• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.   EDIT: I have asked our hosting service to do the restore at 9 PM Central time and it looks like it will go forward at that time.  Please prepare whatever you need to prepare so that we can restore your topics when the forum is stable again.

JGroomes

Full Member
  • Content count

    14
  • Joined

  • Last visited

About JGroomes

  • Rank
    Member
  • Birthday
  1. Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-09-2015 Ran by Chaotic Lawliet (2015-09-08 15:34:15) Running from C:\Users\Chaotic Lawliet\Desktop\Spyware Forum Windows 7 Home Premium Service Pack 1 (X64) (2011-01-29 06:53:52) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2505415791-2747731311-3398940262-500 - Administrator - Disabled) Chaotic Lawliet (S-1-5-21-2505415791-2747731311-3398940262-1000 - Administrator - Enabled) => C:\Users\Chaotic Lawliet Guest (S-1-5-21-2505415791-2747731311-3398940262-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2505415791-2747731311-3398940262-1002 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 18 Wheels of Steel - American Long Haul (x32 Version: 2.2.0.95 - WildTangent) Hidden Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.60 - NewTech Infosystems) Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.3.5 - liteon) Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3004 - Acer Incorporated) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3011 - Acer Incorporated) Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.1.3 - WildTangent) Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated) Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0423.2010 - Acer Incorporated) Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated) Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated) Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated) Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated) Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.) Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden Akamai NetSession Interface (HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\Akamai) (Version: - Akamai Technologies, Inc) Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}) (Version: 1.5.17.05094 - Alcor Micro Corp.) Alcor Micro USB Card Reader (x32 Version: 1.5.17.05094 - Alcor Micro Corp.) Hidden APB Reloaded (HKLM-x32\...\Steam App 113400) (Version: - ) Audacity 1.3.13 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team) AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6086 - AVG Technologies) AVG 2015 (Version: 15.0.4409 - AVG Technologies) Hidden AVG 2015 (Version: 15.0.6086 - AVG Technologies) Hidden Backup Manager Basic (x32 Version: 2.0.0.60 - NewTech Infosystems) Hidden Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 12.52.03 - Broadcom Corporation) Bruteforce Save Data (HKLM-x32\...\Bruteforce Save Data) (Version: - ) Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden BYOND (HKLM-x32\...\BYOND) (Version: 498.1163 - BYOND) Card Hunter (HKLM-x32\...\Steam App 293260) (Version: - Blue Manchu) Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2829.50 - CyberLink Corp.) Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden Dropbox (HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.) Easy Auto Clicker (HKLM-x32\...\Easy Auto Clicker_is1) (Version: V2.0 - easyautoclicker.com) eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM) Elsword version 1.11 (HKLM-x32\...\{E655DDFC-24DB-4FC3-8474-271E911309B4}_is1) (Version: 1.11 - Kill3rCombo) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.) eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden Free Download Manager 3.9.2 (HKLM-x32\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden Grand Chase version 1.0.0.1 (HKLM-x32\...\{FF222EB6-6FE1-486E-A9E8-93B5D5D72A8C}_is1) (Version: 1.0.0.1 - SG Interactive) Grand Fantasia (HKLM-x32\...\Grand Fantasia) (Version: - ) Happy Cloud Client (HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\HappyCloud) (Version: 4.54 - Happy Cloud, Inc.) Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated) IGG Web3D Player version 1.0.0.38 (HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\IGG Web3D Player_is1) (Version: 1.0.0.38 - IGG, Inc.) IMVU Avatar Chat Software (HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\IMVU Avatar chat client software BETA) (Version: - ) Infinity Wars (HKLM-x32\...\Infinity Wars) (Version: - ) Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation) Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation) Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden Katawa Shoujo (HKLM-x32\...\Katawa Shoujo) (Version: - ) LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version: - ) Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.12 - Acer Inc.) League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games) League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden Lightshot-5.2.1.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.2.1.1 - Skillbrains) Livestream for Producers (HKLM-x32\...\{524A9978-8E2A-487F-A50B-E71D72F2EDDE}) (Version: 0.0.42 - Livestream) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.383 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.383 - LogMeIn, Inc.) Hidden Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) MapleStory (HKLM-x32\...\MapleStory) (Version: - ) Media Player Classic - Home Cinema v1.5.2.3456 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.5.2.3456 - MPC-HC Team) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla) MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.) MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version: - ) Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 1.1.1 - Nexon) Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation) NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.628 - NewTech Infosystems) NTI Backup Now Standard (x32 Version: 5.1.2.628 - NewTech Infosystems) Hidden NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6630 - NewTech Infosystems) NTI Media Maker 8 (x32 Version: 8.0.12.6630 - NewTech Infosystems) Hidden NVIDIA PhysX (HKLM-x32\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation) OGPlanet Game Launcher (HKLM-x32\...\OGPlanet Game Launcher US) (Version: 1.0.0 - OGPlanet, Inc.) OGPlanet Game Launcher (HKLM-x32\...\OGPlanet Game Launcher) (Version: 1.0.0 - OGPlanet, Inc.) PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden Raptr (HKLM-x32\...\Raptr) (Version: - ) RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.6 - RealNetworks) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6000 - Realtek Semiconductor Corp.) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden Rumble Fighter (HKLM-x32\...\RumbleFighter) (Version: - ) Sakura Clicker (HKLM-x32\...\Steam App 383080) (Version: - Winged Cloud) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.550.0 - SAMSUNG Electronics Co., Ltd.) Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.) Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) SWF & FLV Player 3.0 (build 3.0.33.5106) (HKLM-x32\...\SWF & FLV Player_is1) (Version: 3.0.33.5106 - Eltima Software) SWF Opener (HKLM-x32\...\{01386D1F-ADE7-43B4-A4E9-312FC5BC726F}_is1) (Version: 1.3 - UnH Solutions) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.6.0 - Synaptics Incorporated) TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24732 - TeamViewer) TERA (HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\teraenmasse) (Version: - ) Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company) Times Reader (x32 Version: 2.055 - The New York Times Company) Hidden Unity Web Player (HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden USB Optical Mouse (HKLM-x32\...\{EEAE45EB-C1E3-4CCD-930D-D7B40F810063}) (Version: 1.00.0000 - ) Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC) (HKLM-x32\...\{CDCAED05-7803-4713-9BA0-072BD1194B83}) (Version: 1.11.0402 - SAMSUNG) Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player 1.1.7 (HKLM-x32\...\VLC media player) (Version: 1.1.7 - VideoLAN) Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3002 - Acer Incorporated) WildTangent Games App (Acer Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.6.14 - WildTangent) Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation) Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation) Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - ) Xpadder version 5.7 (HKLM-x32\...\{0DCE54A9-7256-4132-9D4E-1A64AE35E9B1}_is1) (Version: 5.7 - Xpadder, Inc.) Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.) Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - ) Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Chaotic Lawliet\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 24-08-2015 13:02:22 Removed AVG PC TuneUp 2015 (en-US) 24-08-2015 13:21:36 JRT Pre-Junkware Removal 24-08-2015 13:47:12 Removed Java 8 Update 51 24-08-2015 13:54:14 Removed Java 8 Update 51 (64-bit) 24-08-2015 14:17:00 Installed Sophos Virus Removal Tool. 26-08-2015 16:41:35 Windows Update 30-08-2015 12:02:23 Windows Update 02-09-2015 12:26:09 Windows Update 05-09-2015 16:52:37 Windows Update ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {20EF8B7E-05C3-4DFD-98E4-8174449F579E} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe Task: {2692640E-A97B-4C6B-8B4D-606E55563A3D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {2F7782AF-B3B6-4D89-A942-466E9996CDCD} - System32\Tasks\{6EE2B446-6C62-410D-90E3-8B35FA4EB63C} => pcalua.exe -a "C:\Users\Chaotic Lawliet\Desktop\SCHTHACK PSOBB\data\data-fix.exe" -d "C:\Users\Chaotic Lawliet\Desktop\SCHTHACK PSOBB\data" Task: {56EA17E7-0C95-4F56-ACB9-A169F7E7E7E8} - System32\Tasks\{B53F021A-4AC3-4754-BFA6-301A9C869B82} => pcalua.exe -a "C:\Users\Chaotic Lawliet\Desktop\startuplite-setup-1.07.exe" -d "C:\Users\Chaotic Lawliet\Desktop" Task: {62B6B644-CCA8-4E59-8281-7D5A1D2C087B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated) Task: {789916C1-99B4-4E8F-BD18-F37AF9DA3A51} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2505415791-2747731311-3398940262-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.) Task: {94AE92E0-D652-4DB8-B585-7D1D0B306CD9} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser Task: {A5510CB8-43E4-42D0-A86D-BF6D8EADF322} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-08-04] (Oracle Corporation) Task: {A90F4D43-BDDB-4288-A179-198EE601D6B7} - System32\Tasks\{CC85C907-A2C0-499C-B57E-D6899D02BB6B} => pcalua.exe -a C:\Windows\SysWOW64\_online.exe Task: {AF9AE99C-EA69-4BB8-8725-74214972AD3F} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2505415791-2747731311-3398940262-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.) Task: {B92FD3BB-E38F-4FD1-8A12-4821A56769CE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2011-02-16 23:07 - 2010-03-15 15:28 - 00052224 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll 2013-05-06 19:10 - 2010-03-30 13:37 - 00245248 _____ () C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\MouseHid.exe 2010-03-08 20:18 - 2010-03-08 20:18 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll 2010-03-08 20:13 - 2010-03-08 20:13 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll 2010-09-11 18:40 - 2009-05-20 18:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\aeriagames.com -> hxxps://aeriagames.com IE trusted site: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\aeriagames.com -> hxxp://aeriagames.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Chaotic Lawliet\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: BackgroundContainerV2 => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Chaotic Lawliet\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{55FCE6FB-8477-4D17-88A4-243220923188}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe FirewallRules: [{8E9364A9-4569-4D8E-AA27-D41B5302CE17}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe FirewallRules: [{10AE076D-12C3-4FF7-ABCA-03E704C73A71}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe FirewallRules: [{7D24D6B2-0ACD-49EF-8A3E-3B3BCCF37300}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe FirewallRules: [{9BC864CD-20A3-4852-A035-B3A6FD6AFC65}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE FirewallRules: [{50A266F2-A3C1-4C6C-BE59-EA589C0A8745}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{5B1DA6E7-EBAC-4868-95F8-86E548002DCE}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{D321272E-7ABA-4569-BC92-F6B8D73C943E}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe FirewallRules: [{13F89185-FEA3-4DA5-81C5-49DB3E5B0FFC}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe FirewallRules: [{1B9494AC-4B95-495A-A13F-8B7A37E41067}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe FirewallRules: [{10B0810A-7425-49FB-8412-3C5CBA72CB24}] => (Allow) C:\Program Files (x86)\Kill3rCombo\Elsword\data\x2.exe FirewallRules: [{B45C9BB9-1E83-4DE7-B916-3B1EC7593FB6}] => (Allow) C:\Program Files (x86)\Kill3rCombo\Elsword\data\x2.exe FirewallRules: [TCP Query User{8AF26A33-207F-41EB-AE32-705613D3DAFC}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe FirewallRules: [uDP Query User{36DE94A6-99AD-434B-8BC6-3B84DC06B87C}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe FirewallRules: [TCP Query User{73776358-88A5-41AE-8009-38DA2788A115}C:\users\chaotic lawliet\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\chaotic lawliet\appdata\local\akamai\netsession_win.exe FirewallRules: [uDP Query User{5E83AF13-DFE5-4F5C-8E43-5D82A2C271E7}C:\users\chaotic lawliet\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\chaotic lawliet\appdata\local\akamai\netsession_win.exe FirewallRules: [TCP Query User{CE49BB6E-96E0-4F62-B52E-E747F4749753}C:\users\chaotic lawliet\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\chaotic lawliet\appdata\local\akamai\netsession_win.exe FirewallRules: [uDP Query User{0D25D765-88D7-4553-8289-03F030DFF3EC}C:\users\chaotic lawliet\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\chaotic lawliet\appdata\local\akamai\netsession_win.exe FirewallRules: [{FDF61097-B724-4E93-B63E-8A32CDE8814E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{7FBF2CEE-F072-4B3B-8ED2-2E029174C786}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [TCP Query User{64E17647-807A-4702-8300-95058EA8E453}C:\program files (x86)\ogplanet\rumblefighter\gemdumploader.exe] => (Allow) C:\program files (x86)\ogplanet\rumblefighter\gemdumploader.exe FirewallRules: [uDP Query User{DE39E9F9-677C-4774-8A7B-9B18B9E1F503}C:\program files (x86)\ogplanet\rumblefighter\gemdumploader.exe] => (Allow) C:\program files (x86)\ogplanet\rumblefighter\gemdumploader.exe FirewallRules: [TCP Query User{A878EC8E-0678-4832-9C99-091921EAFDB9}C:\program files (x86)\byond\bin\byond.exe] => (Allow) C:\program files (x86)\byond\bin\byond.exe FirewallRules: [uDP Query User{DB356D93-DBAF-45C3-9A2C-F43BB1907974}C:\program files (x86)\byond\bin\byond.exe] => (Allow) C:\program files (x86)\byond\bin\byond.exe FirewallRules: [{84EDAFC1-2F58-4727-8B69-BE663724BF56}] => (Allow) LPort=443 FirewallRules: [{BEFC1A93-7C4F-4BC4-9F9E-A5D8EAF5B214}] => (Allow) LPort=443 FirewallRules: [{68E4EE2E-3122-49E5-83CB-00913C4FEEFA}] => (Allow) LPort=37674 FirewallRules: [{00054145-DF99-48CD-9AD3-77CAEAE365EA}] => (Allow) LPort=37674 FirewallRules: [{97C53A50-5FF0-4FD2-B7C9-ED7C8931C541}] => (Allow) LPort=37675 FirewallRules: [{11A3CD1A-6B16-4090-8A72-3A5819634CF3}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{D9E8FC75-4A49-469B-B9BB-8D38812D4425}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\apb reloaded\Launcher\APBLauncher.exe FirewallRules: [{A4725AA6-0581-42F1-9E79-7F42834B2C44}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\apb reloaded\Launcher\APBLauncher.exe FirewallRules: [{B90A66D5-1C6E-45A7-B82E-009A149C2B0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\apb reloaded\Binaries\APB.exe FirewallRules: [{6AC94A09-7700-4CBE-B621-F745BCC62E20}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\apb reloaded\Binaries\APB.exe FirewallRules: [{55388482-86D5-4D98-8B1A-5B15F914BA4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\apb reloaded\Binaries\VivoxVoiceService.exe FirewallRules: [{A797FBB7-1D1F-45A4-BD61-7D7AE73CFCB8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\apb reloaded\Binaries\VivoxVoiceService.exe FirewallRules: [{10522428-4248-4CBA-82B5-894EDFE3C2CA}] => (Allow) C:\Program Files (x86)\Kill3rCombo\Elsword\data\x2.exe FirewallRules: [{DC9C618F-5FFC-432B-8DF6-17185CF392C1}] => (Allow) C:\Program Files (x86)\Kill3rCombo\Elsword\data\x2.exe FirewallRules: [{7E8E3A8B-CA18-4B20-9E86-ED7E5DB5A1F3}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe FirewallRules: [{2C521BB3-96A1-4B8A-8DF7-A07EB14EE8D8}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe FirewallRules: [{21C6E670-2AC8-4D9F-A7D4-2A40AE777071}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe FirewallRules: [{E39AB1C7-3E54-4027-8B29-A84161424CBD}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe FirewallRules: [TCP Query User{E48A2E88-13C3-4DB5-9A62-E34D80ECEF0C}C:\users\chaotic lawliet\desktop\crap\utorrent.exe] => (Allow) C:\users\chaotic lawliet\desktop\crap\utorrent.exe FirewallRules: [uDP Query User{D563F37E-5BC7-486F-90AA-1ABE0788A43C}C:\users\chaotic lawliet\desktop\crap\utorrent.exe] => (Allow) C:\users\chaotic lawliet\desktop\crap\utorrent.exe FirewallRules: [{5F7D518C-3CF1-4130-A9D1-060DA48B7B53}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe FirewallRules: [{548F6B95-CE41-4DD7-9C4F-6AF30253C958}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe FirewallRules: [{A1FA0DF4-EC3A-4B51-9A7D-BEB1CA644190}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{EEF495F4-3D5A-48A1-8232-5EEAC38BD7B2}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{A0C0E061-9D32-4FA0-8570-C4360789B9F8}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{8EFE41C3-1F54-4297-92A9-48CA58A2F411}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{D32A7871-570E-4312-ACAE-346D7CA61843}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe FirewallRules: [{968743AA-2F05-4748-AF87-D213CE86210B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe FirewallRules: [{615839B9-0BD3-459A-B502-3FD08465C86C}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe FirewallRules: [{EDAE4316-3DE9-4704-B438-9AD26A377674}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe FirewallRules: [{B3497598-6E3F-41EE-BB68-172F9A14F237}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe FirewallRules: [{1680C3A4-807C-40DA-BC8F-9EE2712287A5}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe FirewallRules: [{558496BB-4B2A-460D-BA9B-5262278A90CC}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe FirewallRules: [{DA1AC079-0954-4CAE-A9E0-85DB749B2D18}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe FirewallRules: [{2E313764-C6B9-434E-B3FB-B616246533DB}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe FirewallRules: [{818174F8-14EC-4346-AF7F-911973A1D31E}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe FirewallRules: [{AB419297-25C5-40DE-A309-1BF748B9C176}] => (Allow) C:\Users\Chaotic Lawliet\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{454A6046-436B-4164-98D3-2864B87D78D5}] => (Allow) C:\Users\Chaotic Lawliet\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{345488BB-7A1E-4F18-B57A-4A4044C29DFE}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe FirewallRules: [{2DC26685-792F-42F8-99D0-9DA65B2F9C19}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe FirewallRules: [{1AA65402-A94A-4AC7-A0EA-6943EDC28C48}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe FirewallRules: [{069A686C-BD3C-40ED-9E99-D904E9F92DD8}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe FirewallRules: [{59EE724B-E087-44B8-B9D9-4BFD4198FA10}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe FirewallRules: [{836CEE22-561C-4098-8680-AEB8191DADF6}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe FirewallRules: [{FD0539A9-20B9-41CC-91D7-473041DEDB87}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe FirewallRules: [{D3BC25F7-D016-4EEC-9715-B33A7CC05D2C}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe FirewallRules: [{6DE5B291-558C-4D52-B538-768AD1F52A07}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{C10250A8-FD4D-4FBF-A8CE-9334D1871B40}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{D0BD65AF-7467-47C1-BB99-78A3A57024EA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{D606B4D6-7DE8-4350-8D02-C8399A21AC07}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{9D50AF93-3CFF-4A3B-B581-B029F79BCE12}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sakura Clicker\Sakura Clicker.exe FirewallRules: [{6591E03B-7E11-40B0-9F58-C028F8096BD6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sakura Clicker\Sakura Clicker.exe FirewallRules: [{CC12986C-7A81-4D27-8C95-7C30760F9F89}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CardHunter\CardHunter.exe FirewallRules: [{D11E464B-6E63-44BA-A6AB-06E52040093B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CardHunter\CardHunter.exe FirewallRules: [{5C4DA899-251B-4C1E-9F04-2041B412FD88}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/08/2015 03:28:22 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (09/08/2015 12:32:42 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure. Error: (09/07/2015 01:34:19 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure. Error: (09/07/2015 01:08:55 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (09/07/2015 12:55:38 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure. Error: (09/06/2015 01:13:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1 Faulting module name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1 Exception code: 0x40000015 Fault offset: 0x00052d24 Faulting process id: 0x146c Faulting application start time: 0xjucheck.exe0 Faulting application path: jucheck.exe1 Faulting module path: jucheck.exe2 Report Id: jucheck.exe3 Error: (09/06/2015 01:07:17 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure. Error: (09/05/2015 11:52:58 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure. Error: (09/05/2015 11:33:16 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1 Faulting module name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1 Exception code: 0x40000015 Fault offset: 0x00052d24 Faulting process id: 0x16d4 Faulting application start time: 0xjucheck.exe0 Faulting application path: jucheck.exe1 Faulting module path: jucheck.exe2 Report Id: jucheck.exe3 Error: (09/05/2015 11:27:34 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure. System errors: ============= Error: (09/08/2015 12:35:25 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Client Virtualization Handler service hung on starting. Error: (09/07/2015 09:06:49 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TeamViewer9 service. Error: (09/07/2015 04:10:19 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home. Error: (09/07/2015 01:35:52 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Client Virtualization Handler service hung on starting. Error: (09/07/2015 01:35:49 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The AVGIDSAgent service hung on starting. Error: (09/07/2015 01:09:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (09/07/2015 01:08:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (09/07/2015 01:08:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (09/07/2015 01:08:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (09/07/2015 01:08:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Microsoft Office: ========================= Error: (09/08/2015 03:28:22 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Chaotic Lawliet\Desktop\Spyware Forum\esetsmartinstaller_enu.exe Error: (09/08/2015 12:32:42 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure. Error: (09/07/2015 01:34:19 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure. Error: (09/07/2015 01:08:55 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Chaotic Lawliet\Desktop\Spyware Forum\esetsmartinstaller_enu.exe Error: (09/07/2015 12:55:38 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure. Error: (09/06/2015 01:13:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: jucheck.exe2.8.60.2755c116b1jucheck.exe2.8.60.2755c116b14000001500052d24146c01d0e8c75bfcf756C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeC:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exea73c18a1-54ba-11e5-98e4-206a8a1423a6 Error: (09/06/2015 01:07:17 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure. Error: (09/05/2015 11:52:58 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure. Error: (09/05/2015 11:33:16 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: jucheck.exe2.8.60.2755c116b1jucheck.exe2.8.60.2755c116b14000001500052d2416d401d0e7f01deab3b6C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeC:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe6cda22f6-53e3-11e5-bac7-206a8a1423a6 Error: (09/05/2015 11:27:34 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure. CodeIntegrity: =================================== Date: 2015-08-23 04:11:22.624 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. Date: 2015-08-23 04:11:22.422 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. Date: 2015-08-23 04:11:22.228 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. Date: 2015-08-22 11:04:52.736 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. Date: 2015-08-22 11:04:52.595 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. Date: 2015-08-22 11:04:52.424 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system. Date: 2015-08-22 11:04:52.299 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system. Date: 2015-08-22 11:04:47.057 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. Date: 2015-08-22 11:04:46.933 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. Date: 2015-08-22 11:04:46.808 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Pentium® CPU P6100 @ 2.00GHz Percentage of memory in use: 43% Total physical RAM: 2804.5 MB Available physical RAM: 1593.56 MB Total Virtual: 5607.2 MB Available Virtual: 3852.56 MB ==================== Drives ================================ Drive c: (ACER) (Fixed) (Total:219.11 GB) (Free:56.92 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: C444C444) Partition 1: (Not Active) - (Size=13.7 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=219.1 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  2. Deleted the FRST.txt and Addition.txt files and ran FRST. Logs are below. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-09-2015 Ran by Chaotic Lawliet (administrator) on TEMPEST (08-09-2015 15:30:58) Running from C:\Users\Chaotic Lawliet\Desktop\Spyware Forum Loaded Profiles: Chaotic Lawliet (Available Profiles: Chaotic Lawliet) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Akamai Technologies, Inc.) C:\Users\Chaotic Lawliet\AppData\Local\Akamai\netsession_win.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Akamai Technologies, Inc.) C:\Users\Chaotic Lawliet\AppData\Local\Akamai\netsession_win.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe () C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\MouseHid.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-22] (Alcor Micro Corp.) HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-26] (Egis Technology Inc.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9643552 2009-12-10] (Realtek Semiconductor) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-18] (Synaptics Incorporated) HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-04-23] (Acer Incorporated) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [backupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-08] (NewTech Infosystems, Inc.) HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation) HKLM-x32\...\Run: [suiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-26] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [968272 2010-06-22] (Dritek System Inc.) HKLM-x32\...\Run: [uSB Optical Mouse] => C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\MouseHid.exe [245248 2010-03-30] () HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3730344 2015-07-07] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5579624 2015-08-03] (LogMeIn Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Chaotic Lawliet\AppData\Local\Akamai\netsession_win.exe [4691384 2015-07-23] (Akamai Technologies, Inc.) HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-07-14] (Google Inc.) HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-12-17] (Microsoft Corporation) ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [2010-05-26] (Egis Technology Inc.) ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll [2010-05-26] (Egis Technology Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\..\Interfaces\{96381102-A251-4052-AB1E-ADFA4BE8D1BC}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-15] (Google Inc.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated) BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-08-30] (RealPlayer) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-01] (Oracle Corporation) BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-15] (Google Inc.) BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2013-03-11] (FreeDownloadManager.ORG) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-01] (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-15] (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-15] (Google Inc.) Toolbar: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-15] (Google Inc.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default FF DefaultSearchEngine.US: Google FF NetworkProxy: "no_proxies_on", "" FF NetworkProxy: "socks_version", 4 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-01] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-01] (Oracle Corporation) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2010-06-01] (Yahoo! Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation) FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2012-12-04] (Nexon) FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2012-08-30] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll [2012-08-30] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-08-30] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-08-30] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2012-08-30] (RealPlayer) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2012-05-31] () FF Plugin-x32: BYOND -> C:\Program Files (x86)\BYOND\bin\npbyond.dll [2012-07-15] (BYOND) FF Plugin HKU\S-1-5-21-2505415791-2747731311-3398940262-1000: @g2.com/iggweb3dupdater -> C:\Users\Chaotic Lawliet\AppData\Roaming\IGG\Web3D\1.0.0.38\NPIGGWeb3DUpdater.dll [2012-04-19] (IGG) FF Plugin HKU\S-1-5-21-2505415791-2747731311-3398940262-1000: @g2.com/joyconnectshell -> C:\Users\Chaotic Lawliet\AppData\Roaming\IGG\Web3D\1.0.0.38\NPJoyConnectShell.dll [2012-04-19] (IGG) FF Plugin HKU\S-1-5-21-2505415791-2747731311-3398940262-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Chaotic Lawliet\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-04-23] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-2505415791-2747731311-3398940262-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-11-17] (The Happy Cloud) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npbyond.dll [2012-07-15] (BYOND) FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-05-26] FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: No Name - C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [not found] FF Extension: No Name - C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [not found] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Mahjong Solitaire) - internal-remoting-viewer CHR Plugin: (Remoting Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\pdf.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\gcswf32.dll No File CHR Plugin: (Flash) - C:\Users\Chaotic Lawliet\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll No File CHR Plugin: (AVG Internet Security) - c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\BYOND\bin\npbyond.dll (BYOND) CHR Plugin: (BYOND stub plugin for Mozilla) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File CHR Plugin: (Java) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll No File CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Windows Live® Photo Gallery) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) CHR Plugin: (Nexon Game Controller) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll No File CHR Plugin: (RealPlayer) - C:\Users\Chaotic Lawliet\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) CHR Plugin: (Unity Player) - C:\Windows\system32\npOGPPlugin.dll No File CHR Plugin: (OGPlanet Game Plugin) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File CHR Plugin: (Silverlight) - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) CHR Profile: C:\Users\Chaotic Lawliet\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Chaotic Lawliet\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2011-01-29] CHR Extension: (Tampermonkey) - C:\Users\Chaotic Lawliet\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-04-03] CHR Extension: (AdBlock) - C:\Users\Chaotic Lawliet\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-12-15] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Chaotic Lawliet\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14] CHR Extension: (LoL - Jinx) - C:\Users\Chaotic Lawliet\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndbciboanpmkpbeanbjdcneplghndhcp [2014-05-31] CHR Extension: (Mahjong Solitaire) - C:\Users\Chaotic Lawliet\AppData\Local\Google\Chrome\User Data\Default\Extensions\neojceinbonpjjcokpokpeobkhcpiloc [2015-02-09] CHR Extension: (Chrome Web Store Payments) - C:\Users\Chaotic Lawliet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23] CHR Extension: (My Chrome Theme) - C:\Users\Chaotic Lawliet\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2012-04-07] CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-05-26] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3518376 2015-07-07] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [314304 2015-07-07] (AVG Technologies CZ, s.r.o.) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-08-03] (LogMeIn, Inc.) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (Egis Technology Inc.) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5312448 2014-03-19] (INCA Internet Co., Ltd.) R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [250368 2010-03-08] (NewTech Infosystems, Inc.) [File not signed] S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ASPI; C:\Windows\SysWOW64\DRIVERS\ASPI32.sys [84832 2002-07-17] (Adaptec) [File not signed] R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [293296 2015-06-26] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [226784 2015-06-10] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [281568 2015-05-12] (AVG Technologies CZ, s.r.o.) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 GunBod; C:\Game\SoftnyxGame\GunBoundIS\avital\gunbod64.sys [86352 2014-11-28] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation) S3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd) S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-01] (INCA Internet Co., Ltd.) [File not signed] S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-04-26] (MCCI Corporation) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2015-09-07] () ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-05 01:19 - 2015-09-06 13:14 - 00000000 ____D C:\Users\Chaotic Lawliet\AppData\Local\CrashDumps 2015-09-04 17:53 - 2015-09-07 13:10 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys 2015-09-04 17:53 - 2015-09-05 22:20 - 00000000 ____D C:\ProgramData\RogueKiller 2015-09-03 17:56 - 2015-09-05 11:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-09-02 00:32 - 2015-09-02 00:35 - 00000000 ____D C:\Users\Chaotic Lawliet\AppData\Roaming\Tap_Dungeon 2015-09-01 22:18 - 2015-09-01 22:18 - 00000000 ____D C:\Users\Chaotic Lawliet\AppData\Roaming\com.bluemanchu.CardHunter 2015-09-01 20:15 - 2015-09-01 20:15 - 00000000 ____D C:\Users\Chaotic Lawliet\AppData\Local\Steam 2015-09-01 20:15 - 2015-09-01 20:15 - 00000000 ____D C:\Users\Chaotic Lawliet\AppData\Local\CEF 2015-09-01 02:16 - 2015-09-01 02:16 - 00000000 ____D C:\Users\Chaotic Lawliet\AppData\Roaming\Sun 2015-09-01 02:16 - 2015-09-01 02:16 - 00000000 ____D C:\Users\Chaotic Lawliet\.oracle_jre_usage 2015-09-01 02:16 - 2015-09-01 02:15 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-09-01 02:15 - 2015-09-01 02:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-08-25 00:22 - 2015-08-25 00:22 - 00003210 _____ C:\Windows\System32\Tasks\{B53F021A-4AC3-4754-BFA6-301A9C869B82} 2015-08-24 14:18 - 2015-08-24 14:19 - 00000000 ____D C:\ProgramData\Sophos 2015-08-24 14:18 - 2015-08-24 14:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos 2015-08-24 14:17 - 2015-08-24 14:17 - 00000000 ____D C:\Program Files (x86)\Sophos 2015-08-24 13:48 - 2015-08-24 13:48 - 00000000 _____ C:\Windows\SysWOW64\REN31E.tmp 2015-08-23 21:08 - 2015-09-08 15:31 - 00000000 ____D C:\FRST 2015-08-23 16:23 - 2015-08-23 16:23 - 00000000 ____D C:\Program Files (x86)\ESET 2015-08-23 16:01 - 2015-08-23 16:06 - 00000000 ____D C:\AdwCleaner 2015-08-22 17:35 - 2015-09-08 15:30 - 00000000 ____D C:\Users\Chaotic Lawliet\Desktop\Spyware Forum 2015-08-22 16:41 - 2015-08-23 12:24 - 00000000 ____D C:\Users\Chaotic Lawliet\AppData\Roaming\QuickScan 2015-08-22 14:34 - 2015-08-23 12:37 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-08-22 14:16 - 2015-08-22 14:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-08-22 14:16 - 2015-08-22 14:16 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-08-22 14:16 - 2015-08-22 14:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-08-22 14:16 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-08-22 14:16 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-08-22 14:16 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-08-22 12:58 - 2015-08-22 13:17 - 00000000 ____D C:\Windows\system32\MRT 2015-08-22 12:58 - 2015-07-28 10:59 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-08-22 11:59 - 2015-08-22 11:59 - 00000000 _____ C:\Windows\setuperr.log 2015-08-22 11:47 - 2015-08-22 11:47 - 00003704 _____ C:\Windows\System32\Tasks\Java Platform SE Auto Updater 2015-08-22 10:59 - 2015-08-22 10:59 - 00000000 ____D C:\Users\Chaotic Lawliet\AppData\Roaming\AVG 2015-08-22 10:57 - 2015-08-22 11:00 - 00000000 ____D C:\ProgramData\AVG 2015-08-21 21:09 - 2015-09-03 23:26 - 00002066 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-08-21 21:09 - 2015-08-21 21:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-08-21 11:51 - 2015-08-21 11:51 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-08-21 11:51 - 2015-08-21 11:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-08-20 03:04 - 2015-08-10 21:20 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-08-20 03:04 - 2015-08-10 21:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-08-20 03:04 - 2015-08-10 20:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-08-20 03:04 - 2015-08-10 20:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-08-15 12:22 - 2015-08-17 18:32 - 00003152 _____ C:\Users\Chaotic Lawliet\Desktop\Destoka's Pokemon Needs!.txt 2015-08-13 08:09 - 2015-07-30 09:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-08-13 08:09 - 2015-07-30 09:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-08-12 07:52 - 2015-07-20 20:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-08-12 07:52 - 2015-07-20 20:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-08-12 07:52 - 2015-07-16 16:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-08-12 07:52 - 2015-07-16 16:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-08-12 07:52 - 2015-07-16 16:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-08-12 07:52 - 2015-07-16 16:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-08-12 07:52 - 2015-07-16 16:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-08-12 07:52 - 2015-07-16 16:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-08-12 07:52 - 2015-07-16 16:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-08-12 07:52 - 2015-07-16 16:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-08-12 07:52 - 2015-07-16 16:21 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-08-12 07:52 - 2015-07-16 16:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-08-12 07:52 - 2015-07-16 16:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-08-12 07:52 - 2015-07-16 15:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-08-12 07:52 - 2015-07-16 15:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-08-12 07:52 - 2015-07-16 15:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-08-12 07:52 - 2015-07-16 15:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-08-12 07:52 - 2015-07-16 15:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-08-12 07:52 - 2015-07-16 15:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-08-12 07:52 - 2015-07-16 15:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-08-12 07:52 - 2015-07-16 15:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-08-12 07:52 - 2015-07-16 15:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-08-12 07:52 - 2015-07-16 15:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-08-12 07:52 - 2015-07-16 15:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-08-12 07:52 - 2015-07-16 15:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-08-12 07:52 - 2015-07-16 15:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-08-12 07:52 - 2015-07-16 15:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-08-12 07:52 - 2015-07-16 15:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-08-12 07:52 - 2015-07-16 15:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-08-12 07:52 - 2015-07-16 15:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-08-12 07:52 - 2015-07-16 15:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-08-12 07:52 - 2015-07-16 15:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-08-12 07:52 - 2015-07-16 15:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-08-12 07:52 - 2015-07-16 15:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-08-12 07:52 - 2015-07-16 15:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-08-12 07:52 - 2015-07-16 15:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-08-12 07:52 - 2015-07-16 15:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-08-12 07:52 - 2015-07-16 15:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-08-12 07:52 - 2015-07-16 15:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-08-12 07:52 - 2015-07-16 15:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-08-12 07:52 - 2015-07-16 14:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-08-12 07:52 - 2015-07-16 14:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-08-12 07:52 - 2015-07-16 14:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-08-12 07:52 - 2015-07-16 14:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-08-12 07:51 - 2015-07-30 14:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2015-08-12 07:51 - 2015-07-30 14:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-08-12 07:51 - 2015-07-30 14:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-08-12 07:51 - 2015-07-30 14:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-08-12 07:51 - 2015-07-30 14:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-08-12 07:51 - 2015-07-30 14:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-08-12 07:51 - 2015-07-30 14:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-08-12 07:51 - 2015-07-30 13:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2015-08-12 07:51 - 2015-07-30 13:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-08-12 07:51 - 2015-07-30 13:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2015-08-12 07:51 - 2015-07-30 13:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-08-12 07:51 - 2015-07-30 13:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2015-08-12 07:51 - 2015-07-30 13:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2015-08-12 07:51 - 2015-07-30 12:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-08-12 07:51 - 2015-07-30 12:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-08-12 07:51 - 2015-07-30 12:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-08-12 07:51 - 2015-07-28 16:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2015-08-12 07:51 - 2015-07-28 16:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-08-12 07:51 - 2015-07-28 16:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-08-12 07:51 - 2015-07-28 16:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-08-12 07:51 - 2015-07-28 16:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-08-12 07:51 - 2015-07-28 16:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-08-12 07:51 - 2015-07-28 16:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-08-12 07:51 - 2015-07-28 15:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-08-12 07:51 - 2015-07-16 16:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-08-12 07:51 - 2015-07-16 16:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-08-12 07:51 - 2015-07-16 16:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-08-12 07:51 - 2015-07-16 16:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-08-12 07:51 - 2015-07-16 16:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-08-12 07:51 - 2015-07-16 16:21 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-08-12 07:51 - 2015-07-16 16:08 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-08-12 07:51 - 2015-07-16 15:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-08-12 07:51 - 2015-07-16 15:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-08-12 07:51 - 2015-07-16 15:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-08-12 07:51 - 2015-07-16 15:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-08-12 07:51 - 2015-07-16 15:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-08-12 07:51 - 2015-07-15 14:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-08-12 07:51 - 2015-07-15 14:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-08-12 07:51 - 2015-07-15 14:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll 2015-08-12 07:51 - 2015-07-15 14:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-08-12 07:51 - 2015-07-15 13:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-08-12 07:51 - 2015-07-15 13:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-08-12 07:50 - 2015-07-15 14:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-08-12 07:50 - 2015-07-15 14:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-08-12 07:50 - 2015-07-15 14:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-08-12 07:50 - 2015-07-15 14:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-08-12 07:50 - 2015-07-15 14:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-08-12 07:50 - 2015-07-15 14:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-08-12 07:50 - 2015-07-15 14:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-08-12 07:50 - 2015-07-15 14:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-08-12 07:50 - 2015-07-15 14:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-08-12 07:50 - 2015-07-15 14:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-08-12 07:50 - 2015-07-15 14:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-08-12 07:50 - 2015-07-15 14:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-08-12 07:50 - 2015-07-15 14:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-08-12 07:50 - 2015-07-15 14:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-08-12 07:50 - 2015-07-15 14:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-08-12 07:50 - 2015-07-15 14:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-08-12 07:50 - 2015-07-15 14:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-08-12 07:50 - 2015-07-15 14:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-08-12 07:50 - 2015-07-15 14:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-08-12 07:50 - 2015-07-15 14:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-08-12 07:50 - 2015-07-15 14:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-08-12 07:50 - 2015-07-15 14:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2015-08-12 07:50 - 2015-07-15 14:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-08-12 07:50 - 2015-07-15 14:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-08-12 07:50 - 2015-07-15 14:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-08-12 07:50 - 2015-07-15 14:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-08-12 07:50 - 2015-07-15 14:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-08-12 07:50 - 2015-07-15 14:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-08-12 07:50 - 2015-07-15 14:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-08-12 07:50 - 2015-07-15 14:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-08-12 07:50 - 2015-07-15 14:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-08-12 07:50 - 2015-07-15 14:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-08-12 07:50 - 2015-07-15 14:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 13:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-08-12 07:50 - 2015-07-15 13:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-08-12 07:50 - 2015-07-15 13:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-08-12 07:50 - 2015-07-15 13:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-08-12 07:50 - 2015-07-15 13:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-08-12 07:50 - 2015-07-15 13:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-08-12 07:50 - 2015-07-15 13:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-08-12 07:50 - 2015-07-15 13:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-08-12 07:50 - 2015-07-15 13:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-08-12 07:50 - 2015-07-15 13:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2015-08-12 07:50 - 2015-07-15 13:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-08-12 07:50 - 2015-07-15 13:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-08-12 07:50 - 2015-07-15 13:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-08-12 07:50 - 2015-07-15 13:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-08-12 07:50 - 2015-07-15 13:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2015-08-12 07:50 - 2015-07-15 13:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-08-12 07:50 - 2015-07-15 13:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-08-12 07:50 - 2015-07-15 13:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-08-12 07:50 - 2015-07-15 13:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-08-12 07:50 - 2015-07-15 13:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-08-12 07:50 - 2015-07-15 13:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 12:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-08-12 07:50 - 2015-07-15 12:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-08-12 07:50 - 2015-07-15 12:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-08-12 07:50 - 2015-07-15 12:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-08-12 07:50 - 2015-07-15 12:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-08-12 07:50 - 2015-07-15 12:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 12:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 12:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 12:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-08-12 07:50 - 2015-07-10 13:51 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2015-08-12 07:50 - 2015-07-10 13:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2015-08-12 07:49 - 2015-07-14 23:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll 2015-08-12 07:49 - 2015-07-10 13:51 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll 2015-08-12 07:49 - 2015-07-10 13:51 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2015-08-12 07:49 - 2015-07-10 13:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2015-08-12 07:49 - 2015-07-10 13:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2015-08-12 07:44 - 2015-07-14 23:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2015-08-12 07:44 - 2015-07-14 23:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-08-12 07:44 - 2015-07-14 22:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2015-08-12 07:44 - 2015-07-01 16:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2015-08-12 07:44 - 2015-07-01 16:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2015-08-12 07:44 - 2015-07-01 16:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2015-08-12 07:44 - 2015-07-01 16:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2015-08-12 07:43 - 2015-07-20 14:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-08-12 07:43 - 2015-07-20 14:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-08-12 07:43 - 2015-07-20 14:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-08-12 07:43 - 2015-07-20 14:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-08-12 07:43 - 2015-07-20 14:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-08-12 07:43 - 2015-07-20 14:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-08-12 07:43 - 2015-07-20 14:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-08-12 07:43 - 2015-07-20 14:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-08-12 07:43 - 2015-07-20 14:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-08-12 07:43 - 2015-07-20 14:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-08-12 07:43 - 2015-07-20 14:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-08-12 07:43 - 2015-07-20 13:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-08-12 07:43 - 2015-07-20 13:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-08-12 07:43 - 2015-07-20 13:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-08-12 07:43 - 2015-07-20 13:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-08-12 07:43 - 2015-07-20 13:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-08-12 07:43 - 2015-07-14 23:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2015-08-12 07:43 - 2015-07-14 23:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2015-08-12 07:43 - 2015-07-14 22:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2015-08-12 07:43 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll 2015-08-12 07:43 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2015-08-12 07:43 - 2015-07-10 13:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-08-12 07:43 - 2015-07-10 13:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-08-12 07:43 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe 2015-08-12 07:43 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe 2015-08-12 07:43 - 2015-07-09 13:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe 2015-08-12 07:42 - 2015-05-09 14:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-08 15:24 - 2012-08-12 18:56 - 00000000 ____D C:\Users\Chaotic Lawliet\AppData\Roaming\Skype 2015-09-08 15:24 - 2010-09-11 17:55 - 01261727 _____ C:\Windows\WindowsUpdate.log 2015-09-08 15:23 - 2012-08-16 21:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-09-08 15:14 - 2011-01-29 03:20 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-09-08 14:28 - 2009-07-14 00:51 - 00663165 _____ C:\Windows\setupact.log 2015-09-08 12:44 - 2009-07-14 00:45 - 00022896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-09-08 12:44 - 2009-07-14 00:45 - 00022896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-09-08 12:38 - 2012-09-13 01:47 - 00000000 ____D C:\Users\Chaotic Lawliet\AppData\Local\LogMeIn Hamachi 2015-09-08 12:36 - 2011-01-29 03:20 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-09-08 12:36 - 2011-01-28 20:54 - 00000000 ____D C:\ProgramData\MFAData 2015-09
  3. Rebooted in safe mode and ran RogueKiller. Logs are below. RogueKiller V10.10.4.0 (x64) [sep 4 2015] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/software/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Safe mode User : Chaotic Lawliet [Administrator] Started from : C:\Users\Chaotic Lawliet\Desktop\RogueKillerX64.exe Mode : Delete -- Date : 09/07/2015 13:31:09 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 0 ¤¤¤ ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000035f]) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: WDC WD2500BEVT-22A23T0 +++++ --- User --- [MBR] 46fa17a72513fc2b9411ad36b4695dd2 [bSP] bc2cca40aef39d9c594f0026c645b67e : HP MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14000 MB 1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 28674048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 28878848 | Size: 224373 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK
  4. Sorry for the late reply, was busy yesterday and most of today. I've finally run the scan, the log is below. RogueKiller V10.10.4.0 (x64) [sep 4 2015] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/software/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Chaotic Lawliet [Administrator] Started from : C:\Users\Chaotic Lawliet\Desktop\RogueKillerX64.exe Mode : Delete -- Date : 09/05/2015 22:19:03 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 7 ¤¤¤ [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Lightshot : C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe -> ERROR [0] [PUP] (X64) HKEY_USERS\S-1-5-21-2505415791-2747731311-3398940262-1000\Software\Microsoft\Windows\CurrentVersion\Run | LightShot : C:\Users\Chaotic Lawliet\AppData\Local\Skillbrains\lightshot\Lightshot.exe -> ERROR [0] [suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2505415791-2747731311-3398940262-1000\Software\Microsoft\Windows\CurrentVersion\Run | ROC_ROC_APR2013_AV : C:\Users\Chaotic Lawliet\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 2daa7ced2f2547d1baa9f123ccf0ca55-d54ae5b4a42adb13fe8cade7cdf5e2a8b35ad24d --CMPID ROC_APR2013_AV --CMPIDEXTRA 2012 [-][x][x][x][x][x][x][x][x][x][x][x] -> ERROR [0] [PUP] (X86) HKEY_USERS\S-1-5-21-2505415791-2747731311-3398940262-1000\Software\Microsoft\Windows\CurrentVersion\Run | LightShot : C:\Users\Chaotic Lawliet\AppData\Local\Skillbrains\lightshot\Lightshot.exe -> ERROR [2] [suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2505415791-2747731311-3398940262-1000\Software\Microsoft\Windows\CurrentVersion\Run | ROC_ROC_APR2013_AV : C:\Users\Chaotic Lawliet\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 2daa7ced2f2547d1baa9f123ccf0ca55-d54ae5b4a42adb13fe8cade7cdf5e2a8b35ad24d --CMPID ROC_APR2013_AV --CMPIDEXTRA 2012 [-][x][x][x][x][x][x][x][x][x][x][x] -> ERROR [2] [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2505415791-2747731311-3398940262-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome) [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2505415791-2747731311-3398940262-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome) ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 6 ¤¤¤ [FIREFX:Addon] cyrlrzfw.default : Greasemonkey [{e4a8a97b-f2ed-450b-b12d-ee082ba24781}] -> Deleted [FIREFX:Addon] cyrlrzfw.default : Bitdefender QuickScan [{e001c731-5e37-4538-a5cb-8168736a2360}] -> Deleted [FIREFX:Addon] cyrlrzfw.default : RealPlayer Browser Record Plugin [{0153E448-190B-4987-BDE1-F256CADA672F}] -> Deleted [FIREFX:Addon] cyrlrzfw.default : Free Download Manager plugin [fdm_ffext@freedownloadmanager.org] -> Deleted [PUM.Proxy][FIREFX:Config] cyrlrzfw.default : user_pref("network.proxy.http", "195.246.54.202"); -> Deleted [PUM.Proxy][FIREFX:Config] cyrlrzfw.default : user_pref("network.proxy.http_port", 8080); -> Deleted ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: WDC WD2500BEVT-22A23T0 +++++ --- User --- [MBR] 46fa17a72513fc2b9411ad36b4695dd2 [bSP] bc2cca40aef39d9c594f0026c645b67e : HP|VT.Unknown MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14000 MB 1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 28674048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 28878848 | Size: 224373 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK
  5. So, the day after my last post, at around 5pm, the issues went away and were completely gone, everything returned to normal. But today, just 10 minutes ago, the same issues have returned after having been gone for 8 days straight. You haven't replied since my last post, and that is fine. I just thought I would update this post again anyway.
