Jump to content

Browser Hijack


Recommended Posts

Hi all

I hope someone can assist me with a browser hijack.

I have been infected for the last week and it affects Firefox but doesn't seem to be affecting Chrome, although I am sure it did before today.

I have run Malwarebytes, MSE, Ad-Aware, ClamWin, Spy Bot, Kaspersky and Antimalware Engine. All to no avail.

I don't even know what has infected me, other than it redirects pages and hyperlinks certain text.

 

I have attached the log files as they are too big to copy and paste.

 

Thank you for your assistance.

 

 

FRST.txt

Addition.txt

Link to post
Share on other sites

Hello and welcome to Malwarebytes,

Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.


Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...
 

Next,

 

UNinstall the extra security programs you have added to your system, re-boot when done....

 

Next,

 

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete Apply Actions to any found entries.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


 

Next,

 

dr_web_cureit_zpse80d87bf.jpg
Download Dr Web Cureit from here http://www.freedrweb.com/cureit save to your desktop. (Scroll to bottom of page)

  • The file will be randomly named
  • Reboot to safe mode <<<<<------------ http://www.computerhope.com/issues/chsafe.htm
  • Run Dr Web
  • Tick the I agree box and select continue
  • Click select objects for scanning


    drwebselect.JPG

  • Tick all boxes as shown
  • Click the wrench and select automatically apply actions to threats


    drwebfolders.JPG

  • Press start scan
  • The scan will now commence


    drwebscan.JPG

  • Once the scan has finished click open report <<<--- Do not miss this step


    drwebscancomplete.JPG

  • A notepad will open
  • Select File > Save as..
  • Save it to your desktop



This log will be excessive,  Please attach it to your next reply…

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.



Next,

 

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs....
 

Let me see those logs in your reply..

 

Thank you,

 

Kevin

Link to post
Share on other sites

Thanks for the help Kevin

 

All information is listed below as requested.

 

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 07/03/2016
Scan Time: 19:34
Logfile: MB Scan Log.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.03.07.06
Rootkit Database: v2016.02.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ruairidh
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 362955
Time Elapsed: 14 min, 2 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 7 Professional x64 
Ran by Ruairidh (Administrator) on 07/03/2016 at 20:11:19.66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 49 
 
Successfully deleted: C:\ProgramData\driver manager (Folder) 
Successfully deleted: C:\ProgramData\systweak (Folder) 
Successfully deleted: C:\Users\Ruairidh\AppData\Local\{5bafae46-376a-9b76-1b7a-e10a3f86ead3} (Empty Folder)
Successfully deleted: C:\Users\Ruairidh\AppData\Local\stronghold_llc (Folder) 
Successfully deleted: C:\Users\Ruairidh\AppData\Roaming\systweak (Folder) 
Successfully deleted: C:\Windows\system32\Tasks\IHUninstallTrackingTASK (Task)
Successfully deleted: C:\Windows\wininit.ini (File) 
Successfully deleted: C:\Program Files (x86)\myfree codec (Folder) 
Successfully deleted: C:\Users\Ruairidh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ruairidh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0YPWGPVG (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ruairidh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\191SIKPC (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ruairidh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3D06XEXV (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ruairidh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5KH32F1J (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ruairidh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ruairidh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7UUARL3T (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ruairidh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\82Q3KSDQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ruairidh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EG2S4GJU (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ruairidh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EO22QK8Y (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ruairidh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ruairidh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G2UE7QPS (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ruairidh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IQSYL0SE (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ruairidh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ruairidh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LRA2IRTA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ruairidh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MDQ4934Z (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ruairidh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O68VX7F3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ruairidh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P6MMONTU (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ruairidh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SU222OTX (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ruairidh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XAO28E12 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0YPWGPVG (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\191SIKPC (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3D06XEXV (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5KH32F1J (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7UUARL3T (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\82Q3KSDQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EG2S4GJU (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EO22QK8Y (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G2UE7QPS (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IQSYL0SE (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LRA2IRTA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MDQ4934Z (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O68VX7F3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P6MMONTU (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SU222OTX (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XAO28E12 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\SysWOW64\RENC6F6.tmp (File) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07/03/2016 at 20:12:18.80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
 
