WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93098 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

LSASS.EXE is infected on Windows 7 (64bit) [Closed]

Started by aWeeMoose , Jun 07 2016 06:42 PM

windows security trojan

This topic is locked

10 replies to this topic

#1 aWeeMoose

New Member

Authentic Member
5 posts

Posted 07 June 2016 - 06:42 PM

I have been researching this for a few days, with no answers.

I keep this notices after restarting that LSASS.EXE (located in windows/system32 directory), is attempting to create a new user login. The file size seems to be the standard 30 kb.

Once in a while, my laptop gets very slow. Nothing strange in Task Manager.

Also, in recent months, I had repeated fake warnings (browser: Google Chrome) from my ISP telling me that I broke laws and I must phone them. These fake warnings had a blue background, the logo of Shaw Communications and an embedded audio telling me that I broke laws and I will be arrested, and to call a 1800 number.

I have a warcrest for situations like this, and only ESET online scanner actually detected the problem at hand.

ESET Results (Scan Time: 20 hours)

C:\Kernels\driver\explorer.exe   Win32/BitCoinMiner.N potentially unsafe application
C:\Downloads\spsetup126.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Program Files (x86)\Dorgem\Dorgem.exe.56b2541a   a variant of Win32/DorgeCapturer.A potentially unsafe application
C:\Windows\System32\drivers\hmpnet.sys   a variant of Win64/NetFilter.A potentially unsafe application
C:\Lame32\dffsetup-lame_enc.exe   a variant of Win32/Systweak.U potentially unwanted application

Now I am attempting to delete the registry entries that first alerted me that something is wrong with my system. This alert pops up, about 60 seconds after my internet connection comes online. The registry entry is not visible in regedit.

Application was blocked. This was determined to be a high-risk application by system control heuristics.

Application path: C:\Windows\System32\lsass.exe

Version:5.6.3.186847

Database:2.0.1.0

Action:A new user will be created

Object:HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\Account\Aliases\Members\S-1-5-21-1809310298-4277939237-1222154954\000003F4

Target:

Modules:

Advertisements

Register to Remove

#2 Conspire

SuperHelper

Retired Classroom Teacher
5,806 posts

Posted 07 June 2016 - 08:55 PM

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days.

Hello there, aWeeMoose

:welcome:

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:

Read the entire procedure
It is important to perform ALL actions in sequence.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Stick with me till you're given the all clear.
Remember, absence of symptoms does not mean the infection is all gone.
Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.
IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.

---------------------------------------------------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
- Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
- When the tool opens, click Yes to disclaimer.
- Press the Scan button.
- When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
- Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

---------------------------------------------------------------------------------------------------

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may

#3 aWeeMoose

New Member

Authentic Member
5 posts

Posted 09 June 2016 - 01:16 PM

Thank you, Conspire for the reply and dedicating time to help me.

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-06-2016

Ran by Basterd (administrator) on SILENTCARTOGRAP (09-06-2016 11:31:32)

Running from H:\Emergency Malware Removal

Loaded Profiles: Basterd & DefaultAppPool (Available Profiles: Basterd & DefaultAppPool)

Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: "C:\zPale Moon\palemoon.exe" -osint -url "%1")

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.3.186847.0\BavSvc.exe

(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.3.186847.0\BHipsSvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

() C:\Windows\SysWOW64\PSIService.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

(BiniSoft.org) H:\Windows Firewall Control\wfcs.exe

(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.3.186847.0\bavhm.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe

(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe

(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Sysinternals - www.sysinternals.com) E:\Desktops\Desktops.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Emsa Systems) C:\PortBlocker\PortBlocker.exe

(BiniSoft.org) H:\Windows Firewall Control\wfc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.3.186847.0\BavTray.exe

(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe

(PeerBlock, LLC) C:\Program Files\PeerBlock\peerblock.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

(Google Inc.) H:\1 GoogleChromePortable\App\Chrome-bin\chrome.exe

(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe

(Nullsoft, Inc.) H:\zzWinamp\winamp.exe

(Jasc Software, Inc.) C:\Paint Shop Pro 9\Paint Shop Pro 9.exe

(Google Inc.) H:\1 GoogleChromePortable\App\Chrome-bin\chrome.exe

(Microsoft Corporation) C:\Windows\System32\cmd.exe

(Google Inc.) H:\1 GoogleChromePortable\App\Chrome-bin\chrome.exe

() H:\x86 Send Anywhere\sendanywhere.exe

(DAZ 3D, Inc) E:\daz 3n4\3.1.2\DAZStudio.exe

(PortableApps.com) H:\Sprott Shaw\ThunderbirdPortable\ThunderbirdPortable.exe

(Mozilla Corporation) H:\Sprott Shaw\ThunderbirdPortable\App\Thunderbird\thunderbird.exe

(Just Great Software) C:\EditPadLite7\EditPadLite7.exe

(Google Inc.) H:\1 GoogleChromePortable\App\Chrome-bin\chrome.exe

(PortableApps.com) E:\WhoDatPortable\WhoDatPortable.exe

() E:\WhoDatPortable\App\WhoDat\WhoDat.exe

(Google Inc.) H:\1 GoogleChromePortable\App\Chrome-bin\chrome.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12445288 2012-01-16] (Realtek Semiconductor)

HKLM\...\Run: [Launch LgDeviceAgent] => C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [415816 2010-08-03] (Logitech Inc.)

HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4725320 2010-08-03] (Logitech Inc.)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-02-23] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2011-12-16] (Intel Corporation)

HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation)

HKLM-x32\...\Run: [Baidu Antivirus] => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.3.186847.0\BavTray.exe [2553328 2015-07-27] (Baidu, Inc.)

HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)

HKU\S-1-5-21-1809310298-4277939237-1222154954-1000\...\Run: [Sysinternals Desktops] => E:\Desktops\Desktops.exe [116824 2012-10-17] (Sysinternals - www.sysinternals.com)

HKU\S-1-5-21-1809310298-4277939237-1222154954-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1

HKU\S-1-5-21-1809310298-4277939237-1222154954-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)

HKU\S-1-5-18\...\RunOnce: [{90150000-006E-0409-1000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H

HKU\S-1-5-18\...\RunOnce: [{90150000-00BA-0409-1000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H

HKU\S-1-5-18\...\RunOnce: [{90140000-006E-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H

HKU\S-1-5-18\...\RunOnce: [{90150000-00A1-0409-1000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H

HKU\S-1-5-18\...\RunOnce: [{91140000-003B-0000-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H

HKU\S-1-5-18\...\RunOnce: [{90150000-012B-0409-1000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H

HKU\S-1-5-18\...\RunOnce: [{90150000-0090-0409-1000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H

HKU\S-1-5-18\...\RunOnce: [{90150000-0016-0409-1000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H

HKU\S-1-5-18\...\RunOnce: [{90150000-001A-0409-1000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H

HKU\S-1-5-18\...\RunOnce: [{90140000-00B4-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H

HKU\S-1-5-18\...\RunOnce: [{90150000-0019-0409-1000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H

HKU\S-1-5-18\...\RunOnce: [{90150000-0018-0409-1000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H

HKU\S-1-5-18\...\RunOnce: [{90150000-001B-0409-1000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H

HKU\S-1-5-18\...\RunOnce: [{90150000-0015-0409-1000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H

HKU\S-1-5-18\...\RunOnce: [{90150000-0044-0409-1000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => No File

ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)

ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PortBlocker.exe - Shortcut.lnk [2014-08-17]

ShortcutTarget: PortBlocker.exe - Shortcut.lnk -> C:\PortBlocker\PortBlocker.exe (Emsa Systems)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Firewall Control.lnk [2016-05-06]

ShortcutTarget: Windows Firewall Control.lnk -> H:\Windows Firewall Control\wfc.exe (BiniSoft.org)

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254

Tcpip\..\Interfaces\{F17875B6-F4A6-4EE4-BA67-768E4F006339}: [DhcpNameServer] 192.168.1.254 192.168.1.254

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-1809310298-4277939237-1222154954-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE07&ocid=UE07DHP

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-06-05] (Oracle Corporation)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-05] (Oracle Corporation)

BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)

BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)

BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> h:\games\Arc\Plugins\ArcPluginIE.dll [2016-05-18] (Perfect World Entertainment Inc)

BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)

Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)

Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)

FireFox:

========

FF ProfilePath: C:\Users\Basterd\AppData\Roaming\Mozilla\Firefox\Profiles\cvm9u3bb.default

FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)

FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-05] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-05] (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-02-23] (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-02-23] (NVIDIA Corporation)

FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> h:\games\Arc\Plugins\npArcPluginFF.dll [2016-05-18] (Perfect World Entertainment Inc)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-02] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-1809310298-4277939237-1222154954-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Basterd\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)

FF Extension: Firefox Old Version Update Hotfix - C:\Users\Basterd\AppData\Roaming\Mozilla\Firefox\Profiles\cvm9u3bb.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-12-03] [not signed]

Chrome:

=======

CHR StartupUrls: Default -> "hxxps://www.telus.com/my-account/usage/meters/internet?ban=3o5hPPr0bDaaaqkisv13-Q&instance_id=15535979&bill_cycle=11"

CHR DefaultSearchKeyword: Default -> d

CHR Profile: C:\Users\Basterd\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\Basterd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06]

CHR Extension: (Google Drive) - C:\Users\Basterd\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]

CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Basterd\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-05-27]

CHR Extension: (YouTube) - C:\Users\Basterd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30]

CHR Extension: (DuckDuckGo for Chrome) - C:\Users\Basterd\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpphkkgodbfncbcpgopijlfakfgmclao [2016-06-01]

CHR Extension: (Adblock Plus) - C:\Users\Basterd\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-01]

CHR Extension: (Adblock for Youtube™) - C:\Users\Basterd\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2016-03-04]

CHR Extension: (Google Search) - C:\Users\Basterd\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]

CHR Extension: (ARC Welder) - C:\Users\Basterd\AppData\Local\Google\Chrome\User Data\Default\Extensions\emfinbmielocnlhgmfkkmkngdoccbadn [2015-12-21]

CHR Extension: (Google Docs Offline) - C:\Users\Basterd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]

CHR Extension: (AdBlock) - C:\Users\Basterd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-01]

CHR Extension: (Hide My AdBlocker) - C:\Users\Basterd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihcngphjjankfngmgdkihhngndcdflc [2016-05-18]

CHR Extension: (Cryptocat) - C:\Users\Basterd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gonbigodpnfghidmnphnadhepmbabhij [2015-06-04]

CHR Extension: (Pixlr Editor) - C:\Users\Basterd\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk [2016-05-12]

CHR Extension: (ARC Welder) - C:\Users\Basterd\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfaihdlpglflfgpfjcifdjdjcckigekc [2015-12-21]

CHR Extension: (Flashcontrol) - C:\Users\Basterd\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2016-02-06]

CHR Extension: (Ghostery) - C:\Users\Basterd\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-02-22]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Basterd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-13]

CHR Extension: (Instagram for Chrome) - C:\Users\Basterd\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2016-06-01]

CHR Extension: (Gmail) - C:\Users\Basterd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-05]

CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - <no Path/update_url>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2013-06-14] () [File not signed]

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()

S3 ArcService; h:\games\Arc\ArcService.exe [88024 2016-05-18] (Perfect World Entertainment Inc)

R2 bavsvc; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.3.186847.0\bavsvc.exe [2805208 2015-07-27] (Baidu, Inc.)

R2 bhipssvc; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.3.186847.0\bhipssvc.exe [544032 2015-07-27] (Baidu, Inc.)

S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-08-07] (BitRaider, LLC)

S3 GalaxyClientService; H:\games\GOGClient\GalaxyClientService.exe [246328 2016-05-12] (GOG.com)

S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6167096 2016-05-12] (GOG.com)

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-02-23] (NVIDIA Corporation)

S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)

S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3412408 2014-09-23] (INCA Internet Co., Ltd.)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-02-23] (NVIDIA Corporation)

R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-02-23] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-02-23] (NVIDIA Corporation)

S3 Origin Client Service; H:\games\Origin\OriginClientService.exe [2120712 2016-05-29] (Electronic Arts)

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-02-05] ()

R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [174656 2006-11-02] () [File not signed]

R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

R2 _wfcs; H:\Windows Firewall Control\wfcs.exe [99840 2015-01-17] (BiniSoft.org) [File not signed]

S3 BdSandboxSrv; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.3.186847.0\BdSandboxSrv64.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()

S2 ASCTRM; C:\Windows\SysWow64\Drivers\ASCTRM.sys [8552 2015-08-20] (Windows ® 2000 DDK provider) [File not signed]

R3 BdApiUtil; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.3.186847.0\BdApiUtil64.sys [116936 2015-07-27] (Baidu, Inc.)

R3 bdark64; C:\Windows\system32\drivers\bdark64.sys [78280 2015-07-13] ()

R3 BdCameraProtect; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.3.186847.0\BdCameraProtect64.sys [25000 2015-07-27] (Baidu, Inc.)

S3 BdSandbox; C:\Windows\System32\drivers\BdSandbox.sys [222016 2014-12-10] (Baidu, Inc.)

R1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [62920 2015-07-27] (Baidu, Inc.)

R1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [38344 2015-07-27] (Baidu, Inc.)

R1 Bnbase; C:\Windows\System32\drivers\bnbasex64.sys [62792 2015-07-27] (Baidu, Inc.)

R1 Bndef; C:\Windows\System32\drivers\bndef64.sys [487144 2015-07-27] (Baidu, Inc.)

R3 BNmon; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.3.186847.0\Bnmon64.sys [82376 2015-07-27] (Baidu, Inc.)

R1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [171464 2015-07-27] (Baidu, Inc.)

S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2015-08-07] (BitRaider)

R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-09-01] (Disc Soft Ltd)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)

S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13192 2010-07-15] () [File not signed]

S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2010-07-15] () [File not signed]

S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-09-18] ()

S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-03-22] ()

S3 hxsyol; C:\Windows\system32\hxsy64.sys [86352 2016-01-13] ()

S4 LMIRfsClientNP; no ImagePath

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-08] (Malwarebytes)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-02-23] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47760 2016-02-23] (NVIDIA Corporation)

R3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-14] ()

S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19936 2010-08-16] ()

S3 pwdspio; C:\Windows\system32\pwdspio.sys [13280 2010-08-16] ()

S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd) [File not signed]

S3 rspSanity; C:\Windows\System32\DRIVERS\rspSanity64.sys [31328 2012-10-29] (Resplendence Software Projects Sp.)

S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [11973 2015-11-20] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]

R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381608 2015-07-16] (Duplex Secure Ltd.)

S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2010-08-03] (The OpenVPN Project) [File not signed]

U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-06-07] ()

S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-16] (Apple, Inc.) [File not signed]

R3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)

R3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2015-05-25] (SplitmediaLabs Limited)

R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2016-05-27] (Zemana Ltd.)

R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2016-05-27] (Zemana Ltd.)