  6. I found an older USB mouse and just plugged it in and installed the driver. The mouse worked, but the same issues were there except for the random/constant scrolling as the mouse I tried lacks a scroll wheel.
  7. I've downloaded and ran the program, but I'm getting this error for each of the startup items on the list: "Error on value: (startup item name). There was an error creating a MSConfig key." There's only two items on the list, MsnMsgr (Windows Live Messenger) and something called swg ("Part of Google Toolbar. Notifies you of newest toolbar versions." is its description). I've followed through and rebooted my laptop anyway just to be sure. I've also noticed a problem today that occurs with the rest of the issues I've been having. When ever I right-click a bookmarked link in Google Chrome, it opens in a new tab as if I've clicked it with the middle button/scroll wheel on my mouse. And as I've mentioned previously, clicking a tab in Google Chrome will close the tab without clicking the tiny 'x', again something that would happen if I had clicked with the wheel button. Could there possibly be a problem with my mouse and touchpad drivers? Or maybe a bad mouse? (even though the issues still occur while the mouse is unplugged, and I'm not sure it would explain everything on my screen locking up until I open the ctrl+alt+del screen). None of these clicking issues seem to happen while I play games though, the mouse buttons function as they should.. Anyway, thought I would mention all of that while I still remember it all. Thank you so much for the help you've provided so far. I'll check back sometime in the morning. Update: Woke up with the issues still going on. I did notice though that while using Firefox, the scroll function activated by pressing the middle/scroll button will occasionally keep switching on and off without even pressing it, and would only stop after unplugging the mouse from my laptop. Update #2: The problem seems to be getting a little worse now. Sometimes the cursor will click and hold onto a tab/file and not let go until I left-click with my mouse, and now it's gotten to where the ctrl+alt+del screen will lock up for around 10~20 seconds before closing after I click 'cancel'.
  8. I have uninstalled uTorrent, Cheat Engine 6.2, AVG PC TuneUp 2015. As for TeamViewer, I do use a strong password, but I'll probably uninstall it later as I rarely use it anymore. I've also uninstalled Java. Thank you for the advice. I've downloaded, installed and used all tools listed. The logs are below. Fix result of Farbar Recovery Scan Tool (x64) Version:24-08-2015 Ran by Chaotic Lawliet (2015-08-24 13:18:12) Run:1 Running from C:\Users\Chaotic Lawliet\Desktop\Spyware Forum Loaded Profiles: Chaotic Lawliet (Available Profiles: Chaotic Lawliet) Boot Mode: Normal ============================================== fixlist content: ***************** start CHR HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION URLSearchHook: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000 - (No Name) - {03f38c00-dda9-46bf-9475-c6997746c740} - No File SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW SearchScopes: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000 -> {225C4492-3857-42F3-9D50-97A47D1AF763} URL = hxxp://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true& user_id=%userid&tool_id=60231&qkw={searchTerms} SearchScopes: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enUS416 SearchScopes: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000 -> {E8984107-C1A3-4E7A-B45D-96DF0168DDAF} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=FWV5&o=14193&src=crm&q={searchTerms}&locale=&apn_ptnrs=FM&apn_dtid=YYYYYYURUS&apn_uid=f44b21fc-f465-45b9-a417-bc4a3921bffa&apn_sauid=299683DA-6A75-4BBC-8BE3-2F0703436E8E Toolbar: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000 -> No Name - {03F38C00-DDA9-46BF-9475-C6997746C740} - No File FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_51\bin\new_plugin\npjp2.dll [No File] FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll [No File] FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File] CHR HKLM\...\Chrome\Extension: [eogikidelleflpkolmiiaeibjbaepila] - C:\Users\CHAOTI~1\AppData\Local\chrome_6486.crx [2014-01-25] CHR HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [eogikidelleflpkolmiiaeibjbaepila] - C:\Users\CHAOTI~1\AppData\Local\chrome_6486.crx [2014-01-25] CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - <no Path/update_url> CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - <no Path/update_url> CHR HKLM-x32\...\Chrome\Extension: [eogikidelleflpkolmiiaeibjbaepila] - C:\Users\CHAOTI~1\AppData\Local\chrome_6486.crx [2014-01-25] S3 CaptureFileMonitor; system32\DRIVERS\CaptureFileMonitor64.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 ProcObsrv; \??\C:\Windows\SysWOW64\ProcObsrv64.sys [X] S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X] S3 X6va001; \??\C:\Users\CHAOTI~1\AppData\Local\Temp\001BEDC.tmp [X] S3 X6va005; \??\C:\Users\CHAOTI~1\AppData\Local\Temp\0051E8B.tmp [X] S3 X6va006; \??\C:\Users\CHAOTI~1\AppData\Local\Temp\006561B.tmp [X] S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [X] S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [X] S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X] S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X] S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X] S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X] S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X] S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X] S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X] S3 X6va025; \??\C:\Windows\SysWOW64\Drivers\X6va025 [X] S3 X6va027; \??\C:\Windows\SysWOW64\Drivers\X6va027 [X] S3 X6va028; \??\C:\Windows\SysWOW64\Drivers\X6va028 [X] S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X] CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File Task: {30A8D933-FB5F-4594-936B-B3BA788319E3} - System32\Tasks\{06B71EE2-9598-437A-B550-E5D719A4C07F} => pcalua.exe -a "C:\Users\Chaotic Lawliet\Desktop\Maple Story\MSSetupv83.exe" -d "C:\Users\Chaotic Lawliet\Desktop\Maple Story" Task: {56551FC5-69CC-4AB4-A4AF-33C6BE69429F} - System32\Tasks\{73464F91-A401-4C86-84A8-C9918401783C} => pcalua.exe -a "C:\Users\Chaotic Lawliet\Desktop\iROSetupFv1.3.exe" -d "C:\Users\Chaotic Lawliet\Desktop" Task: {62CA758A-340D-4C28-9735-04B650A36AF9} - System32\Tasks\{3FE0A132-4D64-4C54-A1D9-067C23066335} => pcalua.exe -a "C:\Users\Chaotic Lawliet\Desktop\Games\Maple Story\MSSetupv83.exe" -d "C:\Users\Chaotic Lawliet\Desktop\Games\Maple Story" Task: {A0FF3C3E-3E04-4AE9-9140-B1A4D029825B} - System32\Tasks\{6B09288F-2E0A-4793-BB35-03367B28EA4D} => pcalua.exe -a "C:\Users\Chaotic Lawliet\Desktop\MSSetupv83.exe" -d "C:\Users\Chaotic Lawliet\Desktop" Task: {CCF2005F-2BAC-4473-8ED6-599D764F25F5} - \RealPlayer (32-bit) -> No File <==== ATTENTION end ***************** "HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\Policies\Google" => key removed successfully HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{03f38c00-dda9-46bf-9475-c6997746c740} => value removed successfully HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" => key removed successfully HKCR\Wow6432Node\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => key not found. "HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{225C4492-3857-42F3-9D50-97A47D1AF763}" => key removed successfully HKCR\CLSID\{225C4492-3857-42F3-9D50-97A47D1AF763} => key not found. "HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" => key removed successfully HKCR\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => key not found. "HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E8984107-C1A3-4E7A-B45D-96DF0168DDAF}" => key removed successfully HKCR\CLSID\{E8984107-C1A3-4E7A-B45D-96DF0168DDAF} => key not found. HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{03F38C00-DDA9-46BF-9475-C6997746C740} => value removed successfully HKCR\CLSID\{03F38C00-DDA9-46BF-9475-C6997746C740} => key not found. "HKLM\Software\MozillaPlugins\@java.com/JavaPlugin" => key removed successfully "HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully "HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully "HKLM\Software\Wow6432Node\MozillaPlugins\@ogplanet.com/npOGPPlugin" => key removed successfully "HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully "HKLM\SOFTWARE\Google\Chrome\Extensions\eogikidelleflpkolmiiaeibjbaepila" => key removed successfully C:\Users\CHAOTI~1\AppData\Local\chrome_6486.crx => moved successfully "HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\Google\Chrome\Extensions\eogikidelleflpkolmiiaeibjbaepila" => key removed successfully "C:\Users\CHAOTI~1\AppData\Local\chrome_6486.crx" => File/Folder not found. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf" => key removed successfully "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh" => key removed successfully "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eogikidelleflpkolmiiaeibjbaepila" => key removed successfully "C:\Users\CHAOTI~1\AppData\Local\chrome_6486.crx" => File/Folder not found. CaptureFileMonitor => service removed successfully EagleX64 => service removed successfully ProcObsrv => service removed successfully WinRing0_1_2_0 => service removed successfully X6va001 => service removed successfully X6va005 => service removed successfully X6va006 => service removed successfully X6va008 => service removed successfully X6va009 => service removed successfully X6va011 => service removed successfully X6va012 => service removed successfully X6va015 => service removed successfully X6va016 => service removed successfully X6va017 => service removed successfully X6va021 => service removed successfully X6va022 => service removed successfully X6va025 => service removed successfully X6va027 => service removed successfully X6va028 => service removed successfully X6va029 => service removed successfully "HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully "HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully "HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully "HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully "HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully "HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully "HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{30A8D933-FB5F-4594-936B-B3BA788319E3}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30A8D933-FB5F-4594-936B-B3BA788319E3}" => key removed successfully C:\Windows\System32\Tasks\{06B71EE2-9598-437A-B550-E5D719A4C07F} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{06B71EE2-9598-437A-B550-E5D719A4C07F}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{56551FC5-69CC-4AB4-A4AF-33C6BE69429F}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56551FC5-69CC-4AB4-A4AF-33C6BE69429F}" => key removed successfully C:\Windows\System32\Tasks\{73464F91-A401-4C86-84A8-C9918401783C} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{73464F91-A401-4C86-84A8-C9918401783C}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62CA758A-340D-4C28-9735-04B650A36AF9}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62CA758A-340D-4C28-9735-04B650A36AF9}" => key removed successfully C:\Windows\System32\Tasks\{3FE0A132-4D64-4C54-A1D9-067C23066335} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3FE0A132-4D64-4C54-A1D9-067C23066335}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A0FF3C3E-3E04-4AE9-9140-B1A4D029825B}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0FF3C3E-3E04-4AE9-9140-B1A4D029825B}" => key removed successfully C:\Windows\System32\Tasks\{6B09288F-2E0A-4793-BB35-03367B28EA4D} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6B09288F-2E0A-4793-BB35-03367B28EA4D}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CCF2005F-2BAC-4473-8ED6-599D764F25F5}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCF2005F-2BAC-4473-8ED6-599D764F25F5}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealPlayer (32-bit) " => key removed successfully ==== End of Fixlog 13:18:13 ==== ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 7.5.7 (08.18.2015:1) OS: Windows 7 Home Premium x64 Ran by Chaotic Lawliet on Mon 08/24/2015 at 13:21:35.01 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] C:\ProgramData\google Successfully deleted: [Folder] C:\Users\Chaotic Lawliet\Appdata\Local\crashrpt Successfully deleted: [Folder] C:\Users\Chaotic Lawliet\AppData\Roaming\imvuclient Successfully deleted: [Folder] C:\Windows\SysWOW64\ai_recyclebin Successfully deleted: [Folder] C:\Users\Chaotic Lawliet\Appdata\LocalLow\FCTB000060231 ~~~ FireFox Successfully deleted: [File] C:\user.js Successfully deleted the following from C:\Users\Chaotic Lawliet\AppData\Roaming\mozilla\firefox\profiles\cyrlrzfw.default\prefs.js user_pref(CT3220468.BT_Stats.enc, eyJsYXN0X2xvZyI6MTM1OTU2ODI3NywidXVpZCI6NTk3NjQ1Nzg3NzkzMDk0LCJzZXFfaWQiOjEsInNzYiI6MTM1OTU2ODI3N30=); user_pref(CT3220468.CBOpenMAMSettings.enc, MA==); user_pref(CT3220468.ENABALE_HISTORY, {\dataType\:\string\,\data\:\true\}); user_pref(CT3220468.FirstTime, true); user_pref(CT3220468.FirstTimeFF3, true); user_pref(CT3220468.LoginRevertSettingsEnabled, true); user_pref(CT3220468.RevertSettingsEnabled, true); user_pref(CT3220468.UserID, UN07666358455992717); user_pref(CT3220468.addressBarTakeOverEnabledInHidden, true); user_pref(CT3220468.autoDisableScopes, 0); user_pref(CT3220468.cbcountry_001.enc, VVM=); user_pref(CT3220468.cbfirsttime.enc, V2VkIEphbiAzMCAyMDEzIDA5OjUxOjA5IEdNVC0wODAwIChQYWNpZmljIFN0YW5kYXJkIFRpbWUp); user_pref(CT3220468.countryCode, US); user_pref(CT3220468.defaultSearch, false); user_pref(CT3220468.enableAlerts, always); user_pref(CT3220468.enableFix404ByUser, FALSE); user_pref(CT3220468.enableSearchFromAddressBar, false); user_pref(CT3220468.firstTimeDialogOpened, true); user_pref(CT3220468.fixPageNotFoundError, true); user_pref(CT3220468.fixPageNotFoundErrorByUser, true); user_pref(CT3220468.fixPageNotFoundErrorInHidden, true); user_pref(CT3220468.fixUrls, true); user_pref(CT3220468.fullUserID, UN07666358455992717.UP.20130702020005); user_pref(CT3220468.installType, xpe); user_pref(CT3220468.isCheckedStartAsHidden, true); user_pref(CT3220468.isEnableAllDialogs, {\dataType\:\string\,\data\:\true\}); user_pref(CT3220468.isFirstTimeToolbarLoading, false); user_pref(CT3220468.isNewTabEnabled, false); user_pref(CT3220468.isToolbarShrinked, {\dataType\:\string\,\data\:\false\}); user_pref(CT3220468.isWelcomPage, {\dataType\:\boolean\,\data\:\true\}); user_pref(CT3220468.lastVersion, 10.22.3.518); user_pref(CT3220468.migrateAppsAndComponents, true); user_pref(CT3220468.navigationAliasesJson, {\EB_SEARCH_TERM\:\\,\EB_MAIN_FRAME_URL\:\hxxps%3A%2F%2Fwww.facebook.com%2F\,\EB_MAIN_FRAME_TITLE\:\Facebook\,\EB_TO user_pref(CT3220468.newSettings, {\dataType\:\boolean\,\data\:\true\}); user_pref(CT3220468.openThankYouPage, true); user_pref(CT3220468.openUninstallPage, false); user_pref(CT3220468.revertSettingsEnabled, false); user_pref(CT3220468.search.searchAppId, 129813684258939747); user_pref(CT3220468.search.searchCount, 0); user_pref(CT3220468.searchInNewTabEnabled, false); user_pref(CT3220468.searchInNewTabEnabledByUser, false); user_pref(CT3220468.searchInNewTabEnabledInHidden, true); user_pref(CT3220468.searchSuggestEnabledByUser, false); user_pref(CT3220468.selectToSearchBoxEnabled, {\dataType\:\string\,\data\:\true\}); user_pref(CT3220468.serviceLayer_service_login_isFirstLoginInvoked, {\dataType\:\boolean\,\data\:\true\}); user_pref(CT3220468.serviceLayer_service_login_loginCount, {\dataType\:\number\,\data\:\4\}); user_pref(CT3220468.serviceLayer_service_toolbarGrouping_activeCTID, {\dataType\:\string\,\data\:\CT3220468\}); user_pref(CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl, {\dataType\:\string\,\data\:\hxxp://uTorrentControlv2.OurToolbar.com//xpi\}); user_pref(CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName, {\dataType\:\string\,\data\:\uTorrentControl_v2 \}); user_pref(CT3220468.serviceLayer_service_toolbarGrouping_invoked, {\dataType\:\string\,\data\:\true\}); user_pref(CT3220468.serviceLayer_service_usage_toolbarUsageCount, {\dataType\:\number\,\data\:\2\}); user_pref(CT3220468.serviceLayer_services_Configuration_lastUpdate, 1440169276929); user_pref(CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate, 1359568267489); user_pref(CT3220468.serviceLayer_services_appsMetadata_lastUpdate, 1359568267493); user_pref(CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate, 1359568268317); user_pref(CT3220468.serviceLayer_services_location_lastUpdate, 1372684606119); user_pref(CT3220468.serviceLayer_services_login_10.13.40.15_lastUpdate, 1359972659493); user_pref(CT3220468.serviceLayer_services_login_10.14.370.524_lastUpdate, 1364183654055); user_pref(CT3220468.serviceLayer_services_login_10.14.42.7_lastUpdate, 1361186681633); user_pref(CT3220468.serviceLayer_services_login_10.14.65.43_lastUpdate, 1363255098196); user_pref(CT3220468.serviceLayer_services_login_10.15.0.562_lastUpdate, 1372707378757); user_pref(CT3220468.serviceLayer_services_login_10.16.2.509_lastUpdate, 1372251048158); user_pref(CT3220468.serviceLayer_services_login_10.16.4.519_lastUpdate, 1374941361051); user_pref(CT3220468.serviceLayer_services_login_10.16.70.505_lastUpdate, 1379115072460); user_pref(CT3220468.serviceLayer_services_login_10.22.3.518_lastUpdate, 1440169276119); user_pref(CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate, 1359568268417); user_pref(CT3220468.serviceLayer_services_searchAPI_lastUpdate, 1440169276854); user_pref(CT3220468.serviceLayer_services_serviceMap_lastUpdate, 1440169276660); user_pref(CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate, 1359568268377); user_pref(CT3220468.serviceLayer_services_toolbarSettings_lastUpdate, 1440176477490); user_pref(CT3220468.serviceLayer_services_translation_lastUpdate, 1440169276588); user_pref(CT3220468.settingsINI, true); user_pref(CT3220468.shouldFirstTimeDialog, false); user_pref(CT3220468.showToolbarPermission, false); user_pref(CT3220468.startPage, false); user_pref(CT3220468.toolbarBornServerTime, 30-1-2013); user_pref(CT3220468.toolbarCurrentServerTime, 21-8-2015); user_pref(CT3220468.toolbarLoginClientTime, Tue Mar 19 2013 15:28:42 GMT-0700 (Pacific Daylight Time)); user_pref(CT3220468.url_history0001.enc, aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo6OmNsaWNraGFuZGxlcjo6OjEzNTk1NjgzNjA2NjYsLCxodHRwczovL3d3dy5nb29nbGUuY29tOjo6Y2xpY2toYW5kbGVyOjo6MTM user_pref(CT3220468_Firefox.csv, [{\from\:\Abs Layer\,\action\:\loading toolbar\,\time\:1440263210667,\isWithState\:\\,\timeFromStart\:0,\timeFromPrev\:0} Emptied folder: C:\Users\Chaotic Lawliet\AppData\Roaming\mozilla\firefox\profiles\cyrlrzfw.default\minidumps [244 files] ~~~ Chrome [C:\Users\Chaotic Lawliet\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset [C:\Users\Chaotic Lawliet\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted: [C:\Users\Chaotic Lawliet\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset [C:\Users\Chaotic Lawliet\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted: [ aaaaaaooaijelonlmbcbjkocdnicdfmo, bcfjehbfanfhgoehogmbiebedkidedjb, booedmolknjekdopkepjjeckmjkdpfgl, dlnembnfbcpjnepmfjmngjenhhajpdfd, ehgldbbpchgpcfagfpfjgoomddhccfgh, ejpbbhjlbipncjklfjjaedaieimbmdda, flpcjncodpafbgdpnkljologafpionhb, hapjcfhlhbidaflnbnnhkojdpeiooogl, ndibdjnfmopecpmkdieinmbadjfpblof ] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Mon 08/24/2015 at 13:38:20.27 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 2015-08-24 18:18:56.712 Sophos Virus Removal Tool version 2.5.4 2015-08-24 18:18:56.712 Copyright © 2009-2014 Sophos Limited. All rights reserved. 2015-08-24 18:18:56.712 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them. 2015-08-24 18:18:56.712 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64 2015-08-24 18:18:56.714 Checking for updates... 2015-08-24 18:19:13.574 Update progress: proxy server not available 2015-08-24 18:19:19.789 Option all = no 2015-08-24 18:19:19.789 Option recurse = yes 2015-08-24 18:19:19.789 Option archive = no 2015-08-24 18:19:19.789 Option service = yes 2015-08-24 18:19:19.789 Option confirm = yes 2015-08-24 18:19:19.789 Option sxl = yes 2015-08-24 18:19:19.793 Option max-data-age = 35 2015-08-24 18:19:19.793 Option EnableSafeClean = yes 2015-08-24 18:19:21.350 Option vdl-logging = yes 2015-08-24 18:19:21.355 Customer ID: 094260ca9b3af99f9d4a3909fc47a743 2015-08-24 18:19:21.355 Machine ID: d4e5c7ddfac24ff2929e56c757718c98 2015-08-24 18:19:21.793 Component SVRTcli.exe version 2.5.4 2015-08-24 18:19:21.794 Component control.dll version 2.5.4 2015-08-24 18:19:21.794 Component SVRTservice.exe version 2.5.4 2015-08-24 18:19:21.795 Component engine\osdp.dll version 1.44.1.2210 2015-08-24 18:19:21.795 Component engine\veex.dll version 3.61.0.2210 2015-08-24 18:19:21.796 Component engine\savi.dll version 8.1.8.2210 2015-08-24 18:19:21.976 Component rkdisk.dll version 1.5.30.0 2015-08-24 18:19:22.024 Version info: Product version 2.5.4 2015-08-24 18:19:22.024 Version info: Detection engine 3.61.0 2015-08-24 18:19:22.024 Version info: Detection data 5.17 2015-08-24 18:19:22.025 Version info: Build date 7/21/2015 2015-08-24 18:19:22.025 Version info: Data files added 402 2015-08-24 18:19:22.025 Version info: Last successful update (not yet updated) 2015-08-24 18:19:40.922 Downloading updates... 2015-08-24 18:19:40.940 Update progress: [i96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0 2015-08-24 18:19:40.940 Update progress: [i49502] Found supplement SAVIW32 LATEST 2015-08-24 18:19:40.940 Update progress: [i49502] Found supplement IDE519 LATEST 2015-08-24 18:19:40.940 Update progress: [i49502] Found supplement IDE520 LATEST 2015-08-24 18:19:40.940 Update progress: [i49502] Found supplement IDE521 LATEST 2015-08-24 18:19:40.940 Update progress: [i19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1 2015-08-24 18:19:40.940 Update progress: [i19463] Syncing product SAVIW32 59 2015-08-24 18:20:32.415 Update progress: [i19463] Syncing product IDE519 196 2015-08-24 18:20:32.874 Installing updates... 2015-08-24 18:20:33.679 Error level 1 2015-08-24 18:20:34.002 Update progress: [i19463] Syncing product IDE520 38 2015-08-24 18:20:34.002 Update progress: [i19463] Syncing product IDE521 1 2015-08-24 18:20:46.841 Update successful 2015-08-24 18:21:13.624 Option all = no 2015-08-24 18:21:13.624 Option recurse = yes 2015-08-24 18:21:13.624 Option archive = no 2015-08-24 18:21:13.624 Option service = yes 2015-08-24 18:21:13.624 Option confirm = yes 2015-08-24 18:21:13.624 Option sxl = yes 2015-08-24 18:21:13.626 Option max-data-age = 35 2015-08-24 18:21:13.626 Option EnableSafeClean = yes 2015-08-24 18:21:14.065 Option vdl-logging = yes 2015-08-24 18:21:14.069 Customer ID: 094260ca9b3af99f9d4a3909fc47a743 2015-08-24 18:21:14.069 Machine ID: d4e5c7ddfac24ff2929e56c757718c98 2015-08-24 18:21:14.071 Component SVRTcli.exe version 2.5.4 2015-08-24 18:21:14.071 Component control.dll version 2.5.4 2015-08-24 18:21:14.071 Component SVRTservice.exe version 2.5.4 2015-08-24 18:21:14.071 Component engine\osdp.dll version 1.44.1.2210 2015-08-24 18:21:14.072 Component engine\veex.dll version 3.61.0.2210 2015-08-24 18:21:14.072 Component engine\savi.dll version 8.1.8.2210 2015-08-24 18:21:14.072 Component rkdisk.dll version 1.5.30.0 2015-08-24 18:21:14.072 Version info: Product version 2.5.4 2015-08-24 18:21:14.073 Version info: Detection engine 3.61.0 2015-08-24 18:21:14.073 Version info: Detection data 5.18G 2015-08-24 18:21:14.073 Version info: Build date 8/18/2015 2015-08-24 18:21:14.073 Version info: Data files added 232 2015-08-24 18:21:14.073 Version info: Last successful update 8/24/2015 2:20:46 PM 2015-08-24 18:23:29.326 Couldn't apply option 'SXLLiveProtection' to the detection engine. 2015-08-24 19:33:19.338 Warning: rootkit scan failed to open volume "\\?\Volume{95989338-ec3e-11e2-abbe-206a8a1423a6}" (5) 2015-08-24 19:37:17.051 Could not open C:\hiberfil.sys 2015-08-24 19:40:19.789 Could not open C:\pagefile.sys 2015-08-24 19:58:47.766 >>> Virus 'Mal/Behav-001' found in file C:\Program Files (x86)\Xtreme Jade\element\elementclient.exe 2015-08-24 20:06:21.165 Could not open C:\System Volume Information\{0f4b2452-48b9-11e5-bb29-206a8a1423a6}{3808876b-c176-4e48-b7ae-04046e6cc752} 2015-08-24 20:06:21.165 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} 2015-08-24 20:06:21.165 Could not open C:\System Volume Information\{aa9c0e27-48e6-11e5-9bd7-206a8a1423a6}{3808876b-c176-4e48-b7ae-04046e6cc752} 2015-08-24 20:06:21.165 Could not open C:\System Volume Information\{ec5abf7b-4a74-11e5-97ca-206a8a1423a6}{3808876b-c176-4e48-b7ae-04046e6cc752} 2015-08-24 20:06:21.165 Could not open C:\System Volume Information\{ec5abf7f-4a74-11e5-97ca-206a8a1423a6}{3808876b-c176-4e48-b7ae-04046e6cc752} 2015-08-24 20:06:21.165 Could not open C:\System Volume Information\{ec5abf83-4a74-11e5-97ca-206a8a1423a6}{3808876b-c176-4e48-b7ae-04046e6cc752} 2015-08-24 20:06:21.165 Could not open C:\System Volume Information\{ec5abf8d-4a74-11e5-97ca-206a8a1423a6}{3808876b-c176-4e48-b7ae-04046e6cc752} 2015-08-24 20:06:21.165 Could not open C:\System Volume Information\{ec5abf94-4a74-11e5-97ca-206a8a1423a6}{3808876b-c176-4e48-b7ae-04046e6cc752} 2015-08-24 20:06:21.165 Could not open C:\System Volume Information\{ec5abfc4-4a74-11e5-97ca-206a8a1423a6}{3808876b-c176-4e48-b7ae-04046e6cc752} 2015-08-24 20:06:21.165 Could not open C:\System Volume Information\{ec5abfc8-4a74-11e5-97ca-206a8a1423a6}{3808876b-c176-4e48-b7ae-04046e6cc752} 2015-08-24 20:06:21.165 Could not open C:\System Volume Information\{ec5abfcc-4a74-11e5-97ca-206a8a1423a6}{3808876b-c176-4e48-b7ae-04046e6cc752} 2015-08-24 20:37:38.129 >>> Virus 'Mal/VMProtBad-A' found in file C:\Users\Chaotic Lawliet\Desktop\Games\Starbound\win32\steam_api.dll 2015-08-24 20:39:02.073 >>> Virus 'Mal/VMProtBad-A' found in file C:\Users\Chaotic Lawliet\Desktop\Games\Terraria 1.2.4.1\steam_api.dll 2015-08-24 20:55:53.033 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb 2015-08-24 20:55:53.033 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb 2015-08-24 20:56:13.188 Could not open C:\Windows\System32\config\RegBack\DEFAULT 2015-08-24 20:56:13.188 Could not open C:\Windows\System32\config\RegBack\SAM 2015-08-24 20:56:13.188 Could not open C:\Windows\System32\config\RegBack\SECURITY 2015-08-24 20:56:13.235 Could not open C:\Windows\System32\config\RegBack\SOFTWARE 2015-08-24 20:56:13.235 Could not open C:\Windows\System32\config\RegBack\SYSTEM 2015-08-24 21:52:39.985 Could not open LOGICAL:0010:00000000 2015-08-24 21:52:39.985 Could not open Q:\ 2015-08-24 21:52:40.391 The following items will be cleaned up: 2015-08-24 21:52:40.391 Mal/Behav-001 2015-08-24 21:52:40.391 Mal/VMProtBad-A No errors encountered to my knowledge. Although strangely the issue I've been having seems to "disappear" around 9pm and seems to be returning around 11am. Not sure if it's coincidence or caused by anything specific, just thought I would mention it anyway.