 
LastRegBack: 2016-02-29 19:03
 
==================== End of FRST.txt ============================
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Ruairidh (2016-03-07 20:13:29)
Running from C:\Users\Ruairidh\Desktop
Windows 7 Professional Service Pack 1 (X64) (2012-03-04 21:28:33)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1249406558-1224608677-726342571-500 - Administrator - Disabled)
Guest (S-1-5-21-1249406558-1224608677-726342571-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1249406558-1224608677-726342571-1002 - Limited - Enabled)
Ruairidh (S-1-5-21-1249406558-1224608677-726342571-1000 - Administrator - Enabled) => C:\Users\Ruairidh
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Disabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Disabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.11 - GIGABYTE)
3TB+Unlock B11.0704.1 (HKLM-x32\...\{17630FD1-B14A-4CA5-A627-B6B5F7DD41CF}) (Version: 1.00.0001 - GIGABYTE)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20059 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.62 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-1249406558-1224608677-726342571-1000\...\Amazon Amazon Music) (Version: 3.4.0.628 - Amazon Services LLC)
Arma 2 (HKLM-x32\...\Steam App 33900) (Version:  - Bohemia Interactive)
Arma 2: British Armed Forces (HKLM-x32\...\Steam App 65700) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead Beta (HKLM-x32\...\Steam App 219540) (Version:  - )
Arma 2: Private Military Company (HKLM-x32\...\Steam App 65720) (Version:  - Bohemia Interactive)
AutoGreen B10.1021.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B10.1021.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DES 2.0 (HKLM-x32\...\{675F86A8-E093-4002-87D5-915CC2C45571}) (Version: 1.00.0000 - Gigabyte)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
Etron USB3.0 Host Controller (x32 Version: 0.104 - Etron Technology) Hidden
F.E.A.R. 2: Project Origin (HKLM-x32\...\Steam App 16450) (Version:  - Monolith)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Far Cry 2 (HKLM-x32\...\Steam App 19900) (Version:  - Ubisoft Montreal)
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)
Grand Theft Auto: San Andreas (HKLM-x32\...\Steam App 12120) (Version:  - Rockstar Games)
HandBrake 0.10.0 (HKLM-x32\...\HandBrake) (Version: 0.10.0 - )
Hauppauge WinTV 7 (HKLM-x32\...\Hauppauge WinTV 7) (Version: v7.0.30335 (CD 2.6d) - Hauppauge Computer Works)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
Java 8 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418071F0}) (Version: 8.0.710.15 - Oracle Corporation)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
LibreOffice 4.1.2.3 (HKLM-x32\...\{DD3CB916-F91A-41B9-B276-CAC090E91021}) (Version: 4.1.2.3 - The Document Foundation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Expression Design 4 (HKLM-x32\...\Design_8.0.31217.1) (Version: 8.0.31217.1 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
Mozilla Thunderbird 38.6.0 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 38.6.0 (x86 en-GB)) (Version: 38.6.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.06 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
ON_OFF Charge B11.0110.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice.org 3.4.1 (HKLM-x32\...\{9E3E3D64-5A2A-4CEF-A500-EB71188DBA90}) (Version: 3.41.9593 - Apache Software Foundation)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QNAP Qfinder (HKLM-x32\...\QNAP_FINDER) (Version: 4.0.0.0402 - QNAP Systems, Inc.)
RAGE (HKLM-x32\...\Steam App 9200) (Version:  - id Software)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.531.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.1 - Rockstar Games)
S.T.A.L.K.E.R.: Call of Pripyat (HKLM-x32\...\Steam App 41700) (Version:  - GSC Game World)
S.T.A.L.K.E.R.: Clear Sky (HKLM-x32\...\Steam App 20510) (Version:  - GSC Game World)
SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.69 - NVIDIA Corporation) Hidden
Smart 6 B11.0824.1 (HKLM-x32\...\{3B35725F-C623-4A1E-B5CC-99C0868679E3}) (Version: 1.00.0000 - GIGABYTE)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Strongvault Online Backup (x32 Version: 5.0.2.34 - Strongvault Online Backup) Hidden <==== ATTENTION
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Tomb Raider: Legend (HKLM-x32\...\Steam App 7000) (Version:  - Crystal Dynamics)
Tomb Raider: Underworld (HKLM-x32\...\Steam App 8140) (Version:  - Crystal Dynamics)
TouchBIOS B11.0824.1 (HKLM-x32\...\{A2EBACDD-09BB-4894-AE25-7168DB3BFA7F}) (Version: 1.00.0000 - GIGABYTE)
TreeSize Free V3.3.2 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.3.2 - JAM Software)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.2-1 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Phone app for desktop (HKLM-x32\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation)
Wolfenstein: The New Order (HKLM-x32\...\Steam App 201810) (Version:  - Machine Games)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1249406558-1224608677-726342571-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0A2EBE07-F153-400B-9760-F400C6D7D1DB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {0E561F1C-6132-473C-B7E0-87E7CFC80FAC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {12D4438F-351D-4F97-A7D4-189AEE1CEF7A} - System32\Tasks\{413108C3-9D87-428B-ADFF-DA4DD4360E45} => C:\Program Files (x86)\WinTV\WinTV7\WinTV7.exe [2012-11-23] (Hauppauge Computer Works, Inc.)
Task: {177D50A7-A3A0-4E76-AF7B-57D473B8BB97} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {19896DB7-CFB3-4A41-9BC4-E22F57A1D8A0} - \DTReg -> No File <==== ATTENTION
Task: {36BD332E-5028-4ED2-96D2-786B2FB3BECD} - \Updater21804.exe -> No File <==== ATTENTION
Task: {41803022-18AD-4474-810D-262F38F61C2A} - System32\Tasks\iSCSIAgentAutoStartup => D:\Qfinder\iSCSIAgent.exe [2013-03-26] ()
Task: {7E2B55E3-A9A6-47AA-BB88-A7FA3384C4AF} - System32\Tasks\{94515109-77DE-47BC-9BD7-FCD00F95C24E} => pcalua.exe -a C:\Users\Ruairidh\Desktop\Saitek_Cyborg_V5_Keyboard_SD6_64_Drivers_pfw.exe -d C:\Users\Ruairidh\Desktop
Task: {84BFF469-7F16-4D17-9D8B-34F06187B753} - System32\Tasks\{E3FC1AC8-2CBD-4933-B051-7C56F6935A4A} => D:\Kies\Kies.exe
Task: {977282EA-4517-4D9B-8325-627740328BB4} - System32\Tasks\{1850E622-4ED4-44BD-9161-0C7D998B2685} => D:\Kies\Kies.exe
Task: {B2969089-23AC-4E34-A790-0C09203DCB2E} - System32\Tasks\{0B379985-5777-4E53-B3F2-203D897C9C2E} => D:\Kies\Kies.exe
Task: {D6EC8F06-BCDC-45B5-A27C-2D33F112A517} - System32\Tasks\{2691F5A2-1F8C-47EC-AE92-93924D018535} => pcalua.exe -a C:\Users\Ruairidh\Desktop\Saitek_Cyborg_Keyboard_SD6_64_Drivers_pfw.exe -d C:\Users\Ruairidh\Desktop
Task: {D7915EB9-1F21-4400-B2E3-B094384B5354} - System32\Tasks\Maxthon Update => D:\Maxthon\Bin\mxup.exe
Task: {DD3F03DA-B705-4E24-9CF9-891855AC113E} - System32\Tasks\Security Checker => C:\Users\Ruairidh\AppData\Roaming\Security Checker\Security Checker.exe <==== ATTENTION
Task: {E555AF64-D521-4695-A20E-C2B1597B5A15} - System32\Tasks\{B427655A-B8CD-4BA9-9509-714C44C04CEF} => C:\Program Files (x86)\WinTV\WinTV7\WinTV7.exe [2012-11-23] (Hauppauge Computer Works, Inc.)
Task: {EF17CA20-72C8-4A38-AACE-FEE5809EE978} - System32\Tasks\{6662AA94-2153-46D4-837A-4373887DC0BF} => D:\Origin\Battlefield 1942\BF1942.exe
Task: {F666E968-B430-4837-BE76-2512CBED4BA6} - System32\Tasks\Download Software Service => C:\Program Files (x86)\Download Software\DownloadSoftware.exe <==== ATTENTION
Task: {FF8D767E-0F9F-43E4-AC23-1D394780BACA} - System32\Tasks\Beta Viewer Worker => C:\Program Files (x86)\Beta Viewer\swjob.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-03-04 21:41 - 2012-03-04 21:41 - 00008704 _____ () C:\Windows\assembly\GAC_64\GBHO\1.0.0.0__709f1911357dc329\GBHO.dll
2013-09-27 19:20 - 2014-12-16 20:46 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-08-31 16:00 - 2011-08-23 08:04 - 00057344 _____ () C:\Program Files (x86)\WinTV\TVServer\libhdhomerun.dll
2013-08-31 16:00 - 2012-10-29 16:29 - 00018944 _____ () C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServerps.dll
2014-03-27 06:14 - 2014-03-27 06:14 - 00906240 ____N () D:\NPVR\Unmanaged.dll
2016-02-11 19:38 - 2016-02-11 19:38 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\689ff5005671c420fe1ea3d7d2454667\IsdiInterop.ni.dll
2012-03-04 21:37 - 2011-05-20 10:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2009-07-13 21:03 - 2009-07-14 01:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:6319FF34 [126]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1249406558-1224608677-726342571-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-1249406558-1224608677-726342571-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-1249406558-1224608677-726342571-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-1249406558-1224608677-726342571-1000\...\sony.com -> sony.com
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 02:34 - 2014-01-08 19:20 - 00000878 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1249406558-1224608677-726342571-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ruairidh\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Blackberry Device Manager => 3
MSCONFIG\Services: McciCMService => 2
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: PDF Architect Helper Service => 2
MSCONFIG\Services: PDF Architect Service => 2
MSCONFIG\Services: SamsungAllShareV2.0 => 2
MSCONFIG\Services: Serviio => 2
MSCONFIG\Services: SimpleSlideShowServer => 3
MSCONFIG\Services: Survarium Update Service => 3
MSCONFIG\Services: tbbLoaderService => 2
MSCONFIG\Services: wampapache => 3
MSCONFIG\Services: wampmysqld => 3
MSCONFIG\Services: WTabletServiceCon => 2
MSCONFIG\startupfolder: C:^Users^Ruairidh^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Ruairidh^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Serviio.lnk => C:\Windows\pss\Serviio.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AllShare Control => C:\Program Files (x86)\Samsung\Smart Home Control\AllShare Control
MSCONFIG\startupreg: AllShareAgent => D:\AllShare\AllShareAgent.exe
MSCONFIG\startupreg: Amazon Music => "C:\Users\Ruairidh\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: Copernic Desktop Search - Home => "D:\Copernic Desktop Search - Home\DesktopSearchService.exe" /tray
MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.EXE" /autostart
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPDLR => D:\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: QuickTime Task => "D:\QT Lite\QTTask.exe" -atboottime
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
MSCONFIG\startupreg: SMessaging => C:\Users\Ruairidh\AppData\Local\Strongvault Online Backup\SMessaging.exe
MSCONFIG\startupreg: Steam => "D:\Steam\Steam.exe" -silent
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [sPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [sPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{5626B859-2A8F-43CC-A994-77BDD338F02B}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{0010D71A-5744-46E5-B677-C2213B7D07F2}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [TCP Query User{A5350DCE-1855-428E-B757-D40A5B5F33D8}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [uDP Query User{6C6B57BD-D327-4F05-B1CC-8ACCCDF413C4}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{68EA9601-48B8-4EDD-91B2-5FC18AF92818}] => (Allow) C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
FirewallRules: [{C77D32E1-D9CF-4EA7-BFCE-1702813B98FD}] => (Allow) C:\Program Files (x86)\Maxthon3\Bin\MxUp.exe
FirewallRules: [{F6C31E57-D200-4273-8710-F526B9117174}] => (Allow) C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
FirewallRules: [{8149BCCF-8C48-42EC-838B-031F619C1795}] => (Allow) C:\Program Files (x86)\Maxthon3\Modules\MxMiniThunder\ThunderMini.exe
FirewallRules: [{B3267678-2330-4DB9-85CE-791843C0651A}] => (Allow) C:\Program Files (x86)\Maxthon3\Bin\MxUp.exe
FirewallRules: [{BFB459E0-F954-4F74-9445-9F1C38BC3834}] => (Allow) C:\Program Files (x86)\Maxthon3\Modules\MxMiniThunder\ThunderMini.exe
FirewallRules: [TCP Query User{C94AC896-F650-404F-9EFE-B18BB8E6BD3B}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [uDP Query User{E99CBC36-FF44-4AD7-AB21-1F2E0CEF3811}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [{C72C26BC-D5A9-464A-807F-10E1C86FE804}] => (Allow) D:\Origin\Battlefield 3\bf3.exe
FirewallRules: [{B4B0DEC5-14A5-4089-9F5C-A5E29F49E1B9}] => (Allow) D:\Origin\Battlefield 3\bf3.exe
FirewallRules: [{5F651ABA-62DD-4680-9CED-F08F3E92F2B8}] => (Allow) D:\AllShare\AllShareDMS\AllShareDMS.exe
FirewallRules: [{F3CF02E2-B596-48A9-996E-2E3896AB1328}] => (Allow) D:\AllShare\AllShare.exe
FirewallRules: [{1D0F75F7-AF39-4A41-B875-4DB394C05E94}] => (Allow) D:\AllShare\AllShareAgent.exe
FirewallRules: [{30E8B138-EF3D-4D4D-9F90-B925C61ED6FD}] => (Allow) D:\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [{495FCD0A-CCB8-4FB3-8B98-D193160C47BF}] => (Allow) D:\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [{E487BA45-78FE-45D7-9853-DC5EE28DDE39}] => (Allow) D:\Mass Effect 2\MassEffect2Launcher.exe
FirewallRules: [{AD6D4F87-FB81-45FD-825F-07B0703E0C70}] => (Allow) D:\Mass Effect 2\MassEffect2Launcher.exe
FirewallRules: [TCP Query User{BDA10AA7-55BE-4D22-8C3E-653EEE7748F3}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [uDP Query User{7136133D-31B2-4F18-AFA2-7187BF906D30}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{1FF0B958-C777-47B0-B8BE-296ADC1CC3A5}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe
FirewallRules: [{7D5BB6F3-2081-4E84-99A6-B37CEBCA4629}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe
FirewallRules: [{06629C41-D242-4EA0-BF5C-C9885D7CEB04}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe
FirewallRules: [{EEBC9E1F-0089-4193-B226-BB7383C9D13E}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe
FirewallRules: [{0A94B786-68BE-4DA5-8221-95DE043B351C}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\UPlayBrowser.exe
FirewallRules: [{41ED4229-6211-49F1-8027-25AC42B1F0FB}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\UPlayBrowser.exe
FirewallRules: [{CB2D2DF9-55A7-4ACE-AD3F-E6E66504C500}] => (Allow) D:\Maxthon\Bin\MxUp.exe
FirewallRules: [{8312AE16-6317-4637-97A2-D15A07414E67}] => (Allow) D:\Maxthon\Bin\MxUp.exe
FirewallRules: [{B2C19DA3-42A0-4D2F-B6BB-EF94DD5D554D}] => (Allow) D:\Maxthon\Bin\Maxthon.exe
FirewallRules: [{53A8F93F-306F-449D-B1FE-28E211B6EFB9}] => (Allow) D:\Maxthon\Bin\Maxthon.exe
FirewallRules: [{F6EF68FF-FDDC-41C3-96E3-65C78157C4A6}] => (Allow) D:\Rim.Desktop.exe
FirewallRules: [{7F972566-92D3-4CD2-A791-EC46034AA6E0}] => (Allow) D:\Rim.Desktop.exe
FirewallRules: [{460DC9A0-6CD0-448A-9EEC-DD25DD865D57}] => (Allow) D:\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{7C78371B-38E0-463B-AE46-A4DF83716032}] => (Allow) D:\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{945E138D-1FC9-4BB7-88BB-A9A4167A7FC1}] => (Allow) D:\Steam\steamapps\va_va_voom\source sdk base 2007\hl2.exe
FirewallRules: [{92EA76A0-0DBB-43F5-A9C9-5C48FA128635}] => (Allow) D:\Steam\steamapps\va_va_voom\source sdk base 2007\hl2.exe
FirewallRules: [{B36DACA6-4FEB-4337-9071-AB94FC3A71C5}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\CaptureDCR.exe
FirewallRules: [{A7063457-B7AD-49F3-94F5-F51138119EBD}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\CaptureDCR.exe
FirewallRules: [{B7C0F023-3FE3-4D87-8DF6-0EB6B28ACE8C}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\CaptureDCR.exe
FirewallRules: [{C4557509-1B81-48E8-B487-76A1DFAC6BFD}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\CaptureDCR.exe
FirewallRules: [TCP Query User{F11962F4-375E-4A6E-AB5C-1449BCE24543}D:\qfinder\qfinder.exe] => (Allow) D:\qfinder\qfinder.exe
FirewallRules: [uDP Query User{4FB58F64-5C0E-4F0B-9E62-DBC0BB5B0883}D:\qfinder\qfinder.exe] => (Allow) D:\qfinder\qfinder.exe
FirewallRules: [{3C510192-F494-471B-A325-8890E17EA2C5}] => (Allow) C:\Program Files (x86)\WinTV\WinTV7\WinTV7.exe
FirewallRules: [{8F1F445F-CF02-4508-A202-D03515F66A2C}] => (Allow) C:\Program Files (x86)\WinTV\WinTV7\WinTV7.exe
FirewallRules: [{3585C03A-14AF-4A70-85F4-455DD55661DA}] => (Allow) C:\Program Files (x86)\WinTV\WinTV7\WinTV7.exe
FirewallRules: [{1082F540-D9E5-4F16-BEC5-D2E2EBF07536}] => (Allow) C:\Program Files (x86)\WinTV\WinTV7\WinTV7.exe
FirewallRules: [{E328B7EE-EBA0-4E77-A88D-A16669B28431}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{9598FAE9-434C-4087-B548-F61F70AE5005}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{41F31191-23E4-4ED3-AE8F-3E0862CB537B}] => (Allow) D:\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{384984C5-9A89-4006-8B06-614EF96D5C65}] => (Allow) D:\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{BCFAFBC5-3B09-41B5-BFBB-90853030AA16}] => (Allow) D:\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{7A6CE71A-E4F1-49E3-AB67-58327193CED6}] => (Allow) D:\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [TCP Query User{DBA7CB2F-5339-4185-A478-3DD818E34569}D:\wamp\bin\apache\apache2.4.4\bin\httpd.exe] => (Allow) D:\wamp\bin\apache\apache2.4.4\bin\httpd.exe
FirewallRules: [uDP Query User{2DCB4E85-2B65-4631-A4C4-A170E7D70476}D:\wamp\bin\apache\apache2.4.4\bin\httpd.exe] => (Allow) D:\wamp\bin\apache\apache2.4.4\bin\httpd.exe
FirewallRules: [TCP Query User{719DA45E-8129-4B4B-B12A-DE7461FF1EBD}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Block) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [uDP Query User{B4BA0BE8-E96E-4C24-A2EA-075324F8261F}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Block) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [TCP Query User{B1E8AF9A-4EA8-4935-B3D9-894BB1C4C4E5}D:\arma\arma.exe] => (Allow) D:\arma\arma.exe
FirewallRules: [uDP Query User{83745497-37A5-4DBE-A406-9C213268FC54}D:\arma\arma.exe] => (Allow) D:\arma\arma.exe
FirewallRules: [{B2400B2A-5F09-4FE1-93EE-7A7624C5E220}] => (Allow) D:\Steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\Arma2OA.exe
FirewallRules: [{CFBB6454-A7AB-4F79-A5A2-4DDA9C0C6AB9}] => (Allow) D:\Steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\Arma2OA.exe
FirewallRules: [{9AB9040B-9D8C-4054-8C4D-F0064B3F28E1}] => (Allow) D:\Steam\steamapps\common\arma 2 operation arrowhead\DLCsetup\PMC\datacachepreprocessor.exe
FirewallRules: [{D1AF29D7-F77A-4300-B94C-C61211F63AFC}] => (Allow) D:\Steam\steamapps\common\arma 2 operation arrowhead\DLCsetup\PMC\datacachepreprocessor.exe
FirewallRules: [{85C3FBEE-C299-47F3-9889-48133F1634A1}] => (Allow) D:\Steam\steamapps\common\Arma 2\arma2.exe
FirewallRules: [{75E95134-CA58-40C5-9AEF-A4C649F90D48}] => (Allow) D:\Steam\steamapps\common\Arma 2\arma2.exe
FirewallRules: [{64B9918F-7894-4EA0-AAA2-E792266139A9}] => (Allow) D:\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA.exe
FirewallRules: [{C8887A2C-D937-4AA0-940B-72F2DF753E3C}] => (Allow) D:\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA.exe
FirewallRules: [{700484C4-EC41-47E3-9453-45AAAAFBA955}] => (Allow) D:\Steam\steamapps\common\arma 2 operation arrowhead\DLCsetup\BAF\datacachepreprocessor.exe
FirewallRules: [{F6AFC8B1-598D-4831-AAB1-E00F7C13A8D3}] => (Allow) D:\Steam\steamapps\common\arma 2 operation arrowhead\DLCsetup\BAF\datacachepreprocessor.exe
FirewallRules: [{CFEE38D4-7999-441C-A9D4-C65BBF667FC1}] => (Allow) D:\Survarium\temp\survarium_launcher.exe
FirewallRules: [{CDF630B8-77FB-424A-B14A-238D40F9A08E}] => (Allow) D:\Survarium\temp\survarium_updater.exe
FirewallRules: [{EF19A743-88E3-46F0-8D1E-0A7F18915A96}] => (Allow) D:\Survarium\temp\survarium_updater.exe
FirewallRules: [{896EAC26-E445-485B-829A-4E7C30B492F2}] => (Allow) D:\Survarium\temp\survarium_updater.exe
FirewallRules: [{10C53F49-3350-4428-8201-B392E663DCE7}] => (Allow) D:\Survarium\temp\survarium_updater.exe
FirewallRules: [{DC799A81-0ECE-4B02-A2AF-41ECDA90193D}] => (Allow) D:\Survarium\game\binaries\x86\survarium.exe
FirewallRules: [{CE60BA6C-DFF4-4C88-93F0-FE605BA4A52C}] => (Allow) D:\Survarium\game\binaries\x86\survarium.exe
FirewallRules: [TCP Query User{AF3CA02E-D5C9-4504-A93F-FAE328353CE9}D:\survarium\game\binaries\x86\survarium_updater.exe] => (Allow) D:\survarium\game\binaries\x86\survarium_updater.exe
FirewallRules: [uDP Query User{A6DA7752-7080-4A99-A08E-965D93BFA392}D:\survarium\game\binaries\x86\survarium_updater.exe] => (Allow) D:\survarium\game\binaries\x86\survarium_updater.exe
FirewallRules: [{C2356672-6794-414E-B73A-678B0031FF2D}] => (Allow) D:\Steam\steamapps\common\RAGE\Rage.exe
FirewallRules: [{7D4C9EB6-668F-437C-9F77-1F87AC011DFE}] => (Allow) D:\Steam\steamapps\common\RAGE\Rage.exe
FirewallRules: [{8F330135-3311-4B7D-B5D0-118E225761AC}] => (Allow) D:\Steam\steamapps\common\RAGE\Rage64.exe
FirewallRules: [{39BA080E-377C-4779-94E8-2747910DC48A}] => (Allow) D:\Steam\steamapps\common\RAGE\Rage64.exe
FirewallRules: [{2166678E-030A-4908-9884-33DD38CCE265}] => (Allow) D:\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA_BE.exe
FirewallRules: [{4AA2433A-576B-45D8-9127-99F3B1C23FE0}] => (Allow) D:\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA_BE.exe
FirewallRules: [{88B84AAE-1591-46CD-A705-E287A948B26F}] => (Allow) D:\Steam\steamapps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [{090C275F-0BFA-40C6-9C66-B7D77E179121}] => (Allow) D:\Steam\steamapps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [TCP Query User{C644F864-101E-451F-91DE-A1A86FE69B5E}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe] => (Allow) C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe
FirewallRules: [uDP Query User{946F369F-E0DC-450C-A4DE-335F006BDD1D}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe] => (Allow) C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe
FirewallRules: [{6EF34D89-5B36-4A21-B143-03AA258EFE73}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{0A72C8D6-93CC-4732-8F38-197AF50B9588}] => (Allow) LPort=2869
FirewallRules: [{690E6E57-CC26-4B2B-9664-D6B5F4D193F1}] => (Allow) LPort=1900
FirewallRules: [{D51F2894-02BC-4E54-9519-FA0DD1D3AD62}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{302FFC5B-EECA-45E8-9753-2E80E020126F}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{A2BBF88D-CDEE-4949-A065-3AE1227DE05B}] => (Allow) C:\Program Files (x86)\Samsung\Smart Home Control\Smart Home Control.exe
FirewallRules: [{98CBC7C9-F935-49EA-8D2C-A0DE4712CCEF}] => (Allow) C:\Program Files (x86)\Samsung\Smart Home Control\Smart Home Control.exe
FirewallRules: [{71ADA28E-C225-4D46-92A1-EAE78FA84578}] => (Allow) LPort=7878
FirewallRules: [{5B47BBB0-31B6-476D-A469-79C2A9B2E05E}] => (Allow) LPort=20102
FirewallRules: [{B419C4B2-7407-4216-A1B8-1043599C1240}] => (Allow) LPort=1900
FirewallRules: [{EE440B2F-5B25-4068-AFB0-8CBBC4351112}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{04900EAC-3A4C-4930-8FEE-BBB5C997E453}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{46937DE7-A772-4FBA-9D78-7E308B635662}] => (Allow) D:\Steam\steamapps\common\Tomb Raider Underworld\tru.exe
FirewallRules: [{50660232-7B0E-4A98-8183-587FEFB8A3B9}] => (Allow) D:\Steam\steamapps\common\Tomb Raider Underworld\tru.exe
FirewallRules: [{EDAF313C-7E1A-4AC9-8277-62758B536374}] => (Allow) D:\Steam\steamapps\common\STALKER Clear Sky\bin\xrEngine.exe
FirewallRules: [{5EA6E785-1E41-4CD6-BE92-180C05D0572B}] => (Allow) D:\Steam\steamapps\common\STALKER Clear Sky\bin\xrEngine.exe
FirewallRules: [{2D42D931-0EF1-45C5-8B10-4AAF131785C7}] => (Allow) D:\Steam\steamapps\common\Tomb Raider Legend\trl.exe
FirewallRules: [{CBF14140-6D27-4BC8-89D9-4B6B57B3B747}] => (Allow) D:\Steam\steamapps\common\Tomb Raider Legend\trl.exe
FirewallRules: [{201C33FB-5B47-41D0-AC77-419E3B9332AD}] => (Allow) D:\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{C9A9015C-F8C8-4B11-A3A2-DF4EF9838031}] => (Allow) D:\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{FFAF4727-B7F9-4278-AFEE-74BA8D55342F}] => (Allow) D:\Steam\steamapps\common\Stalker Call of Pripyat\Stalker-COP.exe
FirewallRules: [{6EA7CD13-3BB4-4328-BE23-A457A2B19521}] => (Allow) D:\Steam\steamapps\common\Stalker Call of Pripyat\Stalker-COP.exe
FirewallRules: [{6CC1CB55-FBEE-4D64-A48A-94D4E32291E0}] => (Allow) D:\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{8A87E1D1-6E32-4EEC-BAEE-D5BD3AD5F24B}] => (Allow) D:\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{6B81F4E3-78A6-4601-91A8-28CF648D94C6}] => (Allow) D:\Steam\steamapps\common\FEAR2\FEAR2.exe
FirewallRules: [{AA2FC894-53FD-40F7-9507-71E9F8568509}] => (Allow) D:\Steam\steamapps\common\FEAR2\FEAR2.exe
FirewallRules: [{C6D431EF-AC05-418E-B5DD-BB1494FC5C21}] => (Allow) D:\Steam\steamapps\common\Far Cry 2\bin\FarCry2.exe
FirewallRules: [{705DB1BE-25DA-4895-A4A0-ECA5D4DF6F83}] => (Allow) D:\Steam\steamapps\common\Far Cry 2\bin\FarCry2.exe
FirewallRules: [{CF544B81-3141-4E81-BDA2-E4A6B63BCB39}] => (Allow) D:\Steam\steamapps\common\Far Cry 2\bin\FC2Editor.exe
FirewallRules: [{FE5E7559-29C8-4CDE-9F6F-6F30EBA4EE79}] => (Allow) D:\Steam\steamapps\common\Far Cry 2\bin\FC2Editor.exe
FirewallRules: [{8FA64906-FE2A-4294-B331-286F1B20A20D}] => (Allow) D:\Steam\steamapps\common\Far Cry 2\bin\FC2BenchmarkTool.exe
FirewallRules: [{8669F8E7-F0C0-4244-BB56-4618DB6F3BC0}] => (Allow) D:\Steam\steamapps\common\Far Cry 2\bin\FC2BenchmarkTool.exe
FirewallRules: [{BE87DE7E-6313-4552-A5C5-6C05A2B0BD24}] => (Allow) D:\Steam\steamapps\common\Far Cry 2\bin\FC2ServerLauncher.exe
FirewallRules: [{C40D94C4-709C-41A0-A326-076C0BAD4AEF}] => (Allow) D:\Steam\steamapps\common\Far Cry 2\bin\FC2ServerLauncher.exe
FirewallRules: [{12EB6373-BF52-4CC6-B521-3E78F1D90D28}] => (Allow) D:\Steam\steamapps\common\Wolfenstein.The.New.Order\WolfNewOrder_x64.exe
FirewallRules: [{987AFE0A-CF22-4C7A-A872-60C2FDE88C40}] => (Allow) D:\Steam\steamapps\common\Wolfenstein.The.New.Order\WolfNewOrder_x64.exe
FirewallRules: [{4B3651F5-1526-496F-8F4B-B74D5B34FF1F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{2697E297-2007-4DAF-AC4D-CF9F91EB8D5A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3FBE85BA-22AF-480C-B0EB-A1AE2D102424}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{E087C5B1-814A-408C-A0CC-2BA0D88D3CF0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{C0142330-BAB4-40BE-A922-BCAFB76DC453}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6AE25D48-9507-4201-AA7C-6C9ED11861B2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{FF01639D-5B9C-4B49-9B9A-76156D19265B}] => (Allow) D:\Steam\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{AD7A8D42-FD61-43E0-8A6D-D72B710CF35D}] => (Allow) D:\Steam\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{73475E30-9ADB-4139-85A1-0AFD7BF5F405}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{D0A549EF-0C57-4ACF-8436-6ABE243A50DC}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{71E9C6F3-6E71-4890-BCC8-06D54DAA59D4}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{3F8C4D26-7331-4CB2-AFBC-B2CD8C0188E8}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{A7E87465-3DD7-4CC2-9C43-B7AEF7A25243}] => (Allow) D:\Steam\steamapps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{F58963CA-3973-4DE0-93A2-EAF37A7EEAB6}] => (Allow) D:\Steam\steamapps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{600003EC-8A62-4338-B585-D77A6A253043}] => (Allow) D:\Steam\steamapps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{4FD1C71C-161E-4054-9FA8-BD76D3D00488}] => (Allow) D:\Steam\steamapps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{4194C1DB-81C5-4325-8EAB-773A6B569A25}] => (Allow) C:\Users\Ruairidh\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{933B60E5-D3E7-4F28-9365-99A81C5CB61F}] => (Allow) C:\Users\Ruairidh\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6970E901-27D0-446C-8682-BD6AD7B25054}] => (Allow) C:\Users\Ruairidh\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{50E5961A-0E88-4658-8A6E-DD85B9523A8A}] => (Allow) C:\Users\Ruairidh\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{0D6AEC75-44FD-45D1-A597-552BEE04D86E}D:\mediamonkey\mediamonkey.exe] => (Block) D:\mediamonkey\mediamonkey.exe
FirewallRules: [uDP Query User{58F61245-63CE-461F-895B-85464210A2FB}D:\mediamonkey\mediamonkey.exe] => (Block) D:\mediamonkey\mediamonkey.exe
FirewallRules: [TCP Query User{85BCD9B0-FC78-411C-B18C-ADE5966BC22B}D:\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Block) D:\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [uDP Query User{577603BC-09BB-4A06-876A-032042B4D17C}D:\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Block) D:\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [{2FB965F0-1FF4-4824-A64D-3AAB174C985B}] => (Allow) D:\ANNO 2070\Anno5.exe
FirewallRules: [{894B95B1-02E5-4C3A-B9B1-96C78F14CD51}] => (Allow) D:\ANNO 2070\Anno5.exe
FirewallRules: [{09B1E638-9557-4C16-9C0C-8C174EE1CC76}] => (Allow) D:\ANNO 2070\AutoPatcher.exe
FirewallRules: [{322546DC-6A2C-4FD6-AEF9-4ED00C9DA8EE}] => (Allow) D:\ANNO 2070\AutoPatcher.exe
FirewallRules: [{B2AAE9FF-CDBA-42EA-9379-C4AF556508C6}] => (Allow) D:\ANNO 2070\InitEngine.exe
FirewallRules: [{2569EE75-C001-4FC3-B4F7-93177DA2762E}] => (Allow) D:\ANNO 2070\InitEngine.exe
FirewallRules: [{FC8F11AF-E485-4057-91FF-29260E76F3CC}] => (Allow) D:\Steam\steamapps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [{F75AA677-C5D9-45C6-9BD5-4977D02BA716}] => (Allow) D:\Steam\steamapps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [{23D3EAFE-E4F5-45CE-BE7B-8D812867EFDA}] => (Allow) D:\Steam\steamapps\common\Stalker Call of Pripyat\bin\xrEngine.exe
FirewallRules: [{8A23C86E-A2BA-4DBA-A292-73E5BA86C4D7}] => (Allow) D:\Steam\steamapps\common\Stalker Call of Pripyat\bin\xrEngine.exe
FirewallRules: [{54A119FC-AFA3-4B41-B7AE-3C97C5374E5A}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto San Andreas\gta-sa.exe
FirewallRules: [{17E81AB2-A8D3-4EBA-B06E-4CCFD424AEF9}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto San Andreas\gta-sa.exe
FirewallRules: [{7895EF31-A8A2-47B8-9E3B-A02A705F9D7B}] => (Allow) D:\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [{8E129F24-FFB1-41C1-A4B5-E28A465B26DF}] => (Allow) D:\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [TCP Query User{8EAD4930-20E1-4CAC-B47F-ED113AFC9ED8}D:\grand theft auto iv\gtaiv.exe] => (Allow) D:\grand theft auto iv\gtaiv.exe
FirewallRules: [uDP Query User{BE2FB570-081E-4109-88F6-604C6B3265B6}D:\grand theft auto iv\gtaiv.exe] => (Allow) D:\grand theft auto iv\gtaiv.exe
FirewallRules: [{54D6910B-A8CB-4D2C-B2D8-C0D64B92C0B4}] => (Block) D:\grand theft auto iv\gtaiv.exe
FirewallRules: [{833F59E4-D8A3-43FF-B034-CD276E27EC55}] => (Block) D:\grand theft auto iv\gtaiv.exe
FirewallRules: [{2D12A488-8E27-4076-AC95-CCCDB3E91BD4}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{FCCDE6FA-FC76-465D-9230-DA7413EB55C3}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{D0077BCD-CCF9-40B1-B321-DF5B43FA0199}D:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [uDP Query User{A75A7462-1336-412F-8600-6091241F103E}D:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{40A11866-A749-4E79-A2A5-695F54D2CF02}] => (Block) D:\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{0B63F1C1-C8D8-4969-AA33-8A2AEBB61291}] => (Block) D:\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{F1CC89AA-95C5-48DD-AD02-F85FC68BDB6A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{EACDF497-FA54-4DB4-AF5A-7FC46318679D}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{83F5D34B-47FB-4824-882B-E05CC360D686}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [TCP Query User{3060E36F-E3FA-46DB-9E53-398CCA486C6E}C:\program files\java\jre1.8.0_71\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_71\bin\javaw.exe
FirewallRules: [uDP Query User{15026EC5-B914-4223-B1F7-06B81D73E73E}C:\program files\java\jre1.8.0_71\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_71\bin\javaw.exe
FirewallRules: [{8A519828-A7ED-4498-8D28-10A5CD8A8D9F}] => (Block) C:\program files\java\jre1.8.0_71\bin\javaw.exe
FirewallRules: [{922E29C4-4D02-4863-B715-E87DF4B2673D}] => (Block) C:\program files\java\jre1.8.0_71\bin\javaw.exe
FirewallRules: [{FF577DFD-B420-4DF0-ABBD-06F516895497}] => (Allow) D:\Mozilla Firefox\firefox.exe
FirewallRules: [{30C52133-63F6-43EB-9ACD-62E1E20982D8}] => (Allow) D:\Mozilla Firefox\firefox.exe
 