U3 akgkvl3r; C:\Windows\System32\Drivers\akgkvl3r.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)

S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-09 11:31 - 2016-06-09 11:31 - 00000000 ____D C:\FRST

2016-06-09 00:43 - 2016-06-09 00:43 - 00008517 _____ C:\Users\Basterd\Documents\v3_organmohawk.arki.v3.4.a3.torrent

2016-06-09 00:42 - 2016-06-09 00:42 - 00038200 _____ C:\Users\Basterd\Documents\v3_45055.hanyma.for.v3.torrent

2016-06-07 23:34 - 2016-06-07 23:34 - 00000000 ____D C:\ProgramData\OptiTex

2016-06-07 18:41 - 2016-06-07 18:41 - 00355621 ____N C:\Windows\Minidump\060716-10935-01.dmp

2016-06-07 18:41 - 2016-06-07 18:41 - 00000000 ____D C:\ProgramData\Logitech

2016-06-07 17:48 - 2016-06-07 17:48 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys

2016-06-07 17:47 - 2016-06-07 23:33 - 00000000 ____D C:\ProgramData\RogueKiller

2016-06-07 17:07 - 2016-06-07 17:07 - 00006280 _____ C:\Users\Basterd\Downloads\ESETSCAN.txt

2016-06-06 22:51 - 2016-06-06 22:51 - 00059532 _____ C:\Users\Basterd\Downloads\ufonts.com_knockout-htf49-liteweight.ttf

2016-06-05 00:19 - 2016-06-05 00:20 - 37918623 _____ (LuxRender ) C:\Users\Basterd\Downloads\LuxRender 1.5.1 x64 OpenCL Setup.exe

2016-06-04 13:54 - 2016-06-04 13:55 - 00033792 _____ (www.vtaskstudio.com) C:\Users\Basterd\Downloads\tinytask.exe

2016-06-04 13:39 - 2016-06-04 13:39 - 01043675 _____ (IceChat Networks ) C:\Users\Basterd\Downloads\icechat-setup.exe

2016-06-03 16:12 - 2016-06-03 16:12 - 00000118 _____ C:\Windows\wininit.ini

2016-06-01 21:06 - 2016-06-01 21:06 - 00000000 ____D C:\Users\Public\Documents\PC Faster

2016-06-01 20:57 - 2016-06-01 20:57 - 00000000 ____D C:\Program Files (x86)\ESET

2016-06-01 20:26 - 2016-06-01 20:40 - 00959444 _____ C:\TDSSKiller.3.1.0.9_01.06.2016_20.26.58_log.txt

2016-06-01 18:20 - 2016-06-01 18:44 - 00710956 _____ C:\TDSSKiller.3.1.0.9_01.06.2016_18.20.34_log.txt

2016-06-01 18:18 - 2016-06-07 21:20 - 00000000 ____D C:\Users\Basterd\Desktop\bUG Fantasy Art

2016-06-01 18:17 - 2016-06-01 18:19 - 00006108 _____ C:\TDSSKiller.3.1.0.9_01.06.2016_18.17.31_log.txt

2016-05-31 21:00 - 2016-05-31 21:00 - 01693236 _____ C:\Users\Basterd\Downloads\OptiFine_1.9.4_HD_U_B4.jar

2016-05-31 13:53 - 2016-05-31 13:53 - 02619784 _____ (Foolish IT LLC ) C:\Users\Basterd\Downloads\CryptoPreventSetup.exe

2016-05-30 10:27 - 2016-05-30 10:27 - 00000000 ____D C:\Users\Basterd\Documents\EA Games

2016-05-29 20:35 - 2016-06-08 14:04 - 00000000 ____D C:\Users\Basterd\Downloads\reinstall sims3

2016-05-29 20:21 - 2016-05-29 20:21 - 00003328 _____ C:\Users\Basterd\Desktop\JRT.txt

2016-05-29 12:38 - 2016-05-29 12:38 - 00188893 _____ C:\Users\Basterd\Downloads\StampIconsSet.zip

2016-05-29 12:37 - 2016-05-29 12:37 - 04156305 _____ C:\Users\Basterd\Downloads\DD_Social_Media_Icon_Stickers_54543.zip

2016-05-29 02:22 - 2016-05-29 02:23 - 36263023 _____ C:\Users\Basterd\Downloads\SeaMonkey Setup 2.40.exe

2016-05-28 17:01 - 2016-05-28 17:01 - 00606911 _____ C:\Users\Basterd\Downloads\XNALara9.7.8.zip

2016-05-28 12:55 - 2016-05-28 12:56 - 21976864 _____ C:\Users\Basterd\Downloads\AAJewelryShadersIray.zip

2016-05-27 12:34 - 2016-06-09 11:31 - 00667997 _____ C:\Windows\ZAM.krnl.trace

2016-05-27 12:34 - 2016-06-09 11:31 - 00660814 _____ C:\Windows\ZAM_Guard.krnl.trace

2016-05-27 12:34 - 2016-05-27 12:34 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys

2016-05-27 12:34 - 2016-05-27 12:34 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys

2016-05-27 12:34 - 2016-05-27 12:34 - 00000000 ____D C:\Users\Basterd\AppData\Local\Zemana

2016-05-24 19:39 - 2016-05-24 19:42 - 00001456 _____ C:\Users\Basterd\AppData\Local\Adobe Save for Web 12.0 Prefs

2016-05-24 01:26 - 2016-05-24 01:26 - 00000000 ____D C:\Users\Basterd\AppData\Local\SCE

2016-05-23 02:12 - 2016-05-23 02:12 - 00003170 _____ C:\Windows\System32\Tasks\{FE2CF63D-DCCF-4281-9524-D0C21D09E553}

2016-05-23 01:46 - 2016-05-23 01:46 - 00003190 _____ C:\Windows\System32\Tasks\{D6928452-0895-4621-AD3D-FFAEA28048FE}

2016-05-23 01:45 - 2016-05-23 01:45 - 00003180 _____ C:\Windows\System32\Tasks\{CF022024-D484-41C2-91CE-9AA0BC2C71FF}

2016-05-23 01:44 - 2016-05-23 01:44 - 00003176 _____ C:\Windows\System32\Tasks\{70B21360-7A62-4D16-872C-8C65A9E5FDBD}

2016-05-23 01:44 - 2016-05-23 01:44 - 00003174 _____ C:\Windows\System32\Tasks\{B729FB5D-E88F-4E61-B722-97F550937D8C}

2016-05-23 01:43 - 2016-05-23 01:43 - 00003226 _____ C:\Windows\System32\Tasks\{A4BC6B7C-1896-483A-B557-5E4409EF34DB}

2016-05-23 01:43 - 2016-05-23 01:43 - 00003176 _____ C:\Windows\System32\Tasks\{C6683483-2278-42AE-958D-6A386C625228}

2016-05-23 01:43 - 2016-05-23 01:43 - 00003176 _____ C:\Windows\System32\Tasks\{5B8348BD-4CC0-4F76-8B39-5651230828E8}

2016-05-23 01:40 - 2016-05-23 01:40 - 00003196 _____ C:\Windows\System32\Tasks\{781D36F9-9CE0-46A3-AFF1-C5F429A5286C}

2016-05-23 00:19 - 2016-05-23 00:19 - 00003196 _____ C:\Windows\System32\Tasks\{F2471DC4-D590-41AA-88BE-E3D293BE0193}

2016-05-22 20:44 - 2016-05-22 21:00 - 00000000 ____D C:\Users\Basterd\Downloads\88888

2016-05-22 20:43 - 2016-05-22 20:43 - 03439200 _____ C:\Users\Basterd\Downloads\V4_Riding_Suit.zip

2016-05-22 11:37 - 2016-05-22 12:05 - 00000000 ____D C:\Users\Basterd\Downloads\BUG

2016-05-21 00:18 - 2016-05-21 00:18 - 00459463 _____ C:\Users\Basterd\Downloads\Airlander Tech Details (1).pdf

2016-05-21 00:13 - 2016-05-21 00:13 - 00436090 _____ C:\Users\Basterd\Downloads\Airlander Tech Details.pdf

2016-05-21 00:03 - 2016-05-21 01:24 - 247311764 _____ C:\Users\Basterd\Downloads\dlfjalfjlatrukindnub.7z

2016-05-20 13:43 - 2016-05-20 13:43 - 00260188 _____ C:\Users\Basterd\Downloads\R04-18 DO NOT PASS ON SHOULDER 18x24.eps

2016-05-20 13:43 - 2016-05-20 13:43 - 00260188 _____ C:\Users\Basterd\Downloads\R04-18 DO NOT PASS ON SHOULDER 18x24 (1).eps

2016-05-19 17:21 - 2016-05-19 17:21 - 00000000 ____D C:\Users\Basterd\AppData\LocalLow\Smartly Dressed Games

2016-05-19 16:17 - 2016-05-19 16:37 - 00000000 ____D C:\Users\Basterd\Downloads\ebay

2016-05-19 15:15 - 2016-05-19 15:15 - 00019144 _____ C:\Users\Basterd\Downloads\315stoute.boudjies.torrent

2016-05-19 14:55 - 2016-05-19 14:55 - 00023136 _____ C:\Users\Basterd\Downloads\counter_strike.zip

2016-05-19 14:55 - 2011-01-25 12:26 - 00051896 _____ C:\Users\Basterd\Downloads\cs_regular.ttf

2016-05-19 10:09 - 2016-05-19 13:50 - 00000000 ____D C:\Users\Basterd\AppData\Local\The Witcher

2016-05-19 10:09 - 2016-05-19 11:14 - 00000000 ____D C:\Users\Basterd\Documents\The Witcher

2016-05-19 05:11 - 2016-05-19 05:11 - 00000000 ____D C:\Users\Public\Documents\The Witcher

2016-05-18 08:55 - 2016-05-19 05:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com

2016-05-18 08:55 - 2016-05-18 08:55 - 00000660 _____ C:\Users\Public\Desktop\GOG Galaxy.lnk

2016-05-18 08:54 - 2016-05-18 08:54 - 00000000 ____D C:\ProgramData\GOG.com

2016-05-18 08:50 - 2016-05-18 08:53 - 140619040 _____ (GOG.com ) C:\Users\Basterd\Downloads\setup_galaxy_1.1.10.47.exe

2016-05-16 13:48 - 2016-05-16 13:50 - 65292192 _____ (Amazon.com) C:\Users\Basterd\Documents\KindleForPC-installer-1.16.44025.exe

2016-05-16 11:12 - 2016-05-16 11:17 - 69134632 _____ (PortableApps.com) C:\Users\Basterd\Downloads\Scorched3DPortable_43.3d.paf.exe

2016-05-16 11:08 - 2016-05-16 11:20 - 417493016 _____ (PortableApps.com) C:\Users\Basterd\Downloads\SuperTuxKartPortable_0.9.1.paf.exe

2016-05-16 10:59 - 2016-05-16 11:01 - 79512712 _____ (PortableApps.com) C:\Users\Basterd\Downloads\SuperTuxPortable_0.4.0_English.paf.exe

2016-05-16 10:56 - 2016-05-16 10:57 - 03142656 _____ (PortableApps.com) C:\Users\Basterd\Downloads\ArmagetronAdvancedPortable_0.2.8.3.2_Rev_2.paf.exe

2016-05-16 00:44 - 2016-05-16 00:44 - 00066045 _____ C:\Users\Basterd\Downloads\Mass.Effect.3.Multi7-RU.Repack.torrent

2016-05-15 18:32 - 2016-05-15 18:32 - 00000000 ____D C:\Users\Basterd\AppData\Local\Doctor Entertainment AB

2016-05-13 16:05 - 2016-06-08 05:52 - 00001065 _____ C:\Users\Basterd\Desktop\nativelog.txt

2016-05-13 10:15 - 2016-05-13 10:16 - 15567861 _____ C:\Users\Basterd\Downloads\CelicaUpdated.rar

2016-05-13 10:15 - 2016-05-13 10:15 - 14260464 _____ C:\Users\Basterd\Downloads\Babylon5.zip

2016-05-13 09:57 - 2016-05-13 09:57 - 00000000 ____D C:\zip 7 Zip

2016-05-13 09:37 - 2016-05-13 09:37 - 01378405 _____ (Igor Pavlov) C:\Users\Basterd\Downloads\7z1600-x64.exe

2016-05-12 13:57 - 2016-05-12 15:55 - 00000000 ____D C:\Users\Basterd\Downloads\12 may 2016 install

2016-05-12 13:50 - 2016-05-12 13:50 - 00017036 _____ C:\Users\Basterd\Downloads\fate 0 complete.720p.torrent

2016-05-11 23:24 - 2016-05-11 23:25 - 20154331 _____ C:\Users\Basterd\Downloads\Clash.zip

2016-05-11 23:23 - 2016-05-11 23:24 - 01699892 _____ C:\Users\Basterd\Downloads\OptiFine_1.9.2_HD_U_B2.jar

2016-05-11 20:35 - 2016-05-11 20:42 - 247161584 _____ C:\Users\Basterd\Downloads\Marvel vs. Capcom - Clash of Super Heroes.7z

2016-05-11 20:34 - 2016-05-11 20:34 - 00607870 _____ C:\Users\Basterd\Downloads\Toejam & Earl.zip

2016-05-11 20:31 - 2016-05-11 20:32 - 00000000 ____D C:\Users\Basterd\Downloads\Sega System2

2016-05-11 20:28 - 2016-05-11 20:28 - 01220789 _____ C:\Users\Basterd\Downloads\m2emulator.zip

2016-05-11 20:20 - 2016-05-11 20:20 - 00341741 _____ C:\Users\Basterd\Downloads\Michael Jackson's Moonwalker (1).zip

2016-05-11 20:19 - 2016-05-11 20:19 - 00341741 _____ C:\Users\Basterd\Downloads\Michael Jackson's Moonwalker.zip

2016-05-11 20:18 - 2016-05-11 20:18 - 00964834 _____ C:\Users\Basterd\Downloads\CR_Downloader_for_sonic-the-fighters.zip

2016-05-11 20:11 - 2016-05-11 20:12 - 00000000 ____D C:\Users\Basterd\Downloads\xx

2016-05-11 14:18 - 2016-05-11 14:18 - 00000218 _____ C:\Users\Basterd\AppData\Local\recently-used.xbel

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-09 11:21 - 2015-04-18 09:47 - 00000000 ____D C:\Users\Basterd\AppData\Roaming\TS3Client

2016-06-09 09:48 - 2015-12-07 15:53 - 00000000 ____D C:\Users\Basterd\AppData\Roaming\Thunderbird

2016-06-09 00:45 - 2014-09-16 19:20 - 00000000 ____D C:\Users\Basterd\AppData\Roaming\ClassicShell

2016-06-08 23:42 - 2014-08-17 23:33 - 00000000 ____D C:\Program Files\PeerBlock

2016-06-08 22:20 - 2014-08-18 00:02 - 00000000 ____D C:\Users\Basterd\Documents\My PSP Files

2016-06-08 22:09 - 2009-07-13 21:45 - 00022288 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2016-06-08 22:09 - 2009-07-13 21:45 - 00022288 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2016-06-08 21:53 - 2015-07-01 01:26 - 00000000 ____D C:\ProgramData\BavSvc_exe

2016-06-08 20:57 - 2015-11-24 13:44 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2016-06-08 14:01 - 2014-08-18 00:10 - 00000000 ____D C:\Users\Basterd\AppData\Local\CrashDumps

2016-06-08 14:01 - 2014-08-18 00:02 - 00000000 ____D C:\Users\Basterd\Documents\Nexus Mod Manager

2016-06-08 13:53 - 2016-01-26 08:02 - 00000741 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk

2016-06-08 13:53 - 2015-08-10 23:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager

2016-06-08 13:44 - 2014-08-17 17:26 - 00000000 ____D C:\ProgramData\Origin

2016-06-08 05:01 - 2015-02-17 16:33 - 00000000 ____D C:\Users\Basterd\AppData\Roaming\.minecraft

2016-06-08 03:58 - 2014-08-17 16:40 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2016-06-07 21:26 - 2014-12-02 22:20 - 00000000 ____D C:\Users\DefaultAppPool

2016-06-07 18:47 - 2009-07-13 22:13 - 00881320 _____ C:\Windows\system32\PerfStringBackup.INI

2016-06-07 18:47 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf

2016-06-07 18:41 - 2015-05-04 20:00 - 00000000 ____D C:\ProgramData\NVIDIA

2016-06-07 18:41 - 2014-09-14 13:32 - 00000000 ____D C:\Windows\Minidump

2016-06-07 18:41 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2016-06-07 18:41 - 2009-07-13 21:45 - 00609640 _____ C:\Windows\system32\FNTCACHE.DAT

2016-06-07 18:23 - 2015-08-07 15:12 - 00000000 ____D C:\ProgramData\BitRaider

2016-06-07 17:20 - 2014-08-17 16:40 - 00159440 _____ C:\Users\Basterd\AppData\Local\GDIPFONTCACHEV1.DAT