  9. Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-08-2015 Ran by Chaotic Lawliet (2015-08-23 21:12:30) Running from C:\Users\Chaotic Lawliet\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2505415791-2747731311-3398940262-500 - Administrator - Disabled) Chaotic Lawliet (S-1-5-21-2505415791-2747731311-3398940262-1000 - Administrator - Enabled) => C:\Users\Chaotic Lawliet Guest (S-1-5-21-2505415791-2747731311-3398940262-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2505415791-2747731311-3398940262-1002 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKLM-x32\...\uTorrent) (Version: 3.2.3.28705 - BitTorrent Inc.) 18 Wheels of Steel - American Long Haul (x32 Version: 2.2.0.95 - WildTangent) Hidden Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.60 - NewTech Infosystems) Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.3.5 - liteon) Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3004 - Acer Incorporated) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3011 - Acer Incorporated) Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.1.3 - WildTangent) Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated) Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0423.2010 - Acer Incorporated) Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated) Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated) Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated) Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated) Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.) Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden Akamai NetSession Interface (HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\Akamai) (Version: - Akamai Technologies, Inc) Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}) (Version: 1.5.17.05094 - Alcor Micro Corp.) Alcor Micro USB Card Reader (x32 Version: 1.5.17.05094 - Alcor Micro Corp.) Hidden APB Reloaded (HKLM-x32\...\Steam App 113400) (Version: - ) Audacity 1.3.13 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team) AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6086 - AVG Technologies) AVG 2015 (Version: 15.0.4409 - AVG Technologies) Hidden AVG 2015 (Version: 15.0.6086 - AVG Technologies) Hidden AVG PC TuneUp 2015 (en-US) (x32 Version: 15.0.1001.638 - AVG Technologies) Hidden AVG PC TuneUp 2015 (HKLM-x32\...\AVG PC TuneUp) (Version: 15.0.1001.638 - AVG Technologies) AVG PC TuneUp 2015 (x32 Version: 15.0.1001.638 - AVG Technologies) Hidden Backup Manager Basic (x32 Version: 2.0.0.60 - NewTech Infosystems) Hidden Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 12.52.03 - Broadcom Corporation) Bruteforce Save Data (HKLM-x32\...\Bruteforce Save Data) (Version: - ) Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden BYOND (HKLM-x32\...\BYOND) (Version: 498.1163 - BYOND) Cheat Engine 6.2 (HKLM-x32\...\Cheat Engine 6.2_is1) (Version: - Dark Byte) Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2829.50 - CyberLink Corp.) Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden Dropbox (HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.) Easy Auto Clicker (HKLM-x32\...\Easy Auto Clicker_is1) (Version: V2.0 - easyautoclicker.com) eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM) Elsword version 1.11 (HKLM-x32\...\{E655DDFC-24DB-4FC3-8474-271E911309B4}_is1) (Version: 1.11 - Kill3rCombo) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.) eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden Free Download Manager 3.9.2 (HKLM-x32\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden Grand Chase version 1.0.0.1 (HKLM-x32\...\{FF222EB6-6FE1-486E-A9E8-93B5D5D72A8C}_is1) (Version: 1.0.0.1 - SG Interactive) Grand Fantasia (HKLM-x32\...\Grand Fantasia) (Version: - ) Happy Cloud Client (HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\HappyCloud) (Version: 4.54 - Happy Cloud, Inc.) Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated) IGG Web3D Player version 1.0.0.38 (HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\IGG Web3D Player_is1) (Version: 1.0.0.38 - IGG, Inc.) IMVU Avatar Chat Software (HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\IMVU Avatar chat client software BETA) (Version: - ) Infinity Wars (HKLM-x32\...\Infinity Wars) (Version: - ) Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation) Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation) Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation) Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden Katawa Shoujo (HKLM-x32\...\Katawa Shoujo) (Version: - ) LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version: - ) Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.12 - Acer Inc.) League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games) League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden Lightshot-5.2.1.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.2.1.1 - Skillbrains) Livestream for Producers (HKLM-x32\...\{524A9978-8E2A-487F-A50B-E71D72F2EDDE}) (Version: 0.0.42 - Livestream) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.383 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.383 - LogMeIn, Inc.) Hidden Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) MapleStory (HKLM-x32\...\MapleStory) (Version: - ) Media Player Classic - Home Cinema v1.5.2.3456 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.5.2.3456 - MPC-HC Team) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Mozilla Firefox 40.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.2 (x86 en-US)) (Version: 40.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.2.5702 - Mozilla) MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.) MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version: - ) Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 1.1.1 - Nexon) Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation) NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.628 - NewTech Infosystems) NTI Backup Now Standard (x32 Version: 5.1.2.628 - NewTech Infosystems) Hidden NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6630 - NewTech Infosystems) NTI Media Maker 8 (x32 Version: 8.0.12.6630 - NewTech Infosystems) Hidden NVIDIA PhysX (HKLM-x32\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation) OGPlanet Game Launcher (HKLM-x32\...\OGPlanet Game Launcher US) (Version: 1.0.0 - OGPlanet, Inc.) OGPlanet Game Launcher (HKLM-x32\...\OGPlanet Game Launcher) (Version: 1.0.0 - OGPlanet, Inc.) PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden Raptr (HKLM-x32\...\Raptr) (Version: - ) RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.6 - RealNetworks) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6000 - Realtek Semiconductor Corp.) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden Rumble Fighter (HKLM-x32\...\RumbleFighter) (Version: - ) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.550.0 - SAMSUNG Electronics Co., Ltd.) Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) SWF & FLV Player 3.0 (build 3.0.33.5106) (HKLM-x32\...\SWF & FLV Player_is1) (Version: 3.0.33.5106 - Eltima Software) SWF Opener (HKLM-x32\...\{01386D1F-ADE7-43B4-A4E9-312FC5BC726F}_is1) (Version: 1.3 - UnH Solutions) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.6.0 - Synaptics Incorporated) TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24732 - TeamViewer) TERA (HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\teraenmasse) (Version: - ) Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company) Times Reader (x32 Version: 2.055 - The New York Times Company) Hidden Unity Web Player (HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden USB Optical Mouse (HKLM-x32\...\{EEAE45EB-C1E3-4CCD-930D-D7B40F810063}) (Version: 1.00.0000 - ) Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC) (HKLM-x32\...\{CDCAED05-7803-4713-9BA0-072BD1194B83}) (Version: 1.11.0402 - SAMSUNG) Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player 1.1.7 (HKLM-x32\...\VLC media player) (Version: 1.1.7 - VideoLAN) Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3002 - Acer Incorporated) WildTangent Games App (Acer Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.6.14 - WildTangent) Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation) Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation) Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - ) Xpadder version 5.7 (HKLM-x32\...\{0DCE54A9-7256-4132-9D4E-1A64AE35E9B1}_is1) (Version: 5.7 - Xpadder, Inc.) Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.) Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - ) Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Chaotic Lawliet\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Chaotic Lawliet\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File ==================== Restore Points ========================= 17-08-2015 09:29:11 Windows Update 20-08-2015 03:01:06 Windows Update 22-08-2015 10:58:15 Installed AVG PC TuneUp 2015 22-08-2015 12:57:16 Windows Update ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {20EF8B7E-05C3-4DFD-98E4-8174449F579E} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe Task: {2692640E-A97B-4C6B-8B4D-606E55563A3D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.) Task: {2F7782AF-B3B6-4D89-A942-466E9996CDCD} - System32\Tasks\{6EE2B446-6C62-410D-90E3-8B35FA4EB63C} => pcalua.exe -a "C:\Users\Chaotic Lawliet\Desktop\SCHTHACK PSOBB\data\data-fix.exe" -d "C:\Users\Chaotic Lawliet\Desktop\SCHTHACK PSOBB\data" Task: {30A8D933-FB5F-4594-936B-B3BA788319E3} - System32\Tasks\{06B71EE2-9598-437A-B550-E5D719A4C07F} => pcalua.exe -a "C:\Users\Chaotic Lawliet\Desktop\Maple Story\MSSetupv83.exe" -d "C:\Users\Chaotic Lawliet\Desktop\Maple Story" Task: {56551FC5-69CC-4AB4-A4AF-33C6BE69429F} - System32\Tasks\{73464F91-A401-4C86-84A8-C9918401783C} => pcalua.exe -a "C:\Users\Chaotic Lawliet\Desktop\iROSetupFv1.3.exe" -d "C:\Users\Chaotic Lawliet\Desktop" Task: {62B6B644-CCA8-4E59-8281-7D5A1D2C087B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated) Task: {62CA758A-340D-4C28-9735-04B650A36AF9} - System32\Tasks\{3FE0A132-4D64-4C54-A1D9-067C23066335} => pcalua.exe -a "C:\Users\Chaotic Lawliet\Desktop\Games\Maple Story\MSSetupv83.exe" -d "C:\Users\Chaotic Lawliet\Desktop\Games\Maple Story" Task: {789916C1-99B4-4E8F-BD18-F37AF9DA3A51} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2505415791-2747731311-3398940262-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.) Task: {94AE92E0-D652-4DB8-B585-7D1D0B306CD9} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser Task: {9C0D102B-C128-47AD-B511-2E94F693C113} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2015-08-04] (AVG Technologies) Task: {A0FF3C3E-3E04-4AE9-9140-B1A4D029825B} - System32\Tasks\{6B09288F-2E0A-4793-BB35-03367B28EA4D} => pcalua.exe -a "C:\Users\Chaotic Lawliet\Desktop\MSSetupv83.exe" -d "C:\Users\Chaotic Lawliet\Desktop" Task: {A5510CB8-43E4-42D0-A86D-BF6D8EADF322} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-06-08] (Oracle Corporation) Task: {A90F4D43-BDDB-4288-A179-198EE601D6B7} - System32\Tasks\{CC85C907-A2C0-499C-B57E-D6899D02BB6B} => pcalua.exe -a C:\Windows\SysWOW64\_online.exe Task: {AF9AE99C-EA69-4BB8-8725-74214972AD3F} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2505415791-2747731311-3398940262-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.) Task: {B92FD3BB-E38F-4FD1-8A12-4821A56769CE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.) Task: {CCF2005F-2BAC-4473-8ED6-599D764F25F5} - \RealPlayer (32-bit) -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2015-08-04 08:26 - 2015-08-04 08:26 - 00718040 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll 2013-05-06 19:10 - 2010-03-30 13:37 - 00245248 _____ () C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\MouseHid.exe 2015-08-04 08:26 - 2015-08-04 08:26 - 00861912 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\tulnga.dll 2010-03-08 20:18 - 2010-03-08 20:18 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll 2010-03-08 20:13 - 2010-03-08 20:13 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll 2010-09-11 18:40 - 2009-05-20 18:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll 2015-08-21 21:09 - 2015-08-18 01:23 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libglesv2.dll 2015-08-21 21:09 - 2015-08-18 01:23 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libegl.dll 2015-08-21 21:09 - 2015-08-18 01:23 - 16393032 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\aeriagames.com -> hxxps://aeriagames.com IE trusted site: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\aeriagames.com -> hxxp://aeriagames.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Chaotic Lawliet\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: BackgroundContainerV2 => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Chaotic Lawliet\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{55FCE6FB-8477-4D17-88A4-243220923188}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe FirewallRules: [{8E9364A9-4569-4D8E-AA27-D41B5302CE17}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe FirewallRules: [{10AE076D-12C3-4FF7-ABCA-03E704C73A71}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe FirewallRules: [{7D24D6B2-0ACD-49EF-8A3E-3B3BCCF37300}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe FirewallRules: [{9BC864CD-20A3-4852-A035-B3A6FD6AFC65}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE FirewallRules: [{50A266F2-A3C1-4C6C-BE59-EA589C0A8745}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{5B1DA6E7-EBAC-4868-95F8-86E548002DCE}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{E81BEC7D-C0A8-463C-8F41-717C23C0216F}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{D321272E-7ABA-4569-BC92-F6B8D73C943E}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe FirewallRules: [{13F89185-FEA3-4DA5-81C5-49DB3E5B0FFC}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe FirewallRules: [{1B9494AC-4B95-495A-A13F-8B7A37E41067}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe FirewallRules: [{10B0810A-7425-49FB-8412-3C5CBA72CB24}] => (Allow) C:\Program Files (x86)\Kill3rCombo\Elsword\data\x2.exe FirewallRules: [{B45C9BB9-1E83-4DE7-B916-3B1EC7593FB6}] => (Allow) C:\Program Files (x86)\Kill3rCombo\Elsword\data\x2.exe FirewallRules: [TCP Query User{8AF26A33-207F-41EB-AE32-705613D3DAFC}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe FirewallRules: [uDP Query User{36DE94A6-99AD-434B-8BC6-3B84DC06B87C}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe FirewallRules: [TCP Query User{73776358-88A5-41AE-8009-38DA2788A115}C:\users\chaotic lawliet\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\chaotic lawliet\appdata\local\akamai\netsession_win.exe FirewallRules: [uDP Query User{5E83AF13-DFE5-4F5C-8E43-5D82A2C271E7}C:\users\chaotic lawliet\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\chaotic lawliet\appdata\local\akamai\netsession_win.exe FirewallRules: [TCP Query User{CE49BB6E-96E0-4F62-B52E-E747F4749753}C:\users\chaotic lawliet\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\chaotic lawliet\appdata\local\akamai\netsession_win.exe FirewallRules: [uDP Query User{0D25D765-88D7-4553-8289-03F030DFF3EC}C:\users\chaotic lawliet\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\chaotic lawliet\appdata\local\akamai\netsession_win.exe FirewallRules: [{FDF61097-B724-4E93-B63E-8A32CDE8814E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{7FBF2CEE-F072-4B3B-8ED2-2E029174C786}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [TCP Query User{64E17647-807A-4702-8300-95058EA8E453}C:\program files (x86)\ogplanet\rumblefighter\gemdumploader.exe] => (Allow) C:\program files (x86)\ogplanet\rumblefighter\gemdumploader.exe FirewallRules: [uDP Query User{DE39E9F9-677C-4774-8A7B-9B18B9E1F503}C:\program files (x86)\ogplanet\rumblefighter\gemdumploader.exe] => (Allow) C:\program files (x86)\ogplanet\rumblefighter\gemdumploader.exe FirewallRules: [TCP Query User{A878EC8E-0678-4832-9C99-091921EAFDB9}C:\program files (x86)\byond\bin\byond.exe] => (Allow) C:\program files (x86)\byond\bin\byond.exe FirewallRules: [uDP Query User{DB356D93-DBAF-45C3-9A2C-F43BB1907974}C:\program files (x86)\byond\bin\byond.exe] => (Allow) C:\program files (x86)\byond\bin\byond.exe FirewallRules: [{84EDAFC1-2F58-4727-8B69-BE663724BF56}] => (Allow) LPort=443 FirewallRules: [{BEFC1A93-7C4F-4BC4-9F9E-A5D8EAF5B214}] => (Allow) LPort=443 FirewallRules: [{68E4EE2E-3122-49E5-83CB-00913C4FEEFA}] => (Allow) LPort=37674 FirewallRules: [{00054145-DF99-48CD-9AD3-77CAEAE365EA}] => (Allow) LPort=37674 FirewallRules: [{97C53A50-5FF0-4FD2-B7C9-ED7C8931C541}] => (Allow) LPort=37675 FirewallRules: [{11A3CD1A-6B16-4090-8A72-3A5819634CF3}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{D9E8FC75-4A49-469B-B9BB-8D38812D4425}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\apb reloaded\Launcher\APBLauncher.exe FirewallRules: [{A4725AA6-0581-42F1-9E79-7F42834B2C44}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\apb reloaded\Launcher\APBLauncher.exe FirewallRules: [{B90A66D5-1C6E-45A7-B82E-009A149C2B0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\apb reloaded\Binaries\APB.exe FirewallRules: [{6AC94A09-7700-4CBE-B621-F745BCC62E20}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\apb reloaded\Binaries\APB.exe FirewallRules: [{55388482-86D5-4D98-8B1A-5B15F914BA4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\apb reloaded\Binaries\VivoxVoiceService.exe FirewallRules: [{A797FBB7-1D1F-45A4-BD61-7D7AE73CFCB8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\apb reloaded\Binaries\VivoxVoiceService.exe FirewallRules: [{10522428-4248-4CBA-82B5-894EDFE3C2CA}] => (Allow) C:\Program Files (x86)\Kill3rCombo\Elsword\data\x2.exe FirewallRules: [{DC9C618F-5FFC-432B-8DF6-17185CF392C1}] => (Allow) C:\Program Files (x86)\Kill3rCombo\Elsword\data\x2.exe FirewallRules: [{7E8E3A8B-CA18-4B20-9E86-ED7E5DB5A1F3}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe FirewallRules: [{2C521BB3-96A1-4B8A-8DF7-A07EB14EE8D8}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe FirewallRules: [{21C6E670-2AC8-4D9F-A7D4-2A40AE777071}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe FirewallRules: [{E39AB1C7-3E54-4027-8B29-A84161424CBD}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe FirewallRules: [TCP Query User{E48A2E88-13C3-4DB5-9A62-E34D80ECEF0C}C:\users\chaotic lawliet\desktop\crap\utorrent.exe] => (Allow) C:\users\chaotic lawliet\desktop\crap\utorrent.exe FirewallRules: [uDP Query User{D563F37E-5BC7-486F-90AA-1ABE0788A43C}C:\users\chaotic lawliet\desktop\crap\utorrent.exe] => (Allow) C:\users\chaotic lawliet\desktop\crap\utorrent.exe FirewallRules: [{5F7D518C-3CF1-4130-A9D1-060DA48B7B53}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe FirewallRules: [{548F6B95-CE41-4DD7-9C4F-6AF30253C958}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe FirewallRules: [{A1FA0DF4-EC3A-4B51-9A7D-BEB1CA644190}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{EEF495F4-3D5A-48A1-8232-5EEAC38BD7B2}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{A0C0E061-9D32-4FA0-8570-C4360789B9F8}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{8EFE41C3-1F54-4297-92A9-48CA58A2F411}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{D32A7871-570E-4312-ACAE-346D7CA61843}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe FirewallRules: [{968743AA-2F05-4748-AF87-D213CE86210B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe FirewallRules: [{615839B9-0BD3-459A-B502-3FD08465C86C}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe FirewallRules: [{EDAE4316-3DE9-4704-B438-9AD26A377674}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe FirewallRules: [{B3497598-6E3F-41EE-BB68-172F9A14F237}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe FirewallRules: [{1680C3A4-807C-40DA-BC8F-9EE2712287A5}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe FirewallRules: [{558496BB-4B2A-460D-BA9B-5262278A90CC}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe FirewallRules: [{DA1AC079-0954-4CAE-A9E0-85DB749B2D18}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe FirewallRules: [{2E313764-C6B9-434E-B3FB-B616246533DB}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe FirewallRules: [{818174F8-14EC-4346-AF7F-911973A1D31E}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe FirewallRules: [{AB419297-25C5-40DE-A309-1BF748B9C176}] => (Allow) C:\Users\Chaotic Lawliet\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{454A6046-436B-4164-98D3-2864B87D78D5}] => (Allow) C:\Users\Chaotic Lawliet\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{345488BB-7A1E-4F18-B57A-4A4044C29DFE}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe FirewallRules: [{2DC26685-792F-42F8-99D0-9DA65B2F9C19}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe FirewallRules: [{1AA65402-A94A-4AC7-A0EA-6943EDC28C48}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe FirewallRules: [{069A686C-BD3C-40ED-9E99-D904E9F92DD8}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe FirewallRules: [{59EE724B-E087-44B8-B9D9-4BFD4198FA10}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe FirewallRules: [{836CEE22-561C-4098-8680-AEB8191DADF6}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe FirewallRules: [{FD0539A9-20B9-41CC-91D7-473041DEDB87}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe FirewallRules: [{D3BC25F7-D016-4EEC-9715-B33A7CC05D2C}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe FirewallRules: [{6DE5B291-558C-4D52-B538-768AD1F52A07}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{C10250A8-FD4D-4FBF-A8CE-9334D1871B40}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{9844F91B-5EBF-4EBD-B9F9-B62DEC9C95D8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/23/2015 08:52:19 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Skype.exe version 7.8.64.102 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: a2c Start Time: 01d0de066086b14c Termination Time: 20 Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe Report Id: 58811c65-49fa-11e5-854f-206a8a1423a6 Error: (08/23/2015 04:23:15 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (08/23/2015 04:22:56 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (08/23/2015 04:22:56 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (08/23/2015 04:22:46 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (08/23/2015 04:14:32 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure. Error: (08/23/2015 03:33:29 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure. Error: (08/23/2015 03:11:50 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure. Error: (08/23/2015 03:06:01 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure. Error: (08/22/2015 12:01:27 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure. System errors: ============= Error: (08/23/2015 08:52:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: %%1275 Error: (08/23/2015 08:52:12 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\CHAOTI~1\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (08/23/2015 08:52:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: %%1275 Error: (08/23/2015 08:52:12 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\CHAOTI~1\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (08/23/2015 08:52:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: %%1275 Error: (08/23/2015 08:52:12 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\CHAOTI~1\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (08/23/2015 08:52:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: %%1275 Error: (08/23/2015 08:52:11 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\CHAOTI~1\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (08/23/2015 08:52:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: %%1275 Error: (08/23/2015 08:52:11 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\CHAOTI~1\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Microsoft Office: ========================= Error: (08/23/2015 08:52:19 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Skype.exe7.8.64.102a2c01d0de066086b14c20C:\Program Files (x86)\Skype\Phone\Skype.exe58811c65-49fa-11e5-854f-206a8a1423a6 Error: (08/23/2015 04:23:15 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Chaotic Lawliet\Desktop\esetsmartinstaller_enu.exe Error: (08/23/2015 04:22:56 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Chaotic Lawliet\Desktop\esetsmartinstaller_enu.exe Error: (08/23/2015 04:22:56 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Chaotic Lawliet\Desktop\esetsmartinstaller_enu.exe Error: (08/23/2015 04:22:46 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Chaotic Lawliet\Desktop\esetsmartinstaller_enu.exe Error: (08/23/2015 04:14:32 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure. Error: (08/23/2015 03:33:29 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure. Error: (08/23/2015 03:11:50 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure. Error: (08/23/2015 03:06:01 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure. Error: (08/22/2015 12:01:27 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure. CodeIntegrity: =================================== Date: 2015-08-23 04:11:22.624 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. Date: 2015-08-23 04:11:22.422 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. Date: 2015-08-23 04:11:22.228 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. Date: 2015-08-22 11:04:52.736 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. Date: 2015-08-22 11:04:52.595 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. Date: 2015-08-22 11:04:52.424 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system. Date: 2015-08-22 11:04:52.299 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system. Date: 2015-08-22 11:04:47.057 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. Date: 2015-08-22 11:04:46.933 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. Date: 2015-08-22 11:04:46.808 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Pentium® CPU P6100 @ 2.00GHz Percentage of memory in use: 70% Total physical RAM: 2804.5 MB Available physical RAM: 833.25 MB Total Virtual: 5607.2 MB Available Virtual: 3286.65 MB ==================== Drives ================================ Drive c: (ACER) (Fixed) (Total:219.11 GB) (Free:62.4 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: C444C444) Partition 1: (Not Active) - (Size=13.7 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=219.1 GB) - (Type=07 NTFS) ==================== End of log ============================