==================== Restore Points =========================
 
05-03-2016 22:41:45 AA11
06-03-2016 16:53:28 AA11
07-03-2016 19:13:34 AA11
07-03-2016 20:11:20 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/04/2016 10:07:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vlc.exe, version: 2.1.5.0, time stamp: 0x00000000
Faulting module name: ntdll.dll, version: 6.1.7601.19135, time stamp: 0x56a1c9c5
Exception code: 0xc0000005
Fault offset: 0x00000000000183ed
Faulting process id: 0x1f2c
Faulting application start time: 0xvlc.exe0
Faulting application path: vlc.exe1
Faulting module path: vlc.exe2
Report Id: vlc.exe3
 
Error: (03/04/2016 09:51:29 PM) (Source: MsiInstaller) (EventID: 11721) (User: Antec-900)
Description: Product: paint.net -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: _8FBBBB09_39E3_48BB_9E6C_620898EF3CD9, location: D:\SetupNgen.exe, command: /delete DESKTOPSHORTCUT= PDNUPDATING= SKIPCLEANUP= "PROGRAMSGROUP="  QUEUENGEN=
 
Error: (03/04/2016 09:51:15 PM) (Source: MsiInstaller) (EventID: 11721) (User: Antec-900)
Description: Product: paint.net -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: _8FBBBB09_39E3_48BB_9E6C_620898EF3CD9, location: D:\SetupNgen.exe, command: /delete DESKTOPSHORTCUT= PDNUPDATING= SKIPCLEANUP= "PROGRAMSGROUP="  QUEUENGEN=
 
Error: (03/04/2016 06:00:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ClamWin.exe version 0.99.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 8d0
 
Start Time: 01d1763888fd3437
 
Termination Time: 0
 
Application Path: D:\ClamWin\bin\ClamWin.exe
 
Report Id: 0690aba0-e233-11e5-8f98-50e549c930d3
 
Error: (03/03/2016 07:52:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 44.0.2.5884, time stamp: 0x56bbf417
Faulting module name: mozglue.dll, version: 44.0.2.5884, time stamp: 0x56bbe58e
Exception code: 0x80000003
Fault offset: 0x0000ed3b
Faulting process id: 0x380
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
 
Error: (03/02/2016 09:24:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 44.0.2.5884, time stamp: 0x56bbf417
Faulting module name: mozglue.dll, version: 44.0.2.5884, time stamp: 0x56bbe58e
Exception code: 0x80000003
Fault offset: 0x0000ed3b
Faulting process id: 0xfa8
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
 
Error: (02/29/2016 06:29:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GPUpd56D48A8D0.exe, version: 1.4.6.5, time stamp: 0x56d408c0
Faulting module name: GPUpd56D48A8D0.exe, version: 1.4.6.5, time stamp: 0x56d408c0
Exception code: 0xc0000409
Fault offset: 0x00022e3e
Faulting process id: 0x9c8
Faulting application start time: 0xGPUpd56D48A8D0.exe0
Faulting application path: GPUpd56D48A8D0.exe1
Faulting module path: GPUpd56D48A8D0.exe2
Report Id: GPUpd56D48A8D0.exe3
 
Error: (02/23/2016 09:27:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 66FE.tmp.exe, version: 1.4.5.2, time stamp: 0x56cc0778
Faulting module name: 66FE.tmp.exe, version: 1.4.5.2, time stamp: 0x56cc0778
Exception code: 0xc0000409
Fault offset: 0x00023ace
Faulting process id: 0x1278
Faulting application start time: 0x66FE.tmp.exe0
Faulting application path: 66FE.tmp.exe1
Faulting module path: 66FE.tmp.exe2
Report Id: 66FE.tmp.exe3
 
Error: (02/16/2016 06:33:26 PM) (Source: MsiInstaller) (EventID: 1024) (User: Antec-900)
Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F0A4E5B00}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (12/13/2015 07:43:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WindowsPhone.exe, version: 1.1.2726.0, time stamp: 0x53332360
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x164c
Faulting application start time: 0xWindowsPhone.exe0
Faulting application path: WindowsPhone.exe1
Faulting module path: WindowsPhone.exe2
Report Id: WindowsPhone.exe3
 
 
System errors:
=============
Error: (03/07/2016 08:11:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Streamer Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/07/2016 08:11:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/07/2016 08:08:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (03/07/2016 08:06:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (03/07/2016 08:04:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (03/07/2016 08:04:00 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}
 
Error: (03/07/2016 08:04:00 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}
 
Error: (03/07/2016 07:59:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
%%1068
 
Error: (03/07/2016 07:58:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (03/07/2016 07:58:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
 
CodeIntegrity:
===================================
  Date: 2013-08-31 16:52:22.834
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\hcw95bda.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-08-31 16:52:22.764
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\hcw95bda.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-08-31 16:51:05.962
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\hcw95bda.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-08-31 16:51:05.884
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\hcw95bda.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-08-31 16:47:46.332
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\hcw95bda.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-08-31 16:47:46.262
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\hcw95bda.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-08-31 16:44:45.454
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\hcw95bda.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-08-31 16:44:45.384
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\hcw95bda.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-08-31 16:42:51.151
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\hcw95bda.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-08-31 16:42:51.089
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\hcw95bda.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 20%
Total physical RAM: 8109.11 MB
Available physical RAM: 6413.8 MB
Total Virtual: 16216.43 MB
Available Virtual: 14471.21 MB
 
==================== Drives ================================
 
Drive c: (SSD) (Fixed) (Total:111.78 GB) (Free:31.7 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Hitachi) (Fixed) (Total:465.63 GB) (Free:246.85 GB) NTFS
Drive f: (Seagate) (Fixed) (Total:232.88 GB) (Free:52.57 GB) NTFS
Drive h: (Seagate) (Fixed) (Total:232.88 GB) (Free:232.76 GB) NTFS
Drive j: () (Removable) (Total:14.9 GB) (Free:13.92 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 0001411D)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 2 (Size: 232.9 GB) (Disk ID: 00064635)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 3 (Size: 232.9 GB) (Disk ID: 000638FB)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 4 (Size: 14.9 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
 
 
Link to post
Share on other sites

Hi Kevin

 

Logs are too large for one post so the first is below.