2016-06-07 11:45 - 2014-08-17 23:34 - 00492826 _____ C:\Users\Basterd\Documents\eh playlist.m3u8

2016-06-06 20:59 - 2014-10-10 11:00 - 00000000 ____D C:\Users\Basterd\.thumbnails

2016-06-06 12:37 - 2014-04-10 10:15 - 00000000 ____D C:\Users\Basterd\Desktop\(4) End Credits

2016-06-05 00:23 - 2014-08-17 23:25 - 00000000 ____D C:\LuxRender

2016-06-05 00:22 - 2015-11-06 15:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LuxRender

2016-06-04 18:59 - 2014-11-11 09:30 - 00000023 _____ C:\Windows\BlendSettings.ini

2016-06-04 14:00 - 2015-10-21 22:24 - 00000000 ____D C:\Users\Basterd\AppData\Roaming\.purple

2016-06-04 13:59 - 2015-10-21 22:23 - 00000000 ____D C:\Program Files (x86)\Pidgin

2016-06-02 23:35 - 2015-01-23 13:29 - 00000000 ____D C:\Program Files (x86)\TeamViewer

2016-06-02 01:43 - 2015-08-31 18:13 - 00000000 ____D C:\Users\Basterd\AppData\Local\ElevatedDiagnostics

2016-06-02 00:40 - 2014-11-05 20:19 - 00000000 ____D C:\Windows\AutoRearm

2016-06-01 20:45 - 2015-07-22 07:57 - 00000000 ____D C:\AdwCleaner

2016-06-01 16:28 - 2015-01-22 17:36 - 00000000 ____D C:\Users\Basterd\AppData\Roaming\Skype

2016-06-01 15:21 - 2016-01-04 17:16 - 00000000 ___RD C:\Program Files (x86)\Skype

2016-06-01 15:21 - 2015-01-22 18:07 - 00000000 ____D C:\ProgramData\Skype

2016-06-01 09:02 - 2014-08-17 17:30 - 00000000 ____D C:\Windows\Panther

2016-06-01 06:58 - 2015-10-30 02:42 - 00000000 ___HD C:\$WINDOWS.~BT

2016-05-30 10:23 - 2014-08-17 22:59 - 00000000 ____D C:\Users\Basterd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

2016-05-29 20:12 - 2014-09-15 13:21 - 00000000 ____D C:\Program Files (x86)\Origin

2016-05-29 11:41 - 2014-08-19 11:25 - 00000000 ____D C:\Users\Basterd\AppData\Local\Mozilla

2016-05-29 00:15 - 2016-01-01 14:41 - 00000000 ____D C:\Users\Basterd\AppData\Local\Warframe

2016-05-19 17:36 - 2014-08-18 00:02 - 00000000 ____D C:\Users\Basterd\Documents\Hedgewars

2016-05-19 05:11 - 2015-10-11 19:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2016-05-18 17:10 - 2015-12-28 00:13 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk

2016-05-16 11:27 - 2014-09-20 00:54 - 00000000 ____D C:\Users\Basterd\Desktop\games !!

2016-05-13 09:56 - 2014-08-18 12:19 - 00000000 ____D C:\Program Files\7-Zip

==================== Files in the root of some directories =======

2015-06-24 07:16 - 2015-06-24 07:16 - 0000132 _____ () C:\Users\Basterd\AppData\Roaming\Adobe PNG Format CS5 Prefs

2015-06-29 19:30 - 2015-07-26 14:48 - 0000098 _____ () C:\Users\Basterd\AppData\Roaming\LauncherSettings_live.cfg

2015-06-29 17:55 - 2015-06-29 17:55 - 0000040 _____ () C:\Users\Basterd\AppData\Roaming\TheHunterSettings_steam_live.cfg

2015-07-03 06:45 - 2008-02-02 15:51 - 0109120 __RSH (Un4seen Developments) C:\Users\Basterd\AppData\Roaming\Microsoft\clog.txt

2016-05-24 19:39 - 2016-05-24 19:42 - 0001456 _____ () C:\Users\Basterd\AppData\Local\Adobe Save for Web 12.0 Prefs

2014-09-03 05:03 - 2014-12-26 00:11 - 0000000 _____ () C:\Users\Basterd\AppData\Local\ars.cache

2014-09-03 05:03 - 2014-12-26 00:11 - 0320759 _____ () C:\Users\Basterd\AppData\Local\census.cache

2014-09-02 11:55 - 2014-09-02 11:55 - 0000036 _____ () C:\Users\Basterd\AppData\Local\housecall.guid.cache

2015-02-25 20:59 - 2015-02-25 20:59 - 0000363 _____ () C:\Users\Basterd\AppData\Local\LMIR0001.tmp_r.bat

2016-05-11 14:18 - 2016-05-11 14:18 - 0000218 _____ () C:\Users\Basterd\AppData\Local\recently-used.xbel

2014-09-14 00:46 - 2014-09-14 00:46 - 0007605 _____ () C:\Users\Basterd\AppData\Local\Resmon.ResmonCfg

2015-03-28 00:16 - 2015-03-28 00:16 - 0000010 _____ () C:\Users\Basterd\AppData\Local\sponge.last.runtime.cache

2014-09-14 15:37 - 2016-03-15 23:55 - 0001293 _____ () C:\Users\Basterd\AppData\Local\Temp1.html

2016-03-15 23:58 - 2016-03-15 23:58 - 0010808 _____ () C:\Users\Basterd\AppData\Local\Temp32.html

2015-05-22 21:21 - 2015-05-22 21:21 - 0011889 _____ () C:\Users\Basterd\AppData\Local\Temp34.html

2015-01-29 13:08 - 2015-01-29 13:08 - 0012365 _____ () C:\Users\Basterd\AppData\Local\Temp36.html

2015-08-25 20:59 - 2015-08-25 20:59 - 0476752 _____ () C:\ProgramData\pswi_preloaded.exe

Files to move or delete:

====================

C:\ProgramData\pswi_preloaded.exe

Some files in TEMP:

====================

C:\Users\Basterd\AppData\Local\Temp\dllnt_dump.dll

C:\Users\Basterd\AppData\Local\Temp\Nexus Mod Manager-0.61.23.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-06-07 01:49

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-06-2016

Ran by Basterd (2016-06-09 11:39:14)

Running from H:\Emergency Malware Removal

Windows 7 Home Premium Service Pack 1 (X64) (2014-08-17 23:34:47)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1809310298-4277939237-1222154954-500 - Administrator - Disabled)

ASPNET (S-1-5-21-1809310298-4277939237-1222154954-1012 - Limited - Enabled)

Basterd (S-1-5-21-1809310298-4277939237-1222154954-1000 - Administrator - Enabled) => C:\Users\Basterd

Guest (S-1-5-21-1809310298-4277939237-1222154954-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-1809310298-4277939237-1222154954-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Baidu Antivirus (Enabled - Up to date) {0B023102-4312-4570-585A-1BAAA3570E16}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Baidu Antivirus (Enabled - Up to date) {B063D0E6-6528-4AFE-62EA-20D8D8D044AB}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.24 - GIGABYTE)

7-Zip 16.00 (x64) (HKLM\...\7-Zip) (Version: 16.00 - Igor Pavlov)

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)

Adam's Venture Episode 1: The Search For The Lost Garden (HKLM-x32\...\Steam App 108100) (Version: - Vertigo Games)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)

Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)

Alchemilla v1.0 (HKLM-x32\...\{F48B561D-9D56-4C5E-8822-AB78042BA342}}_is1) (Version: - White Noise)

Any Video Converter 5.7.9 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)

Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)

Aura Kingdom (HKLM-x32\...\Steam App 268420) (Version: - X-Legend)

Autodesk 3ds Max 2013 64-bit (Version: 15.0.0.347 - Autodesk) Hidden

Autodesk 3ds Max 2015 (Version: 17.0.630.0 - Autodesk) Hidden

Autodesk Backburner 2013.0.0 (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 2013.0.0 - Autodesk, Inc.)

Autodesk DirectConnect 2013 64-bit (Version: 7.0.28.0 - Autodesk) Hidden

AutoHotkey 1.1.21.02 (HKLM\...\AutoHotkey) (Version: 1.1.21.02 - Lexikos)

AV Voice Changer Software DIAMOND 7.0 (HKLM-x32\...\AV Voice Changer Software DIAMOND 7.0) (Version: 7.0.51 - AVSOFT Corp.)

Baidu Antivirus (HKLM-x32\...\Baidu Antivirus) (Version: 5.6.3.186847 - Baidu, Inc.)

Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)

Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)

Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)

BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)

Blender (HKLM\...\{D593042C-8739-488D-93B8-E6B202013E57}) (Version: 2.76.1 - Blender Foundation)

BoneTown (HKLM-x32\...\{5E7C721D-B008-4269-A1C4-2CE7E9757983}) (Version: 1.0.4 - DWC Software)

Bot Sentry 1.3.0 (remove only) (HKLM-x32\...\bot-sentry) (Version: 1.3.0 - )

Bryce 7.1 (HKLM-x32\...\Bryce 7.1 7.1.0.109) (Version: 7.1.0.109 - DAZ 3D)

Bryce Lightning 7.0 (HKLM-x32\...\Bryce Lightning 7.0 7.1.0.109) (Version: 7.1.0.109 - DAZ 3D)

CDisplayEx 1.10.29 (HKLM\...\CDisplayEx_is1) (Version: - Progdigy Software S.A.R.L.)

Chipamp (HKLM-x32\...\Chipamp) (Version: 1.1 - OverClocked ReMix)

Cities - Skylines (HKLM-x32\...\Cities - Skylines_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter)

Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)

Clay Animation (HKLM-x32\...\Clay Animation_is1) (Version: 1.0 - The Book Shop, Ltd.)

Comic Book Creator Content Pack - Bluetorch (HKLM-x32\...\{ABA578E2-E75A-408C-BA65-85B45433CCB2}) (Version: 1.0.1 - Planetwide Games, Inc.) <==== ATTENTION

Comic Book Creator Content Pack - RYL Path of the Emperor (HKLM-x32\...\{5FAC16C1-D0A4-465D-93B8-46AD35615281}) (Version: 1.0.1 - Planetwide Games, Inc.)

Corel Paint Shop Pro Photo XI (HKLM-x32\...\{93A1B09E-BAFA-4628-A5B6-921CB026955A}) (Version: 11.20.0000 - Corel Corporation)

Counter-Strike Nexon: Zombies (HKLM-x32\...\Steam App 273110) (Version: - Nexon)

Crown and Council (HKLM\...\Steam App 444250) (Version: - Mojang)

DAZ Install Manager (HKLM-x32\...\DAZ Install Manager 1.1.0.41) (Version: 1.1.0.41 - DAZ 3D)

DC Universe Online Live (HKU\S-1-5-21-1809310298-4277939237-1222154954-1000\...\DG0-DC Universe Online Live) (Version: - Sony Online Entertainment)

DC Universe Online Live (HKU\S-1-5-21-1809310298-4277939237-1222154954-1000\...\SOE-DC Universe Online Live) (Version: - Sony Online Entertainment)

Dolphin Futures XPS Viewer version 1.1.0 (HKLM-x32\...\{75480068-162F-4D6B-B38E-76606A4E5320}_is1) (Version: 1.1.0 - Dolphin Futures Limited)

Dragon Ball Xenoverse version 1.0.1.23438 (HKLM-x32\...\Dragon Ball Xenoverse_is1) (Version: 1.0.1.23438 - Mr DJ)

Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )

Everything 1.3.4.686 (x86) (HKLM-x32\...\Everything) (Version: - )

Fable - The Lost Chapters (HKLM-x32\...\InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}) (Version: 1.00.0000 - Microsoft Game Studios)

Fable - The Lost Chapters (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden

Fallout (HKLM-x32\...\GOGPACKFALLOUT_is1) (Version: 2.0.0.14 - GOG.com)

Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)

Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version: - Q, Timeslip)

Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )

From Earth (HKLM\...\Steam App 334370) (Version: - From Earth Team)

Gear Up (HKLM\...\Steam App 214420) (Version: - Doctor Entertainment AB)

GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)

GPL Ghostscript 8.15 (HKLM-x32\...\GPL Ghostscript 8.15) (Version: - )

GPL Ghostscript Fonts (HKLM-x32\...\GPL Ghostscript Fonts) (Version: - )

Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)

Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden

Gray Matter (HKLM-x32\...\Steam App 260570) (Version: - WizarBox Production)

GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)

Half-Life (HKLM-x32\...\Steam App 70) (Version: - Valve)

Half-Life: Before (HKLM-x32\...\Steam App 261980) (Version: - Andrii Vintsevych)

Halo 2 for Windows Vista (HKLM-x32\...\Halo 2) (Version: - Microsoft Game Studios)

Halo 2 for Windows Vista (x32 Version: 1.0.0.0 - Microsoft Corporation) Hidden

Halo CE Cracked Setup (HKLM-x32\...\{DC525714-3134-4749-A39F-E3216A4FF9BD}) (Version: - )

Haunted Memories (HKLM-x32\...\Steam App 241640) (Version: - MadMan Theory Games)

Hedgewars (HKLM-x32\...\hedgewars) (Version: 0.9.22 - Hedgewars Project)

Hell Yeah! (HKLM-x32\...\Steam App 205230) (Version: - Arkedo)

Hero Editor V0.96 (HKLM-x32\...\ST6UNST #1) (Version: - )

Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)

Inkscape 0.91pre4 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)

Intel® Processor Identification Utility (HKLM-x32\...\{A92A4DB0-CD37-42D1-BE1D-603D53C24328}) (Version: 1.0.0.0 - Intel Corporation)

Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)

Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)

Iron Snout (HKLM\...\Steam App 424280) (Version: - SnoutUp)

Janky Tanks (HKLM-x32\...\Steam App 344220) (Version: - Hyper Hippo Productions)

Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)

Jet Set Radio (HKLM-x32\...\Steam App 205950) (Version: - Blit Software)

K-Lite Codec Pack 10.9.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.9.5 - )

League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)

League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden

Leisure Suit Larry - Magna Cum Laude (HKLM-x32\...\InstallShield_{A31289C6-04EF-4437-A35B-7CC96167145C}) (Version: 1.00.0001 - VUGames)

Leisure Suit Larry - Magna Cum Laude (x32 Version: 1.00.0001 - VUGames) Hidden

LibreOffice 5.0.4.2 (HKLM-x32\...\{14B5DDCF-61C4-4F1E-A621-844685D60B5A}) (Version: 5.0.4.2 - The Document Foundation)

Logitech GamePanel Software 3.06.109 (HKLM\...\{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}) (Version: 3.06.109 - Logitech Inc.)

LuxRender 1.5 x64 OpenCL (HKLM\...\{C289183E-1DD8-42FA-8DFE-94F61ED1CFA3}_is1) (Version: 1.5 - LuxRender)

Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)

Mass Effect (HKLM-x32\...\{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}) (Version: 1.00 - Electronic Arts, Inc.)