  10. 2015-08-12 07:43 - 2015-07-20 14:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-08-12 07:43 - 2015-07-20 14:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-08-12 07:43 - 2015-07-20 14:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-08-12 07:43 - 2015-07-20 14:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-08-12 07:43 - 2015-07-20 14:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-08-12 07:43 - 2015-07-20 13:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-08-12 07:43 - 2015-07-20 13:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-08-12 07:43 - 2015-07-20 13:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-08-12 07:43 - 2015-07-20 13:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-08-12 07:43 - 2015-07-20 13:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-08-12 07:43 - 2015-07-14 23:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2015-08-12 07:43 - 2015-07-14 23:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2015-08-12 07:43 - 2015-07-14 22:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2015-08-12 07:43 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll 2015-08-12 07:43 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2015-08-12 07:43 - 2015-07-10 13:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-08-12 07:43 - 2015-07-10 13:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-08-12 07:43 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe 2015-08-12 07:43 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe 2015-08-12 07:43 - 2015-07-09 13:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe 2015-08-12 07:42 - 2015-05-09 14:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll 2015-08-03 09:06 - 2015-08-03 09:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2015-08-03 09:06 - 2015-08-03 09:06 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2015-07-25 17:33 - 2015-07-25 17:33 - 00000000 ____D C:\Nexon 2015-07-25 17:32 - 2015-08-18 14:13 - 00000000 ____D C:\Users\Chaotic Lawliet\AppData\Local\NexonLauncher 2015-07-25 17:32 - 2015-07-25 17:33 - 00000000 ____D C:\Users\Chaotic Lawliet\AppData\Roaming\NexonLauncher 2015-07-25 16:59 - 2015-07-26 10:09 - 00000000 ____D C:\Users\Chaotic Lawliet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon 2015-07-25 16:59 - 2015-07-25 17:06 - 00002047 _____ C:\Users\Chaotic Lawliet\Desktop\Nexon Launcher.lnk 2015-07-25 16:59 - 2015-07-25 16:59 - 00000000 ____D C:\Program Files (x86)\Nexon 2015-07-25 11:29 - 2015-06-01 20:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll 2015-07-25 11:29 - 2015-06-01 19:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll 2015-07-25 11:28 - 2015-06-17 13:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-07-25 11:28 - 2015-06-17 13:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2015-07-25 11:20 - 2015-07-04 14:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2015-07-25 11:20 - 2015-07-04 13:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2015-07-25 11:20 - 2015-04-27 15:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-07-25 11:20 - 2015-04-27 15:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-07-25 11:20 - 2015-04-27 15:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-07-25 11:20 - 2015-04-27 15:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2015-07-25 11:20 - 2015-04-27 15:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2015-07-25 11:20 - 2015-04-27 15:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2015-07-25 11:20 - 2015-04-27 15:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2015-07-25 11:20 - 2015-04-27 15:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2015-07-25 11:11 - 2015-06-15 17:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2015-07-25 11:11 - 2015-06-15 17:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2015-07-25 11:11 - 2015-06-15 17:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-07-25 11:11 - 2015-06-15 17:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2015-07-25 11:11 - 2015-06-15 17:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2015-07-25 11:11 - 2015-06-15 17:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe 2015-07-25 11:11 - 2015-06-15 17:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2015-07-25 11:11 - 2015-06-15 17:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-07-25 11:11 - 2015-06-15 17:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2015-07-25 11:11 - 2015-06-15 17:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe 2015-07-25 11:11 - 2015-06-15 17:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll 2015-07-25 11:11 - 2015-06-15 17:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-23 21:08 - 2011-01-29 03:20 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-08-23 20:51 - 2012-08-12 18:56 - 00000000 ____D C:\Users\Chaotic Lawliet\AppData\Roaming\Skype 2015-08-23 20:49 - 2013-06-05 19:36 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.2 2015-08-23 20:49 - 2013-01-28 06:48 - 00000000 ____D C:\Program Files (x86)\uTorrent 2015-08-23 20:49 - 2011-02-09 01:14 - 00000000 ___RD C:\Users\Chaotic Lawliet\Desktop\Crap 2015-08-23 20:23 - 2012-08-16 21:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-08-23 19:39 - 2010-09-11 17:55 - 01691303 _____ C:\Windows\WindowsUpdate.log 2015-08-23 16:24 - 2009-07-14 00:45 - 00022896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-08-23 16:24 - 2009-07-14 00:45 - 00022896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-08-23 16:15 - 2012-09-13 01:47 - 00000000 ____D C:\Users\Chaotic Lawliet\AppData\Local\LogMeIn Hamachi 2015-08-23 16:14 - 2011-06-19 14:04 - 00000000 ____D C:\Users\Chaotic Lawliet\Tracing 2015-08-23 16:13 - 2011-01-29 03:20 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-08-23 16:12 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-08-23 16:12 - 2009-07-14 00:51 - 00657923 _____ C:\Windows\setupact.log 2015-08-23 15:10 - 2010-07-14 18:44 - 05576412 _____ C:\Windows\PFRO.log 2015-08-23 14:10 - 2011-01-28 20:54 - 00000000 ____D C:\ProgramData\MFAData 2015-08-22 18:02 - 2011-11-19 11:26 - 00000000 ____D C:\Users\Chaotic Lawliet\Desktop\Games 2015-08-22 17:14 - 2015-05-13 22:54 - 00000000 ____D C:\Users\Chaotic Lawliet\Desktop\Facebook Comment Pics 2015-08-22 11:49 - 2014-07-21 13:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\En Masse Entertainment 2015-08-22 11:47 - 2012-04-29 02:28 - 00000000 ____D C:\Users\Chaotic Lawliet\.thumbnails 2015-08-22 11:47 - 2012-04-04 18:53 - 00000000 ____D C:\Users\Chaotic Lawliet\AppData\Roaming\IMVU 2015-08-22 11:47 - 2012-02-03 01:26 - 00000000 ____D C:\Program Files (x86)\Steam 2015-08-22 11:47 - 2011-01-29 02:24 - 00000000 ____D C:\Users\Chaotic Lawliet\AppData\Roaming\.minecraft 2015-08-22 11:47 - 2010-09-11 17:56 - 00000000 ____D C:\ProgramData\Temp 2015-08-22 11:46 - 2009-07-27 16:41 - 00000000 ____D C:\Windows\Panther 2015-08-22 11:45 - 2015-07-10 09:39 - 00000000 ___HD C:\$Windows.~BT 2015-08-22 11:27 - 2011-01-29 02:54 - 00000000 ____D C:\Users\Chaotic Lawliet\AppData\Local\VirtualStore 2015-08-22 11:09 - 2012-09-17 18:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-08-22 10:59 - 2011-10-17 20:19 - 00000000 ____D C:\Program Files (x86)\AVG 2015-08-22 10:58 - 2015-06-29 12:37 - 00000000 ____D C:\Users\Chaotic Lawliet\AppData\Local\Avg 2015-08-22 10:47 - 2014-11-24 16:41 - 00001804 _____ C:\Users\Chaotic Lawliet\AppData\Roaming\Microsoft\Windows\Start Menu\Infinity Wars.lnk 2015-08-21 21:08 - 2010-07-14 18:40 - 00000000 ____D C:\Program Files (x86)\Google 2015-08-21 21:00 - 2011-01-29 03:14 - 00000000 ____D C:\Users\Chaotic Lawliet\AppData\Local\Google 2015-08-21 11:51 - 2012-08-12 18:55 - 00000000 ____D C:\ProgramData\Skype 2015-08-21 10:34 - 2013-11-20 03:20 - 00000000 ____D C:\ProgramData\Oracle 2015-08-21 10:32 - 2011-09-09 11:29 - 00000000 ____D C:\Program Files\Java 2015-08-21 10:30 - 2011-09-09 11:29 - 00321632 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2015-08-21 10:30 - 2011-09-09 11:29 - 00206944 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2015-08-21 10:30 - 2011-09-09 11:29 - 00206432 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2015-08-21 10:28 - 2014-02-13 01:38 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-08-21 10:28 - 2013-08-21 16:39 - 00000000 ____D C:\Program Files (x86)\Java 2015-08-18 21:44 - 2015-05-17 17:39 - 00000000 ____D C:\ProgramData\Riot Games 2015-08-14 14:35 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache 2015-08-13 23:16 - 2009-07-14 00:45 - 04890528 _____ C:\Windows\system32\FNTCACHE.DAT 2015-08-13 23:12 - 2014-12-13 23:46 - 00000000 ____D C:\Windows\system32\appraiser 2015-08-13 23:12 - 2014-07-10 03:03 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-08-13 08:07 - 2014-05-24 03:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-08-13 03:18 - 2014-05-24 03:38 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-08-13 03:18 - 2014-05-24 03:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-08-12 12:24 - 2012-08-16 21:15 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-08-12 12:24 - 2012-08-16 21:15 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-08-12 12:24 - 2011-12-14 16:31 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-08-11 17:31 - 2011-11-03 23:56 - 00000000 ____D C:\Users\Chaotic Lawliet\AppData\Local\Akamai 2015-08-10 12:04 - 2011-04-28 09:47 - 00000000 ____D C:\Users\Chaotic Lawliet\Desktop\Awesomeness in a Folder 2015-08-03 12:12 - 2012-11-25 17:23 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys 2015-07-30 08:23 - 2015-06-29 12:51 - 00000615 _____ C:\Windows\SysWOW64\userawacs.cfg 2015-07-30 08:23 - 2015-06-29 12:50 - 00000140 _____ C:\Windows\SysWOW64\usergui.cfg 2015-07-30 08:22 - 2015-06-09 02:51 - 00000848 _____ C:\Users\Public\Desktop\AVG 2015.lnk 2015-07-30 08:22 - 2014-05-23 03:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2015-07-26 12:55 - 2015-04-05 03:01 - 00000000 ___SD C:\Windows\system32\GWX 2015-07-26 12:40 - 2015-04-05 03:01 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-07-26 12:40 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-07-25 16:44 - 2013-06-06 00:39 - 00000000 ___SD C:\Users\Chaotic Lawliet\Documents\Mabinogi 2015-07-25 14:03 - 2011-02-05 06:30 - 00000000 ____D C:\Users\Chaotic Lawliet\AppData\Roaming\vlc 2015-07-25 14:03 - 2011-02-02 00:39 - 00000000 ____D C:\Users\Public\CyberLink 2015-07-25 14:03 - 2010-07-14 19:20 - 00000000 ___RD C:\Users\Public\Recorded TV 2015-07-25 14:03 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Public\Libraries 2015-07-25 14:03 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2015-07-25 14:02 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration 2015-07-25 14:00 - 2011-07-29 07:35 - 00000000 ____D C:\ProgramData\Real 2015-07-25 10:28 - 2011-01-29 02:53 - 00000000 ____D C:\Users\Chaotic Lawliet ==================== Files in the root of some directories ======= 2013-05-04 16:08 - 2013-05-04 16:08 - 0000052 _____ () C:\Users\Chaotic Lawliet\AppData\Local\3883170B-3F35-4EA0-B02E-71898AC21CDB.INI 2014-01-25 19:09 - 2013-11-11 11:31 - 0091109 _____ () C:\Users\Chaotic Lawliet\AppData\Local\chrome_6486.crx 2013-03-24 04:41 - 2013-03-24 04:41 - 0000003 _____ () C:\Users\Chaotic Lawliet\AppData\Local\updater.log 2013-03-24 04:41 - 2015-04-23 08:56 - 0000424 _____ () C:\Users\Chaotic Lawliet\AppData\Local\UserProducts.xml 2012-08-28 23:11 - 2012-08-28 23:11 - 0000000 _____ () C:\ProgramData\ffabb5e26a6003591549831a2b1c583e_c Files to move or delete: ==================== C:\Users\Chaotic Lawliet\jagex_runescape_preferences.dat C:\Users\Chaotic Lawliet\jagex_runescape_preferences2.dat C:\Users\Public\DynamicInstaller.exe Some files in TEMP: ==================== C:\Users\Chaotic Lawliet\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-08-22 06:52 ==================== End of log ============================
  11. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-08-2015 Ran by Chaotic Lawliet (administrator) on TEMPEST (23-08-2015 21:09:12) Running from C:\Users\Chaotic Lawliet\Desktop Loaded Profiles: Chaotic Lawliet (Available Profiles: Chaotic Lawliet) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (Akamai Technologies, Inc.) C:\Users\Chaotic Lawliet\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Users\Chaotic Lawliet\AppData\Local\Akamai\netsession_win.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe () C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\MouseHid.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe (Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.2.1.1\Lightshot.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-22] (Alcor Micro Corp.) HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-26] (Egis Technology Inc.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9643552 2009-12-10] (Realtek Semiconductor) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-18] (Synaptics Incorporated) HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-04-23] (Acer Incorporated) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [backupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-08] (NewTech Infosystems, Inc.) HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation) HKLM-x32\...\Run: [suiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-26] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [968272 2010-06-22] (Dritek System Inc.) HKLM-x32\...\Run: [uSB Optical Mouse] => C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\MouseHid.exe [245248 2010-03-30] () HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3730344 2015-07-07] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] () HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5579624 2015-08-03] (LogMeIn Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-17] (Microsoft Corporation) HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Chaotic Lawliet\AppData\Local\Akamai\netsession_win.exe [4691384 2015-07-23] (Akamai Technologies, Inc.) HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-07-14] (Google Inc.) HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\Run: [LightShot] => C:\Users\Chaotic Lawliet\AppData\Local\Skillbrains\lightshot\Lightshot.exe HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\Run: [ROC_ROC_APR2013_AV] => C:\Users\Chaotic Lawliet\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 2daa7ced2f2547d1baa9f123ccf0ca55-d54ae5b4a42adb13fe8cade7cdf5e2a8b35ad24d --CMPID ROC_APR201 (the data entry has 22 more characters). HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\system32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation) HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-12-17] (Microsoft Corporation) ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [2010-05-26] (Egis Technology Inc.) ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll [2010-05-26] (Egis Technology Inc.) CHR HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_7741&r=273601115516l0438z115t47n1p586 URLSearchHook: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000 - (No Name) - {03f38c00-dda9-46bf-9475-c6997746c740} - No File SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW SearchScopes: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000 -> {225C4492-3857-42F3-9D50-97A47D1AF763} URL = hxxp://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true& user_id=%userid&tool_id=60231&qkw={searchTerms} SearchScopes: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enUS416 SearchScopes: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000 -> {E8984107-C1A3-4E7A-B45D-96DF0168DDAF} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=FWV5&o=14193&src=crm&q={searchTerms}&locale=&apn_ptnrs=FM&apn_dtid=YYYYYYURUS&apn_uid=f44b21fc-f465-45b9-a417-bc4a3921bffa&apn_sauid=299683DA-6A75-4BBC-8BE3-2F0703436E8E BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-15] (Google Inc.) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-21] (Oracle Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated) BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-08-30] (RealPlayer) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-08-21] (Oracle Corporation) BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-15] (Google Inc.) BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2013-03-11] (FreeDownloadManager.ORG) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-21] (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-15] (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-15] (Google Inc.) Toolbar: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-15] (Google Inc.) Toolbar: HKU\S-1-5-21-2505415791-2747731311-3398940262-1000 -> No Name - {03F38C00-DDA9-46BF-9475-C6997746C740} - No File Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Tcpip\..\Interfaces\{96381102-A251-4052-AB1E-ADFA4BE8D1BC}: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default FF DefaultSearchEngine.US: Google FF NetworkProxy: "http", "195.246.54.202" FF NetworkProxy: "http_port", 8080 FF NetworkProxy: "no_proxies_on", "" FF NetworkProxy: "socks_version", 4 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] () FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-21] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_51\bin\new_plugin\npjp2.dll [No File] FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-21] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-21] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-21] (Oracle Corporation) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2010-06-01] (Yahoo! Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation) FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2012-12-04] (Nexon) FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll [No File] FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File] FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2012-08-30] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll [2012-08-30] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-08-30] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-08-30] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2012-08-30] (RealPlayer) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2012-05-31] () FF Plugin-x32: BYOND -> C:\Program Files (x86)\BYOND\bin\npbyond.dll [2012-07-15] (BYOND) FF Plugin HKU\S-1-5-21-2505415791-2747731311-3398940262-1000: @g2.com/iggweb3dupdater -> C:\Users\Chaotic Lawliet\AppData\Roaming\IGG\Web3D\1.0.0.38\NPIGGWeb3DUpdater.dll [2012-04-19] (IGG) FF Plugin HKU\S-1-5-21-2505415791-2747731311-3398940262-1000: @g2.com/joyconnectshell -> C:\Users\Chaotic Lawliet\AppData\Roaming\IGG\Web3D\1.0.0.38\NPJoyConnectShell.dll [2012-04-19] (IGG) FF Plugin HKU\S-1-5-21-2505415791-2747731311-3398940262-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Chaotic Lawliet\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-04-23] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-2505415791-2747731311-3398940262-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-11-17] (The Happy Cloud) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npbyond.dll [2012-07-15] (BYOND) FF Extension: Bitdefender QuickScan - C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2015-08-22] FF Extension: Greasemonkey - C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-03-23] FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-05-26] FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext Chrome: ======= CHR Profile: C:\Users\Chaotic Lawliet\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Chaotic Lawliet\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2011-01-29] CHR Extension: (Tampermonkey) - C:\Users\Chaotic Lawliet\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-04-03] CHR Extension: (AdBlock) - C:\Users\Chaotic Lawliet\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-12-15] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Chaotic Lawliet\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14] CHR Extension: (LoL - Jinx) - C:\Users\Chaotic Lawliet\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndbciboanpmkpbeanbjdcneplghndhcp [2014-05-31] CHR Extension: (Mahjong Solitaire) - C:\Users\Chaotic Lawliet\AppData\Local\Google\Chrome\User Data\Default\Extensions\neojceinbonpjjcokpokpeobkhcpiloc [2015-02-09] CHR Extension: (Chrome Web Store Payments) - C:\Users\Chaotic Lawliet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23] CHR Extension: (My Chrome Theme) - C:\Users\Chaotic Lawliet\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2012-04-07] CHR HKLM\...\Chrome\Extension: [eogikidelleflpkolmiiaeibjbaepila] - C:\Users\CHAOTI~1\AppData\Local\chrome_6486.crx [2014-01-25] CHR HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [eogikidelleflpkolmiiaeibjbaepila] - C:\Users\CHAOTI~1\AppData\Local\chrome_6486.crx [2014-01-25] CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - <no Path/update_url> CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - <no Path/update_url> CHR HKLM-x32\...\Chrome\Extension: [eogikidelleflpkolmiiaeibjbaepila] - C:\Users\CHAOTI~1\AppData\Local\chrome_6486.crx [2014-01-25] CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-05-26] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3518376 2015-07-07] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [314304 2015-07-07] (AVG Technologies CZ, s.r.o.) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-08-03] (LogMeIn, Inc.) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (Egis Technology Inc.) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5312448 2014-03-19] (INCA Internet Co., Ltd.) R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [250368 2010-03-08] (NewTech Infosystems, Inc.) [File not signed] S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2973400 2015-08-04] (AVG Technologies) R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [44760 2015-08-04] (AVG Technologies) R2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [36568 2015-08-04] (AVG Technologies) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ASPI; C:\Windows\SysWOW64\DRIVERS\ASPI32.sys [84832 2002-07-17] (Adaptec) [File not signed] R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [293296 2015-06-26] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [226784 2015-06-10] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [281568 2015-05-12] (AVG Technologies CZ, s.r.o.) S3 GunBod; C:\Game\SoftnyxGame\GunBoundIS\avital\gunbod64.sys [86352 2014-11-28] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation) S3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd) S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-01] (INCA Internet Co., Ltd.) [File not signed] S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-04-26] (MCCI Corporation) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [31144 2015-06-25] (TuneUp Software) S3 CaptureFileMonitor; system32\DRIVERS\CaptureFileMonitor64.