 

Thanks

 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Ruairidh (administrator) on ANTEC-900 (08-03-2016 18:44:08)
Running from C:\Users\Ruairidh\Desktop
Loaded Profiles: Ruairidh (Available Profiles: Ruairidh)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
() D:\Qfinder\iSCSIAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureGenUSB.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Menten Holdings Ltd) D:\NPVR\NRecord.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\Ir.exe
(Menten Holdings Ltd) D:\NPVR\NTray.exe
(Hauppauge Computer Works, Inc.) C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureGenUSB.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) D:\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13776088 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391472 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2465088 2014-11-17] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [iSUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-17] (InstallShield Software Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1249406558-1224608677-726342571-1000\...\Run: [iSUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-17] (InstallShield Software Corporation)
HKU\S-1-5-21-1249406558-1224608677-726342571-1000\...\MountPoints2: {b108cd82-660d-11e5-9e7f-50e549c930d3} - I:\iLinker.exe
HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk [2013-08-31]
ShortcutTarget: AutoStart IR.lnk -> C:\Program Files (x86)\WinTV\Ir.exe (Hauppauge Computer Works)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NextPVR Tray.lnk [2014-04-13]
ShortcutTarget: NextPVR Tray.lnk -> D:\NPVR\NTray.exe (Menten Holdings Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status.lnk [2013-08-31]
ShortcutTarget: WinTV Recording Status.lnk -> C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{6293D0D4-34C4-448C-AF50-69F01F773BC0}: [DhcpNameServer] 192.168.138.1
Tcpip\..\Interfaces\{FA20F3C5-A943-459B-B3AF-25CACC8FB625}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1249406558-1224608677-726342571-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: GBHO.BHO -> {45d30484-7ded-43d9-957a-d2fd1f046511} -> C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_71\bin\ssv.dll [2016-01-28] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-28] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
Toolbar: HKLM - Smart Recovery 2 - {1d09c093-f71e-43c3-b948-19316cbd695e} - C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
 
FireFox:
========
FF ProfilePath: C:\Users\Ruairidh\AppData\Roaming\Mozilla\Firefox\Profiles\fuccz17i.default-1457215781457
FF Homepage: hxxp://www.bbc.co.uk/news/scotland/highlands_and_islands/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-03-06] ()
FF Plugin: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-28] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-03-06] ()
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll [No File]
FF Plugin-x32: @esn/esnlaunch,version=1.132.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll [No File]
FF Plugin-x32: @esn/esnlaunch,version=1.140.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-28] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-28] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> D:\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> D:\VLC\npvlc.dll [No File]
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1249406558-1224608677-726342571-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
FF Plugin HKU\S-1-5-21-1249406558-1224608677-726342571-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-08-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-08-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-08-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-08-11] (Apple Inc.)
FF Extension: Adblock Plus - C:\Users\Ruairidh\AppData\Roaming\Mozilla\Firefox\Profiles\fuccz17i.default-1457215781457\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-03-05]
FF HKU\S-1-5-21-1249406558-1224608677-726342571-1000\...\Firefox\Extensions: [{7d666f76-9295-4370-b662-37e2dc87b5d7}] - D:\Copernic Desktop Search - Home\Firefox110Connector => not found
StartMenuInternet: FIREFOX.EXE - D:\Mozilla Firefox\firefox.exe
 
Chrome: 
=======
CHR Profile: C:\Users\Ruairidh\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Ruairidh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-10]
CHR Extension: (Google Docs) - C:\Users\Ruairidh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-10]
CHR Extension: (Google Drive) - C:\Users\Ruairidh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-06]
CHR Extension: (YouTube) - C:\Users\Ruairidh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-09]
CHR Extension: (Adblock Plus) - C:\Users\Ruairidh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-06]
CHR Extension: (Google Search) - C:\Users\Ruairidh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-06]
CHR Extension: (Google Sheets) - C:\Users\Ruairidh\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-10]
CHR Extension: (Google Docs Offline) - C:\Users\Ruairidh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ruairidh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-09]
CHR Extension: (Gmail) - C:\Users\Ruairidh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-09]
CHR Extension: (d37314b556f7983967e7546995f4cba7) - C:\Program Files (x86)\Google\Chrome\Application\d37314b556f7983967e7546995f4cba7 [2016-02-29]
CHR Extension: (fc9e3fe08122c33472dcb62795f4cba7) - C:\Program Files (x86)\Google\Chrome\Application\fc9e3fe08122c33472dcb62795f4cba7 [2016-03-04]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6435896 2016-03-03] (GOG.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-11-17] (NVIDIA Corporation)
R2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [577536 2012-11-12] (Hauppauge Computer Works) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMService; D:\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S4 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2011-03-23] (Alcatel-Lucent) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 NPVR Recording Service; D:\NPVR\NRecord.exe [56320 2014-03-29] (Menten Holdings Ltd) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-11-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19821376 2014-11-17] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-12-16] ()
R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)
S3 GalaxyClientService; "C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe" [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S4 SamsungAllShareV2.0; "D:\AllShare\AllShareDMS\AllShareDMS.exe" [X]
S4 SimpleSlideShowServer; "D:\AllShare\AllShareSlideShowService.exe" [X]
S4 Survarium Update Service; D:\Survarium\game\binaries\x86\survarium_service.exe [X]
S4 wampapache; "D:\wamp\bin\apache\apache2.4.4\bin\httpd.exe" -k runservice [X]
S4 wampmysqld; D:\wamp\bin\mysql\mysql5.6.12\bin\mysqld.exe wampmysqld [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2012-09-13] ()
R3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [658944 2013-07-14] (Hauppauge Computer Works, Inc.)
R3 hcw95rc; C:\Windows\System32\DRIVERS\hcw95rc.sys [19840 2013-07-14] (Hauppauge Computer Works, Inc.)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [29672 2013-01-12] (REALiX)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20800 2014-11-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
S3 PSSDKLBF; C:\Windows\system32\Drivers\pssdklbf.sys [65600 2012-06-23] (microOLAP Technologies LTD)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19936 2012-01-18] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [13280 2012-01-18] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 SaiH0464; C:\Windows\System32\DRIVERS\SaiH0464.sys [178432 2008-03-31] (Saitek)
R3 SaiK0728; C:\Windows\System32\DRIVERS\SaiK0728.sys [180584 2012-12-05] (Saitek)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-07 20:13 - 2016-03-08 18:44 - 00021173 _____ C:\Users\Ruairidh\Desktop\FRST.txt
2016-03-07 20:12 - 2016-03-07 20:12 - 00007829 _____ C:\Users\Ruairidh\Desktop\JRT.txt
2016-03-07 19:58 - 2016-03-07 19:58 - 00000000 ____D C:\Users\Ruairidh\Doctor Web
2016-03-07 19:53 - 2016-03-07 19:53 - 00001060 _____ C:\Users\Ruairidh\Desktop\MB Scan Log.txt
2016-03-07 19:37 - 2016-03-07 19:37 - 01609216 _____ (Malwarebytes) C:\Users\Ruairidh\Desktop\JRT.exe
2016-03-07 19:36 - 2016-03-07 19:37 - 184582536 _____ C:\Users\Ruairidh\Desktop\rmlj2cje.exe
2016-03-06 20:54 - 2016-03-07 20:13 - 00059437 _____ C:\Users\Ruairidh\Desktop\Addition.txt
2016-03-06 20:53 - 2016-03-08 18:44 - 00000000 ____D C:\FRST
2016-03-06 20:48 - 2016-03-06 20:48 - 02374144 _____ (Farbar) C:\Users\Ruairidh\Desktop\FRST64.exe
2016-03-06 19:34 - 2016-03-06 19:34 - 00000000 ___HD C:\$WINDOWS.~BT
2016-03-06 19:24 - 2016-03-06 19:24 - 00000651 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-03-06 19:24 - 2016-03-06 19:24 - 00000651 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-03-06 19:22 - 2016-03-06 19:22 - 00242080 _____ C:\Users\Ruairidh\Downloads\Firefox Setup Stub 44.0.2 (1).exe
2016-03-06 19:21 - 2016-03-06 19:21 - 00242080 _____ C:\Users\Ruairidh\Downloads\Firefox Setup Stub 44.0.2.exe
2016-03-06 19:06 - 2016-03-06 19:12 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-03-06 19:06 - 2016-03-06 19:06 - 02622792 _____ (Kaspersky Lab) C:\Users\Ruairidh\Downloads\kss16.0.0.1344en_ru_de_fr_es_pt_it_zh-hans_nl_pl_tr_cs_ko_id_vi_ar_fa_zh-hant_9328.exe
2016-03-06 17:48 - 2016-03-06 17:49 - 01190608 _____ (Adobe Systems Incorporated) C:\Users\Ruairidh\Downloads\flashplayer20_ha_install(1).exe
2016-03-06 17:15 - 2016-03-06 17:15 - 00001965 _____ C:\Users\Ruairidh\Desktop\Ad-Aware_Report_Full_Manual_2016-03-06T17-12-28.753215.xml
2016-03-05 22:41 - 2016-03-05 22:41 - 02085168 _____ C:\Users\Ruairidh\Downloads\Adaware_Installer (1).exe
2016-03-05 22:40 - 2016-03-05 22:40 - 02085168 _____ C:\Users\Ruairidh\Downloads\Adaware_Installer.exe
2016-03-05 22:09 - 2016-03-05 22:09 - 00000000 ____D C:\Users\Ruairidh\Desktop\Old Firefox Data
2016-03-05 22:02 - 2016-03-05 22:03 - 131179288 _____ (Microsoft Corporation) C:\Users\Ruairidh\Desktop\msert.exe
2016-03-03 19:56 - 2016-03-03 19:56 - 00388608 _____ (Trend Micro Inc.) C:\Users\Ruairidh\Desktop\HijackThis.exe
2016-03-01 21:48 - 2016-03-01 21:48 - 00002776 _____ C:\Users\Ruairidh\Desktop\Rkill.txt
2016-03-01 21:47 - 2016-03-01 21:47 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Ruairidh\Downloads\iExplore.exe
2016-03-01 21:42 - 2016-03-01 21:47 - 00229356 _____ C:\TDSSKiller.3.1.0.9_01.03.2016_21.42.54_log.txt
2016-03-01 21:42 - 2016-03-01 21:42 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Ruairidh\Downloads\tdsskiller.exe
2016-02-29 21:40 - 2016-03-07 19:29 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-02-29 21:40 - 2016-03-07 19:28 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-02-29 21:40 - 2016-02-29 21:40 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2016-02-29 21:39 - 2016-02-29 21:39 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Ruairidh\Downloads\spybot-2.4.exe
2016-02-29 21:24 - 2016-03-06 17:14 - 00000000 ____D C:\Program Files (x86)\Beta Viewer
2016-02-29 21:24 - 2016-03-05 22:15 - 00003268 _____ C:\Windows\System32\Tasks\Beta Viewer Worker
2016-02-29 18:14 - 2016-03-06 17:10 - 00000000 ____D C:\Program Files (x86)\Download Software
2016-02-29 18:14 - 2016-02-29 18:14 - 00003634 _____ C:\Windows\System32\Tasks\Download Software Service
2016-02-23 21:22 - 2016-03-06 17:10 - 00000000 ____D C:\Users\Ruairidh\AppData\Roaming\Security Checker
2016-02-23 21:22 - 2016-02-23 21:22 - 00003322 _____ C:\Windows\System32\Tasks\Security Checker
2016-02-23 20:35 - 2016-02-23 20:35 - 00000000 ____D C:\Users\Ruairidh\AppData\LocalLow\uTorrent
2016-02-23 19:30 - 2016-02-23 19:31 - 00000000 ____D C:\Users\Ruairidh\Desktop\Acer
2016-02-12 19:08 - 2016-03-06 19:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-11 19:56 - 2016-02-11 19:56 - 00000000 ____D C:\Windows\rescache
2016-02-09 21:09 - 2016-02-06 10:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-09 21:09 - 2016-02-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-02-09 21:09 - 2016-02-06 10:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-09 21:09 - 2016-02-06 10:11 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-02-09 21:09 - 2016-02-06 10:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-02-09 21:09 - 2016-02-06 10:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-02-09 21:09 - 2016-02-06 09:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-02-09 21:09 - 2016-02-06 09:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-02-09 21:09 - 2016-02-06 09:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-02-09 21:09 - 2016-02-06 09:37 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-02-09 21:09 - 2016-02-06 09:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-09 21:09 - 2016-02-06 09:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-02-09 21:09 - 2016-02-06 09:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-09 21:09 - 2016-02-06 08:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-02-09 21:09 - 2016-01-22 20:31 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-02-09 21:09 - 2016-01-22 20:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-02-09 21:09 - 2016-01-22 06:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-02-09 21:09 - 2016-01-22 06:41 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-02-09 21:09 - 2016-01-22 06:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-09 21:09 - 2016-01-22 06:40 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-02-09 21:09 - 2016-01-22 06:40 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-02-09 21:09 - 2016-01-22 06:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-02-09 21:09 - 2016-01-22 06:33 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-02-09 21:09 - 2016-01-22 06:32 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-02-09 21:09 - 2016-01-22 06:29 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-09 21:09 - 2016-01-22 06:27 - 05573056 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-09 21:09 - 2016-01-22 06:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-09 21:09 - 2016-01-22 06:27 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-02-09 21:09 - 2016-01-22 06:27 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-02-09 21:09 - 2016-01-22 06:27 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-02-09 21:09 - 2016-01-22 06:27 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-02-09 21:09 - 2016-01-22 06:24 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-09 21:09 - 2016-01-22 06:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-02-09 21:09 - 2016-01-22 06:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-02-09 21:09 - 2016-01-22 06:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-02-09 21:09 - 2016-01-22 06:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-02-09 21:09 - 2016-01-22 06:20 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-02-09 21:09 - 2016-01-22 06:20 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-02-09 21:09 - 2016-01-22 06:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-02-09 21:09 - 2016-01-22 06:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-02-09 21:09 - 2016-01-22 06:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-02-09 21:09 - 2016-01-22 06:20 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-02-09 21:09 - 2016-01-22 06:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-02-09 21:09 - 2016-01-22 06:19 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-09 21:09 - 2016-01-22 06:19 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-02-09 21:09 - 2016-01-22 06:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-02-09 21:09 - 2016-01-22 06:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-09 21:09 - 2016-01-22 06:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-09 21:09 - 2016-01-22 06:18 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-02-09 21:09 - 2016-01-22 06:17 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-02-09 21:09 - 2016-01-22 06:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-09 21:09 - 2016-01-22 06:17 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-02-09 21:09 - 2016-01-22 06:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-09 21:09 - 2016-01-22 06:16 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-09 21:09 - 2016-01-22 06:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-02-09 21:09 - 2016-01-22 06:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-02-09 21:09 - 2016-01-22 06:15 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-09 21:09 - 2016-01-22 06:15 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-09 21:09 - 2016-01-22 06:15 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-09 21:09 - 2016-01-22 06:13 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-02-09 21:09 - 2016-01-22 06:13 - 03938752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-02-09 21:09 - 2016-01-22 06:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-09 21:09 - 2016-01-22 06:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-02-09 21:09 - 2016-01-22 06:13 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-02-09 21:09 - 2016-01-22 06:12 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-09 21:09 - 2016-01-22 06:12 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-02-09 21:09 - 2016-01-22 06:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-02-09 21:09 - 2016-01-22 06:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 06:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 06:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 06:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 06:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 06:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 06:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 06:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 06:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 06:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 06:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 06:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 06:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 06:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 06:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 06:09 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-09 21:09 - 2016-01-22 06:09 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-02-09 21:09 - 2016-01-22 06:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-02-09 21:09 - 2016-01-22 06:06 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-02-09 21:09 - 2016-01-22 06:06 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-02-09 21:09 - 2016-01-22 06:06 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-02-09 21:09 - 2016-01-22 06:06 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-02-09 21:09 - 2016-01-22 06:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-02-09 21:09 - 2016-01-22 06:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-02-09 21:09 - 2016-01-22 06:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-02-09 21:09 - 2016-01-22 06:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-02-09 21:09 - 2016-01-22 06:05 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-02-09 21:09 - 2016-01-22 06:05 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-02-09 21:09 - 2016-01-22 06:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-02-09 21:09 - 2016-01-22 06:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-02-09 21:09 - 2016-01-22 06:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-02-09 21:09 - 2016-01-22 06:04 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-02-09 21:09 - 2016-01-22 06:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-09 21:09 - 2016-01-22 06:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-02-09 21:09 - 2016-01-22 06:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-02-09 21:09 - 2016-01-22 06:02 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-02-09 21:09 - 2016-01-22 06:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-02-09 21:09 - 2016-01-22 06:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-09 21:09 - 2016-01-22 06:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-02-09 21:09 - 2016-01-22 06:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-09 21:09 - 2016-01-22 06:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-02-09 21:09 - 2016-01-22 06:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-02-09 21:09 - 2016-01-22 06:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-02-09 21:09 - 2016-01-22 06:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-02-09 21:09 - 2016-01-22 06:00 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-02-09 21:09 - 2016-01-22 06:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-02-09 21:09 - 2016-01-22 05:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-02-09 21:09 - 2016-01-22 05:59 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-02-09 21:09 - 2016-01-22 05:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-02-09 21:09 - 2016-01-22 05:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-02-09 21:09 - 2016-01-22 05:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 05:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 05:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 05:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 05:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 05:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 05:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 05:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 05:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 05:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 05:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 05:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 05:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 05:55 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-02-09 21:09 - 2016-01-22 05:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-02-09 21:09 - 2016-01-22 05:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-02-09 21:09 - 2016-01-22 05:51 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-02-09 21:09 - 2016-01-22 05:50 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-02-09 21:09 - 2016-01-22 05:48 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-02-09 21:09 - 2016-01-22 05:47 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-09 21:09 - 2016-01-22 05:46 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-09 21:09 - 2016-01-22 05:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-02-09 21:09 - 2016-01-22 05:43 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-02-09 21:09 - 2016-01-22 05:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-02-09 21:09 - 2016-01-22 05:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-02-09 21:09 - 2016-01-22 05:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-02-09 21:09 - 2016-01-22 05:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-02-09 21:09 - 2016-01-22 05:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-02-09 21:09 - 2016-01-22 05:34 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-02-09 21:09 - 2016-01-22 05:33 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-02-09 21:09 - 2016-01-22 05:31 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-09 21:09 - 2016-01-22 05:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-02-09 21:09 - 2016-01-22 05:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-02-09 21:09 - 2016-01-22 05:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-02-09 21:09 - 2016-01-22 05:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-02-09 21:09 - 2016-01-22 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-02-09 21:09 - 2016-01-22 05:08 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-02-09 21:09 - 2016-01-22 05:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-02-09 21:09 - 2016-01-22 05:07 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-02-09 21:09 - 2016-01-22 05:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-02-09 21:09 - 2016-01-22 05:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-02-09 21:09 - 2016-01-22 05:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-02-09 21:09 - 2016-01-22 04:59 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-02-09 21:09 - 2016-01-22 04:58 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-02-09 21:09 - 2016-01-22 04:58 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-02-09 21:09 - 2016-01-22 04:57 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-09 21:09 - 2016-01-22 04:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-02-09 21:09 - 2016-01-22 04:53 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-02-09 21:09 - 2016-01-22 04:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-02-09 21:09 - 2016-01-22 04:53 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-02-09 21:09 - 2016-01-22 04:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-02-09 21:09 - 2016-01-22 04:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-02-09 21:09 - 2016-01-22 04:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 04:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 04:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-02-09 21:09 - 2016-01-22 04:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-02-09 21:09 - 2016-01-16 19:06 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-02-09 21:09 - 2016-01-16 19:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-02-09 21:09 - 2016-01-16 18:54 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-02-09 21:09 - 2016-01-16 18:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-02-09 21:09 - 2016-01-11 19:05 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-02-09 21:09 - 2016-01-11 19:05 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-02-09 21:09 - 2016-01-11 19:05 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-02-09 21:09 - 2016-01-11 18:52 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-02-09 21:09 - 2016-01-11 18:47 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-02-09 21:09 - 2016-01-11 18:26 - 02610176 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-09 21:09 - 2016-01-11 18:24 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-09 21:09 - 2016-01-11 18:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-02-09 21:09 - 2016-01-11 18:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-02-09 21:09 - 2016-01-11 18:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-02-09 21:09 - 2016-01-11 18:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-02-09 21:09 - 2016-01-11 18:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-02-09 21:09 - 2016-01-11 18:14 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-02-09 21:09 - 2016-01-11 18:14 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-02-09 21:09 - 2016-01-11 18:14 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-02-09 21:09 - 2016-01-11 18:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-02-09 21:09 - 2016-01-11 14:08 - 01362944 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-02-09 21:09 - 2016-01-11 14:08 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-02-09 21:09 - 2016-01-11 14:08 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-02-09 21:09 - 2016-01-11 14:08 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-02-09 21:09 - 2016-01-11 14:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-02-09 21:09 - 2016-01-07 17:53 - 03211776 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-09 21:09 - 2016-01-07 17:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-09 21:09 - 2016-01-06 19:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-02-09 21:09 - 2016-01-06 19:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-02-09 21:09 - 2016-01-06 18:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-02-09 21:09 - 2015-12-20 18:50 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-02-09 21:09 - 2015-12-20 18:50 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2016-02-09 21:09 - 2015-12-20 14:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-02-09 21:08 - 2016-01-22 06:19 - 14179840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-02-09 21:08 - 2016-01-22 06:15 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-02-09 21:08 - 2016-01-22 06:12 - 01940992 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-02-09 21:08 - 2016-01-22 06:05 - 12877824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-02-09 21:08 - 2016-01-22 06:00 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-02-09 21:08 - 2016-01-22 05:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-02-09 21:08 - 2016-01-22 05:19 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-02-09 21:08 - 2016-01-22 05:12 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-08 18:43 - 2015-03-10 20:05 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-08 18:41 - 2015-03-10 20:05 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-08 18:41 - 2014-11-23 12:10 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-08 18:41 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-07 22:05 - 2012-03-04 21:28 - 00000000 ____D C:\Users\Ruairidh
2016-03-07 20:13 - 2009-07-14 04:45 - 00025232 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-07 20:13 - 2009-07-14 04:45 - 00025232 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-07 20:11 - 2009-07-14 05:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-07 20:11 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf
2016-03-07 20:05 - 2012-03-06 18:52 - 00781770 _____ C:\Windows\ntbtlog.txt
2016-03-07 19:34 - 2014-08-30 17:39 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-07 19:26 - 2009-07-14 05:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-03-06 19:56 - 2013-02-02 11:58 - 00000000 ____D C:\Users\Ruairidh\AppData\Local\Google
2016-03-06 19:34 - 2012-03-05 05:22 - 00000000 ____D C:\Windows\Panther
2016-03-06 17:51 - 2014-08-30 17:49 - 00000000 ____D C:\Users\Ruairidh\AppData\Local\Adobe
2016-03-06 17:51 - 2012-05-06 09:14 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-06 17:51 - 2012-03-04 22:04 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-05 22:15 - 2015-03-10 20:06 - 00002484 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-04 22:10 - 2012-12-26 17:04 - 00000000 ____D C:\Users\Ruairidh\Documents\My Games
2016-03-04 22:07 - 2012-07-22 17:57 - 00000000 ____D C:\Users\Ruairidh\AppData\Roaming\vlc
2016-03-04 22:06 - 2013-10-05 18:38 - 00000000 ____D C:\Users\Ruairidh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-03-04 22:06 - 2009-07-14 05:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-04 21:59 - 2012-11-18 21:03 - 00000000 ____D C:\Users\Ruairidh\AppData\Local\Ubisoft Game Launcher
2016-03-04 21:59 - 2012-03-04 21:35 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-03-04 21:54 - 2012-07-22 21:00 - 00000000 ____D C:\ProgramData\Samsung
2016-03-04 21:54 - 2012-07-22 20:48 - 00000000 ____D C:\Program Files (x86)\Samsung
2016-03-04 21:54 - 2012-07-22 20:46 - 00000000 ____D C:\Users\Ruairidh\AppData\Local\Samsung
2016-03-04 21:54 - 2012-07-22 20:40 - 00000000 ____D C:\Users\Ruairidh\AppData\Roaming\Samsung
2016-03-04 21:39 - 2014-09-20 21:12 - 00000000 ____D C:\Program Files (x86)\DivX
2016-03-04 21:39 - 2014-09-20 21:11 - 00000000 ____D C:\ProgramData\DivX
2016-03-04 21:38 - 2015-03-07 19:47 - 00000000 ____D C:\Users\Ruairidh\AppData\Roaming\Gearbox Software
2016-03-04 18:48 - 2014-12-21 13:44 - 00000000 ____D C:\Users\Ruairidh\AppData\Roaming\uTorrent
2016-03-04 02:02 - 2014-04-13 19:01 - 00000000 ____D C:\Users\Public\NPVR
2016-03-03 21:40 - 2015-07-05 16:24 - 00000352 _____ C:\Windows\BRRBCOM.INI
2016-02-29 22:05 - 2015-03-10 20:05 - 00000000 ____D C:\Program Files (x86)\Google
2016-02-29 18:30 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\security
2016-02-28 21:00 - 2015-04-04 07:28 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-02-28 21:00 - 2015-04-04 07:28 - 00000000 ___SD C:\Windows\system32\GWX
2016-02-24 17:43 - 2016-01-09 20:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-02-24 17:43 - 2012-05-12 11:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-23 20:33 - 2012-05-01 10:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-02-23 20:33 - 2012-03-04 22:25 - 00001945 _____ C:\Windows\epplauncher.mif
2016-02-23 20:33 - 2012-03-04 22:24 - 00002120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-02-23 20:33 - 2012-03-04 22:24 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-02-20 16:44 - 2015-03-10 20:06 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-16 18:33 - 2015-07-12 16:12 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-10 20:10 - 2009-07-14 04:45 - 00359824 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-10 20:09 - 2014-12-10 16:51 - 00000000 ____D C:\Windows\system32\appraiser
2016-02-10 20:09 - 2014-05-06 21:29 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-02-10 20:09 - 2009-07-14 07:47 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-09 22:47 - 2013-07-12 20:19 - 00000000 ____D C:\Windows\system32\MRT
2016-02-09 22:45 - 2012-03-07 22:35 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2013-03-09 20:08 - 2014-03-03 18:57 - 0000770 _____ () C:\Users\Ruairidh\AppData\Roaming\Rim.Desktop.Exception.log
2013-03-09 20:08 - 2014-08-11 16:19 - 0003067 _____ () C:\Users\Ruairidh\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2013-03-09 20:08 - 2014-03-03 18:57 - 0000770 _____ () C:\Users\Ruairidh\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-03-13 19:03 - 2012-05-15 12:40 - 0000079 _____ () C:\Users\Ruairidh\AppData\Local\CrystalDiskMark30.ini
2013-02-03 12:43 - 2013-02-03 12:43 - 0000841 _____ () C:\Users\Ruairidh\AppData\Local\recently-used.xbel
2012-04-06 20:30 - 2012-04-06 20:30 - 0007628 _____ () C:\Users\Ruairidh\AppData\Local\Resmon.ResmonCfg
2015-04-04 07:27 - 2015-04-04 07:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
ZeroAccess:
C:\Users\Ruairidh\AppData\Local\{5bafae46-376a-9b76-1b7a-e10a3f86ead3}
 