Medal of Honor: Pacific Assault™ (HKLM-x32\...\{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}) (Version: 1.2.1.280 - Electronic Arts)

Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)

Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)

Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)

Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)

Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)

Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)

Modular Combat (HKLM-x32\...\Steam App 349480) (Version: - Team ModCom)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)

MySQL Connector/ODBC 3.51 (HKLM-x32\...\{F929096B-54A0-4C5C-B125-1E7EB1917412}) (Version: 3.51.19 - MySQL AB)

Need for Speed™ Most Wanted (HKLM-x32\...\{FB0127F3-985B-44CE-AE29-378CAF60B361}) (Version: 1.5.0.0 - Electronic Arts)

Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.23 - Black Tree Gaming)

NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)

NVIDIA 3D Vision Driver 362.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 362.00 - NVIDIA Corporation)

NVIDIA GeForce Experience 2.9.1.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.35 - NVIDIA Corporation)

NVIDIA Graphics Driver 362.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 362.00 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)

NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)

Oblivion - Knights of the Nine (HKLM-x32\...\{14C87AA7-08E6-419F-A165-998EBE5023D7}) (Version: 1.00.0000 - Bethesda Softworks)

Oblivion - Spell Tomes (HKLM-x32\...\{16D919E6-F019-4E15-BFBE-4A85EF19DA57}) (Version: 1.00.0000 - Bethesda Softworks)

Oblivion - Vile Lair (HKLM-x32\...\{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}) (Version: 1.00.0000 - Bethesda Softworks)

Oblivion - Wizard's Tower (HKLM-x32\...\{2F2E3D62-8B8C-448F-8900-451325E50948}) (Version: 1.00.0000 - Bethesda Softworks)

Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)

Oblivion mod manager 1.1.12 (HKLM-x32\...\Oblivion mod manager_is1) (Version: - Timeslip)

ON_OFF Charge B11.1102.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)

OpenSauce for Halo CE (HKLM-x32\...\{350A9783-FEF6-4428-9DF6-048E8AF4772B}) (Version: 3.1.0 - Kornner Studios)

Oracle VM VirtualBox 4.3.10 (HKLM\...\{5632714F-6A48-4BF2-89E0-F8B6CE9FE6D1}) (Version: 4.3.10 - Oracle Corporation)

Orb Runtime libraries (x32 Version: 1.0.0 - Orb Networks, Inc.) Hidden

Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)

Pale Moon 26.0.0 (x64 en-US) (HKLM\...\Pale Moon 26.0.0 (x64 en-US)) (Version: 26.0.0 - Moonchild Productions)

Passware Kit Professional 11.1 (HKLM-x32\...\{A56D0602-1968-4136-B925-B91007BEC614}) (Version: 11.1.4002 - Passware)

PDF Writer (HKLM-x32\...\PDF Writer) (Version: - )

PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)

Phantasy Star Online 2 (HKLM-x32\...\http://pso2.jp/appid...g_is1)(Version: - Asiasoft)

Phantasy Star Online 2 Manual Patch Data (HKLM-x32\...\http://pso2.jp/appid...g_is1)(Version:2.0231.2 - Asiasoft)

PhotoFilmStrip 2.1.0 (HKLM-x32\...\PhotoFilmStrip_is1) (Version: 2.1.0 - Jens Göpfert)

Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.6 - )

pidgin-otr 4.0.1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.1 - Cypherpunks CA)

Pixar RenderMan Pro Server 19.0 (HKLM\...\{4F548C00-CC6D-11E4-B08B-001CC4171F87}) (Version: 19.0.1457856 - Pixar)

Planetwide Games Comic Book Creator (HKLM-x32\...\{EBFB1375-E8DE-43DD-8430-3E43485E19F8}) (Version: 1.0.1 - Planetwide Games, Inc.)

Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)

Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)

Portal Stories: Mel (HKLM\...\Steam App 317400) (Version: - Prism Studios)

ProjectLibre (HKLM-x32\...\{8E2A530F-ABE9-45B4-B4EA-B9DF56698376}) (Version: 1.6.2.0 - ProjectLibre)

PVZ Garden Warfare (HKLM-x32\...\{A5AC7D7B-C1D5-4AF9-8829-993DA335BE1B}) (Version: 1.0.3.0 - Electronic Arts)

RapeLay (HKLM-x32\...\{CA31F991-DBD2-4DE1-B6D2-30105F23CBBC}) (Version: 1.03 - ILLUSION)

RealJukebox (HKLM-x32\...\RealJukebox 1.0) (Version: - )

RealPlayer Basic (HKLM-x32\...\RealPlayer 6.0) (Version: - )

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6554 - Realtek Semiconductor Corp.)

Remove Empty Directories version 2.2 (HKLM-x32\...\{06F25DC8-71E2-44E2-805A-F15E15B51C74}_is1) (Version: 2.2 - Jonas John)

RenderManNC-Installer (HKLM\...\{3A1CA54F-D250-11E4-A4D4-001CC4171F87}) (Version: 1.0.0 - Pixar)

Rise of Nations: Extended Edition (HKLM-x32\...\Steam App 287450) (Version: - SkyBox Labs)

Roadkil's Unstoppable Copier Version 5.2 (HKLM-x32\...\{A306FD29-7D3A-4287-91AC-9A0180931395}_is1) (Version: - Roadkil.Net)

Roleplaying City Map Generator (HKLM-x32\...\{3B585A53-CC41-4969-A7CB-F0E5D34ACA08}) (Version: 4.5.0.0 - )

SanityCheck 3.00 (HKLM\...\SanityCheck_is1) (Version: - Resplendence Software Projects Sp.)

Scorched3D 44 (HKLM-x32\...\Scorched3D) (Version: 44 - Scorched)

Scrolls (HKLM-x32\...\{F7F74F7F-C458-4B7C-A6F4-80A28ED7AF0B}) (Version: 1.0.2.0 - Mojang)

SeaMonkey 2.40 (x86 en-US) (HKLM-x32\...\SeaMonkey 2.40 (x86 en-US)) (Version: 2.40 - Mozilla)

SEGA Genesis & Mega Drive Classics (HKLM-x32\...\Steam App 34270) (Version: - Sega)

Send Anywhere (HKLM-x32\...\{4C09F722-410A-481D-A488-D56FBE34334F}_is1) (Version: 2.4.11.1 - Estmob Inc.)

SHIELD Streaming (Version: 4.1.0260 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 2.9.1.35 - NVIDIA Corporation) Hidden

Sid Meiers Civilization Beyond Earth (HKLM-x32\...\U2lkTWVpZXJzQ2l2aWxpemF0aW9uQmV5b25kRWFydGg=_is1) (Version: 1 - )

Sid Meier's Civilization IV Colonization (HKLM-x32\...\{EF36A836-BF89-4A4F-B079-057B0C68C1E0}) (Version: 1.00 - Firaxis Games)

SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)

Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)

Source SDK Base 2013 Singleplayer (HKLM-x32\...\Steam App 243730) (Version: - )

Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)

Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: - Bioware/EA)

Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)

Stomp It Up version 1.0 (HKLM-x32\...\{765B450A-E992-471B-80BD-B83AC34B3484}_is1) (Version: 1.0 - Sos)

Super Meat Boy (HKLM\...\Steam App 40800) (Version: - Team Meat)

Sven Co-op (HKLM-x32\...\Steam App 225840) (Version: - Sven Co-op Team)

System Requirements Lab Detection (HKLM-x32\...\{E4EF887C-984B-465D-BD73-C7C8C010AF7F}) (Version: 6.1.6.0 - Husdawg, LLC)

TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)

TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.59518 - TeamViewer)

TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)

The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.69.43.024017 - Electronic Arts Inc.)

The Sims™ 3 Supernatural (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 Supernatural) (Version: 1.0.0.0 - Electronic Arts Inc.)

The Witcher Enhanced Edition Director's Cut (HKLM-x32\...\1207658924_is1) (Version: 2.1.0.15 - GOG.com)

TVersity Codec Pack 1.7 (HKLM-x32\...\TVersity Codec Pack) (Version: 1.7 - TVersity Inc.)

Unity (HKLM-x32\...\Unity) (Version: 4.6.1f1 - Unity Technologies ApS)

Unity Web Player (HKU\S-1-5-21-1809310298-4277939237-1222154954-1000\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)

Unreal Development Kit: 2014-08 (HKLM\...\UDK-544c0a9b-e307-40b5-9cc7-c0097b1a748b) (Version: - Epic Games, Inc.)

Unturned (HKLM-x32\...\Steam App 304930) (Version: - Smartly Dressed Games)

VS10Runtimex64 (Version: 1.0.0 - sourcefire) Hidden

War Thunder (HKLM\...\Steam App 236390) (Version: - Gaijin Entertainment)

Warframe (HKLM-x32\...\{58A0931C-2B01-45B1-9EB1-830DD7D32B60}) (Version: 1.0.0 - Digital Extremes)

WD SES Driver Setup (x32 Version: 1.0.3.3 - Western Digital) Hidden

WhoCrashed 5.02 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.)

Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)

WinDirStat 1.1.2 (HKU\S-1-5-21-1809310298-4277939237-1222154954-1000\...\WinDirStat) (Version: - )

Windows Firewall Control (HKLM\...\Windows Firewall Control) (Version: 4.3.0.1 - BiniSoft.org)

Wise Registry Cleaner 9.16 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 9.16 - WiseCleaner.com, Inc.)

Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)

XSplit Gamecaster (HKLM-x32\...\{D7BEC6E9-5E86-44FF-AA21-23DA71ED676B}) (Version: 2.4.1506.1243 - SplitmediaLabs)

Zumas Revenge (HKLM-x32\...\{0B153CAB-792B-4CA2-B2A5-AB0BBAF2FFA9}) (Version: 1.0.5.600 - PopCap Games)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1809310298-4277939237-1222154954-1000_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> H:\Autodesk\3ds Max 2015\Inventor Server\Bin\TestServer.dll => No File

CustomCLSID: HKU\S-1-5-21-1809310298-4277939237-1222154954-1000_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> H:\Autodesk\3ds Max 2015\Inventor Server\Bin\TestServer.dll => No File

CustomCLSID: HKU\S-1-5-21-1809310298-4277939237-1222154954-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> E:\daz 3n4\blender\BlendThumb64.dll ()

CustomCLSID: HKU\S-1-5-21-1809310298-4277939237-1222154954-1000_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> H:\Autodesk\3ds Max 2015\Inventor Server\Bin\TestServer.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02411CAC-F2DB-4B47-AD22-14F595E7E904} - System32\Tasks\{F2471DC4-D590-41AA-88BE-E3D293BE0193} => pcalua.exe -a "G:\New folder\dazzzzzzzzzzzz\Daz3D - Poser - New 200911\8835_3_dpc_MagusUnimeshFits_3.exe"

Task: {036B4167-6B25-41AA-BD1F-A834ED1881BD} - System32\Tasks\Baidu Antivirus Update => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.3.186847.0\BavUpdater.exe [2015-07-27] (Baidu, Inc.) <==== ATTENTION

Task: {08772288-F17A-47A4-A92D-CAED3C4A6218} - System32\Tasks\{CD7C3FBD-8C67-4607-9741-768D8A7C2848} => pcalua.exe -a "E:\daz 3n4\zMorethings\v4 cour\ps_ac2519_CourageousDS.exe" -d "E:\daz 3n4\zMorethings\v4 cour"

Task: {15DD80E5-5776-46A8-AFC4-D26F017E6923} - System32\Tasks\{5B8348BD-4CC0-4F76-8B39-5651230828E8} => pcalua.exe -a "G:\New folder\dazzzzzzzzzzzz\Daz3D - Poser - New 200911\ps_ac1825_DominoV4T.exe"

Task: {16ECAC06-30FE-4FAD-B0A1-850441320416} - System32\Tasks\{C6683483-2278-42AE-958D-6A386C625228} => pcalua.exe -a "G:\New folder\dazzzzzzzzzzzz\Daz3D - Poser - New 200911\ps_ac849_V3TheDress.exe"

Task: {3E94985B-FD66-4E61-AE22-894C89808571} - System32\Tasks\{FE2CF63D-DCCF-4281-9524-D0C21D09E553} => pcalua.exe -a "G:\New folder\dazzzzzzzzzzzz\Daz3D - Poser - New 200911\ps_mr123_Rebecca.exe"

Task: {4B33F056-FF25-4D70-BEFF-5A33D30DB244} - System32\Tasks\{B729FB5D-E88F-4E61-B722-97F550937D8C} => pcalua.exe -a "G:\New folder\dazzzzzzzzzzzz\Daz3D - Poser - New 200911\ps_ac1933_FebDaisy.exe"

Task: {4B9BB316-A4D0-4316-9A25-503BB11B12DF} - System32\Tasks\{70B21360-7A62-4D16-872C-8C65A9E5FDBD} => pcalua.exe -a "G:\New folder\dazzzzzzzzzzzz\Daz3D - Poser - New 200911\ps_ac1905_LiberteV4.exe"

Task: {563ABFFD-73DD-4824-B3A2-D29E6F816DF3} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)

Task: {5F14D905-7EC4-461A-BE68-AF587733BA57} - System32\Tasks\{A4BC6B7C-1896-483A-B557-5E4409EF34DB} => pcalua.exe -a "G:\New folder\dazzzzzzzzzzzz\Daz3D - Poser - New 200911\Daz3D - ps_ac1756 - Modern Furniture Add-Ons.exe"

Task: {633D2508-55E5-49FF-8B9B-4BFF0A4BE8B5} - System32\Tasks\{63DB839B-24B5-4330-9FC4-699093CA77E6} => pcalua.exe -a "H:\Xdownloads\Daz3d - Poser - Toons Pack 4 - Noggins Pack\Daz3D - ps_an074b - Noggin's Poser Crows.exe"

Task: {6EDD78CC-C503-4BE4-80CD-ED4A70967CBB} - System32\Tasks\{F773FF7A-2F70-46A1-ACC4-E256350D3AA9} => pcalua.exe -a "H:\Xdownloads\The Kids 4 Pro Bundle full\Kids 3fold\10028_4_dpc_Kids4Toddler_4.exe" -d "H:\Xdownloads\The Kids 4 Pro Bundle full\Kids 3fold"

Task: {717583DA-E87D-4BB3-B222-9265E2487B8E} - System32\Tasks\WiseCleaner\WRCSkipUAC => C:\Program Files (x86)\Wise Registry Cleaner\WiseRegCleaner.exe [2016-05-03] (WiseCleaner.com)

Task: {88393B03-131A-49E1-8063-C200C8485C73} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\AvastEmUpdate.exe

Task: {89C62164-ED48-4527-A47E-A8CCB35B60A7} - System32\Tasks\{28CDC807-38B3-4FE2-BC35-8003E20608A3} => pcalua.exe -a G:\setup.exe -d G:\

Task: {933A26E4-0082-477B-8AEF-AD2E61185C54} - System32\Tasks\{45BFAFE7-BC83-4863-AD18-CEF2E2CEC644} => pcalua.exe -a "H:\daz downloads\ps_ac1824_V4BasicsDS.exe" -d "H:\daz downloads"

Task: {969C92FD-2053-4A15-BE4E-D8A8C1DF2DCD} - System32\Tasks\Minecraft Checksum Validator => H:\games\Minecraft_v1.8.1\M

Task: {980E077D-A6C6-4F39-9842-A1796D14AFD2} - System32\Tasks\AutoPico Daily Restart => h:\office-2013crack\KMSpic\AutoPico.exe

Task: {9A238687-8A40-4F31-A55A-270B279C5A58} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

Task: {A30EDB15-2AA0-4407-84B6-E986746A4F64} - System32\Tasks\{781D36F9-9CE0-46A3-AFF1-C5F429A5286C} => pcalua.exe -a "G:\New folder\dazzzzzzzzzzzz\Daz3D - Poser - New 200911\9849_10_ds_M4DynamicTShirt_10.exe"

Task: {AC66B2F3-AFFE-45B8-9118-BA9E49157252} - System32\Tasks\{ABD3E858-AEC7-4BBA-8909-7BB822C6A3C0} => pcalua.exe -a "H:\daz downloads\Daz3D - Dragon Skeleton.exe" -d "H:\daz downloads"

Task: {E516E0F0-04B0-4764-97F2-3DCB56F8018F} - System32\Tasks\{D6928452-0895-4621-AD3D-FFAEA28048FE} => pcalua.exe -a "G:\New folder\dazzzzzzzzzzzz\Daz3D - Poser - New 200911\ps_ac2155_-_Iyeyasu's Tomb.exe"

Task: {F0206A81-B1F9-423A-B95B-FF868C30DFF3} - System32\Tasks\{CF022024-D484-41C2-91CE-9AA0BC2C71FF} => pcalua.exe -a "G:\New folder\dazzzzzzzzzzzz\Daz3D - Poser - New 200911\ps_ac2129_CorsetDress.exe"

Task: {FC0D0D92-1DDB-4277-93A7-E67072A21070} - System32\Tasks\{8F2179AB-6044-4D80-937D-314D34E0970B} => pcalua.exe -a "H:\daz downloads\ps_ac1824_V4Basics2.exe" -d "H:\daz downloads"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Basterd\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> H:\1 GoogleChromePortable\App\Chrome-bin\chrome.exe (Google Inc.)