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 ProcObsrv; \??\C:\Windows\SysWOW64\ProcObsrv64.sys [X] S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X] S3 X6va001; \??\C:\Users\CHAOTI~1\AppData\Local\Temp\001BEDC.tmp [X] S3 X6va005; \??\C:\Users\CHAOTI~1\AppData\Local\Temp\0051E8B.tmp [X] S3 X6va006; \??\C:\Users\CHAOTI~1\AppData\Local\Temp\006561B.tmp [X] S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [X] S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [X] S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X] S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X] S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X] S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X] S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X] S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X] S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X] S3 X6va025; \??\C:\Windows\SysWOW64\Drivers\X6va025 [X] S3 X6va027; \??\C:\Windows\SysWOW64\Drivers\X6va027 [X] S3 X6va028; \??\C:\Windows\SysWOW64\Drivers\X6va028 [X] S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-23 21:09 - 2015-08-23 21:11 - 00027946 _____ C:\Users\Chaotic Lawliet\Desktop\FRST.txt 2015-08-23 21:08 - 2015-08-23 21:09 - 00000000 ____D C:\FRST 2015-08-23 21:07 - 2015-08-23 21:07 - 02173952 _____ (Farbar) C:\Users\Chaotic Lawliet\Desktop\FRST64.exe 2015-08-23 16:23 - 2015-08-23 16:23 - 00000000 ____D C:\Program Files (x86)\ESET 2015-08-23 16:22 - 2015-08-23 16:22 - 02870984 _____ (ESET) C:\Users\Chaotic Lawliet\Desktop\esetsmartinstaller_enu.exe 2015-08-23 16:15 - 2015-08-23 16:15 - 00010749 _____ C:\Users\Chaotic Lawliet\Desktop\AdwCleaner[C1].txt 2015-08-23 16:06 - 2015-08-23 16:06 - 00009987 _____ C:\Users\Chaotic Lawliet\Desktop\AdwCleaner[s1].txt 2015-08-23 16:01 - 2015-08-23 16:06 - 00000000 ____D C:\AdwCleaner 2015-08-23 15:56 - 2015-08-23 15:56 - 01605632 _____ C:\Users\Chaotic Lawliet\Desktop\adwcleaner_5.003.exe 2015-08-23 15:20 - 2015-08-23 15:20 - 00448512 _____ (OldTimer Tools) C:\Users\Chaotic Lawliet\Desktop\TFC.exe 2015-08-23 14:16 - 2015-08-23 14:16 - 00006990 _____ C:\Users\Chaotic Lawliet\Desktop\MBAM 8.23.15.txt 2015-08-23 09:00 - 2015-08-23 09:00 - 00002762 _____ C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 2015-08-22 17:35 - 2015-08-22 17:35 - 00000000 ____D C:\Users\Chaotic Lawliet\Desktop\Spyware Forum 2015-08-22 16:41 - 2015-08-23 12:24 - 00000000 ____D C:\Users\Chaotic Lawliet\AppData\Roaming\QuickScan 2015-08-22 14:34 - 2015-08-23 12:37 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-08-22 14:16 - 2015-08-22 14:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-08-22 14:16 - 2015-08-22 14:16 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-08-22 14:16 - 2015-08-22 14:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-08-22 14:16 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-08-22 14:16 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-08-22 14:16 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-08-22 12:58 - 2015-08-22 13:17 - 00000000 ____D C:\Windows\system32\MRT 2015-08-22 12:58 - 2015-07-28 10:59 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-08-22 11:59 - 2015-08-22 11:59 - 00000000 _____ C:\Windows\setuperr.log 2015-08-22 11:47 - 2015-08-22 11:47 - 00003704 _____ C:\Windows\System32\Tasks\Java Platform SE Auto Updater 2015-08-22 11:05 - 2015-08-04 08:25 - 00044760 _____ (AVG Technologies) C:\Windows\system32\uxtuneup.dll 2015-08-22 11:05 - 2015-08-04 08:25 - 00036568 _____ (AVG Technologies) C:\Windows\SysWOW64\uxtuneup.dll 2015-08-22 11:05 - 2015-08-04 08:25 - 00030424 _____ (AVG Technologies) C:\Windows\system32\authuitu.dll 2015-08-22 11:05 - 2015-08-04 08:25 - 00025816 _____ (AVG Technologies) C:\Windows\SysWOW64\authuitu.dll 2015-08-22 11:00 - 2015-08-22 11:00 - 00002179 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015.lnk 2015-08-22 11:00 - 2015-08-22 11:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015 2015-08-22 11:00 - 2015-08-04 08:25 - 00041688 _____ (AVG Technologies) C:\Windows\system32\TURegOpt.exe 2015-08-22 10:59 - 2015-08-22 10:59 - 00000000 ____D C:\Users\Chaotic Lawliet\AppData\Roaming\AVG 2015-08-22 10:57 - 2015-08-22 11:00 - 00000000 ____D C:\ProgramData\AVG 2015-08-21 21:09 - 2015-08-21 21:09 - 00002223 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-08-21 21:09 - 2015-08-21 21:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-08-21 14:05 - 2015-08-21 14:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-08-21 11:51 - 2015-08-21 11:51 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-08-21 11:51 - 2015-08-21 11:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-08-21 10:31 - 2015-08-21 10:30 - 00110688 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2015-08-20 03:04 - 2015-08-10 21:20 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-08-20 03:04 - 2015-08-10 21:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-08-20 03:04 - 2015-08-10 20:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-08-20 03:04 - 2015-08-10 20:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-08-15 12:22 - 2015-08-17 18:32 - 00003152 _____ C:\Users\Chaotic Lawliet\Desktop\Destoka's Pokemon Needs!.txt 2015-08-13 08:09 - 2015-07-30 09:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-08-13 08:09 - 2015-07-30 09:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-08-12 07:52 - 2015-07-20 20:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-08-12 07:52 - 2015-07-20 20:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-08-12 07:52 - 2015-07-16 16:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-08-12 07:52 - 2015-07-16 16:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-08-12 07:52 - 2015-07-16 16:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-08-12 07:52 - 2015-07-16 16:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-08-12 07:52 - 2015-07-16 16:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-08-12 07:52 - 2015-07-16 16:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-08-12 07:52 - 2015-07-16 16:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-08-12 07:52 - 2015-07-16 16:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-08-12 07:52 - 2015-07-16 16:21 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-08-12 07:52 - 2015-07-16 16:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-08-12 07:52 - 2015-07-16 16:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-08-12 07:52 - 2015-07-16 15:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-08-12 07:52 - 2015-07-16 15:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-08-12 07:52 - 2015-07-16 15:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-08-12 07:52 - 2015-07-16 15:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-08-12 07:52 - 2015-07-16 15:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-08-12 07:52 - 2015-07-16 15:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-08-12 07:52 - 2015-07-16 15:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-08-12 07:52 - 2015-07-16 15:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-08-12 07:52 - 2015-07-16 15:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-08-12 07:52 - 2015-07-16 15:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-08-12 07:52 - 2015-07-16 15:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-08-12 07:52 - 2015-07-16 15:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-08-12 07:52 - 2015-07-16 15:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-08-12 07:52 - 2015-07-16 15:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-08-12 07:52 - 2015-07-16 15:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-08-12 07:52 - 2015-07-16 15:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-08-12 07:52 - 2015-07-16 15:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-08-12 07:52 - 2015-07-16 15:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-08-12 07:52 - 2015-07-16 15:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-08-12 07:52 - 2015-07-16 15:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-08-12 07:52 - 2015-07-16 15:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-08-12 07:52 - 2015-07-16 15:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-08-12 07:52 - 2015-07-16 15:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-08-12 07:52 - 2015-07-16 15:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-08-12 07:52 - 2015-07-16 15:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-08-12 07:52 - 2015-07-16 15:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-08-12 07:52 - 2015-07-16 15:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-08-12 07:52 - 2015-07-16 14:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-08-12 07:52 - 2015-07-16 14:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-08-12 07:52 - 2015-07-16 14:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-08-12 07:52 - 2015-07-16 14:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-08-12 07:51 - 2015-07-30 14:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2015-08-12 07:51 - 2015-07-30 14:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-08-12 07:51 - 2015-07-30 14:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-08-12 07:51 - 2015-07-30 14:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-08-12 07:51 - 2015-07-30 14:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-08-12 07:51 - 2015-07-30 14:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-08-12 07:51 - 2015-07-30 14:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-08-12 07:51 - 2015-07-30 13:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2015-08-12 07:51 - 2015-07-30 13:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-08-12 07:51 - 2015-07-30 13:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2015-08-12 07:51 - 2015-07-30 13:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-08-12 07:51 - 2015-07-30 13:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2015-08-12 07:51 - 2015-07-30 13:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2015-08-12 07:51 - 2015-07-30 12:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-08-12 07:51 - 2015-07-30 12:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-08-12 07:51 - 2015-07-30 12:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-08-12 07:51 - 2015-07-28 16:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2015-08-12 07:51 - 2015-07-28 16:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-08-12 07:51 - 2015-07-28 16:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-08-12 07:51 - 2015-07-28 16:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-08-12 07:51 - 2015-07-28 16:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-08-12 07:51 - 2015-07-28 16:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-08-12 07:51 - 2015-07-28 16:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-08-12 07:51 - 2015-07-28 15:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-08-12 07:51 - 2015-07-16 16:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-08-12 07:51 - 2015-07-16 16:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-08-12 07:51 - 2015-07-16 16:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-08-12 07:51 - 2015-07-16 16:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-08-12 07:51 - 2015-07-16 16:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-08-12 07:51 - 2015-07-16 16:21 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-08-12 07:51 - 2015-07-16 16:08 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-08-12 07:51 - 2015-07-16 15:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-08-12 07:51 - 2015-07-16 15:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-08-12 07:51 - 2015-07-16 15:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-08-12 07:51 - 2015-07-16 15:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-08-12 07:51 - 2015-07-16 15:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-08-12 07:51 - 2015-07-15 14:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-08-12 07:51 - 2015-07-15 14:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-08-12 07:51 - 2015-07-15 14:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll 2015-08-12 07:51 - 2015-07-15 14:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-08-12 07:51 - 2015-07-15 13:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-08-12 07:51 - 2015-07-15 13:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-08-12 07:50 - 2015-07-15 14:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-08-12 07:50 - 2015-07-15 14:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-08-12 07:50 - 2015-07-15 14:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-08-12 07:50 - 2015-07-15 14:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-08-12 07:50 - 2015-07-15 14:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-08-12 07:50 - 2015-07-15 14:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-08-12 07:50 - 2015-07-15 14:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-08-12 07:50 - 2015-07-15 14:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-08-12 07:50 - 2015-07-15 14:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-08-12 07:50 - 2015-07-15 14:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-08-12 07:50 - 2015-07-15 14:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-08-12 07:50 - 2015-07-15 14:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-08-12 07:50 - 2015-07-15 14:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-08-12 07:50 - 2015-07-15 14:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-08-12 07:50 - 2015-07-15 14:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-08-12 07:50 - 2015-07-15 14:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-08-12 07:50 - 2015-07-15 14:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-08-12 07:50 - 2015-07-15 14:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-08-12 07:50 - 2015-07-15 14:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-08-12 07:50 - 2015-07-15 14:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-08-12 07:50 - 2015-07-15 14:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-08-12 07:50 - 2015-07-15 14:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2015-08-12 07:50 - 2015-07-15 14:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-08-12 07:50 - 2015-07-15 14:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-08-12 07:50 - 2015-07-15 14:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-08-12 07:50 - 2015-07-15 14:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-08-12 07:50 - 2015-07-15 14:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-08-12 07:50 - 2015-07-15 14:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-08-12 07:50 - 2015-07-15 14:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-08-12 07:50 - 2015-07-15 14:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-08-12 07:50 - 2015-07-15 14:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-08-12 07:50 - 2015-07-15 14:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-08-12 07:50 - 2015-07-15 14:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 13:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-08-12 07:50 - 2015-07-15 13:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-08-12 07:50 - 2015-07-15 13:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-08-12 07:50 - 2015-07-15 13:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-08-12 07:50 - 2015-07-15 13:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-08-12 07:50 - 2015-07-15 13:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-08-12 07:50 - 2015-07-15 13:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-08-12 07:50 - 2015-07-15 13:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-08-12 07:50 - 2015-07-15 13:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-08-12 07:50 - 2015-07-15 13:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2015-08-12 07:50 - 2015-07-15 13:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-08-12 07:50 - 2015-07-15 13:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-08-12 07:50 - 2015-07-15 13:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-08-12 07:50 - 2015-07-15 13:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-08-12 07:50 - 2015-07-15 13:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2015-08-12 07:50 - 2015-07-15 13:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-08-12 07:50 - 2015-07-15 13:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-08-12 07:50 - 2015-07-15 13:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-08-12 07:50 - 2015-07-15 13:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-08-12 07:50 - 2015-07-15 13:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-08-12 07:50 - 2015-07-15 13:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 12:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-08-12 07:50 - 2015-07-15 12:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-08-12 07:50 - 2015-07-15 12:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-08-12 07:50 - 2015-07-15 12:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-08-12 07:50 - 2015-07-15 12:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-08-12 07:50 - 2015-07-15 12:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 12:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 12:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-08-12 07:50 - 2015-07-15 12:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-08-12 07:50 - 2015-07-10 13:51 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2015-08-12 07:50 - 2015-07-10 13:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2015-08-12 07:49 - 2015-07-14 23:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll 2015-08-12 07:49 - 2015-07-10 13:51 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll 2015-08-12 07:49 - 2015-07-10 13:51 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2015-08-12 07:49 - 2015-07-10 13:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2015-08-12 07:49 - 2015-07-10 13:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2015-08-12 07:44 - 2015-07-14 23:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2015-08-12 07:44 - 2015-07-14 23:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-08-12 07:44 - 2015-07-14 22:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2015-08-12 07:44 - 2015-07-01 16:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2015-08-12 07:44 - 2015-07-01 16:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2015-08-12 07:44 - 2015-07-01 16:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2015-08-12 07:44 - 2015-07-01 16:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2015-08-12 07:43 - 2015-07-20 14:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-08-12 07:43 - 2015-07-20 14:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-08-12 07:43 - 2015-07-20 14:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-08-12 07:43 - 2015-07-20 14:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-08-12 07:43 - 2015-07-20 14:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-08-12 07:43 - 2015-07-20 14:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
  12. Thank you for the quick reply, Joker. When I turned my laptop on today, the issues have returned. After ESET Online Scanner finished, the issues seem to have disappeared once more. For good or not, I'm not entirely sure. And there were no errors with any of the scans. Logs are below. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 8/23/2015 Scan Time: 12:37 PM Logfile: MBAM 8.23.15.txt Administrator: Yes Version: 2.1.8.1057 Malware Database: v2015.08.23.04 Rootkit Database: v2015.08.16.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Chaotic Lawliet Scan Type: Threat Scan Result: Completed Objects Scanned: 414759 Time Elapsed: 1 hr, 37 min, 26 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 3 PUP.Optional.ELEX, C:\Users\Chaotic Lawliet\Desktop\Games\Starbound\win32\sblclfx.dll, , [c67ae22a0f7c999dec5420afcf32a45c], PUP.Optional.Softonic.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\prefs.js, Good: (), Bad: (user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.sweetim.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"home.mywebsearch.com\":\"searchfor\",\"search.mywebsearch.com\":\"searchfor\",\"search.mindspark.com\":\"searchfor\",\"search.conduit.com\":\"q\",\"search.zugo.com\":\"p\",\"www2.mystart.com\":\"q\",\"www.mystart.com\":\"q\",\"www.bigseekpro.com\":\"q\",\"bigseekpro.com\":\"q\",\"bigspeedpro.com\":\"q\",\"search.esnips.com\":\"searchQuery\",\"search.foxtab.com\":\"q\",\"search.brothersoft.com\":\"keyword\",\"search.softonic.com\":\"q\",\"www.dogpile.com\":\"q\",\"search.infospace.com\":\"q\",\"search.iobit.com\":\"q\",\"search.iminent.com\":\"\",\"search.facemoods.com\":\"s\",\"www.plusnetwork.com\":\"q\",\"www.alothome.com\":\"q\",\"alothome.com\":\"q\",\"search.alothome.com\":\"q\",\"search.chatvibes.com\":\"q\",\"search.blekko.com\":\"\",\"www.searchnu.com\":\"q\",\"searchnu.com\":\"q\",\"search.icq.com\":\"q\",\"search.etype.com\":\"query\",\"isearch.babylon.com\":\"q\",\"search.utorrent.com\":\"\",\"search.bittorrent.com\":\"\",\"search.bearshare.com\":\"q\",\"search.bearshare.net\":\"q\",\"searchya.com\":\"q\",\"int.search-results.com\":\"q\",\"search.searchcompletion.com\":\"q\",\"www.adoresearch.com\":\"q\",\"www.searchcore.net\":\"q\",\"googosearch.info\":\"terms\",\"bar.searchqu.com\":\"q\",\"search.speedbit.com\":\"q\",\"search.toggle.com\":\"q\",\"click.searchnation.net\":\"query\",\"isearch.whitesmoke.com\":\"q\",\"search.handycafe.com\":\"q\",\"searchassist.babylon.com\":\"q\",\"searchnation.net\":\"query\",\"video.searchcompletion.com\":\"q\",\"www.searchbrowsing.com\":\"q\",\"search.anchorfree.net\":\"q\",\"search.hotspotshield.com\":\"q\",\"dts.search-results.com\":\"q\",\"uk.search-results.com\":\"q\",\"search.chatzum.com\":\"q\",\"search.phpnuke.org\":\"q\",\"www.i-mysearch.com\":\"q\",\"search.smartaddressbar.com\":\"q\",\"www.search-guru.com\":\"q\",\"mysearch.sweetim.com\":\"q\",\"searchgby.com\":\"\",\"thespecialsearch.com\":\"q\",\"search.bpath.com\":\"q\",\"start.funmoods.com\":\"q\",\"fr.search-results.com\":\"q\",\"de.search-results.com\":\"q\",\"it.search-results.com\":\"q\",\"es.search-results.com\":\"q\",\"search.imesh.com\":\"q\",\"search.swagbucks.com\":\"q\",\"isearch.avg.com\":\"q\",\"search.avg.com\":\"q\",\"search.yippy.com\":\"query\",\"cludr.com\":\"q\",\"search.vmn.net\":\"q\",\"www.gigablast.com\":\"q\",\"www.metacrawler.com\":\"q\",\"www.webcrawler.com\":\"q\",\"www.ixquick.com\":\"\",\"www.search.com\":\"q\",\"www.excite.com\":\"q\",\"duckduckgo.com\":\"q\",\"search.lycos.com\":\"q\",\"webfetch.com\":\"q\",\"monstercrawler.com\":\"q\",\"go.com\":\"p\",\"hotbot.com\":\"keyword\",\"home.myplaycity.com\":\"s\",\"www.findamo.com\":\"q\",\"search.gboxapp.com\":\"q\",\"start.iplay.com\":\"q\",\"home.speedbit.com\":\"q\",\"home.sweetim.com\":\"q\",\"search.alot.com\":\"q\",\"search.searchplusnetwork.com\":\"q\",\"www.searchqu.net\":\"\",\"us.yhs4.search.yahoo.com\":\"p\",\"search.insiteapp.com\":\"q\",\"somoto.com\":\"q\",\"blekko.com\":\"\",\"uk.yhs4.search.yahoo.com\":\"p\",\"fr.yhs4.search.yahoo.com\":\"p\",\"suggestor.netliker.com\":\"\",\"search.netliker.com\":\"\",\"insta-search.com\":\"q\",\"www.fast-search.biz\":\"q\",\"start.facemoods.com\":\"s\",\"search.coolnovo.com\":\"\",\"chromeplus.info\":\"q\",\"in.yhs4.search.yahoo.com\":\"p\",\"in.yhs.search.yahoo.com\":\"p\",\"www.searchble.com\":\"keyword\",\"home.allgameshome.com\":\"s\",\"forsearch.net\":\"q\",\"allssearch.com\":\"q\",\"search.snap.do\":\"q\",\"us.yhs.search.yahoo.com\":\"p\",\"uk.yhs.search.yahoo.com\":\"p\",\"fr.yhs.search.yahoo.com\":\"p\",\"search.smartsearchbox.net\":\"\",\"search.seznam.cz\":\"q\",\"search.funmoods.com\":\"s\",\"search.avira.com\":\"q\",\"search.jzip.com\":\"q\",\"search.findeer.com\":\"\",\"search-faster.com\":\"\",\"dnssearch.rr.com\":\"search\",\"search.rr.com\":\"q\",\"search.kalloutsearch4.com\":\"q\",\"kalloutsearch4.com\":\"Keywords\",\"search.rapidns.net\":\"SearchQuery\",\"websearch.4shared.com\":\"q\",\"images.search.conduit.com\":\"q\",\"search.cpchero.biz\":\"q\",\"search.kikin.com\":\"q\",\"www.engine-search.biz\":\"q\",\"www.mysearchresults.com\":\"q\",\"search.vdc.com.vn\":\"SearchQuery\",\"search.charter.net\":\"search\",\"search-vbc.com\":\"keywords\",\"search.pch.com\":\"q\",\"search.pantip.com\":\"\",\"www.startsearcher.com\":\"q\",\"search.icafemanager.com\":\"q\",\"aolsearcht10.search.aol.com\":\"q\",\"search.free.fr\":\"\",\"www.similarsitesearch.com\":\"URL\",\"qoqole.com\":\"q\",\"www.claro-search.com\":\"q\",\"isearch.claro-search.com\":\"q\",\"www.uncoverthenet.com/search\":\"q\",\"www.searchcanvas.com\":\"q\",\"search.etoolkit.com\":\"q\",\"www.searchalgo.com\":\"q\",\"bestsearchall.com\":\"q\",\"bestorganicsearch.com\":\"q\",\"mysearchproperties.com\":\"q\",\"search.treasuretrooper.com\":\"q\",\"btsearch.name\":\"q\",\"optu.search-help.net\":\"search\",\"search.clinck.in\":\"q\",\"search.shareazaweb.net\":\"q\",\"search.solarmash.com\":\"q\",\"search.surfcanyon.com\":\"q\",\"search.tedata.net\":\"SearchQuery\",\"www.gooofullsearch.com\":\"keywords\",\"www.alnaddy.com\":\"q\"}|||8641354563111193"), ,[4000cc40e0ab7eb875b894ffe81dd62a] PUP.Optional.Conduit.