Some files in TEMP:
====================
C:\Users\Ruairidh\AppData\Local\Temp\binkw32.dll
C:\Users\Ruairidh\AppData\Local\Temp\Core.dll
C:\Users\Ruairidh\AppData\Local\Temp\Engine.dll
C:\Users\Ruairidh\AppData\Local\Temp\GPUpd56D9FD230.exe
C:\Users\Ruairidh\AppData\Local\Temp\i4jdel0.exe
C:\Users\Ruairidh\AppData\Local\Temp\IFC23.dll
C:\Users\Ruairidh\AppData\Local\Temp\msvci70.dll
C:\Users\Ruairidh\AppData\Local\Temp\msvci70d.dll
C:\Users\Ruairidh\AppData\Local\Temp\msvcirt.dll
C:\Users\Ruairidh\AppData\Local\Temp\msvcp70.dll
C:\Users\Ruairidh\AppData\Local\Temp\msvcp70d.dll
C:\Users\Ruairidh\AppData\Local\Temp\msvcp71.dll
C:\Users\Ruairidh\AppData\Local\Temp\msvcp71d.dll
C:\Users\Ruairidh\AppData\Local\Temp\MSVCR70.dll
C:\Users\Ruairidh\AppData\Local\Temp\MSVCR70d.dll
C:\Users\Ruairidh\AppData\Local\Temp\MSVCR71.dll
C:\Users\Ruairidh\AppData\Local\Temp\MSVCR71d.dll
C:\Users\Ruairidh\AppData\Local\Temp\MSVCRt.dll
C:\Users\Ruairidh\AppData\Local\Temp\ogg.dll
C:\Users\Ruairidh\AppData\Local\Temp\ogg_d.dll
C:\Users\Ruairidh\AppData\Local\Temp\Setup.exe
C:\Users\Ruairidh\AppData\Local\Temp\uninst1.exe
C:\Users\Ruairidh\AppData\Local\Temp\Uninstaller-6988.exe
C:\Users\Ruairidh\AppData\Local\Temp\vorbis.dll
C:\Users\Ruairidh\AppData\Local\Temp\vorbisfile.dll
C:\Users\Ruairidh\AppData\Local\Temp\vorbisfile_d.dll
C:\Users\Ruairidh\AppData\Local\Temp\vorbis_d.dll
C:\Users\Ruairidh\AppData\Local\Temp\Window.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-29 19:03
 
==================== End of FRST.txt ============================
Link to post
Share on other sites

Second

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01

Ran by Ruairidh (2016-03-08 18:44:37)

Running from C:\Users\Ruairidh\Desktop

Windows 7 Professional Service Pack 1 (X64) (2012-03-04 21:28:33)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-1249406558-1224608677-726342571-500 - Administrator - Disabled)

Guest (S-1-5-21-1249406558-1224608677-726342571-501 - Limited - Enabled)

HomeGroupUser$ (S-1-5-21-1249406558-1224608677-726342571-1002 - Limited - Enabled)

Ruairidh (S-1-5-21-1249406558-1224608677-726342571-1000 - Administrator - Enabled) => C:\Users\Ruairidh

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}

AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.11 - GIGABYTE)

3TB+Unlock B11.0704.1 (HKLM-x32\...\{17630FD1-B14A-4CA5-A627-B6B5F7DD41CF}) (Version: 1.00.0001 - GIGABYTE)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20059 - Adobe Systems Incorporated)

Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.62 - Adobe Systems Incorporated)

Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)

Amazon Music (HKU\S-1-5-21-1249406558-1224608677-726342571-1000\...\Amazon Amazon Music) (Version: 3.4.0.628 - Amazon Services LLC)

Arma 2 (HKLM-x32\...\Steam App 33900) (Version:  - Bohemia Interactive)

Arma 2: British Armed Forces (HKLM-x32\...\Steam App 65700) (Version:  - Bohemia Interactive)

Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version:  - Bohemia Interactive)