ShortcutWithArgument: C:\Users\Basterd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\ARC Welder.lnk -> H:\1 GoogleChromePortable\App\Chrome-bin\chrome.exe (Google Inc.) -> --user-data-dir="C:\Users\Basterd\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --app-id=emfinbmielocnlhgmfkkmkngdoccbadn

==================== Loaded Modules (Whitelisted) ==============

2016-03-01 16:20 - 2016-02-23 16:58 - 00291264 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll

2015-01-04 16:42 - 2015-02-05 13:12 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2006-11-02 20:40 - 2006-11-02 20:40 - 00174656 _____ () C:\Windows\SysWOW64\PSIService.exe

2016-03-01 16:19 - 2016-02-23 13:45 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2014-09-04 14:30 - 2012-01-29 16:55 - 00657920 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll

2015-07-26 15:55 - 2015-09-04 16:54 - 00128512 _____ () H:\x86 Send Anywhere\snda_context_handler.dll

2014-02-28 02:14 - 2016-05-02 14:12 - 00174872 _____ () C:\Program Files\TeamSpeak 3 Client\quazip.dll

2014-08-04 06:43 - 2016-05-02 14:12 - 00103192 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win64.dll

2014-08-04 06:43 - 2016-05-02 14:12 - 00107800 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll

2014-08-04 06:46 - 2016-05-02 14:12 - 00312088 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll

2014-08-04 06:46 - 2016-05-02 14:12 - 00485656 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll

2015-01-09 21:24 - 2016-04-11 13:05 - 05402296 _____ () H:\x86 Send Anywhere\sendanywhere.exe

2014-07-06 12:53 - 2014-07-06 12:53 - 00351232 _____ () E:\WhoDatPortable\App\WhoDat\WhoDat.exe

2015-07-27 00:27 - 2015-07-27 00:27 - 00298480 _____ () C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.3.186847.0\HipsLogger.dll

2015-07-27 00:27 - 2015-07-13 21:09 - 00176112 _____ () C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.3.186847.0\dark.dll

2015-07-27 00:27 - 2015-07-27 00:27 - 00540656 _____ () C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.3.186847.0\sqlite.dll

2015-07-27 00:27 - 2015-07-27 00:27 - 00197944 _____ () C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.3.186847.0\TinyIPC32.dll

2015-07-27 00:27 - 2015-07-27 00:27 - 00370672 _____ () C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.3.186847.0\BNetOp.dll

2014-08-17 16:40 - 2011-12-16 10:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

2016-03-01 16:20 - 2016-02-23 16:58 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

2015-07-27 00:27 - 2015-07-27 00:27 - 00167920 _____ () C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.3.186847.0\Plugins\Plugin_Hips_TipsCtl\HipsTipControl.dll

2015-07-27 00:27 - 2015-07-27 00:27 - 00277488 _____ () C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.3.186847.0\Pulgin_Dark_DeleteFileTip.dll

2015-07-27 00:27 - 2015-07-27 00:27 - 00147952 _____ () C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.3.186847.0\Plugins\Plugin_User_Mon\HUMHandler\HUMAnalyzeHandler.dll

2015-07-27 00:27 - 2015-07-27 00:27 - 00158704 _____ () C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.3.186847.0\Plugins\Plugin_User_Mon\HUMHandler\HUMSupplementHandler.dll

2015-07-27 00:27 - 2015-07-27 00:27 - 00120304 _____ () C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.3.186847.0\Plugins\Plugin_User_Mon\HUMHandler\HUMUSBHandler.dll

2015-12-21 01:37 - 2015-12-10 20:54 - 01583432 _____ () H:\1 GoogleChromePortable\App\Chrome-bin\47.0.2526.106\libglesv2.dll

2015-12-21 01:37 - 2015-12-10 20:54 - 00081224 _____ () H:\1 GoogleChromePortable\App\Chrome-bin\47.0.2526.106\libegl.dll

2012-02-24 17:57 - 2012-02-24 17:57 - 00064000 _____ () H:\zzWinamp\Plugins\in_aodsfu.dll

2010-04-13 08:38 - 2010-04-13 08:38 - 00064000 _____ () H:\zzWinamp\Plugins\in_aossfu.dll

2005-03-25 05:09 - 2005-03-25 05:09 - 00164864 _____ () H:\zzWinamp\Plugins\in_gsf.dll

2000-09-06 21:19 - 2000-09-06 21:19 - 00086016 _____ () H:\zzWinamp\Plugins\IN_MDX.DLL

2010-08-17 00:35 - 2010-08-17 00:35 - 00212992 _____ () H:\zzWinamp\Plugins\in_nez.dll

2008-12-20 20:36 - 2008-12-20 20:36 - 00402432 _____ () H:\zzWinamp\Plugins\in_NotSoFatso.dll

2006-07-08 00:16 - 2006-07-08 00:16 - 00401408 _____ () H:\zzWinamp\Plugins\in_psf.dll

2003-09-30 01:52 - 2003-09-30 01:52 - 00217088 _____ () H:\zzWinamp\Plugins\in_sc68.dll

2011-01-20 15:18 - 2011-01-20 15:18 - 00528896 _____ () H:\zzWinamp\Plugins\in_sidplay2.dll

2007-07-21 09:52 - 2007-07-21 09:52 - 00163840 _____ () H:\zzWinamp\Plugins\unrar.dll

2012-02-19 11:35 - 2012-02-19 11:35 - 00487424 _____ () H:\zzWinamp\Plugins\in_vgm.dll

2013-11-26 11:59 - 2013-11-26 11:59 - 00478720 _____ () H:\zzWinamp\Plugins\in_vgmstream.dll

2010-03-21 00:19 - 2010-03-21 00:19 - 00045568 _____ () H:\zzWinamp\libg7221_decode.dll

2009-01-21 04:14 - 2009-01-21 04:14 - 00202213 _____ () H:\zzWinamp\libmpg123-0.dll

2009-01-21 04:38 - 2009-01-21 04:38 - 00190464 _____ () H:\zzWinamp\libvorbis.dll

2010-01-19 21:32 - 2010-01-19 21:32 - 00027136 _____ () H:\zzWinamp\Plugins\in_vio2sfu.dll

2006-05-02 22:44 - 2006-05-02 22:44 - 00122880 _____ () H:\zzWinamp\Plugins\in_wsr.dll

2009-12-02 18:54 - 2009-12-02 18:54 - 00073728 _____ () H:\zzWinamp\Plugins\in_ym.dll

2013-12-12 19:47 - 2013-12-12 19:47 - 00333824 _____ () H:\zzWinamp\Plugins\freeform\wacs\freetype\freetype.wac

2016-04-13 15:35 - 2016-04-08 13:53 - 17532096 _____ () C:\Users\Basterd\AppData\Local\Google\Chrome\User Data\PepperFlash\21.0.0.216\pepflashplayer.dll

2015-01-09 21:24 - 2014-12-22 02:07 - 00119822 _____ () H:\x86 Send Anywhere\libgcc_s_dw2-1.dll

2015-01-09 21:24 - 2014-12-22 02:07 - 01026062 _____ () H:\x86 Send Anywhere\libstdc++-6.dll

2012-09-17 12:23 - 2012-09-17 00:40 - 00901120 ____C () E:\daz 3n4\3.1.2\QtNetwork4.dll

2012-09-17 12:23 - 2012-09-17 00:40 - 02076672 ____C () E:\daz 3n4\3.1.2\QtCore4.dll

2012-09-17 12:23 - 2012-09-17 00:40 - 02408448 ____C () E:\daz 3n4\3.1.2\Qt3Support4.dll

2012-09-17 12:23 - 2012-09-17 00:40 - 00528384 ____C () E:\daz 3n4\3.1.2\QtSql4.dll

2012-09-17 12:23 - 2012-09-17 00:40 - 00364544 ____C () E:\daz 3n4\3.1.2\QtXml4.dll

2012-09-17 12:23 - 2012-09-17 00:40 - 07745536 ____C () E:\daz 3n4\3.1.2\QtGui4.dll

2012-09-17 12:23 - 2012-09-17 00:40 - 00442368 ____C () E:\daz 3n4\3.1.2\QtOpenGL4.dll

2012-09-17 12:23 - 2012-09-17 00:40 - 00708608 ____C () E:\daz 3n4\3.1.2\QtScript4.dll

2012-09-17 12:23 - 2012-09-17 00:40 - 00022016 ____C () E:\daz 3n4\3.1.2\imageformats\qgif4.dll

2012-09-17 12:23 - 2012-09-17 00:40 - 00025600 ____C () E:\daz 3n4\3.1.2\imageformats\qico4.dll

2012-09-17 12:23 - 2012-09-17 00:40 - 00135168 ____C () E:\daz 3n4\3.1.2\imageformats\qjpeg4.dll

2012-09-17 12:23 - 2012-09-17 00:40 - 00233472 ____C () E:\daz 3n4\3.1.2\imageformats\qmng4.dll

2012-09-17 12:23 - 2012-09-17 00:40 - 00282624 ____C () E:\daz 3n4\3.1.2\imageformats\qtiff4.dll

2012-09-17 12:23 - 2012-09-17 00:40 - 01654784 ____C () E:\daz 3n4\3.1.2\plugins\aniMate2.dll

2012-09-17 12:23 - 2012-09-17 00:39 - 01933312 ____C () E:\daz 3n4\3.1.2\DazCollada.dll

2012-09-17 12:23 - 2012-09-17 00:39 - 02191360 ____C () E:\daz 3n4\3.1.2\dz3delight.dll

2012-09-17 12:23 - 2012-09-17 00:40 - 00122880 ____C () E:\daz 3n4\3.1.2\plugins\dzsceneinfo.dll

2012-09-17 12:23 - 2012-09-17 00:40 - 00208896 ____C () E:\daz 3n4\3.1.2\plugins\dzscriptedrenderer.dll

2012-09-17 12:23 - 2012-09-17 00:40 - 01740800 ____C () E:\daz 3n4\3.1.2\plugins\dzshaderbuilder.dll

2012-09-17 12:23 - 2012-09-17 00:40 - 01363968 ____C () E:\daz 3n4\3.1.2\plugins\dzshadermixerbase.dll

2012-09-17 12:23 - 2012-09-17 00:40 - 00393216 ____C () E:\daz 3n4\3.1.2\plugins\dzshadermixergui.dll

2012-09-17 12:23 - 2012-09-17 00:40 - 00193024 ____C () E:\daz 3n4\3.1.2\plugins\Reality\Reality.dll

2012-10-08 12:31 - 2011-12-22 14:57 - 00330240 ____C () E:\daz 3n4\3.1.2\plugins\Reality\Reality_2.0.dll

2011-12-16 22:35 - 2011-12-16 22:35 - 01081856 ____C () E:\daz 3n4\3.1.2\plugins\Reality\xReality_2.0.dll

2016-06-09 09:48 - 2016-06-09 09:48 - 00008704 _____ () C:\Users\Basterd\AppData\Local\Temp\nsx38C9.tmp\newadvsplash.dll

2016-06-09 09:48 - 2016-06-09 09:48 - 00011264 _____ () C:\Users\Basterd\AppData\Local\Temp\nsx38C9.tmp\System.dll

2016-06-09 09:48 - 2016-06-09 09:48 - 00029696 _____ () C:\Users\Basterd\AppData\Local\Temp\nsx38C9.tmp\registry.dll

2016-06-09 10:35 - 2016-06-09 10:35 - 00011264 _____ () C:\Users\Basterd\AppData\Local\Temp\nsf6047.tmp\System.dll

2016-06-09 10:35 - 2016-06-09 10:35 - 00029696 _____ () C:\Users\Basterd\AppData\Local\Temp\nsf6047.tmp\registry.dll

2014-03-07 11:56 - 2014-03-07 11:56 - 00048142 _____ () E:\WhoDatPortable\App\WhoDat\libgcc_s_dw2-1.dll

2014-03-07 11:56 - 2014-03-07 11:56 - 00418318 _____ () E:\WhoDatPortable\App\WhoDat\libstdc++-6.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [386]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\03919393.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BavSvc => "Service"=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\03919393.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BavSvc => "Service"=""

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com

IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com

IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com

IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com

IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com

IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com

IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com

IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com

IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com

IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com

IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com

IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com

IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com

IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com

IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com

IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com

IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com

IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net

IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net

IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info

IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com

IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com

IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.

IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com

IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com

IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com

IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com

IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com

IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com

IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com

IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com

IE trusted site: HKU\S-1-5-21-1809310298-4277939237-1222154954-1000\...\aol.com -> hxxp://free.aol.com

IE trusted site: HKU\S-1-5-21-1809310298-4277939237-1222154954-1000\...\clonewarsadventures.com -> clonewarsadventures.com

IE trusted site: HKU\S-1-5-21-1809310298-4277939237-1222154954-1000\...\freerealms.com -> freerealms.com

IE trusted site: HKU\S-1-5-21-1809310298-4277939237-1222154954-1000\...\soe.com -> soe.com

IE trusted site: HKU\S-1-5-21-1809310298-4277939237-1222154954-1000\...\sony.com -> sony.com

IE restricted site: HKU\S-1-5-21-1809310298-4277939237-1222154954-1000\...\007guard.com -> install.007guard.com

IE restricted site: HKU\S-1-5-21-1809310298-4277939237-1222154954-1000\...\008i.com -> 008i.com

IE restricted site: HKU\S-1-5-21-1809310298-4277939237-1222154954-1000\...\008k.com -> www.008k.com

IE restricted site: HKU\S-1-5-21-1809310298-4277939237-1222154954-1000\...\00hq.com -> www.00hq.com

IE restricted site: HKU\S-1-5-21-1809310298-4277939237-1222154954-1000\...\010402.com -> 010402.com

IE restricted site: HKU\S-1-5-21-1809310298-4277939237-1222154954-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com

IE restricted site: HKU\S-1-5-21-1809310298-4277939237-1222154954-1000\...\0scan.com -> www.0scan.com

IE restricted site: HKU\S-1-5-21-1809310298-4277939237-1222154954-1000\...\1-2005-search.com -> www.1-2005-search.com

IE restricted site: HKU\S-1-5-21-1809310298-4277939237-1222154954-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com

IE restricted site: HKU\S-1-5-21-1809310298-4277939237-1222154954-1000\...\1000gratisproben.com -> www.1000gratisproben.com

IE restricted site: HKU\S-1-5-21-1809310298-4277939237-1222154954-1000\...\1001namen.com -> www.1001namen.com

IE restricted site: HKU\S-1-5-21-1809310298-4277939237-1222154954-1000\...\100888290cs.com -> mir.100888290cs.com

IE restricted site: HKU\S-1-5-21-1809310298-4277939237-1222154954-1000\...\100sexlinks.com -> www.100sexlinks.com

IE restricted site: HKU\S-1-5-21-1809310298-4277939237-1222154954-1000\...\10sek.com -> www.10sek.com

IE restricted site: HKU\S-1-5-21-1809310298-4277939237-1222154954-1000\...\12-26.net -> user1.12-26.net

IE restricted site: HKU\S-1-5-21-1809310298-4277939237-1222154954-1000\...\12-27.net -> user1.12-27.net

IE restricted site: HKU\S-1-5-21-1809310298-4277939237-1222154954-1000\...\123fporn.info -> www.123fporn.info

IE restricted site: HKU\S-1-5-21-1809310298-4277939237-1222154954-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com

IE restricted site: HKU\S-1-5-21-1809310298-4277939237-1222154954-1000\...\123moviedownload.com -> www.123moviedownload.com

IE restricted site: HKU\S-1-5-21-1809310298-4277939237-1222154954-1000\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.