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\prefs.js, Good: (), Bad: (user_pref("CT3220468.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"http://search.conduit.com/?gd=&ctid=CT3220468&octid=CT3220468&ISID=ISID_ID&SearchSource=15&CUI=UN07666358455992717&SSPV=&Lay=1&UM=&D=IN_DA\"}"),,[c47cf8141f6cba7ca9a95f34050016ea] Physical Sectors: 0 (No malicious items detected) (end) # AdwCleaner v5.003 - Logfile created 23/08/2015 at 16:01:07 # Updated 20/08/2015 by Xplode # Database : 2015-08-23.3 [server] # Operating system : Windows 7 Home Premium Service Pack 1 (x64) # Username : Chaotic Lawliet - TEMPEST # Running from : C:\Users\Chaotic Lawliet\Desktop\adwcleaner_5.003.exe # Option : Scan ***** [ Services ] ***** Service Found : YahooAUService ***** [ Folders ] ***** Folder Found : C:\Program Files\Babylon Folder Found : C:\Program Files (x86)\Babylon Folder Found : C:\ProgramData\apn Folder Found : C:\ProgramData\AVG Security Toolbar Folder Found : C:\ProgramData\Partner Folder Found : C:\ProgramData\Tarma Installer Folder Found : C:\ProgramData\Yahoo! Companion Folder Found : C:\Users\Chaotic Lawliet\AppData\Local\apn Folder Found : C:\Users\Chaotic Lawliet\AppData\Local\GigglingGamesSA Folder Found : C:\Users\Chaotic Lawliet\AppData\Local\OpenCandy Folder Found : C:\Users\Chaotic Lawliet\AppData\LocalLow\Conduit Folder Found : C:\Users\Chaotic Lawliet\AppData\LocalLow\Yahoo! Companion Folder Found : C:\Users\Chaotic Lawliet\AppData\Roaming\SearchProtect Folder Found : C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\Smartbar ***** [ Files ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** Task Found : RunAsStdUser Task Task Found : update-sys Task Found : update-S-1-5-21-2505415791-2747731311-3398940262-1000 Task Found : update-sys Task Found : update-S-1-5-21-2505415791-2747731311-3398940262-1000 Task Found : update-sys ***** [ Registry ] ***** Key Found : HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\BabylonToolbar Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduitapps.com Key Found : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\Extension.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1 Key Found : HKLM\SOFTWARE\Classes\Prod.cap Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Found : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3} Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B} Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D} Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472} Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237} Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} Key Found : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} Key Found : HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}] Key Found : HKU\.DEFAULT\Software\AVG SafeGuard toolbar Key Found : HKU\.DEFAULT\Software\Avg Secure Update Key Found : HKCU\Software\APN PIP Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\IM Key Found : HKCU\Software\ImInstaller Key Found : HKCU\Software\Softonic Key Found : HKCU\Software\YahooPartnerToolbar Key Found : HKCU\Software\Avg Secure Update Key Found : HKCU\Software\AppDataLow\Toolbar Key Found : HKCU\Software\AppDataLow\Software\adawarebp Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\Freecause Key Found : HKCU\Software\AppDataLow\Software\BackgroundContainerV2 Key Found : HKLM\SOFTWARE\Conduit Key Found : HKLM\SOFTWARE\InfoAtoms Key Found : HKLM\SOFTWARE\Web Assistant Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA} Key Found : [x64] HKCU\Software\APN PIP Key Found : [x64] HKCU\Software\Conduit Key Found : [x64] HKCU\Software\IM Key Found : [x64] HKCU\Software\ImInstaller Key Found : [x64] HKCU\Software\Softonic Key Found : [x64] HKCU\Software\YahooPartnerToolbar Key Found : [x64] HKCU\Software\Avg Secure Update Key Found : [x64] HKLM\SOFTWARE\Tarma Installer Key Found : [x64] HKLM\SOFTWARE\Web Assistant Data Found : HKCU\Software\Microsoft\Internet Explorer\Main [start Page] - hxxp://www.ask.com/?l=dis&o=14196 Data Found : HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\Software\Microsoft\Internet Explorer\Main [start Page] - hxxp://www.ask.com/?l=dis&o=14196 ***** [ Web browsers ] ***** [C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\prefs.js] [Preference] Found : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}"); [C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\prefs.js] [Preference] Found : user_pref("CT3220468.isPerformedSmartBarTransition", "true"); [C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\prefs.js] [Preference] Found : user_pref("CT3220468.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.conduit.com/?gd=&ctid=CT3220468&octid=CT3220468&ISID=ISID_ID&SearchSource=15&CUI=UN07666358455992717&SSPV=[...] [C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\prefs.js] [Preference] Found : user_pref("CT3220468.smartbar.CTID", "CT3220468"); [C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\prefs.js] [Preference] Found : user_pref("CT3220468.smartbar.Uninstall", "0"); [C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\prefs.js] [Preference] Found : user_pref("CT3220468.smartbar.isHidden", true); [C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\prefs.js] [Preference] Found : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 "); [C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\prefs.js] [Preference] Found : user_pref("browser.search.selectedEngine", "AVG Secure Search"); [C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\prefs.js] [Preference] Found : user_pref("plugin.state.npconduitfirefoxplugin", 2); [C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\prefs.js] [Preference] Found : user_pref("smartbar.machineId", "KNO38NB9Y+S/PRZJSR/YEKEIII6W0J72HYGJIF43LASAA1XQDSTQR43THW6WHWAFNWCJWXRVAIV6LOHC70YT8W"); [C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\prefs.js] [Preference] Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.sweetim.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"h[...] [C:\Users\Chaotic Lawliet\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Found : websearch.ask.com [C:\Users\Chaotic Lawliet\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Found : aol.com [C:\Users\Chaotic Lawliet\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Found : ask.com ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [9872 bytes] ########## C:\AdwCleaner\Quarantine\C\Users\Chaotic Lawliet\AppData\Local\GigglingGamesSA\bin\1.0.6.0\gigglinggamesSAHook.dll.vir a variant of Win32/Adware.HotBar.S application cleaned by deleting - quarantined C:\Program Files (x86)\Cheat Engine 6.2\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application cleaned by deleting - quarantined C:\Program Files (x86)\Cheat Engine 6.2\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application cleaned by deleting - quarantined C:\Program Files (x86)\uTorrent\uTorrent.exe a variant of Win32/Bunndle potentially unsafe application cleaned by deleting - quarantined C:\Users\Chaotic Lawliet\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\13.00\agent\stub_data\askrt_en.cab a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined C:\Users\Chaotic Lawliet\Desktop\Crap\uTorrent.exe a variant of Win32/Bunndle potentially unsafe application cleaned by deleting - quarantined C:\Users\Chaotic Lawliet\Downloads\CheatEngine62.exe Win32/OpenCandy potentially unsafe application deleted - quarantined
  13. Suddenly my laptop is working properly and all of the issues seem to be gone now, not sure why or how. I'm going to give it 24 hours to see if the issues return, if they do I will be sure to return here.
  14. So this all started yesterday (Friday) morning, I believe. My laptop will suddenly/randomly lock-up and I am unable to click anything on the taskbar and occasionally can't click anything on the desktop. I've been unable to click & drag icons on my desktop as well. Occasionally my mouse will make a single-click on its own, and sometimes (only while using Firefox so far) the cursor will change to the scrolling icon while on a website. I've also noticed that while using Google Chrome, clicking on a tab will close it (without clicking the tiny 'x'), and I'm unable to click Chromes settings/options button. The keyboard is working perfectly fine, so I am still able to use hotkey shortcuts. (No mouse/cursor issues seem to occur in games that require a mouse, but window/icon lock-ups outside of the game window still occur and require the task manager temp-fix) The only thing that seems to fix a majority of these issues (except for the ones involving Chrome and clicking & draging icons on my desktop) is when I ctrl+alt+del and open the task manager. After closing task manager almost everything will be working normally, but the problems return only seconds/minutes later. So far I've tried restarting my laptop three times, unplugged my mouse and plugged it back in, and none of it has worked. I'm using an Acer Aspire laptop with a Logitech USB Optical Mouse, running Windows 7. I'll provide all of my logs below as instructed in the "Instructions for posting requested logs" topic. (I hope I'm doing this right..) Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 8/22/2015 Scan Time: 2:39 PM Logfile: Administrator: Yes Version: 2.1.8.1057 Malware Database: v2015.08.22.03 Rootkit Database: v2015.08.16.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Chaotic Lawliet Scan Type: Threat Scan Result: Completed Objects Scanned: 383164 Time Elapsed: 1 hr, 1 min, 47 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 1 PUP.Optional.WebAssistant.A, C:\Program Files\Web Assistant\ExtensionUpdaterService.exe, 3364, , [f8e348c3355690a69f1642dea360a25e] Modules: 0 (No malicious items detected) Registry Keys: 170 PUP.Optional.StartPage.A, HKLM\SOFTWARE\CLASSES\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}, , [dffc010ad9b2a88e498aebaf79894cb4], PUP.Optional.StartPage.A, HKLM\SOFTWARE\CLASSES\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}\INPROCSERVER32, , [dffc010ad9b2a88e498aebaf79894cb4], PUP.Optional.StartPage.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}, , [dffc010ad9b2a88e498aebaf79894cb4], PUP.Optional.StartPage.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}, , [dffc010ad9b2a88e498aebaf79894cb4], PUP.Optional.StartPage.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}, , [dffc010ad9b2a88e498aebaf79894cb4], PUP.Optional.StartPage.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}, , [dffc010ad9b2a88e498aebaf79894cb4], PUP.Optional.StartPage.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}, , [dffc010ad9b2a88e498aebaf79894cb4], PUP.Optional.StartPage.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}, , [dffc010ad9b2a88e498aebaf79894cb4], PUP.Optional.StartPage.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}, , [dffc010ad9b2a88e498aebaf79894cb4], PUP.Optional.StartPage.A, HKLM\SOFTWARE\CLASSES\Extension.ExtensionHelperObject.1, , [dffc010ad9b2a88e498aebaf79894cb4], PUP.Optional.StartPage.A, HKLM\SOFTWARE\CLASSES\Extension.ExtensionHelperObject, , [dffc010ad9b2a88e498aebaf79894cb4], PUP.Optional.StartPage.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Extension.ExtensionHelperObject, , [dffc010ad9b2a88e498aebaf79894cb4], PUP.Optional.StartPage.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Extension.ExtensionHelperObject, , [dffc010ad9b2a88e498aebaf79894cb4], PUP.Optional.StartPage.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{336D0C35-8A85-403A-B9D2-65C292C39087}, , [dffc010ad9b2a88e498aebaf79894cb4], PUP.Optional.StartPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{336D0C35-8A85-403A-B9D2-65C292C39087}, , [dffc010ad9b2a88e498aebaf79894cb4], PUP.Optional.StartPage.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Extension.ExtensionHelperObject.1, , [dffc010ad9b2a88e498aebaf79894cb4], PUP.Optional.StartPage.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Extension.ExtensionHelperObject.1, , [dffc010ad9b2a88e498aebaf79894cb4], PUP.Optional.StartPage.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}, , [dffc010ad9b2a88e498aebaf79894cb4], PUP.Optional.StartPage.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{336D0C35-8A85-403A-B9D2-65C292C39087}, , [dffc010ad9b2a88e498aebaf79894cb4], PUP.Optional.StartPage.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{336D0C35-8A85-403A-B9D2-65C292C39087}, , [dffc010ad9b2a88e498aebaf79894cb4], PUP.Optional.UTorrentControl.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7473B6BD-4691-4744-A82B-7854EB3D70B6}, , [e3f845c6a8e333034d35811c9c664bb5], PUP.Optional.UTorrentControl.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{537F4F0B-3542-4C7D-A3E5-CF121482696C}, , [e3f845c6a8e333034d35811c9c664bb5], PUP.Optional.UTorrentControl.A, HKLM\SOFTWARE\CLASSES\Toolbar.CT3220468, , [e3f845c6a8e333034d35811c9c664bb5], PUP.Optional.UTorrentControl.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar.CT3220468, , [e3f845c6a8e333034d35811c9c664bb5], PUP.Optional.UTorrentControl.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Toolbar.CT3220468, , [e3f845c6a8e333034d35811c9c664bb5], PUP.Optional.UTorrentControl.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{537F4F0B-3542-4C7D-A3E5-CF121482696C}, , [e3f845c6a8e333034d35811c9c664bb5], PUP.Optional.UTorrentControl.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{537F4F0B-3542-4C7D-A3E5-CF121482696C}, , [e3f845c6a8e333034d35811c9c664bb5], PUP.Optional.UTorrentControl.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{7473B6BD-4691-4744-A82B-7854EB3D70B6}, , [e3f845c6a8e333034d35811c9c664bb5], PUP.Optional.UTorrentControl.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7473B6BD-4691-4744-A82B-7854EB3D70B6}, , [e3f845c6a8e333034d35811c9c664bb5], PUP.Optional.UTorrentControl.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{7473B6BD-4691-4744-A82B-7854EB3D70B6}, , [e3f845c6a8e333034d35811c9c664bb5], PUP.Optional.UTorrentControl.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{7473B6BD-4691-4744-A82B-7854EB3D70B6}, , [e3f845c6a8e333034d35811c9c664bb5], PUP.Optional.DogPile.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}, , [b9222ae17615a98d012b6d30d52d5ca4], PUP.Optional.DogPile.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C329777A-0CD1-4A76-92A7-65867073661E}, , [b9222ae17615a98d012b6d30d52d5ca4], PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{CCBDEEA9-517A-4862-B0A1-862AE9532228}, , [b9222ae17615a98d012b6d30d52d5ca4], PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{7FFBAC79-9683-4C7D-9B08-7637FC3A6748}, , [b9222ae17615a98d012b6d30d52d5ca4], PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A11BC516-01FE-4AD3-8D5B-876439AF1870}, , [b9222ae17615a98d012b6d30d52d5ca4], PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FF7FA134-575D-4E60-8DBA-6090D2A1E162}, , [b9222ae17615a98d012b6d30d52d5ca4], PUP.Optional.DogPile.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7FFBAC79-9683-4C7D-9B08-7637FC3A6748}, , [b9222ae17615a98d012b6d30d52d5ca4], PUP.Optional.DogPile.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A11BC516-01FE-4AD3-8D5B-876439AF1870}, , [b9222ae17615a98d012b6d30d52d5ca4], PUP.Optional.DogPile.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FF7FA134-575D-4E60-8DBA-6090D2A1E162}, , [b9222ae17615a98d012b6d30d52d5ca4], PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{7FFBAC79-9683-4C7D-9B08-7637FC3A6748}, , [b9222ae17615a98d012b6d30d52d5ca4], PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A11BC516-01FE-4AD3-8D5B-876439AF1870}, , [b9222ae17615a98d012b6d30d52d5ca4], PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FF7FA134-575D-4E60-8DBA-6090D2A1E162}, , [b9222ae17615a98d012b6d30d52d5ca4], PUP.Optional.DogPile.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000_Classes\TYPELIB\{CCBDEEA9-517A-4862-B0A1-862AE9532228}, , [b9222ae17615a98d012b6d30d52d5ca4], PUP.Optional.DogPile.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{CCBDEEA9-517A-4862-B0A1-862AE9532228}, , [b9222ae17615a98d012b6d30d52d5ca4], PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{CCBDEEA9-517A-4862-B0A1-862AE9532228}, , [b9222ae17615a98d012b6d30d52d5ca4], PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\FCTB000060231.JSOptionsImpl.1, , [b9222ae17615a98d012b6d30d52d5ca4], PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\FCTB000060231.JSOptionsImpl, , [b9222ae17615a98d012b6d30d52d5ca4], PUP.Optional.DogPile.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FCTB000060231.JSOptionsImpl, , [b9222ae17615a98d012b6d30d52d5ca4], PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\FCTB000060231.JSOptionsImpl, , [b9222ae17615a98d012b6d30d52d5ca4], PUP.Optional.DogPile.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FCTB000060231.JSOptionsImpl.1, , [b9222ae17615a98d012b6d30d52d5ca4], PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\FCTB000060231.JSOptionsImpl.1, , [b9222ae17615a98d012b6d30d52d5ca4], PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C329777A-0CD1-4A76-92A7-65867073661E}, , [b9222ae17615a98d012b6d30d52d5ca4], PUP.Optional.DogPile.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}, , [b9222ae17615a98d012b6d30d52d5ca4], PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\FCTB000060231.IEToolbar.1, , [b9222ae17615a98d012b6d30d52d5ca4], PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\FCTB000060231.IEToolbar, , [b9222ae17615a98d012b6d30d52d5ca4], PUP.Optional.DogPile.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FCTB000060231.IEToolbar, , [b9222ae17615a98d012b6d30d52d5ca4], PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\FCTB000060231.IEToolbar, , [b9222ae17615a98d012b6d30d52d5ca4], PUP.Optional.DogPile.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FCTB000060231.IEToolbar.1, , [b9222ae17615a98d012b6d30d52d5ca4], PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\FCTB000060231.IEToolbar.1, , [b9222ae17615a98d012b6d30d52d5ca4], PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}, , [b9222ae17615a98d012b6d30d52d5ca4], PUP.Optional.DogPile.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}, , [b9222ae17615a98d012b6d30d52d5ca4], PUP.Optional.DogPile.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}, , [b9222ae17615a98d012b6d30d52d5ca4], PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}, , [b9222ae17615a98d012b6d30d52d5ca4], PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\FCTB000060231.FCTB000060231Pos.1, , [b9222ae17615a98d012b6d30d52d5ca4], PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\FCTB000060231.FCTB000060231Pos, , [b9222ae17615a98d012b6d30d52d5ca4], PUP.Optional.DogPile.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FCTB000060231.FCTB000060231Pos, , [b9222ae17615a98d012b6d30d52d5ca4], PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\FCTB000060231.FCTB000060231Pos, , [b9222ae17615a98d012b6d30d52d5ca4], PUP.Optional.DogPile.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}, , [b9222ae17615a98d012b6d30d52d5ca4], PUP.Optional.DogPile.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FCTB000060231.FCTB000060231Pos.1, , [b9222ae17615a98d012b6d30d52d5ca4], PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\FCTB000060231.FCTB000060231Pos.1, , [b9222ae17615a98d012b6d30d52d5ca4], PUP.Optional.DogPile.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}, , [b9222ae17615a98d012b6d30d52d5ca4], PUP.Optional.DogPile.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}, , [b9222ae17615a98d012b6d30d52d5ca4], PUP.Optional.TheSeaApp, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C585D593-E7F3-4852-A200-561686EE02E4}, , [e7f42be0b2d9c6703b8e0d8df40e9070], PUP.Optional.TheSeaApp, HKLM\SOFTWARE\CLASSES\TheSeaApp.Plugin, , [e7f42be0b2d9c6703b8e0d8df40e9070], PUP.Optional.TheSeaApp, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{C585D593-E7F3-4852-A200-561686EE02E4}, , [e7f42be0b2d9c6703b8e0d8df40e9070], PUP.Optional.TheSeaApp, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TheSeaApp.Plugin, , [e7f42be0b2d9c6703b8e0d8df40e9070], PUP.Optional.TheSeaApp, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TheSeaApp.Plugin, , [e7f42be0b2d9c6703b8e0d8df40e9070], PUP.Optional.TheSeaApp, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C585D593-E7F3-4852-A200-561686EE02E4}, , [e7f42be0b2d9c6703b8e0d8df40e9070], PUP.Optional.TheSeaApp, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C585D593-E7F3-4852-A200-561686EE02E4}, , [e7f42be0b2d9c6703b8e0d8df40e9070], PUP.Optional.TheSeaApp, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C585D593-E7F3-4852-A200-561686EE02E4}, , [e7f42be0b2d9c6703b8e0d8df40e9070], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, , [01dada318407ce689044f0ab4fb3a35d], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}, , [01dada318407ce689044f0ab4fb3a35d], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}, , [01dada318407ce689044f0ab4fb3a35d], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}, , [01dada318407ce689044f0ab4fb3a35d], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}, , [01dada318407ce689044f0ab4fb3a35d], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}, , [01dada318407ce689044f0ab4fb3a35d], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}, , [01dada318407ce689044f0ab4fb3a35d], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{D372567D-67C1-4B29-B3F0-159B52B3E967}, , [01dada318407ce689044f0ab4fb3a35d], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{1AD27395-1659-4DFF-A319-2CFA243861A5}, , [01dada318407ce689044f0ab4fb3a35d], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1AD27395-1659-4DFF-A319-2CFA243861A5}, , [01dada318407ce689044f0ab4fb3a35d], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{1AD27395-1659-4DFF-A319-2CFA243861A5}, , [01dada318407ce689044f0ab4fb3a35d], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{D372567D-67C1-4B29-B3F0-159B52B3E967}, , [01dada318407ce689044f0ab4fb3a35d], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{D372567D-67C1-4B29-B3F0-159B52B3E967}, , [01dada318407ce689044f0ab4fb3a35d], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\YontooIEClient.Api.1, , [01dada318407ce689044f0ab4fb3a35d], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\YontooIEClient.Api, , [01dada318407ce689044f0ab4fb3a35d], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\YontooIEClient.Api, , [01dada318407ce689044f0ab4fb3a35d], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\YontooIEClient.Api, , [01dada318407ce689044f0ab4fb3a35d], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\YontooIEClient.Api.1, , [01dada318407ce689044f0ab4fb3a35d], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\YontooIEClient.Api.1, , [01dada318407ce689044f0ab4fb3a35d], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}, , [01dada318407ce689044f0ab4fb3a35d], PUP.Optional.Yontoo.