Arma 2: Operation Arrowhead Beta (HKLM-x32\...\Steam App 219540) (Version:  - )

Arma 2: Private Military Company (HKLM-x32\...\Steam App 65720) (Version:  - Bohemia Interactive)

AutoGreen B10.1021.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)

AutoGreen B10.1021.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden

CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DES 2.0 (HKLM-x32\...\{675F86A8-E093-4002-87D5-915CC2C45571}) (Version: 1.00.0000 - Gigabyte)

Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)

DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )

Etron USB3.0 Host Controller (x32 Version: 0.104 - Etron Technology) Hidden

F.E.A.R. 2: Project Origin (HKLM-x32\...\Steam App 16450) (Version:  - Monolith)

Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)

Far Cry 2 (HKLM-x32\...\Steam App 19900) (Version:  - Ubisoft Montreal)

Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)

Fraps (HKLM-x32\...\Fraps) (Version:  - )

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)

Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden

Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)

Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden

Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)

Grand Theft Auto: San Andreas (HKLM-x32\...\Steam App 12120) (Version:  - Rockstar Games)

HandBrake 0.10.0 (HKLM-x32\...\HandBrake) (Version: 0.10.0 - )

Hauppauge WinTV 7 (HKLM-x32\...\Hauppauge WinTV 7) (Version: v7.0.30335 (CD 2.6d) - Hauppauge Computer Works)

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)

Java 8 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418071F0}) (Version: 8.0.710.15 - Oracle Corporation)

Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)

LibreOffice 4.1.2.3 (HKLM-x32\...\{DD3CB916-F91A-41B9-B276-CAC090E91021}) (Version: 4.1.2.3 - The Document Foundation)

Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)

Microsoft Expression Design 4 (HKLM-x32\...\Design_8.0.31217.1) (Version: 8.0.31217.1 - Microsoft Corporation)

Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)

Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)

Mozilla Thunderbird 38.6.0 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 38.6.0 (x86 en-GB)) (Version: 38.6.0 - Mozilla)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)

NVIDIA 3D Vision Driver 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.06 - NVIDIA Corporation)

NVIDIA GeForce Experience 2.1.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4.1 - NVIDIA Corporation)

NVIDIA Graphics Driver 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.06 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)

ON_OFF Charge B11.0110.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)

OpenAL (HKLM-x32\...\OpenAL) (Version:  - )

OpenOffice.org 3.4.1 (HKLM-x32\...\{9E3E3D64-5A2A-4CEF-A500-EB71188DBA90}) (Version: 3.41.9593 - Apache Software Foundation)

paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)

PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)

PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)

QNAP Qfinder (HKLM-x32\...\QNAP_FINDER) (Version: 4.0.0.0402 - QNAP Systems, Inc.)

RAGE (HKLM-x32\...\Steam App 9200) (Version:  - id Software)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.531.2011 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)

Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.1 - Rockstar Games)

S.T.A.L.K.E.R.: Call of Pripyat (HKLM-x32\...\Steam App 41700) (Version:  - GSC Game World)

S.T.A.L.K.E.R.: Clear Sky (HKLM-x32\...\Steam App 20510) (Version:  - GSC Game World)

SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 16.13.69 - NVIDIA Corporation) Hidden

Smart 6 B11.0824.1 (HKLM-x32\...\{3B35725F-C623-4A1E-B5CC-99C0868679E3}) (Version: 1.00.0000 - GIGABYTE)

Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)

Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

Strongvault Online Backup (x32 Version: 5.0.2.34 - Strongvault Online Backup) Hidden <==== ATTENTION

The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)

Tomb Raider: Legend (HKLM-x32\...\Steam App 7000) (Version:  - Crystal Dynamics)

Tomb Raider: Underworld (HKLM-x32\...\Steam App 8140) (Version:  - Crystal Dynamics)

TouchBIOS B11.0824.1 (HKLM-x32\...\{A2EBACDD-09BB-4894-AE25-7168DB3BFA7F}) (Version: 1.00.0000 - GIGABYTE)

TreeSize Free V3.3.2 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.3.2 - JAM Software)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden

VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)

Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.2-1 - Wacom Technology Corp.)

WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)

WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

Windows Phone app for desktop (HKLM-x32\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation)

Wolfenstein: The New Order (HKLM-x32\...\Steam App 201810) (Version:  - Machine Games)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-1249406558-1224608677-726342571-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {0A2EBE07-F153-400B-9760-F400C6D7D1DB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)

Task: {0E561F1C-6132-473C-B7E0-87E7CFC80FAC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: {12D4438F-351D-4F97-A7D4-189AEE1CEF7A} - System32\Tasks\{413108C3-9D87-428B-ADFF-DA4DD4360E45} => C:\Program Files (x86)\WinTV\WinTV7\WinTV7.exe [2012-11-23] (Hauppauge Computer Works, Inc.)

Task: {177D50A7-A3A0-4E76-AF7B-57D473B8BB97} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: {19896DB7-CFB3-4A41-9BC4-E22F57A1D8A0} - \DTReg -> No File <==== ATTENTION

Task: {36BD332E-5028-4ED2-96D2-786B2FB3BECD} - \Updater21804.exe -> No File <==== ATTENTION

Task: {41803022-18AD-4474-810D-262F38F61C2A} - System32\Tasks\iSCSIAgentAutoStartup => D:\Qfinder\iSCSIAgent.exe [2013-03-26] ()

Task: {7E2B55E3-A9A6-47AA-BB88-A7FA3384C4AF} - System32\Tasks\{94515109-77DE-47BC-9BD7-FCD00F95C24E} => pcalua.exe -a C:\Users\Ruairidh\Desktop\Saitek_Cyborg_V5_Keyboard_SD6_64_Drivers_pfw.exe -d C:\Users\Ruairidh\Desktop

Task: {84BFF469-7F16-4D17-9D8B-34F06187B753} - System32\Tasks\{E3FC1AC8-2CBD-4933-B051-7C56F6935A4A} => D:\Kies\Kies.exe

Task: {977282EA-4517-4D9B-8325-627740328BB4} - System32\Tasks\{1850E622-4ED4-44BD-9161-0C7D998B2685} => D:\Kies\Kies.exe

Task: {B2969089-23AC-4E34-A790-0C09203DCB2E} - System32\Tasks\{0B379985-5777-4E53-B3F2-203D897C9C2E} => D:\Kies\Kies.exe

Task: {D6EC8F06-BCDC-45B5-A27C-2D33F112A517} - System32\Tasks\{2691F5A2-1F8C-47EC-AE92-93924D018535} => pcalua.exe -a C:\Users\Ruairidh\Desktop\Saitek_Cyborg_Keyboard_SD6_64_Drivers_pfw.exe -d C:\Users\Ruairidh\Desktop

Task: {D7915EB9-1F21-4400-B2E3-B094384B5354} - System32\Tasks\Maxthon Update => D:\Maxthon\Bin\mxup.exe

Task: {DD3F03DA-B705-4E24-9CF9-891855AC113E} - System32\Tasks\Security Checker => C:\Users\Ruairidh\AppData\Roaming\Security Checker\Security Checker.exe <==== ATTENTION

Task: {E555AF64-D521-4695-A20E-C2B1597B5A15} - System32\Tasks\{B427655A-B8CD-4BA9-9509-714C44C04CEF} => C:\Program Files (x86)\WinTV\WinTV7\WinTV7.exe [2012-11-23] (Hauppauge Computer Works, Inc.)

Task: {EF17CA20-72C8-4A38-AACE-FEE5809EE978} - System32\Tasks\{6662AA94-2153-46D4-837A-4373887DC0BF} => D:\Origin\Battlefield 1942\BF1942.exe

Task: {F666E968-B430-4837-BE76-2512CBED4BA6} - System32\Tasks\Download Software Service => C:\Program Files (x86)\Download Software\DownloadSoftware.exe <==== ATTENTION

Task: {FF8D767E-0F9F-43E4-AC23-1D394780BACA} - System32\Tasks\Beta Viewer Worker => C:\Program Files (x86)\Beta Viewer\swjob.exe

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Shortcuts =============================

 

(The entries could be listed to be restored or removed.)

 

==================== Loaded Modules (Whitelisted) ==============

 

2014-11-23 12:10 - 2015-05-28 04:15 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2013-08-25 21:12 - 2013-03-26 06:27 - 01739472 _____ () D:\Qfinder\iSCSIAgent.exe

2012-03-04 21:35 - 2011-06-10 02:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2013-09-27 19:20 - 2014-12-16 20:46 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2013-08-31 16:00 - 2011-08-23 08:04 - 00057344 _____ () C:\Program Files (x86)\WinTV\TVServer\libhdhomerun.dll

2013-08-31 16:00 - 2012-10-29 16:29 - 00018944 _____ () C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServerps.dll

2014-03-27 06:14 - 2014-03-27 06:14 - 00906240 ____N () D:\NPVR\Unmanaged.dll

2016-01-09 20:04 - 2016-02-24 17:23 - 00153032 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll

2016-01-09 20:04 - 2016-02-24 17:23 - 00022472 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll

2016-02-20 16:44 - 2016-02-18 04:14 - 01630360 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libglesv2.dll

2016-02-20 16:44 - 2016-02-18 04:14 - 00085656 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libegl.dll

2009-07-13 21:03 - 2009-07-14 01:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll

2016-02-11 19:38 - 2016-02-11 19:38 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\689ff5005671c420fe1ea3d7d2454667\IsdiInterop.ni.dll

2012-03-04 21:37 - 2011-05-20 10:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

AlternateDataStreams: C:\ProgramData\TEMP:6319FF34 [126]

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

IE trusted site: HKU\S-1-5-21-1249406558-1224608677-726342571-1000\...\clonewarsadventures.com -> clonewarsadventures.com

IE trusted site: HKU\S-1-5-21-1249406558-1224608677-726342571-1000\...\freerealms.com -> freerealms.com

IE trusted site: HKU\S-1-5-21-1249406558-1224608677-726342571-1000\...\soe.com -> soe.com

IE trusted site: HKU\S-1-5-21-1249406558-1224608677-726342571-1000\...\sony.com -> sony.com

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-14 02:34 - 2014-01-08 19:20 - 00000878 ____A C:\Windows\system32\Drivers\etc\hosts

 

127.0.0.1       localhost

127.0.0.1       localhost

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-1249406558-1224608677-726342571-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ruairidh\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.1.254

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\Services: AdobeARMservice => 2

MSCONFIG\Services: Blackberry Device Manager => 3

MSCONFIG\Services: McciCMService => 2

MSCONFIG\Services: NAUpdate => 2

MSCONFIG\Services: PDF Architect Helper Service => 2

MSCONFIG\Services: PDF Architect Service => 2

MSCONFIG\Services: SamsungAllShareV2.0 => 2

MSCONFIG\Services: Serviio => 2

MSCONFIG\Services: SimpleSlideShowServer => 3

MSCONFIG\Services: Survarium Update Service => 3

MSCONFIG\Services: tbbLoaderService => 2

MSCONFIG\Services: wampapache => 3

MSCONFIG\Services: wampmysqld => 3

MSCONFIG\Services: WTabletServiceCon => 2

MSCONFIG\startupfolder: C:^Users^Ruairidh^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup

MSCONFIG\startupfolder: C:^Users^Ruairidh^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Serviio.lnk => C:\Windows\pss\Serviio.lnk.Startup

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: AllShare Control => C:\Program Files (x86)\Samsung\Smart Home Control\AllShare Control

MSCONFIG\startupreg: AllShareAgent => D:\AllShare\AllShareAgent.exe

MSCONFIG\startupreg: Amazon Music => "C:\Users\Ruairidh\AppData\Local\Amazon Music\Amazon Music Helper.exe"

MSCONFIG\startupreg: Copernic Desktop Search - Home => "D:\Copernic Desktop Search - Home\DesktopSearchService.exe" /tray

MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.EXE" /autostart

MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe

MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup

MSCONFIG\startupreg: KiesPDLR => D:\Kies\External\FirmwareUpdate\KiesPDLR.exe

MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload

MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

MSCONFIG\startupreg: QuickTime Task => "D:\QT Lite\QTTask.exe" -atboottime

MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

MSCONFIG\startupreg: SMessaging => C:\Users\Ruairidh\AppData\Local\Strongvault Online Backup\SMessaging.exe

MSCONFIG\startupreg: Steam => "D:\Steam\Steam.exe" -silent

MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [sPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe

FirewallRules: [sPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe

FirewallRules: [{5626B859-2A8F-43CC-A994-77BDD338F02B}] => (Allow) D:\Steam\Steam.exe

FirewallRules: [{0010D71A-5744-46E5-B677-C2213B7D07F2}] => (Allow) D:\Steam\Steam.exe

FirewallRules: [TCP Query User{A5350DCE-1855-428E-B757-D40A5B5F33D8}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe

FirewallRules: [uDP Query User{6C6B57BD-D327-4F05-B1CC-8ACCCDF413C4}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe

FirewallRules: [{68EA9601-48B8-4EDD-91B2-5FC18AF92818}] => (Allow) C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe

FirewallRules: [{C77D32E1-D9CF-4EA7-BFCE-1702813B98FD}] => (Allow) C:\Program Files (x86)\Maxthon3\Bin\MxUp.exe

FirewallRules: [{F6C31E57-D200-4273-8710-F526B9117174}] => (Allow) C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe

FirewallRules: [{8149BCCF-8C48-42EC-838B-031F619C1795}] => (Allow) C:\Program Files (x86)\Maxthon3\Modules\MxMiniThunder\ThunderMini.exe

FirewallRules: [{B3267678-2330-4DB9-85CE-791843C0651A}] => (Allow) C:\Program Files (x86)\Maxthon3\Bin\MxUp.exe

FirewallRules: [{BFB459E0-F954-4F74-9445-9F1C38BC3834}] => (Allow) C:\Program Files (x86)\Maxthon3\Modules\MxMiniThunder\ThunderMini.exe

FirewallRules: [TCP Query User{C94AC896-F650-404F-9EFE-B18BB8E6BD3B}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe

FirewallRules: [uDP Query User{E99CBC36-FF44-4AD7-AB21-1F2E0CEF3811}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe

FirewallRules: [{C72C26BC-D5A9-464A-807F-10E1C86FE804}] => (Allow) D:\Origin\Battlefield 3\bf3.exe

FirewallRules: [{B4B0DEC5-14A5-4089-9F5C-A5E29F49E1B9}] => (Allow) D:\Origin\Battlefield 3\bf3.exe

FirewallRules: [{5F651ABA-62DD-4680-9CED-F08F3E92F2B8}] => (Allow) D:\AllShare\AllShareDMS\AllShareDMS.exe

FirewallRules: [{F3CF02E2-B596-48A9-996E-2E3896AB1328}] => (Allow) D:\AllShare\AllShare.exe

FirewallRules: [{1D0F75F7-AF39-4A41-B875-4DB394C05E94}] => (Allow) D:\AllShare\AllShareAgent.exe

FirewallRules: [{30E8B138-EF3D-4D4D-9F90-B925C61ED6FD}] => (Allow) D:\Mass Effect 2\Binaries\MassEffect2.exe

FirewallRules: [{495FCD0A-CCB8-4FB3-8B98-D193160C47BF}] => (Allow) D:\Mass Effect 2\Binaries\MassEffect2.exe

FirewallRules: [{E487BA45-78FE-45D7-9853-DC5EE28DDE39}] => (Allow) D:\Mass Effect 2\MassEffect2Launcher.exe

FirewallRules: [{AD6D4F87-FB81-45FD-825F-07B0703E0C70}] => (Allow) D:\Mass Effect 2\MassEffect2Launcher.exe

FirewallRules: [TCP Query User{BDA10AA7-55BE-4D22-8C3E-653EEE7748F3}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe

FirewallRules: [uDP Query User{7136133D-31B2-4F18-AFA2-7187BF906D30}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe

FirewallRules: [{1FF0B958-C777-47B0-B8BE-296ADC1CC3A5}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe

FirewallRules: [{7D5BB6F3-2081-4E84-99A6-B37CEBCA4629}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe

FirewallRules: [{06629C41-D242-4EA0-BF5C-C9885D7CEB04}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe

FirewallRules: [{EEBC9E1F-0089-4193-B226-BB7383C9D13E}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe

FirewallRules: [{0A94B786-68BE-4DA5-8221-95DE043B351C}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\UPlayBrowser.exe

FirewallRules: [{41ED4229-6211-49F1-8027-25AC42B1F0FB}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\UPlayBrowser.exe

FirewallRules: [{CB2D2DF9-55A7-4ACE-AD3F-E6E66504C500}] => (Allow) D:\Maxthon\Bin\MxUp.exe

FirewallRules: [{8312AE16-6317-4637-97A2-D15A07414E67}] => (Allow) D:\Maxthon\Bin\MxUp.exe

FirewallRules: [{B2C19DA3-42A0-4D2F-B6BB-EF94DD5D554D}] => (Allow) D:\Maxthon\Bin\Maxthon.exe

FirewallRules: [{53A8F93F-306F-449D-B1FE-28E211B6EFB9}] => (Allow) D:\Maxthon\Bin\Maxthon.exe

FirewallRules: [{F6EF68FF-FDDC-41C3-96E3-65C78157C4A6}] => (Allow) D:\Rim.Desktop.exe

FirewallRules: [{7F972566-92D3-4CD2-A791-EC46034AA6E0}] => (Allow) D:\Rim.Desktop.exe

FirewallRules: [{460DC9A0-6CD0-448A-9EEC-DD25DD865D57}] => (Allow) D:\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe

FirewallRules: [{7C78371B-38E0-463B-AE46-A4DF83716032}] => (Allow) D:\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe

FirewallRules: [{945E138D-1FC9-4BB7-88BB-A9A4167A7FC1}] => (Allow) D:\Steam\steamapps\va_va_voom\source sdk base 2007\hl2.exe

FirewallRules: [{92EA76A0-0DBB-43F5-A9C9-5C48FA128635}] => (Allow) D:\Steam\steamapps\va_va_voom\source sdk base 2007\hl2.exe

FirewallRules: [{B36DACA6-4FEB-4337-9071-AB94FC3A71C5}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\CaptureDCR.exe

FirewallRules: [{A7063457-B7AD-49F3-94F5-F51138119EBD}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\CaptureDCR.exe

FirewallRules: [{B7C0F023-3FE3-4D87-8DF6-0EB6B28ACE8C}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\CaptureDCR.exe

FirewallRules: [{C4557509-1B81-48E8-B487-76A1DFAC6BFD}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\CaptureDCR.exe

FirewallRules: [TCP Query User{F11962F4-375E-4A6E-AB5C-1449BCE24543}D:\qfinder\qfinder.exe] => (Allow) D:\qfinder\qfinder.exe

FirewallRules: [uDP Query User{4FB58F64-5C0E-4F0B-9E62-DBC0BB5B0883}D:\qfinder\qfinder.exe] => (Allow) D:\qfinder\qfinder.exe

FirewallRules: [{3C510192-F494-471B-A325-8890E17EA2C5}] => (Allow) C:\Program Files (x86)\WinTV\WinTV7\WinTV7.exe

FirewallRules: [{8F1F445F-CF02-4508-A202-D03515F66A2C}] => (Allow) C:\Program Files (x86)\WinTV\WinTV7\WinTV7.exe

FirewallRules: [{3585C03A-14AF-4A70-85F4-455DD55661DA}] => (Allow) C:\Program Files (x86)\WinTV\WinTV7\WinTV7.exe

FirewallRules: [{1082F540-D9E5-4F16-BEC5-D2E2EBF07536}] => (Allow) C:\Program Files (x86)\WinTV\WinTV7\WinTV7.exe

FirewallRules: [{E328B7EE-EBA0-4E77-A88D-A16669B28431}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe

FirewallRules: [{9598FAE9-434C-4087-B548-F61F70AE5005}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe

FirewallRules: [{41F31191-23E4-4ED3-AE8F-3E0862CB537B}] => (Allow) D:\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe

FirewallRules: [{384984C5-9A89-4006-8B06-614EF96D5C65}] => (Allow) D:\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe

FirewallRules: [{BCFAFBC5-3B09-41B5-BFBB-90853030AA16}] => (Allow) D:\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe

FirewallRules: [{7A6CE71A-E4F1-49E3-AB67-58327193CED6}] => (Allow) D:\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe

FirewallRules: [TCP Query User{DBA7CB2F-5339-4185-A478-3DD818E34569}D:\wamp\bin\apache\apache2.4.4\bin\httpd.exe] => (Allow) D:\wamp\bin\apache\apache2.4.4\bin\httpd.exe

FirewallRules: [uDP Query User{2DCB4E85-2B65-4631-A4C4-A170E7D70476}D:\wamp\bin\apache\apache2.4.4\bin\httpd.exe] => (Allow) D:\wamp\bin\apache\apache2.4.4\bin\httpd.exe

FirewallRules: [TCP Query User{719DA45E-8129-4B4B-B12A-DE7461FF1EBD}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Block) C:\program files (x86)\libreoffice 4\program\soffice.bin

FirewallRules: [uDP Query User{B4BA0BE8-E96E-4C24-A2EA-075324F8261F}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Block) C:\program files (x86)\libreoffice 4\program\soffice.bin

FirewallRules: [TCP Query User{B1E8AF9A-4EA8-4935-B3D9-894BB1C4C4E5}D:\arma\arma.exe] => (Allow) D:\arma\arma.exe

FirewallRules: [uDP Query User{83745497-37A5-4DBE-A406-9C213268FC54}D:\arma\arma.exe] => (Allow) D:\arma\arma.exe

FirewallRules: [{B2400B2A-5F09-4FE1-93EE-7A7624C5E220}] => (Allow) D:\Steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\Arma2OA.exe

FirewallRules: [{CFBB6454-A7AB-4F79-A5A2-4DDA9C0C6AB9}] => (Allow) D:\Steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\Arma2OA.exe

FirewallRules: [{9AB9040B-9D8C-4054-8C4D-F0064B3F28E1}] => (Allow) D:\Steam\steamapps\common\arma 2 operation arrowhead\DLCsetup\PMC\datacachepreprocessor.exe

FirewallRules: [{D1AF29D7-F77A-4300-B94C-C61211F63AFC}] => (Allow) D:\Steam\steamapps\common\arma 2 operation arrowhead\DLCsetup\PMC\datacachepreprocessor.exe

FirewallRules: [{85C3FBEE-C299-47F3-9889-48133F1634A1}] => (Allow) D:\Steam\steamapps\common\Arma 2\arma2.exe

FirewallRules: [{75E95134-CA58-40C5-9AEF-A4C649F90D48}] => (Allow) D:\Steam\steamapps\common\Arma 2\arma2.exe

FirewallRules: [{64B9918F-7894-4EA0-AAA2-E792266139A9}] => (Allow) D:\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA.exe

FirewallRules: [{C8887A2C-D937-4AA0-940B-72F2DF753E3C}] => (Allow) D:\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA.exe

FirewallRules: [{700484C4-EC41-47E3-9453-45AAAAFBA955}] => (Allow) D:\Steam\steamapps\common\arma 2 operation arrowhead\DLCsetup\BAF\datacachepreprocessor.exe

FirewallRules: [{F6AFC8B1-598D-4831-AAB1-E00F7C13A8D3}] => (Allow) D:\Steam\steamapps\common\arma 2 operation arrowhead\DLCsetup\BAF\datacachepreprocessor.exe

FirewallRules: [{CFEE38D4-7999-441C-A9D4-C65BBF667FC1}] => (Allow) D:\Survarium\temp\survarium_launcher.exe

FirewallRules: [{CDF630B8-77FB-424A-B14A-238D40F9A08E}] => (Allow) D:\Survarium\temp\survarium_updater.exe

FirewallRules: [{EF19A743-88E3-46F0-8D1E-0A7F18915A96}] => (Allow) D:\Survarium\temp\survarium_updater.exe

FirewallRules: [{896EAC26-E445-485B-829A-4E7C30B492F2}] => (Allow) D:\Survarium\temp\survarium_updater.exe

FirewallRules: [{10C53F49-3350-4428-8201-B392E663DCE7}] => (Allow) D:\Survarium\temp\survarium_updater.exe

FirewallRules: [{DC799A81-0ECE-4B02-A2AF-41ECDA90193D}] => (Allow) D:\Survarium\game\binaries\x86\survarium.exe

FirewallRules: [{CE60BA6C-DFF4-4C88-93F0-FE605BA4A52C}] => (Allow) D:\Survarium\game\binaries\x86\survarium.exe

FirewallRules: [TCP Query User{AF3CA02E-D5C9-4504-A93F-FAE328353CE9}D:\survarium\game\binaries\x86\survarium_updater.exe] => (Allow) D:\survarium\game\binaries\x86\survarium_updater.exe

FirewallRules: [uDP Query User{A6DA7752-7080-4A99-A08E-965D93BFA392}D:\survarium\game\binaries\x86\survarium_updater.exe] => (Allow) D:\survarium\game\binaries\x86\survarium_updater.exe

FirewallRules: [{C2356672-6794-414E-B73A-678B0031FF2D}] => (Allow) D:\Steam\steamapps\common\RAGE\Rage.exe

FirewallRules: [{7D4C9EB6-668F-437C-9F77-1F87AC011DFE}] => (Allow) D:\Steam\steamapps\common\RAGE\Rage.exe

FirewallRules: [{8F330135-3311-4B7D-B5D0-118E225761AC}] => (Allow) D:\Steam\steamapps\common\RAGE\Rage64.exe

FirewallRules: [{39BA080E-377C-4779-94E8-2747910DC48A}] => (Allow) D:\Steam\steamapps\common\RAGE\Rage64.exe

FirewallRules: [{2166678E-030A-4908-9884-33DD38CCE265}] => (Allow) D:\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA_BE.exe

FirewallRules: [{4AA2433A-576B-45D8-9127-99F3B1C23FE0}] => (Allow) D:\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA_BE.exe

FirewallRules: [{88B84AAE-1591-46CD-A705-E287A948B26F}] => (Allow) D:\Steam\steamapps\common\Sniper Elite V2\bin\SniperEliteV2.exe

FirewallRules: [{090C275F-0BFA-40C6-9C66-B7D77E179121}] => (Allow) D:\Steam\steamapps\common\Sniper Elite V2\bin\SniperEliteV2.exe

FirewallRules: [TCP Query User{C644F864-101E-451F-91DE-A1A86FE69B5E}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe] => (Allow) C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe

FirewallRules: [uDP Query User{946F369F-E0DC-450C-A4DE-335F006BDD1D}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe] => (Allow) C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe

FirewallRules: [{6EF34D89-5B36-4A21-B143-03AA258EFE73}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{0A72C8D6-93CC-4732-8F38-197AF50B9588}] => (Allow) LPort=2869

FirewallRules: [{690E6E57-CC26-4B2B-9664-D6B5F4D193F1}] => (Allow) LPort=1900

FirewallRules: [{D51F2894-02BC-4E54-9519-FA0DD1D3AD62}] => (Allow) C:\Windows\SysWOW64\muzapp.exe

FirewallRules: [{302FFC5B-EECA-45E8-9753-2E80E020126F}] => (Allow) C:\Windows\SysWOW64\muzapp.exe

FirewallRules: [{A2BBF88D-CDEE-4949-A065-3AE1227DE05B}] => (Allow) C:\Program Files (x86)\Samsung\Smart Home Control\Smart Home Control.exe

FirewallRules: [{98CBC7C9-F935-49EA-8D2C-A0DE4712CCEF}] => (Allow) C:\Program Files (x86)\Samsung\Smart Home Control\Smart Home Control.exe

FirewallRules: [{71ADA28E-C225-4D46-92A1-EAE78FA84578}] => (Allow) LPort=7878

FirewallRules: [{5B47BBB0-31B6-476D-A469-79C2A9B2E05E}] => (Allow) LPort=20102

FirewallRules: [{B419C4B2-7407-4216-A1B8-1043599C1240}] => (Allow) LPort=1900

FirewallRules: [{EE440B2F-5B25-4068-AFB0-8CBBC4351112}] => (Allow) D:\Steam\bin\steamwebhelper.exe

FirewallRules: [{04900EAC-3A4C-4930-8FEE-BBB5C997E453}] => (Allow) D:\Steam\bin\steamwebhelper.exe

FirewallRules: [{46937DE7-A772-4FBA-9D78-7E308B635662}] => (Allow) D:\Steam\steamapps\common\Tomb Raider Underworld\tru.exe

FirewallRules: [{50660232-7B0E-4A98-8183-587FEFB8A3B9}] => (Allow) D:\Steam\steamapps\common\Tomb Raider Underworld\tru.exe

FirewallRules: [{EDAF313C-7E1A-4AC9-8277-62758B536374}] => (Allow) D:\Steam\steamapps\common\STALKER Clear Sky\bin\xrEngine.exe

FirewallRules: [{5EA6E785-1E41-4CD6-BE92-180C05D0572B}] => (Allow) D:\Steam\steamapps\common\STALKER Clear Sky\bin\xrEngine.exe

FirewallRules: [{2D42D931-0EF1-45C5-8B10-4AAF131785C7}] => (Allow) D:\Steam\steamapps\common\Tomb Raider Legend\trl.exe

FirewallRules: [{CBF14140-6D27-4BC8-89D9-4B6B57B3B747}] => (Allow) D:\Steam\steamapps\common\Tomb Raider Legend\trl.exe

FirewallRules: [{201C33FB-5B47-41D0-AC77-419E3B9332AD}] => (Allow) D:\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe

FirewallRules: [{C9A9015C-F8C8-4B11-A3A2-DF4EF9838031}] => (Allow) D:\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe

FirewallRules: [{FFAF4727-B7F9-4278-AFEE-74BA8D55342F}] => (Allow) D:\Steam\steamapps\common\Stalker Call of Pripyat\Stalker-COP.exe

FirewallRules: [{6EA7CD13-3BB4-4328-BE23-A457A2B19521}] => (Allow) D:\Steam\steamapps\common\Stalker Call of Pripyat\Stalker-COP.exe

FirewallRules: [{6CC1CB55-FBEE-4D64-A48A-94D4E32291E0}] => (Allow) D:\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe

FirewallRules: [{8A87E1D1-6E32-4EEC-BAEE-D5BD3AD5F24B}] => (Allow) D:\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe

FirewallRules: [{6B81F4E3-78A6-4601-91A8-28CF648D94C6}] => (Allow) D:\Steam\steamapps\common\FEAR2\FEAR2.exe

FirewallRules: [{AA2FC894-53FD-40F7-9507-71E9F8568509}] => (Allow) D:\Steam\steamapps\common\FEAR2\FEAR2.exe

FirewallRules: [{C6D431EF-AC05-418E-B5DD-BB1494FC5C21}] => (Allow) D:\Steam\steamapps\common\Far Cry 2\bin\FarCry2.exe

FirewallRules: [{705DB1BE-25DA-4895-A4A0-ECA5D4DF6F83}] => (Allow) D:\Steam\steamapps\common\Far Cry 2\bin\FarCry2.exe

FirewallRules: [{CF544B81-3141-4E81-BDA2-E4A6B63BCB39}] => (Allow) D:\Steam\steamapps\common\Far Cry 2\bin\FC2Editor.exe

FirewallRules: [{FE5E7559-29C8-4CDE-9F6F-6F30EBA4EE79}] => (Allow) D:\Steam\steamapps\common\Far Cry 2\bin\FC2Editor.exe