IE trusted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\clonewarsadventures.com -> clonewarsadventures.com

IE trusted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\freerealms.com -> freerealms.com

IE trusted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\soe.com -> soe.com

IE trusted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\sony.com -> sony.com

IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\007guard.com -> install.007guard.com

IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\008i.com -> 008i.com

IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\008k.com -> www.008k.com

IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\00hq.com -> www.00hq.com

IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\010402.com -> 010402.com

IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com

IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\0scan.com -> www.0scan.com

IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\1-2005-search.com -> www.1-2005-search.com

IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\1-domains-registrations.com -> www.1-domains-registrations.com

IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\1000gratisproben.com -> www.1000gratisproben.com

IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\1001namen.com -> www.1001namen.com

IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\100888290cs.com -> mir.100888290cs.com

IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\100sexlinks.com -> www.100sexlinks.com

IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\10sek.com -> www.10sek.com

IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\12-26.net -> user1.12-26.net

IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\12-27.net -> user1.12-27.net

IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\123fporn.info -> www.123fporn.info

IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\123haustiereundmehr.com -> www.123haustiereundmehr.com

IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\123moviedownload.com -> www.123moviedownload.com

IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-05-02 14:04 - 2016-05-02 14:04 - 01718854 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

174.140.154.20 megaupload.com

208.87.33.151 fileshare.com

95.211.149.7 multiupload.com

195.191.207.40 uploading.com

31.7.57.13 warez-bb.org

199.7.177.218 hotfile.com

69.10.25.46 gamespy.com

67.21.232.223 what.cd

178.162.238.136 warez.ag

89.238.130.247 putlocker.com

95.211.143.200 uploaded.to

199.47.217.179 dropbox.com

69.65.13.216 pastebin.com

95.211.143.200 uploaded.to

194.71.107.15 thepiratebay.org

194.71.107.15 thepiratebay.se

46.19.36.34 tpb.piratenpartij.nl

95.172.29.90 tpb.pirateparty.org.uk

178.22.232.73 Grasscity.com

184.173.151.99 malaysiabay.org213.174.153.19 abmp3.com

46.229.170.195 beemp3.com

199.101.132.166 bomb-mp3.com

74.117.176.15 emp3world.com

199.15.253.226 filecrop.com

149.13.65.50 filestube.com

208.115.224.118 MP3Juices.com

82.98.86.168 MP3lemon.com

206.217.212.68 MP3Raid.com

74.117.180.242 MP3skull.com

There are 48757 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1809310298-4277939237-1222154954-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Basterd\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.1.254

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)

Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OpenVPN Client.lnk => C:\Windows\pss\OpenVPN Client.lnk.CommonStartup

MSCONFIG\startupreg: ADSKAppManager => "C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" -showminimized -checkautorun

MSCONFIG\startupreg: Everything => "C:\Program Files (x86)\Everything\Everything.exe" -startup

MSCONFIG\startupreg: PeerBlock => C:\Program Files\PeerBlock\peerblock.exe

MSCONFIG\startupreg: ProductUpdater => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe

MSCONFIG\startupreg: RealTray => C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

MSCONFIG\startupreg: SunJavaUpdateSched => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

MSCONFIG\startupreg: ZyngaGamesAgent => "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [RemoteSvcAdmin-In-TCP] => (Block) C:\Windows\system32\services.exe

FirewallRules: [RemoteSvcAdmin-In-TCP-NoScope] => (Block) C:\Windows\system32\services.exe

FirewallRules: [WMPNSS-Out-TCP] => (Block) C:\Program Files\Windows Media Player\wmpnetwk.exe

FirewallRules: [WMPNSS-In-TCP] => (Block) C:\Program Files\Windows Media Player\wmpnetwk.exe

FirewallRules: [WMPNSS-Out-UDP] => (Block) C:\Program Files\Windows Media Player\wmpnetwk.exe

FirewallRules: [WMPNSS-In-UDP] => (Block) C:\Program Files\Windows Media Player\wmpnetwk.exe

FirewallRules: [WMPNSS-WMP-Out-TCP] => (Block) C:\Program Files\Windows Media Player\wmplayer.exe

FirewallRules: [WMPNSS-WMP-Out-UDP] => (Block) C:\Program Files\Windows Media Player\wmplayer.exe

FirewallRules: [WMPNSS-WMP-In-UDP] => (Block) C:\Program Files\Windows Media Player\wmplayer.exe

FirewallRules: [WMPNSS-QWave-In-UDP] => (Block) C:\Windows\system32\svchost.exe

FirewallRules: [WMPNSS-Out-TCP-NoScope] => (Block) C:\Program Files\Windows Media Player\wmpnetwk.exe

FirewallRules: [WMPNSS-In-TCP-NoScope] => (Block) C:\Program Files\Windows Media Player\wmpnetwk.exe

FirewallRules: [WMPNSS-Out-UDP-NoScope] => (Block) C:\Program Files\Windows Media Player\wmpnetwk.exe

FirewallRules: [WMPNSS-In-UDP-NoScope] => (Block) C:\Program Files\Windows Media Player\wmpnetwk.exe

FirewallRules: [WMPNSS-WMP-Out-TCP-NoScope] => (Block) C:\Program Files\Windows Media Player\wmplayer.exe

FirewallRules: [WMPNSS-WMP-Out-UDP-NoScope] => (Block) C:\Program Files\Windows Media Player\wmplayer.exe

FirewallRules: [WMPNSS-WMP-In-UDP-NoScope] => (Block) C:\Program Files\Windows Media Player\wmplayer.exe

FirewallRules: [WMPNSS-QWave-Out-TCP-NoScope] => (Block) C:\Windows\system32\svchost.exe

FirewallRules: [WMPNSS-QWave-In-TCP-NoScope] => (Block) C:\Windows\system32\svchost.exe

FirewallRules: [WMP-Out-TCP] => (Block) C:\Program Files\Windows Media Player\wmplayer.exe

FirewallRules: [WMP-Out-UDP] => (Block) C:\Program Files\Windows Media Player\wmplayer.exe

FirewallRules: [WMP-In-UDP] => (Block) C:\Program Files\Windows Media Player\wmplayer.exe

FirewallRules: [MCX-SSDPSrv-In-UDP] => (Block) C:\Windows\system32\svchost.exe

FirewallRules: [MCX-SSDPSrv-Out-UDP] => (Block) C:\Windows\system32\svchost.exe

FirewallRules: [MCX-In-TCP] => (Block) C:\Windows\ehome\ehshell.exe

FirewallRules: [MCX-Out-TCP] => (Block) C:\Windows\ehome\ehshell.exe

FirewallRules: [MCX-QWave-In-UDP] => (Block) C:\Windows\system32\svchost.exe

FirewallRules: [MCX-QWave-Out-UDP] => (Block) C:\Windows\system32\svchost.exe

FirewallRules: [MCX-QWave-In-TCP] => (Block) C:\Windows\system32\svchost.exe

FirewallRules: [MCX-QWave-Out-TCP] => (Block) C:\Windows\system32\svchost.exe

FirewallRules: [MCX-In-UDP] => (Block) C:\Windows\ehome\ehshell.exe

FirewallRules: [MCX-Out-UDP] => (Block) C:\Windows\ehome\ehshell.exe

FirewallRules: [MCX-MCX2SVC-Out-TCP] => (Block) C:\Windows\system32\svchost.exe

FirewallRules: [MCX-Prov-Out-TCP] => (Block) C:\Windows\ehome\mcx2prov.exe

FirewallRules: [MCX-PlayTo-Out-TCP] => (Block) C:\Windows\system32\svchost.exe

FirewallRules: [MCX-McrMgr-Out-TCP] => (Block) C:\Windows\ehome\mcrmgr.exe

FirewallRules: [MCX-PlayTo-Out-UDP] => (Block) C:\Windows\system32\svchost.exe

FirewallRules: [MCX-FDPHost-Out-TCP] => (Block) C:\Windows\system32\svchost.exe

FirewallRules: [{49315FEC-6A91-4D26-8961-9F2108A1C18F}] => (Block) C:\Program Files\Windows Media Player\wmplayer.exe

FirewallRules: [{E42108A9-EB5F-4D4D-9D1D-96CBE2AC8605}] => (Block) C:\Program Files\Windows Media Player\wmplayer.exe

FirewallRules: [{8932D1E9-94CA-4BA1-B7D7-8620330D7F31}] => (Block) C:\Program Files\Windows Media Player\wmplayer.exe

FirewallRules: [{E543A1DC-C27C-4B62-A1F9-4BA1EF750495}] => (Block) C:\Program Files\Windows Media Player\wmplayer.exe

FirewallRules: [{3D915B34-B4B1-44BC-AE87-9254E16F939E}] => (Block) C:\Program Files\Windows Media Player\wmplayer.exe

FirewallRules: [{7B965333-B0B8-42D8-B0AD-FACB3C947349}] => (Block) C:\Program Files\Windows Media Player\wmplayer.exe

FirewallRules: [{D4244549-F618-4660-B90B-DFF2CEFCCAE1}] => (Block) C:\Program Files\Windows Media Player\wmpnetwk.exe

FirewallRules: [{D297733A-0984-4F94-BE1D-9A86623A10CB}] => (Block) C:\Program Files\Windows Media Player\wmpnetwk.exe

FirewallRules: [{23367786-5860-40BA-B2FB-A468304E8A75}] => (Block) C:\Program Files\Windows Media Player\wmpnetwk.exe

FirewallRules: [{A77C9C96-F09E-48CB-B1CC-34206332A9FB}] => (Block) C:\Program Files\Windows Media Player\wmpnetwk.exe

FirewallRules: [{373BCDBB-EA9C-4439-AB89-5177B158EF2E}] => (Allow) E:\steam\Steam.exe

FirewallRules: [{48075DCD-F006-4E5C-9C05-2D67888AABE2}] => (Allow) E:\steam\Steam.exe

FirewallRules: [{1200B723-00F4-4127-8515-339A1E92E971}] => (Allow) E:\steam\bin\steamwebhelper.exe

FirewallRules: [{DCC4E003-CA75-43FD-AF3E-C4BE6F1210D0}] => (Allow) E:\steam\bin\steamwebhelper.exe

FirewallRules: [{7B76CBAC-14B3-4E99-A5AC-5DB81B67C885}] => (Allow) E:\steam\steamapps\common\Team Fortress 2\hl2.exe

FirewallRules: [{4620B109-A4A4-4912-B204-28376A514FC0}] => (Allow) E:\steam\steamapps\common\Team Fortress 2\hl2.exe

FirewallRules: [{D320BDEC-C7B7-4EFF-B590-057EF84F317F}] => (Allow) E:\steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe

FirewallRules: [{030A9705-4FB1-4622-8F9F-705AC1C21C36}] => (Allow) E:\steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe

FirewallRules: [{4FCD0643-3DBD-4399-8EA1-FCCBF222495B}] => (Allow) E:\steam\steamapps\common\Half-Life 2\hl2.exe

FirewallRules: [{EA96DA12-1071-4173-8EAD-9E007E112858}] => (Allow) E:\steam\steamapps\common\Half-Life 2\hl2.exe

FirewallRules: [{656478F8-1830-46FC-BECA-D5EF6C262ED2}] => (Allow) h:\zzWinamp\winamp.exe

FirewallRules: [{31A3307F-75FD-4B2B-9DFB-B658573229E8}] => (Allow) h:\zzWinamp\winamp.exe

FirewallRules: [{08D356E6-3201-42C9-B846-9C8219A36BE2}] => (Allow) E:\steam\steamapps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe

FirewallRules: [{742D15A5-6593-45C6-A2A5-0D097B46A9F8}] => (Allow) E:\steam\steamapps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe

FirewallRules: [TCP Query User{703B6FD2-E70A-4D38-8941-355E372D0554}C:\moon child palemoon\bin\palemoon\palemoon.exe] => (Allow) C:\moon child palemoon\bin\palemoon\palemoon.exe

FirewallRules: [UDP Query User{0728811A-B776-4161-9AD4-D5502028CB7A}C:\moon child palemoon\bin\palemoon\palemoon.exe] => (Allow) C:\moon child palemoon\bin\palemoon\palemoon.exe

FirewallRules: [{62E4ED2D-99A3-4BC1-935A-84AEB62E5680}] => (Allow) H:\UDK\UDK-2014-08\Binaries\Win32\UDK.exe

FirewallRules: [{BC94D2BC-2A44-4648-B774-77D7BA8D50B2}] => (Allow) H:\UDK\UDK-2014-08\Binaries\Win32\UDK.exe

FirewallRules: [{D755CE72-2F13-41F4-870C-977557A5BC98}] => (Allow) H:\UDK\UDK-2014-08\Binaries\Win64\UDK.exe

FirewallRules: [{61FA3A54-2B0B-4530-B099-DE32669FBE3B}] => (Allow) H:\UDK\UDK-2014-08\Binaries\Win64\UDK.exe

FirewallRules: [{31BDE13B-7958-4B80-A296-E7FCA758C19E}] => (Block) LPort=1434

FirewallRules: [{65224DC4-4721-4B24-9A68-AB4B03AE080E}] => (Block) LPort=1434

FirewallRules: [TCP Query User{476253B9-6988-4149-8108-B197F6785254}H:\games\borderlands\borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe] => (Block) H:\games\borderlands\borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe

FirewallRules: [UDP Query User{F8D7CBFF-B4A9-4184-9B20-85433E828ECE}H:\games\borderlands\borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe] => (Block) H:\games\borderlands\borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe

FirewallRules: [TCP Query User{BBAC193A-EA1A-4E7D-8620-70CD046CAB20}C:\moon child palemoon\bin\palemoon\palemoon.exe] => (Allow) C:\moon child palemoon\bin\palemoon\palemoon.exe

FirewallRules: [UDP Query User{EC5BAFCF-16CF-4647-8CC3-960D865F09A2}C:\moon child palemoon\bin\palemoon\palemoon.exe] => (Allow) C:\moon child palemoon\bin\palemoon\palemoon.exe

FirewallRules: [{9D0C9C34-66A0-4B3B-A1A6-BBBD1D3F69DB}] => (Allow) E:\steam\steamapps\common\SirYouAreBeingHunted\x64\sir.exe

FirewallRules: [{D0349957-9A12-439C-AF8F-9C773D4534ED}] => (Allow) E:\steam\steamapps\common\SirYouAreBeingHunted\x64\sir.exe

FirewallRules: [{B7216E5F-2031-445B-B645-31C06D6F3324}] => (Allow) E:\steam\steamapps\common\SirYouAreBeingHunted\x86\sir.exe

FirewallRules: [{F39BCC8B-D888-4C1E-A7C7-30F3D93BADE4}] => (Allow) E:\steam\steamapps\common\SirYouAreBeingHunted\x86\sir.exe

FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

FirewallRules: [TCP Query User{699E9818-BB08-4140-9643-83D119CC5C35}H:\games\startrekonline\star trek online\live\gameclient.exe] => (Allow) H:\games\startrekonline\star trek online\live\gameclient.exe

FirewallRules: [UDP Query User{67D82C16-B32F-4B8E-B7B8-4ED83E231FC4}H:\games\startrekonline\star trek online\live\gameclient.exe] => (Allow) H:\games\startrekonline\star trek online\live\gameclient.exe

FirewallRules: [TCP Query User{50C4D398-FEF4-4808-A63B-703898332356}E:\steam\steamapps\common\dead island\deadislandgame.exe] => (Allow) E:\steam\steamapps\common\dead island\deadislandgame.exe

FirewallRules: [UDP Query User{120DECCA-7417-4ED5-97AB-A2FF9E67FDEE}E:\steam\steamapps\common\dead island\deadislandgame.exe] => (Allow) E:\steam\steamapps\common\dead island\deadislandgame.exe

FirewallRules: [{1C3784FD-5A88-4C1D-9730-9513575F248E}] => (Allow) H:\Program Files (x86)\Origin Games\SimCity 2000 SE\Game\Game\DOSBox\DOSBox.exe