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}, , [01dada318407ce689044f0ab4fb3a35d], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}, , [01dada318407ce689044f0ab4fb3a35d], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, , [01dada318407ce689044f0ab4fb3a35d], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\YontooIEClient.Layers.1, , [01dada318407ce689044f0ab4fb3a35d], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\YontooIEClient.Layers, , [01dada318407ce689044f0ab4fb3a35d], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\YontooIEClient.Layers, , [01dada318407ce689044f0ab4fb3a35d], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\YontooIEClient.Layers, , [01dada318407ce689044f0ab4fb3a35d], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, , [01dada318407ce689044f0ab4fb3a35d], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\YontooIEClient.Layers.1, , [01dada318407ce689044f0ab4fb3a35d], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\YontooIEClient.Layers.1, , [01dada318407ce689044f0ab4fb3a35d], PUP.Optional.Yontoo.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, , [01dada318407ce689044f0ab4fb3a35d], PUP.Optional.Yontoo.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, , [01dada318407ce689044f0ab4fb3a35d], Adware.Zwangi, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33524C00-63FB-43DB-A6BF-0A4E14B24649}, , [c615f219a9e28aac3832c5ebba4818e8], PUP.Optional.InfoAtoms, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{103089DA-0F31-4A8B-843F-7D24A7FE8345}, , [67744dbe2863e45265e5dacb16ec5aa6], PUP.Optional.InfoAtoms, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{103089DA-0F31-4A8B-843F-7D24A7FE8345}, , [67744dbe2863e45265e5dacb16ec5aa6], PUP.Optional.WebAssistant.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Web Assistant Updater, , [f8e348c3355690a69f1642dea360a25e], PUP.Optional.WebAssistant.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1, , [f8e348c3355690a69f1642dea360a25e], PUP.Optional.TheSeaApp.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\The Sea App, , [64773dce305b1b1b08c695d554aff010], PUP.Optional.ConduitTB.Gen.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}, , [6f6c769592f967cf23cf892000049d63], PUP.Optional.ConduitTB.Gen.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}, , [6f6c769592f967cf23cf892000049d63], PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\CLASSES\APPID\YontooIEClient.DLL, , [b4273ecd266590a647f79eb232d107f9], PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\YontooIEClient.DLL, , [21ba1cef8dfeb383cb738cc453b01ae6], PUP.Optional.Incredibar.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\dlnembnfbcpjnepmfjmngjenhhajpdfd, , [20bba26904875bdbb83938221fe4817f], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}, , [06d5ec1f4f3ca0962faeac06a85c7d83], PUP.Optional.InstallBrain.A, HKLM\SOFTWARE\WOW6432NODE\InstallIQ, , [b12a31da8407c86e7c6965feff04b44c], PUP.Optional.uTorrentControl.A, HKLM\SOFTWARE\WOW6432NODE\uTorrentControl_v2, , [3d9ea16a127990a646fb2a3410f3c33d], PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\YontooIEClient.DLL, , [18c3a06bbad167cff44ab29eb3502fd1], PUP.Optional.Incredibar.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dlnembnfbcpjnepmfjmngjenhhajpdfd, , [fedde823216a50e6757cc09a4cb741bf], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\niapdbllcanepiiimjjndipklodoedlc, , [a03bdb3033587bbba8583c1c9c67d927], PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\BCFJEHBFANFHGOEHOGMBIEBEDKIDEDJB, , [a43794776b204de952e3d15225de29d7], PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\EJPBBHJLBIPNCJKLFJJAEDAIEIMBMDDA, , [66757f8c672448eeb580f82b8b78af51], PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\HAPJCFHLHBIDAFLNBNNHKOJDPEIOOOGL, , [ae2d9f6cf19a2a0cb77eb96a12f137c9], PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\HHFONPMGPHIGEPLCEBCIGHENGMGIHNKH, , [f9e214f77219eb4bde5725fe946fed13], PUP.Optional.ConduitTB.Gen.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7C83D032-AF25-4B6B-889D-794A6508628B}, , [499249c2afdcb284c034f3b6996b44bc], PUP.Optional.Conduit.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}, , [6c6fba511b7036003e9c75b0a261946c], PUP.Optional.RegCleanPro.A, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\RegClean Pro, , [7b60010a4f3cac8a443b8cc1ad560af6], PUP.Optional.InstallCore.C, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\InstallCore, , [a734a2698902bd792535208ccd379b65], PUP.Optional.Conduit.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\Tbccint_HKLM, , [2cafad5e4f3c89ad52ea2684dd27f60a], PUP.Optional.uTorrentControl.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\uTorrentControl_v2, , [875444c76427a29442002737e221659b], PUP.Optional.WeDownLoadManager.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\WEDLMNGR, , [d90215f6593283b3add79dacd132aa56], PUP.Optional.Conduit.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, , [e1fa0506ed9e5cda8ef8f1487e8555ab], PUP.Optional.PriceGong.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, , [439832d9860595a1a46e6fcb15ee53ad], PUP.Optional.FreeCauseTB.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\APPDATALOW\SOFTWARE\FREECAUSE\Toolbars, , [c9127794ff8ca0967d8bf270ba497b85], PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\CONDUIT\DistributionEngine, , [607bf01b4b402b0b2987802ab94b6f91], PUP.Optional.Conduit.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\CONDUIT\FF, , [f0ebcd3eddae8aac7d99ceb1689c46ba], PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\BCFJEHBFANFHGOEHOGMBIEBEDKIDEDJB, , [56854ebd6a2135018fa7b66d32d1936d], PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\EJPBBHJLBIPNCJKLFJJAEDAIEIMBMDDA, , [12c9f11adead3bfbf83ed251f80b0000], PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\HAPJCFHLHBIDAFLNBNNHKOJDPEIOOOGL, , [d209b754206ba591e84e4ad9f80b1ae6], PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\HHFONPMGPHIGEPLCEBCIGHENGMGIHNKH, , [87544cbfb6d53ff72e088a99a95a7f81], PUP.Optional.ConduitTB.Gen.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7C83D032-AF25-4B6B-889D-794A6508628B}, , [f7e4f2198209cd69c62d7237bb49c63a], PUP.Optional.ConduitTB.Gen.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{84248DD2-05A5-442F-A34C-BEFF208545E8}, , [30ab2edd6d1eea4c7b78961353b14fb1], PUP.Optional.Conduit.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}, , [13c832d99cef90a6f9e26db8679ce21e], PUP.Optional.uTorrentControl.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\uTorrentControl_v2 Toolbar, , [c219898294f7da5c63a28e5ec9398c74], PUP.Optional.DogPile.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F78BF7A8-CF12-4DE7-A6DA-C463D1B539A7}, , [12c97992a4e7e45298b7549ae1214cb4], PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{C766F9AD-E91E-43DE-91DC-D007680ED4AF}, , [12c97992a4e7e45298b7549ae1214cb4], PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A4D7890D-2FC4-4B51-A4DA-19B4F07B3B57}, , [12c97992a4e7e45298b7549ae1214cb4], PUP.Optional.DogPile.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A4D7890D-2FC4-4B51-A4DA-19B4F07B3B57}, , [12c97992a4e7e45298b7549ae1214cb4], PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A4D7890D-2FC4-4B51-A4DA-19B4F07B3B57}, , [12c97992a4e7e45298b7549ae1214cb4], PUP.Optional.DogPile.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{C766F9AD-E91E-43DE-91DC-D007680ED4AF}, , [12c97992a4e7e45298b7549ae1214cb4], PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{C766F9AD-E91E-43DE-91DC-D007680ED4AF}, , [12c97992a4e7e45298b7549ae1214cb4], PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1, , [12c97992a4e7e45298b7549ae1214cb4], PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\FreeCauseURLSearchHook.FCToolbarURLSearchHook, , [12c97992a4e7e45298b7549ae1214cb4], PUP.Optional.DogPile.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FreeCauseURLSearchHook.FCToolbarURLSearchHook, , [12c97992a4e7e45298b7549ae1214cb4], PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\FreeCauseURLSearchHook.FCToolbarURLSearchHook, , [12c97992a4e7e45298b7549ae1214cb4], PUP.Optional.DogPile.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1, , [12c97992a4e7e45298b7549ae1214cb4], PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1, , [12c97992a4e7e45298b7549ae1214cb4], PUP.Optional.DogPile.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F78BF7A8-CF12-4DE7-A6DA-C463D1B539A7}, , [12c97992a4e7e45298b7549ae1214cb4], PUP.Optional.DogPile.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{F78BF7A8-CF12-4DE7-A6DA-C463D1B539A7}, , [12c97992a4e7e45298b7549ae1214cb4], PUP.Optional.DogPile.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Dogpile Bundle Toolbar, , [12c97992a4e7e45298b7549ae1214cb4], Registry Values: 31 PUP.Optional.StartPage.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{336D0C35-8A85-403A-B9D2-65C292C39087}, C:\Program Files\Web Assistant\Firefox, , [dffc010ad9b2a88e498aebaf79894cb4] PUP.Optional.StartPage.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{336D0C35-8A85-403A-B9D2-65C292C39087}, C:\Program Files\Web Assistant\Firefox, , [dffc010ad9b2a88e498aebaf79894cb4] PUP.Optional.UTorrentControl.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{7473B6BD-4691-4744-A82B-7854EB3D70B6}, ½¶st‘FDG¨+xTë=p¶, , [e3f845c6a8e333034d35811c9c664bb5] PUP.Optional.UTorrentControl.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{7473B6BD-4691-4744-A82B-7854EB3D70B6}, , [e3f845c6a8e333034d35811c9c664bb5], PUP.Optional.UTorrentControl.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{7473B6BD-4691-4744-A82B-7854EB3D70B6}, uTorrentControl_v2 Toolbar, , [e3f845c6a8e333034d35811c9c664bb5] PUP.Optional.UTorrentControl.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{7473B6BD-4691-4744-A82B-7854EB3D70B6}, , [e3f845c6a8e333034d35811c9c664bb5], PUP.Optional.DogPile.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{C80BDEB2-8735-44C6-BD55-A1CCD555667A}, ²Þ È5‡ÆD½U¡ÌÕUfz, , [b9222ae17615a98d012b6d30d52d5ca4] PUP.Optional.DogPile.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{C80BDEB2-8735-44C6-BD55-A1CCD555667A}, , [b9222ae17615a98d012b6d30d52d5ca4], PUP.Optional.UTorrentControl.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{7473B6BD-4691-4744-A82B-7854EB3D70B6}, , [b5264ac18b00f83edca62e6fcc363bc5], PUP.Optional.UTorrentControl.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{7473b6bd-4691-4744-a82b-7854eb3d70b6}, , [dcffc24967244de96a18663741c108f8], PUP.Optional.UTorrentControl.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{7473b6bd-4691-4744-a82b-7854eb3d70b6}, , [607bf912a7e445f10f73a4f953af6799], PUP.Optional.UTorrentControl.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{7473b6bd-4691-4744-a82b-7854eb3d70b6}, , [7c5f9774afdca3935929326b788a728e], PUP.Optional.StartPage.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS\{336D0C35-8A85-403a-B9D2-65C292C39087}, , [c4178d7e7516f1459c37a1f944be28d8], PUP.Optional.StartPage.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS\{336D0C35-8A85-403a-B9D2-65C292C39087}, , [b3287d8e078456e00ec5edad5da5af51], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}|Contact, support@yontoo.com, , [06d5ec1f4f3ca0962faeac06a85c7d83] PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\bcfjehbfanfhgoehogmbiebedkidedjb|path, C:\Users\Chaotic Lawliet\AppData\Local\CRE\bcfjehbfanfhgoehogmbiebedkidedjb.crx, , [a43794776b204de952e3d15225de29d7] PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\ejpbbhjlbipncjklfjjaedaieimbmdda|path, C:\Users\Chaotic Lawliet\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx, , [66757f8c672448eeb580f82b8b78af51] PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\hapjcfhlhbidaflnbnnhkojdpeiooogl|path, C:\Users\Chaotic Lawliet\AppData\Local\CRE\hapjcfhlhbidaflnbnnhkojdpeiooogl.crx, , [ae2d9f6cf19a2a0cb77eb96a12f137c9] PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\hhfonpmgphigeplcebcighengmgihnkh|path, C:\Users\Chaotic Lawliet\AppData\Local\CRE\hhfonpmgphigeplcebcighengmgihnkh.crx, , [f9e214f77219eb4bde5725fe946fed13] PUP.Optional.ConduitTB.Gen.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7C83D032-AF25-4B6B-889D-794A6508628B}|AppPath, C:\Users\Chaotic Lawliet\AppData\Local\Conduit\CT3220468, , [499249c2afdcb284c034f3b6996b44bc] PUP.Optional.Conduit.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{afdbddaa-5d3f-42ee-b79c-185a7020515b}|URL, http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468,, [6c6fba511b7036003e9c75b0a261946c] PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\bcfjehbfanfhgoehogmbiebedkidedjb|path, C:\Users\Chaotic Lawliet\AppData\Local\CRE\bcfjehbfanfhgoehogmbiebedkidedjb.crx, , [56854ebd6a2135018fa7b66d32d1936d] PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\ejpbbhjlbipncjklfjjaedaieimbmdda|path, C:\Users\Chaotic Lawliet\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx, , [12c9f11adead3bfbf83ed251f80b0000] PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\hapjcfhlhbidaflnbnnhkojdpeiooogl|path, C:\Users\Chaotic Lawliet\AppData\Local\CRE\hapjcfhlhbidaflnbnnhkojdpeiooogl.crx, , [d209b754206ba591e84e4ad9f80b1ae6] PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\hhfonpmgphigeplcebcighengmgihnkh|path, C:\Users\Chaotic Lawliet\AppData\Local\CRE\hhfonpmgphigeplcebcighengmgihnkh.crx, , [87544cbfb6d53ff72e088a99a95a7f81] PUP.Optional.ConduitTB.Gen.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7C83D032-AF25-4B6B-889D-794A6508628B}|AppPath, C:\Users\Chaotic Lawliet\AppData\Local\Conduit\CT3220468, , [f7e4f2198209cd69c62d7237bb49c63a] PUP.Optional.ConduitTB.Gen.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{84248DD2-05A5-442F-A34C-BEFF208545E8}|AppPath, C:\Users\Chaotic Lawliet\AppData\Local\Conduit\CT3220468, , [30ab2edd6d1eea4c7b78961353b14fb1] PUP.Optional.Conduit.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{afdbddaa-5d3f-42ee-b79c-185a7020515b}|URL, http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468,, [13c832d99cef90a6f9e26db8679ce21e] PUP.Optional.Conduit.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{afdbddaa-5d3f-42ee-b79c-185a7020515b}|SuggestionsURL_JSON, http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms},, [36a55bb0553638fe99429f86b152857b] PUP.Optional.Conduit.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{afdbddaa-5d3f-42ee-b79c-185a7020515b}|FaviconURL, http://search.conduit.com/favicon.ico, , [26b586858209fe382daefa2bb94a8f71] PUP.Optional.DogPile.A, HKU\S-1-5-21-2505415791-2747731311-3398940262-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{F78BF7A8-CF12-4DE7-A6DA-C463D1B539A7}, , [12c97992a4e7e45298b7549ae1214cb4], Registry Data: 0 (No malicious items detected) Folders: 195 PUP.Optional.WebAssistant.A, C:\Program Files\Web Assistant\Firefox, , [f8e348c3355690a69f1642dea360a25e], PUP.Optional.WebAssistant.A, C:\Program Files\Web Assistant\Firefox\chrome, , [f8e348c3355690a69f1642dea360a25e], PUP.Optional.WebAssistant.A, C:\Program Files\Web Assistant\Firefox\chrome\content, , [f8e348c3355690a69f1642dea360a25e], PUP.Optional.WebAssistant.A, C:\Program Files\Web Assistant\Firefox\chrome\content\libraries, , [f8e348c3355690a69f1642dea360a25e], PUP.Optional.WebAssistant.A, C:\Program Files\Web Assistant\Firefox\chrome\content\resources, , [f8e348c3355690a69f1642dea360a25e], PUP.Optional.WebAssistant.A, C:\Program Files\Web Assistant\Firefox\chrome\locale, , [f8e348c3355690a69f1642dea360a25e], PUP.Optional.WebAssistant.A, C:\Program Files\Web Assistant\Firefox\chrome\locale\en-US, , [f8e348c3355690a69f1642dea360a25e], PUP.Optional.WebAssistant.A, C:\Program Files\Web Assistant\Firefox\chrome\skin, , [f8e348c3355690a69f1642dea360a25e], PUP.Optional.WebAssistant.A, C:\Program Files\Web Assistant\Firefox\defaults, , [f8e348c3355690a69f1642dea360a25e], PUP.Optional.WebAssistant.A, C:\Program Files\Web Assistant\Firefox\defaults\preferences, , [f8e348c3355690a69f1642dea360a25e], PUP.Optional.WebAssistant.A, C:\Program Files\Web Assistant, , [f8e348c3355690a69f1642dea360a25e], PUP.Optional.WebAssistant.A, C:\Program Files\Web Assistant\libraries, , [f8e348c3355690a69f1642dea360a25e], PUP.Optional.WebAssistant.A, C:\Program Files\Web Assistant\resources, , [f8e348c3355690a69f1642dea360a25e], PUP.Optional.ConduitTB.Gen.A, C:\Users\Chaotic Lawliet\AppData\Local\Conduit\CT3220468, , [1fbc8289513aa6905348bf621ee5ff01], PUP.Optional.ConduitTB.Gen.A, C:\Users\Chaotic Lawliet\AppData\Local\Conduit, , [1fbc8289513aa6905348bf621ee5ff01], PUP.Optional.ConduitTB.Gen.A, C:\Users\Chaotic Lawliet\AppData\Local\Conduit\BackgroundContainer, , [1fbc8289513aa6905348bf621ee5ff01], PUP.Optional.ConduitTB.Gen.A, C:\Users\Chaotic Lawliet\AppData\Local\Conduit\Community Alerts, , [1fbc8289513aa6905348bf621ee5ff01], PUP.Optional.ConduitTB.Gen, C:\Users\Chaotic Lawliet\AppData\Local\CRE, , [84578487ddae9f972b09f132db28659b], PUP.Optional.ConduitTB.Gen, C:\Users\Chaotic Lawliet\AppData\Local\Temp\CT3251747, , [f2e9c3483a516dc9a3952bf8e02343bd], PUP.Optional.TheSeaApp.A, C:\Program Files (x86)\The Sea App (Internet Explorer), , [64773dce305b1b1b08c695d554aff010], PUP.Optional.ConduitTB.Gen.A, C:\Program Files (x86)\Conduit\Community Alerts, , [6f6c769592f967cf23cf892000049d63], PUP.Optional.ConduitTB.Gen.A, C:\Program Files (x86)\Conduit, , [6f6c769592f967cf23cf892000049d63], PUP.Optional.OpenCandy, C:\Users\Chaotic Lawliet\AppData\Roaming\OpenCandy, , [84571af1cac1a393faaa14d3867ca35d], PUP.Optional.OpenCandy, C:\Users\Chaotic Lawliet\AppData\Roaming\OpenCandy\4292690E61CB461AB33BCBC67A298AB8, , [84571af1cac1a393faaa14d3867ca35d], PUP.Optional.OpenCandy, C:\Users\Chaotic Lawliet\AppData\Roaming\OpenCandy\7E982355B6EB430F85BD017E6E24ADF5, , [84571af1cac1a393faaa14d3867ca35d], PUP.Optional.OpenCandy, C:\Users\Chaotic Lawliet\AppData\Roaming\OpenCandy\OpenCandy_DD347F8D86084ABAAEC50FDC35F6620B, , [84571af1cac1a393faaa14d3867ca35d], PUP.Optional.PriceGong.A, C:\Users\Chaotic Lawliet\AppData\LocalLow\PriceGong, , [9d3ec74487042b0b583ece1ccf3326da], PUP.Optional.PriceGong.A, C:\Users\Chaotic Lawliet\AppData\LocalLow\PriceGong\Data, , [9d3ec74487042b0b583ece1ccf3326da], PUP.Optional.PriceGong.A, C:\Users\Chaotic Lawliet\AppData\LocalLow\PriceGong\tmp, , [9d3ec74487042b0b583ece1ccf3326da], PUP.Optional.uTorrentControl.A, C:\Program Files (x86)\uTorrentControl_v2, , [c219898294f7da5c63a28e5ec9398c74], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\logic, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\logic\uninstall, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\logic\uninstall\dialog, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\logic\uninstall\dialog\css, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\logic\uninstall\dialog\images, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\logic\uninstall\dialog\js, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\aboutBox, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\aboutBox\images, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\aboutBox\js, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\ac, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\ac\css, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\ac\img, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\ac\res, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\api, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\msd, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\options, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\options\css, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\options\images, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\options\js, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\options\js\resources, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\sp, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\sp\js, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\sp\spbd, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\sp\spbd\images, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\sp\spsd, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\sp\spsd\images, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\ui, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\ui\dlg, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\ui\dlg\ftd, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\ui\dlg\ftd\images, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\ui\gadgetFrame, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\ui\gf, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\ui\gf\css, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\ui\gf\img, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\ui\gf\js, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\ui\menu, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\ui\menu\css, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\ui\menu\img, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\ui\menu\js, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\APPLICATION_BUTTON, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\APPLICATION_BUTTON\Js, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\APPLICATION_BUTTON\resources, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\EMAIL_NOTIFIER, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\EMAIL_NOTIFIER\css, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\EMAIL_NOTIFIER\js, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\HIGHLIGHTER, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\HIGHLIGHTER\css, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\HIGHLIGHTER\js, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\MULTI_RSS, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\MULTI_RSS\css, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\MULTI_RSS\img, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\MULTI_RSS\js, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\MULTI_RSS\js\resources, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\NOTIFICATION, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\NOTIFICATION\css, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\NOTIFICATION\images, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\NOTIFICATION\images\dark, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\NOTIFICATION\images\light, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\NOTIFICATION\js, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\Optimizer, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\Optimizer\js, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\PRICE_GONG, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\PRICE_GONG\agreement, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\PRICE_GONG\css, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\PRICE_GONG\css\custom-theme, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\PRICE_GONG\images, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\RADIO_PLAYER, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\RADIO_PLAYER\css, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\RADIO_PLAYER\css\custom-theme, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\RADIO_PLAYER\js, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\RADIO_PLAYER\js\resources, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\SEARCH, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\SEARCH\buildSettings, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\SEARCH\Css, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\SEARCH\js, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\SEARCH\resources, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\SEARCH\view, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\SEARCH\view\script, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\SEARCH\view\style, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\SEARCH\view\style\rsx, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\TWITTER, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\TWITTER\img, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\TWITTER\js, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\WEATHER, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\WEATHER\css, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\al\wa\WEATHER\js, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\core, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\lib, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\lib\jquery.alerts, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\lib\jquery.alerts\images, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\lib\jquery.jscrollpane, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Chrome\CT3220468\content\tb\sl, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\components, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla\Firefox\Profiles\cyrlrzfw.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\defaults, , [7d5e9e6de0abc86e7de327c6e61c8b75], PUP.Optional.UTorrentControl.A, C:\Users\Chaotic Lawliet\AppData\Roaming\Mozilla