat Boy\SuperMeatBoy.exe

Report Id: 17096c56-ff87-11e5-ada2-b870f461cd42

Error: (04/10/2016 08:41:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Dolphin.exe, version: 0.0.0.0, time stamp: 0x560819f3
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000be8ce000
Faulting process id: 0xea8
Faulting application start time: 0xDolphin.exe0
Faulting application path: Dolphin.exe1
Faulting module path: Dolphin.exe2
Report Id: Dolphin.exe3

Error: (04/06/2016 09:26:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_Shell32.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc9e0
Faulting module name: ntdll.dll, version: 6.1.7601.19160, time stamp: 0x56bcd74c
Exception code: 0xc0000374
Fault offset: 0x00000000000c0aa2
Faulting process id: 0x1af0
Faulting application start time: 0xrundll32.exe_Shell32.dll0
Faulting application path: rundll32.exe_Shell32.dll1
Faulting module path: rundll32.exe_Shell32.dll2
Report Id: rundll32.exe_Shell32.dll3

Error: (04/05/2016 07:22:58 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).

Error: (04/03/2016 08:24:41 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).

Error: (04/03/2016 04:55:14 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).

Error: (04/01/2016 10:07:26 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).

Error: (03/31/2016 10:11:01 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).


System errors:
=============
Error: (05/07/2016 04:57:18 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (05/07/2016 04:56:42 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (05/07/2016 04:56:42 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (05/07/2016 04:52:33 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (05/07/2016 04:42:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/07/2016 01:48:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/07/2016 01:44:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/07/2016 01:43:16 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (05/07/2016 01:43:16 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (05/07/2016 01:43:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
%%1069


CodeIntegrity:
===================================
Date: 2016-05-07 16:56:42.246
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-05-07 16:56:42.183
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-05-07 16:56:42.121
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-05-07 16:56:42.058
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-08-05 00:03:59.548
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NETwsw00.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-08-05 00:03:59.380
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NETwsw00.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-08-04 23:52:09.888
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NETwsw00.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-08-04 23:52:09.724
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NETwsw00.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-08-04 22:42:20.175
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NETwsw00.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-08-04 22:42:19.675
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NETwsw00.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz
Percentage of memory in use: 36%
Total physical RAM: 6050.69 MB
Available physical RAM: 3842.18 MB
Total Virtual: 12099.57 MB
Available Virtual: 10169.64 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:420.47 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: F68D5142)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    4 KB · Views: 3
Fix result of Farbar Recovery Scan Tool (x64) Version:06-05-2016 03
Ran by Alexa (2016-05-08 23:21:13) Run:1
Running from C:\Users\Alexa\Desktop
Loaded Profiles: Alexa (Available Profiles: Alexa & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1051028164-3291638393-1546100382-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll [No File]
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
CHR Plugin: (Shockwave Flash) - C:\Users\Alexa\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Users\Alexa\AppData\Local\Google\Chrome\Application\50.0.2661.94\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Alexa\AppData\Local\Google\Chrome\Application\50.0.2661.94\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Users\Alexa\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
S4 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe" [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]
S3 X6va028; \??\C:\Windows\SysWOW64\Drivers\X6va028 [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
S3 X6va031; \??\C:\Windows\SysWOW64\Drivers\X6va031 [X]
S3 X6va035; \??\C:\Windows\SysWOW64\Drivers\X6va035 [X]
2015-05-08 03:12 - 2015-05-08 03:49 - 0007597 _____ () C:\Users\Alexa\AppData\Local\Resmon.ResmonCfg
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Alexa\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Alexa\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File


*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay" => key removed successfully
HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => key not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1051028164-3291638393-1546100382-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@ogplanet.com/npOGPPlugin" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@t.garena.com/garenatalk" => key removed successfully
C:\Users\Alexa\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll => not found.
C:\Users\Alexa\AppData\Local\Google\Chrome\Application\50.0.2661.94\ppGoogleNaClPluginChrome.dll => not found.
C:\Users\Alexa\AppData\Local\Google\Chrome\Application\50.0.2661.94\pdf.dll => not found.
C:\Users\Alexa\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => not found.
LMIGuardianSvc => service removed successfully
catchme => service removed successfully
X6va017 => service removed successfully
X6va028 => service removed successfully
X6va029 => service removed successfully
X6va031 => service removed successfully
X6va035 => service removed successfully
C:\Users\Alexa\AppData\Local\Resmon.ResmonCfg => moved successfully
"HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}" => key removed successfully
"HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully
"HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully
"HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
"HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully
"HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => key removed successfully
"HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
"HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully
"HKU\S-1-5-21-1051028164-3291638393-1546100382-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully

==== End of Fixlog 23:21:14 ====
 
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Results of screen317's Security Check version 1.014 --- 12/23/15
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 21.0.0.213
Mozilla Firefox 38.0.1 Firefox out of Date!
Google Chrome (49.0.2623.112)
Google Chrome (50.0.2661.94)
Google Chrome (SetupMetrics.pma..)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 12% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 27-01-2016
Ran by Alexa (administrator) on 09-05-2016 at 21:29:01
Running from "C:\Users\Alexa\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is set to Disabled. The default start type is 3.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.


System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 
Update Firefox to the current version.

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.
 
Back