FirewallRules: [{568DE297-C6C7-4466-BE75-14C8E042CE84}] => (Allow) H:\Program Files (x86)\Origin Games\SimCity 2000 SE\Game\Game\DOSBox\DOSBox.exe

FirewallRules: [{1876F8CF-1293-4CCD-8BCC-B79718809838}] => (Allow) H:\Program Files (x86)\Origin Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exe

FirewallRules: [{B062A208-DC1F-4380-B718-DA96A8D06A47}] => (Allow) H:\Program Files (x86)\Origin Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exe

FirewallRules: [TCP Query User{DD43E322-F0ED-46A5-935E-0D7DA58F7376}E:\steam\steamapps\common\garrysmod\hl2.exe] => (Allow) E:\steam\steamapps\common\garrysmod\hl2.exe

FirewallRules: [UDP Query User{052FDA13-2B51-4620-84E2-5930C02774B3}E:\steam\steamapps\common\garrysmod\hl2.exe] => (Allow) E:\steam\steamapps\common\garrysmod\hl2.exe

FirewallRules: [TCP Query User{93467F13-5CB0-4C2F-B0D4-D1A22C44DD15}H:\program files (x86)\origin games\need for speed world\data\nfsw.exe] => (Allow) H:\program files (x86)\origin games\need for speed world\data\nfsw.exe

FirewallRules: [UDP Query User{F97F7D1D-B9AD-4949-9EB8-0A65E095B384}H:\program files (x86)\origin games\need for speed world\data\nfsw.exe] => (Allow) H:\program files (x86)\origin games\need for speed world\data\nfsw.exe

FirewallRules: [{19B8304B-CDB4-4A7E-9B96-21FF6DC2372E}] => (Block) H:\program files (x86)\origin games\need for speed world\data\nfsw.exe

FirewallRules: [{30EDF894-DC45-42A6-8EF8-CBB9A417382B}] => (Block) H:\program files (x86)\origin games\need for speed world\data\nfsw.exe

FirewallRules: [{8B222963-1D6D-4EF1-86C4-5B9919B4216B}] => (Allow) H:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe

FirewallRules: [{4027A58C-4048-4406-8F41-B1511AC3B7D9}] => (Allow) H:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe

FirewallRules: [TCP Query User{636B8C5E-EB18-442E-AFDA-C24F4E9B123B}H:\games\world of tanks\worldoftanks.exe] => (Allow) H:\games\world of tanks\worldoftanks.exe

FirewallRules: [UDP Query User{E383ED5D-69AD-4273-BB6B-985369872B2D}H:\games\world of tanks\worldoftanks.exe] => (Allow) H:\games\world of tanks\worldoftanks.exe

FirewallRules: [TCP Query User{46F7AF37-7F50-4FE0-AB73-1BD2FCBFBCC8}H:\x86 send anywhere\sendanywhere.exe] => (Block) H:\x86 send anywhere\sendanywhere.exe

FirewallRules: [UDP Query User{0BC032C8-A172-4FC5-8F70-10A50444EC50}H:\x86 send anywhere\sendanywhere.exe] => (Block) H:\x86 send anywhere\sendanywhere.exe

FirewallRules: [{9DB5253B-8ACF-427E-8292-08F39B21A7AD}] => (Allow) C:\Windows\explorer.exe

FirewallRules: [{744C2125-67DB-4F1D-8B3E-291867C118D1}] => (Allow) H:\Windows Firewall Control\wfc.exe

FirewallRules: [{F4372715-D01F-4E56-867C-775CED0723FA}] => (Block) C:\Windows\system32\svchost.exe

FirewallRules: [{64C33965-E14B-4A5B-BA3E-AF10113D0E49}] => (Block) C:\Windows\system32\svchost.exe

FirewallRules: [{77C4E0E8-D5B1-40DF-B60D-DCF046768CE3}] => (Block) C:\Windows\system32\svchost.exe

FirewallRules: [{1643E1E7-5DB7-48E4-8B16-ACD11DB3A827}] => (Block) C:\Windows\system32\svchost.exe

FirewallRules: [{45C9F834-61EF-467A-862C-99959E59DD41}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [{1DAE4DBB-FACD-46CA-BCF4-6B45BCD62D79}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe

FirewallRules: [{20658296-A805-46BE-938E-D34ADEAEB538}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe

FirewallRules: [{0F2FFF6F-E302-44BB-B420-631F090BC61A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe

FirewallRules: [{F71ADD65-7344-4010-B4F1-16491682747B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe

FirewallRules: [{CDC1D229-AF1F-4BF9-9322-721ECC35A6F1}] => (Allow) H:\games\Halo Custom Edition\haloce.exe

FirewallRules: [{C303B325-D160-47C2-B795-1466C67DE357}] => (Allow) E:\steam\steamapps\common\GarrysMod\hl2.exe

FirewallRules: [{EF9934A4-D3CD-48D0-8A99-0EECBE80E3C7}] => (Allow) E:\steam\steamapps\common\GarrysMod\hl2.exe

FirewallRules: [{91E045B5-4E39-459F-9777-286FED76100A}] => (Block) LPort=9849

FirewallRules: [{F36475AC-9ED2-45D0-B698-7D7757BC28EB}] => (Block) LPort=9849

FirewallRules: [{BF65F391-FEE9-4BF2-9FDE-1132482397D0}] => (Allow) E:\steam\steamapps\common\Janky Tanks\janky-tanks.exe

FirewallRules: [{50EF2FAD-9F6C-4279-A538-73E52794FD8E}] => (Allow) E:\steam\steamapps\common\Janky Tanks\janky-tanks.exe

FirewallRules: [TCP Query User{5A1A3447-88D9-4753-824B-B70D00AF4B61}C:\open libreofficeportable\app\libreoffice\program\soffice.bin] => (Allow) C:\open libreofficeportable\app\libreoffice\program\soffice.bin

FirewallRules: [UDP Query User{61AE25D5-E15C-4E7C-8033-766E6EF5ACA6}C:\open libreofficeportable\app\libreoffice\program\soffice.bin] => (Allow) C:\open libreofficeportable\app\libreoffice\program\soffice.bin

FirewallRules: [{7A827B7F-CBF9-41B0-A63D-CBE92EAC28F4}] => (Block) C:\open libreofficeportable\app\libreoffice\program\soffice.bin

FirewallRules: [{4FCA9693-B846-4472-A3EC-5F2185E5AC24}] => (Block) C:\open libreofficeportable\app\libreoffice\program\soffice.bin

FirewallRules: [{B2902C81-65F7-4CF8-A7F6-3D5815C706A2}] => (Allow) E:\steam\steamapps\common\Half-Life\hl.exe

FirewallRules: [{A868FB60-9EBE-4F3B-835A-C6D4D7E6661D}] => (Allow) E:\steam\steamapps\common\Half-Life\hl.exe

FirewallRules: [{B1430441-B303-448C-8FB9-6E8839DEF140}] => (Allow) E:\steam\steamapps\common\CSNZ\Bin\cstrike-online.exe

FirewallRules: [{DC225D54-96C7-4821-B34F-1A2F9422BB4E}] => (Allow) E:\steam\steamapps\common\CSNZ\Bin\cstrike-online.exe

FirewallRules: [{C751A35C-ACA5-4483-A31C-789FA3BE4AA4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{7D84C428-00CD-4617-BBC6-7E57847AA034}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{6068414F-A0EB-4BB3-8426-30DEE85CF056}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{83241BDA-9D2D-472D-9D4E-D19891691F8D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{0088458E-BB13-41E1-80AB-A2277378303F}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe

FirewallRules: [{8C939A13-35F6-48D7-8CE2-5B8B23757BAF}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe

FirewallRules: [{84DD203C-F120-462A-A989-8F65EF2257B0}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe

FirewallRules: [{AB2E1BDE-3C2A-4A37-81A1-1C1F03C2E48F}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe

FirewallRules: [{6C21697B-18FD-4F36-9662-15E7CC0AF978}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe

FirewallRules: [{8DDF837D-6DA5-40B8-968F-90DC5A5F5C9A}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe

FirewallRules: [{DE6ABBE4-147A-44BE-9261-68C53167D7BB}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe

FirewallRules: [{48FE9BFE-0C1C-466D-B11D-540D5CF1BBA4}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe

FirewallRules: [TCP Query User{2373A3D7-A36B-4C9B-A4D3-C75B05530EF8}H:\x86 send anywhere\sendanywhere.exe] => (Allow) H:\x86 send anywhere\sendanywhere.exe

FirewallRules: [UDP Query User{F6137AAB-5E1C-45FE-9109-0A0A5A146BD4}H:\x86 send anywhere\sendanywhere.exe] => (Allow) H:\x86 send anywhere\sendanywhere.exe

FirewallRules: [{3B471DB3-4959-42EE-A397-A52F87BCB498}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe

FirewallRules: [{98E07726-E179-42C9-A5EF-6B7CB48D88A7}] => (Allow) E:\steam\steamapps\common\Source SDK Base 2013 Singleplayer\hl2.exe

FirewallRules: [{F7D4FDFC-5B4F-4B65-8035-DA33852D56EF}] => (Allow) E:\steam\steamapps\common\Source SDK Base 2013 Singleplayer\hl2.exe

FirewallRules: [{99C0BD69-1C15-4AEB-8B7A-CF68FBE1B2F6}] => (Allow) H:\games\Halo Custom Edition\haloupdate.exe

FirewallRules: [TCP Query User{BE402F28-333F-49F7-B104-4D1A36330339}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe

FirewallRules: [UDP Query User{E24ACCB0-A7B9-4D67-9CCD-D4873D4E74EF}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe

FirewallRules: [{BA9F76CE-5081-4905-98BE-65B24DF3227E}] => (Allow) E:\steam\steamapps\common\Modular Combat\2007\hl2.exe

FirewallRules: [{C8E66916-EE3E-44CE-83C2-9026FAE6CF89}] => (Allow) E:\steam\steamapps\common\Modular Combat\2007\hl2.exe

FirewallRules: [TCP Query User{F6EFA5E7-073E-4261-9DB0-B41F89C52F96}H:\games\world of padman 1.5\wop.exe] => (Allow) H:\games\world of padman 1.5\wop.exe

FirewallRules: [UDP Query User{8D816A1E-65D3-4CD4-8520-7D99D0C8029A}H:\games\world of padman 1.5\wop.exe] => (Allow) H:\games\world of padman 1.5\wop.exe

FirewallRules: [{B7A50F67-BC26-44F8-A5E3-C83F723696EB}] => (Allow) H:\games\StarCraft BroodWar [Espera]\StarCraft plus BroodWar Portable - [Espera]\StarCraft.exe

FirewallRules: [{D34B452C-48D1-45BB-A683-7DF65D36E47F}] => (Allow) H:\games\Star Wars-The Old Republic\launcher.exe

FirewallRules: [{B5EE6DB5-1917-40FF-98DF-F17AFA1381E5}] => (Allow) H:\games\Star Wars-The Old Republic\launcher.exe

FirewallRules: [{05D72529-FF47-445D-9A1D-7802938AA94B}] => (Allow) H:\games\Star Wars-The Old Republic\launcher.exe

FirewallRules: [{59BBE53D-35F7-4721-B60B-9682BEA9AF47}] => (Allow) H:\games\Star Wars-The Old Republic\launcher.exe

FirewallRules: [{473D324D-25FC-4E37-B6A9-3F68694BE79E}] => (Allow) H:\Program Files (x86)\Origin Games\Zuma's Revenge\ZumasRevenge.exe

FirewallRules: [{733A4E9F-E497-41E8-830C-799B06B39CBF}] => (Allow) H:\Program Files (x86)\Origin Games\Zuma's Revenge\ZumasRevenge.exe

FirewallRules: [{DBB2110E-1BAE-4839-ADDA-B997839DFDC4}] => (Allow) E:\steam\steamapps\common\HauntedMemories\HM.exe

FirewallRules: [{31E537FC-3B90-4B9C-B9F1-BE2A5DC1F915}] => (Allow) E:\steam\steamapps\common\HauntedMemories\HM.exe

FirewallRules: [{66C638A2-1AFA-465B-84E4-D37952EF12AF}] => (Allow) E:\steam\steamapps\common\Gray Matter\Game.exe

FirewallRules: [{D488DEB6-517D-409C-A85F-6CF04A908A8B}] => (Allow) E:\steam\steamapps\common\Gray Matter\Game.exe

FirewallRules: [{969829F3-343D-49CC-B870-8F78A6DD3BD2}] => (Allow) E:\steam\steamapps\common\Gray Matter\config.exe

FirewallRules: [{21D24086-F80E-4D9F-BA16-BC7D49866D77}] => (Allow) E:\steam\steamapps\common\Gray Matter\config.exe

FirewallRules: [{BFC9FAA7-1FDC-408C-865C-566C279A009F}] => (Allow) H:\games\Dragon Ball Xenoverse\DBXV.exe

FirewallRules: [{FE4E80BB-9915-45F4-BA68-460D3CB3B193}] => (Allow) H:\games\Dragon Ball Xenoverse\DBXV.exe

FirewallRules: [{CEF36BBE-8199-417A-859C-43A54E9CF7D8}] => (Allow) E:\steam\steamapps\common\Unturned\Unturned.exe

FirewallRules: [{01287A0E-42BE-4C1C-A91E-3F3A951441D6}] => (Allow) E:\steam\steamapps\common\Unturned\Unturned.exe

FirewallRules: [{876B3363-4581-4144-BEF5-1A1E012A26DE}] => (Allow) E:\steam\steamapps\common\Portal 2\portal2.exe

FirewallRules: [{1183C8A7-C0E5-4E84-B315-A95A87155806}] => (Allow) E:\steam\steamapps\common\Portal 2\portal2.exe

FirewallRules: [{5C6F9F7C-0A3B-416D-91A4-49F223C0B1D3}] => (Allow) H:\games\Halo 2\halo2.exe

FirewallRules: [{914F5699-259F-4260-B117-21757785A231}] => (Allow) H:\games\Halo 2\halo2.exe

FirewallRules: [{A1552366-5E9E-409F-AD3B-D165BDF618C1}] => (Allow) E:\steam\steamapps\common\Aura Kingdom\Launcher.exe

FirewallRules: [{2E85FC2B-243C-488E-83FC-C599AB4233F7}] => (Allow) E:\steam\steamapps\common\Aura Kingdom\Launcher.exe

FirewallRules: [{162BD408-D44D-473F-BD84-5665D7B7C246}] => (Allow) E:\steam\steamapps\common\Sven Co-op\svencoop.exe

FirewallRules: [{2B0CE3B1-F71A-4A0B-B3DB-2BD0A8975B29}] => (Allow) E:\steam\steamapps\common\Sven Co-op\svencoop.exe

FirewallRules: [{0F571210-2BC9-4969-8E13-D5822C77BBF8}] => (Allow) E:\steam\steamapps\common\Sega Classics\SEGAGenesisClassics.exe

FirewallRules: [{6AC18208-6896-492D-9B98-6136E347ACBA}] => (Allow) E:\steam\steamapps\common\Sega Classics\SEGAGenesisClassics.exe

FirewallRules: [{D1CF350D-CF87-404D-81CA-E496B43E657B}] => (Allow) E:\steam\steamapps\common\Jet Set Radio\jsrsetup.exe

FirewallRules: [{37A2ED9F-A8F2-4681-B802-6AF4AC6C11B5}] => (Allow) E:\steam\steamapps\common\Jet Set Radio\jsrsetup.exe

FirewallRules: [{42570C2D-E16A-47F9-B2EA-599CCBF5FF86}] => (Allow) E:\steam\steamapps\common\Hell Yeah\HELLYEAH.exe

FirewallRules: [{093FD949-878E-4A13-A424-E1FB4E182715}] => (Allow) E:\steam\steamapps\common\Hell Yeah\HELLYEAH.exe

FirewallRules: [{65A2AAE6-AC8A-4C2B-8C72-CBC8B4F0A23A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{AAEBACB9-B7E1-4FA3-A1BA-05EDD1A6C744}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{082CA3D5-74D5-457D-9514-7BD2B128A414}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

FirewallRules: [{C0BCDD53-62D7-4AB3-BC8B-14406BF544DE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

FirewallRules: [{E15CBFA2-2D55-4AC6-8A21-3933ED1F7F77}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe

FirewallRules: [{A501EB7A-11D1-4BC2-9E85-381405EBB3CE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{0D796D68-8394-4C67-BE00-5D557434251B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{7FB00843-2CDA-4BDF-A9B3-1987483D5E77}] => (Allow) H:\Program Files (x86)\Origin Games\Need for Speed™ Most Wanted\NFS13.exe

FirewallRules: [{A4C072F0-7851-4435-BDF0-5E90C67038F9}] => (Allow) H:\Program Files (x86)\Origin Games\Need for Speed™ Most Wanted\NFS13.exe

FirewallRules: [{308918B1-7B27-4E79-9F4E-9A513FFB3365}] => (Allow) E:\steam\steamapps\common\Portal Stories Mel\portal2.exe

FirewallRules: [{69C262C7-B67D-4425-B81E-D0659BCFC5DC}] => (Allow) E:\steam\steamapps\common\Portal Stories Mel\portal2.exe

FirewallRules: [{99C2BC1F-7EC3-4BE3-B490-BF08A39CF7A5}] => (Allow) E:\steam\steamapps\common\From Earth\hl2.exe

FirewallRules: [{33FB4443-0010-4E06-9A64-11054D89545B}] => (Allow) E:\steam\steamapps\common\From Earth\hl2.exe

FirewallRules: [{24DC450C-C1E5-4FEC-BB0E-443052371418}] => (Allow) E:\steam\steamapps\common\Iron Snout\IronSnout.exe

FirewallRules: [{74A773FC-A726-45ED-8F65-A4E09E1D6598}] => (Allow) E:\steam\steamapps\common\Iron Snout\IronSnout.exe

FirewallRules: [{CE87BA2A-03E6-4837-BAFB-B0EF68EBBB8D}] => (Allow) E:\steam\steamapps\common\SirYouAreBeingHunted\launcher\sir.exe

FirewallRules: [{A2414A89-20E0-4D05-873D-F67A7F21D81D}] => (Allow) E:\steam\steamapps\common\SirYouAreBeingHunted\launcher\sir.exe

FirewallRules: [{5EC39E18-0B60-49FF-ADAE-9E91C790A4E4}] => (Allow) E:\steam\steamapps\common\Halo Spartan Assault\HaloSpartanAssault.exe

FirewallRules: [{2F93E78D-B1E8-496F-877F-477A0B4F6F30}] => (Allow) E:\steam\steamapps\common\Halo Spartan Assault\HaloSpartanAssault.exe

FirewallRules: [{31846CC1-AB8A-4C2F-BA2A-318F17705911}] => (Allow) E:\steam\steamapps\common\Super Meat Boy\SuperMeatBoy.exe

FirewallRules: [{159139FE-5A63-488D-A3C5-E95B9087A0E5}] => (Allow) E:\steam\steamapps\common\Super Meat Boy\SuperMeatBoy.exe

FirewallRules: [{7D56061E-0936-4A07-A4A3-D0DEA2997A14}] => (Allow) E:\steam\steamapps\common\War Thunder\launcher.exe

FirewallRules: [{374D6C88-490D-496E-AF08-6B67A4F43E2D}] => (Allow) E:\steam\steamapps\common\War Thunder\launcher.exe

FirewallRules: [{9B4BE699-494E-4803-B7A8-2CF68140D654}] => (Allow) E:\steam\steamapps\common\Crown and Council\crown_and_council.exe

FirewallRules: [{ECBE90C2-D21B-4699-836B-6B15D59733A4}] => (Allow) E:\steam\steamapps\common\Crown and Council\crown_and_council.exe

FirewallRules: [{D1BB2C59-F1CA-438C-891A-FC760EBF2249}] => (Allow) E:\steam\steamapps\common\Sega Classics\SEGAGameRoom.exe

FirewallRules: [{685BDB60-8BA8-45A0-A759-87645C5C0D3E}] => (Allow) E:\steam\steamapps\common\Sega Classics\SEGAGameRoom.exe

FirewallRules: [{B546B99D-4BFE-4190-AA08-9054D9801135}] => (Block) C:\Windows\System32\lsass.exe

FirewallRules: [{8AF114A1-490E-4654-90CD-5DBB213362B9}] => (Block) C:\Windows\System32\lsass.exe

FirewallRules: [TCP Query User{FC4B5E70-07E0-4335-8A9B-0D123D1EA812}H:\minecraft offical\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) H:\minecraft offical\runtime\jre-x64\1.8.0_25\bin\javaw.exe

FirewallRules: [UDP Query User{BEAA0AAA-1F1E-4829-A895-CB022C61D61B}H:\minecraft offical\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) H:\minecraft offical\runtime\jre-x64\1.8.0_25\bin\javaw.exe

FirewallRules: [{666F64B6-41CC-45DE-ADCB-53D2C2D50004}] => (Allow) E:\steam\steamapps\common\CSNZ\Bin\cstrike-online.exe

FirewallRules: [{70BA1646-9102-42E0-99C5-89CD8C5337FD}] => (Allow) E:\steam\steamapps\common\CSNZ\Bin\cstrike-online.exe

FirewallRules: [{639A79BE-438F-4288-A94E-0AF4D631B748}] => (Allow) E:\steam\steamapps\common\GearUp\bin\Traktor.Amalgam.App.exe

FirewallRules: [{BC5E4736-F874-40BE-856A-7A84F04F0030}] => (Allow) E:\steam\steamapps\common\GearUp\bin\Traktor.Amalgam.App.exe

FirewallRules: [{D0C8700B-4B4B-428F-A108-413767B50C62}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{125E5EB2-7B64-466D-A8E7-E51C0F251E1B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{89CDBFAA-7E4C-4A4B-83F4-05FEBF21E9EB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{50FC4E67-AFA2-4395-999A-6006F47896F6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{2D90CB6F-3048-4259-BA6C-49FB737894B0}] => (Block) LPort=49170

FirewallRules: [{E42AA0F8-59B8-48FD-B874-48A9A73CAE3F}] => (Block) LPort=49170

FirewallRules: [{BC2921AE-03C7-453F-BE48-70A44AE7DAD3}] => (Allow) H:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa.exe

FirewallRules: [{792E4213-6296-4A04-BD5A-EB38720D2805}] => (Allow) H:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa.exe

FirewallRules: [{8275F890-8A80-474E-8D1E-1CB2EB29797F}] => (Allow) H:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa_setup.exe

FirewallRules: [{E2926279-1E6B-4406-BCC7-2633B0C0F0CA}] => (Allow) H:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa_setup.exe

FirewallRules: [{280E7776-E400-42B4-BEA2-D0E5F0E30471}] => (Allow) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe

FirewallRules: [TCP Query User{92D53976-7AFD-4C2A-AAE0-09DBC16C298E}H:\fallout 4\fallout 4\fallout4.exe] => (Allow) H:\fallout 4\fallout 4\fallout4.exe

FirewallRules: [UDP Query User{DB1EA331-C7ED-4F65-88E8-D6A80897B892}H:\fallout 4\fallout 4\fallout4.exe] => (Block) H:\fallout 4\fallout 4\fallout4.exe

FirewallRules: [{C2245206-7E66-4A89-B0ED-083D2BFA2416}] => (Block) C:\Windows\System32\lsass.exe

FirewallRules: [TCP Query User{AB8B6028-5F9B-441A-ACDA-2C5002F5F60A}E:\steam\steamapps\common\wormsgolf2010\wormscrazygolf.exe] => (Block) E:\steam\steamapps\common\wormsgolf2010\wormscrazygolf.exe

FirewallRules: [UDP Query User{FFE63E3A-ED24-4B83-8B47-44D4D2F0C17E}E:\steam\steamapps\common\wormsgolf2010\wormscrazygolf.exe] => (Block) E:\steam\steamapps\common\wormsgolf2010\wormscrazygolf.exe

FirewallRules: [{8BFF151C-1589-4981-8821-6F71E958AAF1}] => (Allow) LPort=18018

FirewallRules: [{CDC0B7EA-3DB1-46A2-BB8E-29E7588E34E7}] => (Allow) LPort=18018

FirewallRules: [{FD2DE8B5-D105-410C-9A51-262B2F598BDF}] => (Allow) C:\LuxRender\luxconsole.exe

FirewallRules: [{71DE4615-BD09-4294-A511-DE0A926A625B}] => (Allow) C:\LuxRender\luxconsole.exe

==================== Restore Points =========================

07-06-2016 19:25:54 Windows Update

08-06-2016 03:58:43 Removed TheSims3EP5

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (06/08/2016 02:01:39 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: NexusClient.exe, version: 0.61.23.0, time stamp: 0x57335ff7

Faulting module name: KERNELBASE.dll, version: 6.1.7601.23392, time stamp: 0x56eb3604

Exception code: 0xe0434352

Fault offset: 0x000000000001a06d

Faulting process id: 0x11b8

Faulting application start time: 0xNexusClient.exe0

Faulting application path: NexusClient.exe1

Faulting module path: NexusClient.exe2

Report Id: NexusClient.exe3

Error: (06/08/2016 02:01:39 PM) (Source: .NET Runtime) (EventID: 1026) (User: )

Description: Application: NexusClient.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.IO.IOException

at Nexus.Client.Util.Downloader.FileWriter.WaitForData()

at Nexus.Client.Util.Threading.TrackedThread.RunThread()

at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)

at System.Threading.ThreadHelper.ThreadStart()

Error: (06/08/2016 01:58:15 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: NexusClient.exe, version: 0.61.23.0, time stamp: 0x57335ff7

Faulting module name: KERNELBASE.dll, version: 6.1.7601.23392, time stamp: 0x56eb3604

Exception code: 0xe0434352

Fault offset: 0x000000000001a06d

Faulting process id: 0x21b4

Faulting application start time: 0xNexusClient.exe0

Faulting application path: NexusClient.exe1

Faulting module path: NexusClient.exe2

Report Id: NexusClient.exe3

Error: (06/08/2016 01:58:14 PM) (Source: .NET Runtime) (EventID: 1026) (User: )

Description: Application: NexusClient.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.IO.IOException

at Nexus.Client.Util.Downloader.FileWriter.WaitForData()

at Nexus.Client.Util.Threading.TrackedThread.RunThread()

at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)

at System.Threading.ThreadHelper.ThreadStart()

Error: (06/08/2016 12:59:58 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: DAZStudio.exe, version: 3.1.2.32, time stamp: 0x4d64533f

Faulting module name: QtGui4.dll, version: 4.5.2.0, time stamp: 0x4ac62e36

Exception code: 0xc00000fd

Fault offset: 0x00057531

Faulting process id: 0x510

Faulting application start time: 0xDAZStudio.exe0

Faulting application path: DAZStudio.exe1

Faulting module path: DAZStudio.exe2

Report Id: DAZStudio.exe3

Error: (06/08/2016 01:36:05 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: DAZStudio.exe, version: 3.1.2.32, time stamp: 0x4d64533f

Faulting module name: QtGui4.dll, version: 4.5.2.0, time stamp: 0x4ac62e36

Exception code: 0xc00000fd

Fault offset: 0x00057531

Faulting process id: 0xa30

Faulting application start time: 0xDAZStudio.exe0

Faulting application path: DAZStudio.exe1

Faulting module path: DAZStudio.exe2

Report Id: DAZStudio.exe3

Error: (06/08/2016 12:15:17 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: DAZStudio.exe, version: 3.1.2.32, time stamp: 0x4d64533f

Faulting module name: QtGui4.dll, version: 4.5.2.0, time stamp: 0x4ac62e36

Exception code: 0xc00000fd

Fault offset: 0x00057531

Faulting process id: 0xf4c

Faulting application start time: 0xDAZStudio.exe0

Faulting application path: DAZStudio.exe1

Faulting module path: DAZStudio.exe2

Report Id: DAZStudio.exe3

Error: (06/07/2016 11:38:34 PM) (Source: PostgreSQL) (EventID: 0) (User: )

Description: pg_ctl: could not start server

Examine the log output.

Error: (06/07/2016 06:43:42 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/07/2016 12:03:07 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program DAZStudio.exe version 3.1.2.32 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2528

Start Time: 01d1c089e4ee6d76

Termination Time: 31

Application Path: E:\daz 3n4\3.1.2\DAZStudio.exe

Report Id: e14bb4ca-2c7d-11e6-b687-902b346ca4e7

System errors:

=============

Error: (06/09/2016 09:48:59 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Error: (06/09/2016 09:48:29 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Error: (06/08/2016 08:54:09 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Error: (06/08/2016 08:53:39 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Error: (06/08/2016 12:57:35 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Error: (06/08/2016 12:57:05 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Error: (06/08/2016 03:55:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Net.Tcp Port Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (06/08/2016 03:55:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Net.Tcp Listener Adapter service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (06/08/2016 03:55:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Net.Pipe Listener Adapter service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (06/08/2016 03:55:47 AM) (Source: WAS) (EventID: 5175) (User: )

Description: The listener adapter serving the 'net.tcp' protocol disconnected unexpectedly.

CodeIntegrity:

===================================

Date: 2015-06-04 20:11:15.303

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\RimSerial_AMD64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-06-04 20:11:15.287

Date: 2015-06-04 20:11:15.256

Date: 2015-06-04 20:11:15.240

Date: 2015-05-30 11:37:16.381

Date: 2015-05-30 11:37:16.365

Date: 2015-05-30 11:37:16.350

Date: 2015-05-30 11:37:16.318

Date: 2015-05-29 08:27:25.428

Date: 2015-05-29 08:27:25.396

==================== Memory info ===========================

Processor: Intel® Core™ i3-2120 CPU @ 3.30GHz

Percentage of memory in use: 67%

Total physical RAM: 8137.72 MB

Available physical RAM: 2679.27 MB

Total Virtual: 17340.91 MB

Available Virtual: 11323.98 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.47 GB) (Free:127.59 GB) NTFS

Drive e: (Games) (Fixed) (Total:465.76 GB) (Free:66.41 GB) NTFS

Drive h: (Anime) (Fixed) (Total:931.48 GB) (Free:93.89 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C6EE5AE9)

Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 7CA7D937)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=223.5 GB) - (Type=07 NTFS)

========================================================

Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 41ABBE9F)

Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Edited by aWeeMoose, 09 June 2016 - 01:36 PM.

#4 Conspire

SuperHelper

Retired Classroom Teacher
5,806 posts

Posted 10 June 2016 - 04:31 AM

Please bear with me. It's a really long log. I'll be back with instructions.

Thanks.

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may

#5 Conspire

SuperHelper

Retired Classroom Teacher
5,806 posts

Posted 10 June 2016 - 08:14 AM

Hi again,

There are a few things I need to warn you.

Never try to edit your registry without proper backup. Be mindful when you are editing registry because it may cause more harm than good.

I see that you have several torrent files in the system, we are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It likely contributed to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
Please see this topic for more information:
Perils of P2P File Sharing.

I would recommend that you uninstall it, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

===================================================

Running from H:\Emergency Malware Removal

You should be running this from desktop and not from elsewhere. Please move it.

===================================================

Do you know what file this is?

2016-05-21 00:03 - 2016-05-21 01:24 - 247311764 _____ C:\Users\Basterd\Downloads\dlfjalfjlatrukindnub.7z

===================================================

Download attached fixlist.txt file and save it to the Desktop.

fixlist.txt 4.09KB 412 downloads

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

===================================================

On your next reply please post :
Fresh FRST log
Fix FRST log

Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may

#6 aWeeMoose

New Member

Authentic Member
5 posts

Posted 13 June 2016 - 01:08 PM

Fresh FRST log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2016

Ran by Basterd (administrator) on SILENTCARTOGRAP (13-06-2016 11:51:25)

Running from C:\Users\Basterd\Desktop