FirewallRules: [{8FA64906-FE2A-4294-B331-286F1B20A20D}] => (Allow) D:\Steam\steamapps\common\Far Cry 2\bin\FC2BenchmarkTool.exe

FirewallRules: [{8669F8E7-F0C0-4244-BB56-4618DB6F3BC0}] => (Allow) D:\Steam\steamapps\common\Far Cry 2\bin\FC2BenchmarkTool.exe

FirewallRules: [{BE87DE7E-6313-4552-A5C5-6C05A2B0BD24}] => (Allow) D:\Steam\steamapps\common\Far Cry 2\bin\FC2ServerLauncher.exe

FirewallRules: [{C40D94C4-709C-41A0-A326-076C0BAD4AEF}] => (Allow) D:\Steam\steamapps\common\Far Cry 2\bin\FC2ServerLauncher.exe

FirewallRules: [{12EB6373-BF52-4CC6-B521-3E78F1D90D28}] => (Allow) D:\Steam\steamapps\common\Wolfenstein.The.New.Order\WolfNewOrder_x64.exe

FirewallRules: [{987AFE0A-CF22-4C7A-A872-60C2FDE88C40}] => (Allow) D:\Steam\steamapps\common\Wolfenstein.The.New.Order\WolfNewOrder_x64.exe

FirewallRules: [{4B3651F5-1526-496F-8F4B-B74D5B34FF1F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{2697E297-2007-4DAF-AC4D-CF9F91EB8D5A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{3FBE85BA-22AF-480C-B0EB-A1AE2D102424}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

FirewallRules: [{E087C5B1-814A-408C-A0CC-2BA0D88D3CF0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

FirewallRules: [{C0142330-BAB4-40BE-A922-BCAFB76DC453}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{6AE25D48-9507-4201-AA7C-6C9ED11861B2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{FF01639D-5B9C-4B49-9B9A-76156D19265B}] => (Allow) D:\Steam\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe

FirewallRules: [{AD7A8D42-FD61-43E0-8A6D-D72B710CF35D}] => (Allow) D:\Steam\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe

FirewallRules: [{73475E30-9ADB-4139-85A1-0AFD7BF5F405}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe

FirewallRules: [{D0A549EF-0C57-4ACF-8436-6ABE243A50DC}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe

FirewallRules: [{71E9C6F3-6E71-4890-BCC8-06D54DAA59D4}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe

FirewallRules: [{3F8C4D26-7331-4CB2-AFBC-B2CD8C0188E8}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe

FirewallRules: [{A7E87465-3DD7-4CC2-9C43-B7AEF7A25243}] => (Allow) D:\Steam\steamapps\common\Far Cry 3\bin\farcry3.exe

FirewallRules: [{F58963CA-3973-4DE0-93A2-EAF37A7EEAB6}] => (Allow) D:\Steam\steamapps\common\Far Cry 3\bin\farcry3.exe

FirewallRules: [{600003EC-8A62-4338-B585-D77A6A253043}] => (Allow) D:\Steam\steamapps\common\Far Cry 3\bin\farcry3_d3d11.exe

FirewallRules: [{4FD1C71C-161E-4054-9FA8-BD76D3D00488}] => (Allow) D:\Steam\steamapps\common\Far Cry 3\bin\farcry3_d3d11.exe

FirewallRules: [{4194C1DB-81C5-4325-8EAB-773A6B569A25}] => (Allow) C:\Users\Ruairidh\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{933B60E5-D3E7-4F28-9365-99A81C5CB61F}] => (Allow) C:\Users\Ruairidh\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{6970E901-27D0-446C-8682-BD6AD7B25054}] => (Allow) C:\Users\Ruairidh\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{50E5961A-0E88-4658-8A6E-DD85B9523A8A}] => (Allow) C:\Users\Ruairidh\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [TCP Query User{0D6AEC75-44FD-45D1-A597-552BEE04D86E}D:\mediamonkey\mediamonkey.exe] => (Block) D:\mediamonkey\mediamonkey.exe

FirewallRules: [uDP Query User{58F61245-63CE-461F-895B-85464210A2FB}D:\mediamonkey\mediamonkey.exe] => (Block) D:\mediamonkey\mediamonkey.exe

FirewallRules: [TCP Query User{85BCD9B0-FC78-411C-B18C-ADE5966BC22B}D:\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Block) D:\steam\steamapps\common\planetside 2\planetside2_x64.exe

FirewallRules: [uDP Query User{577603BC-09BB-4A06-876A-032042B4D17C}D:\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Block) D:\steam\steamapps\common\planetside 2\planetside2_x64.exe

FirewallRules: [{2FB965F0-1FF4-4824-A64D-3AAB174C985B}] => (Allow) D:\ANNO 2070\Anno5.exe

FirewallRules: [{894B95B1-02E5-4C3A-B9B1-96C78F14CD51}] => (Allow) D:\ANNO 2070\Anno5.exe

FirewallRules: [{09B1E638-9557-4C16-9C0C-8C174EE1CC76}] => (Allow) D:\ANNO 2070\AutoPatcher.exe

FirewallRules: [{322546DC-6A2C-4FD6-AEF9-4ED00C9DA8EE}] => (Allow) D:\ANNO 2070\AutoPatcher.exe

FirewallRules: [{B2AAE9FF-CDBA-42EA-9379-C4AF556508C6}] => (Allow) D:\ANNO 2070\InitEngine.exe

FirewallRules: [{2569EE75-C001-4FC3-B4F7-93177DA2762E}] => (Allow) D:\ANNO 2070\InitEngine.exe

FirewallRules: [{FC8F11AF-E485-4057-91FF-29260E76F3CC}] => (Allow) D:\Steam\steamapps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe

FirewallRules: [{F75AA677-C5D9-45C6-9BD5-4977D02BA716}] => (Allow) D:\Steam\steamapps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe

FirewallRules: [{23D3EAFE-E4F5-45CE-BE7B-8D812867EFDA}] => (Allow) D:\Steam\steamapps\common\Stalker Call of Pripyat\bin\xrEngine.exe

FirewallRules: [{8A23C86E-A2BA-4DBA-A292-73E5BA86C4D7}] => (Allow) D:\Steam\steamapps\common\Stalker Call of Pripyat\bin\xrEngine.exe

FirewallRules: [{54A119FC-AFA3-4B41-B7AE-3C97C5374E5A}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto San Andreas\gta-sa.exe

FirewallRules: [{17E81AB2-A8D3-4EBA-B06E-4CCFD424AEF9}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto San Andreas\gta-sa.exe

FirewallRules: [{7895EF31-A8A2-47B8-9E3B-A02A705F9D7B}] => (Allow) D:\Grand Theft Auto IV\LaunchGTAIV.exe

FirewallRules: [{8E129F24-FFB1-41C1-A4B5-E28A465B26DF}] => (Allow) D:\Grand Theft Auto IV\LaunchGTAIV.exe

FirewallRules: [TCP Query User{8EAD4930-20E1-4CAC-B47F-ED113AFC9ED8}D:\grand theft auto iv\gtaiv.exe] => (Allow) D:\grand theft auto iv\gtaiv.exe

FirewallRules: [uDP Query User{BE2FB570-081E-4109-88F6-604C6B3265B6}D:\grand theft auto iv\gtaiv.exe] => (Allow) D:\grand theft auto iv\gtaiv.exe

FirewallRules: [{54D6910B-A8CB-4D2C-B2D8-C0D64B92C0B4}] => (Block) D:\grand theft auto iv\gtaiv.exe

FirewallRules: [{833F59E4-D8A3-43FF-B034-CD276E27EC55}] => (Block) D:\grand theft auto iv\gtaiv.exe

FirewallRules: [{2D12A488-8E27-4076-AC95-CCCDB3E91BD4}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe

FirewallRules: [{FCCDE6FA-FC76-465D-9230-DA7413EB55C3}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe

FirewallRules: [TCP Query User{D0077BCD-CCF9-40B1-B321-DF5B43FA0199}D:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steam\steamapps\common\grand theft auto v\gta5.exe

FirewallRules: [uDP Query User{A75A7462-1336-412F-8600-6091241F103E}D:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steam\steamapps\common\grand theft auto v\gta5.exe

FirewallRules: [{40A11866-A749-4E79-A2A5-695F54D2CF02}] => (Block) D:\steam\steamapps\common\grand theft auto v\gta5.exe

FirewallRules: [{0B63F1C1-C8D8-4969-AA33-8A2AEBB61291}] => (Block) D:\steam\steamapps\common\grand theft auto v\gta5.exe

FirewallRules: [{F1CC89AA-95C5-48DD-AD02-F85FC68BDB6A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{EACDF497-FA54-4DB4-AF5A-7FC46318679D}] => (Allow) C:\Windows\SysWOW64\muzapp.exe

FirewallRules: [{83F5D34B-47FB-4824-882B-E05CC360D686}] => (Allow) C:\Windows\SysWOW64\muzapp.exe

FirewallRules: [TCP Query User{3060E36F-E3FA-46DB-9E53-398CCA486C6E}C:\program files\java\jre1.8.0_71\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_71\bin\javaw.exe

FirewallRules: [uDP Query User{15026EC5-B914-4223-B1F7-06B81D73E73E}C:\program files\java\jre1.8.0_71\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_71\bin\javaw.exe

FirewallRules: [{8A519828-A7ED-4498-8D28-10A5CD8A8D9F}] => (Block) C:\program files\java\jre1.8.0_71\bin\javaw.exe

FirewallRules: [{922E29C4-4D02-4863-B715-E87DF4B2673D}] => (Block) C:\program files\java\jre1.8.0_71\bin\javaw.exe

FirewallRules: [{FF577DFD-B420-4DF0-ABBD-06F516895497}] => (Allow) D:\Mozilla Firefox\firefox.exe

FirewallRules: [{30C52133-63F6-43EB-9ACD-62E1E20982D8}] => (Allow) D:\Mozilla Firefox\firefox.exe

 

==================== Restore Points =========================

 

05-03-2016 22:41:45 AA11

06-03-2016 16:53:28 AA11

07-03-2016 19:13:34 AA11

07-03-2016 20:11:20 JRT Pre-Junkware Removal

 

==================== Faulty Device Manager Devices =============

 

Name: Microsoft Teredo Tunneling Adapter

Description: Microsoft Teredo Tunneling Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (03/04/2016 10:07:16 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: vlc.exe, version: 2.1.5.0, time stamp: 0x00000000

Faulting module name: ntdll.dll, version: 6.1.7601.19135, time stamp: 0x56a1c9c5

Exception code: 0xc0000005

Fault offset: 0x00000000000183ed

Faulting process id: 0x1f2c

Faulting application start time: 0xvlc.exe0

Faulting application path: vlc.exe1

Faulting module path: vlc.exe2

Report Id: vlc.exe3

 

Error: (03/04/2016 09:51:29 PM) (Source: MsiInstaller) (EventID: 11721) (User: Antec-900)

Description: Product: paint.net -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: _8FBBBB09_39E3_48BB_9E6C_620898EF3CD9, location: D:\SetupNgen.exe, command: /delete DESKTOPSHORTCUT= PDNUPDATING= SKIPCLEANUP= "PROGRAMSGROUP="  QUEUENGEN=

 

Error: (03/04/2016 09:51:15 PM) (Source: MsiInstaller) (EventID: 11721) (User: Antec-900)

Description: Product: paint.net -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: _8FBBBB09_39E3_48BB_9E6C_620898EF3CD9, location: D:\SetupNgen.exe, command: /delete DESKTOPSHORTCUT= PDNUPDATING= SKIPCLEANUP= "PROGRAMSGROUP="  QUEUENGEN=

 

Error: (03/04/2016 06:00:55 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program ClamWin.exe version 0.99.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 8d0

 

Start Time: 01d1763888fd3437

 

Termination Time: 0

 

Application Path: D:\ClamWin\bin\ClamWin.exe

 

Report Id: 0690aba0-e233-11e5-8f98-50e549c930d3

 

Error: (03/03/2016 07:52:50 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: plugin-container.exe, version: 44.0.2.5884, time stamp: 0x56bbf417

Faulting module name: mozglue.dll, version: 44.0.2.5884, time stamp: 0x56bbe58e

Exception code: 0x80000003

Fault offset: 0x0000ed3b

Faulting process id: 0x380

Faulting application start time: 0xplugin-container.exe0

Faulting application path: plugin-container.exe1

Faulting module path: plugin-container.exe2

Report Id: plugin-container.exe3

 

Error: (03/02/2016 09:24:55 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: plugin-container.exe, version: 44.0.2.5884, time stamp: 0x56bbf417

Faulting module name: mozglue.dll, version: 44.0.2.5884, time stamp: 0x56bbe58e

Exception code: 0x80000003

Fault offset: 0x0000ed3b

Faulting process id: 0xfa8

Faulting application start time: 0xplugin-container.exe0

Faulting application path: plugin-container.exe1

Faulting module path: plugin-container.exe2

Report Id: plugin-container.exe3

 

Error: (02/29/2016 06:29:32 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: GPUpd56D48A8D0.exe, version: 1.4.6.5, time stamp: 0x56d408c0

Faulting module name: GPUpd56D48A8D0.exe, version: 1.4.6.5, time stamp: 0x56d408c0

Exception code: 0xc0000409

Fault offset: 0x00022e3e

Faulting process id: 0x9c8

Faulting application start time: 0xGPUpd56D48A8D0.exe0

Faulting application path: GPUpd56D48A8D0.exe1

Faulting module path: GPUpd56D48A8D0.exe2

Report Id: GPUpd56D48A8D0.exe3

 

Error: (02/23/2016 09:27:43 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: 66FE.tmp.exe, version: 1.4.5.2, time stamp: 0x56cc0778

Faulting module name: 66FE.tmp.exe, version: 1.4.5.2, time stamp: 0x56cc0778

Exception code: 0xc0000409

Fault offset: 0x00023ace

Faulting process id: 0x1278

Faulting application start time: 0x66FE.tmp.exe0

Faulting application path: 66FE.tmp.exe1

Faulting module path: 66FE.tmp.exe2

Report Id: 66FE.tmp.exe3

 

Error: (02/16/2016 06:33:26 PM) (Source: MsiInstaller) (EventID: 1024) (User: Antec-900)

Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F0A4E5B00}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

 

Error: (12/13/2015 07:43:07 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: WindowsPhone.exe, version: 1.1.2726.0, time stamp: 0x53332360

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x00000000

Faulting process id: 0x164c

Faulting application start time: 0xWindowsPhone.exe0

Faulting application path: WindowsPhone.exe1

Faulting module path: WindowsPhone.exe2

Report Id: WindowsPhone.exe3

 

 

System errors:

=============

Error: (03/08/2016 06:44:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Google Update Service (gupdate) service failed to start due to the following error: 

%%2

 

Error: (03/08/2016 06:42:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

 

Error: (03/07/2016 08:11:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The NVIDIA Streamer Service service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (03/07/2016 08:11:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (03/07/2016 08:08:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Google Update Service (gupdate) service failed to start due to the following error: 

%%2

 

Error: (03/07/2016 08:06:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

 

Error: (03/07/2016 08:04:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 

%%1068

 

Error: (03/07/2016 08:04:00 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}

 

Error: (03/07/2016 08:04:00 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

 

Error: (03/07/2016 07:59:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: 

%%1068

 

 

CodeIntegrity:

===================================

  Date: 2013-08-31 16:52:22.834

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\hcw95bda.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-08-31 16:52:22.764

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\hcw95bda.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-08-31 16:51:05.962

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\hcw95bda.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-08-31 16:51:05.884

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\hcw95bda.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-08-31 16:47:46.332

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\hcw95bda.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-08-31 16:47:46.262

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\hcw95bda.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-08-31 16:44:45.454

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\hcw95bda.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-08-31 16:44:45.384

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\hcw95bda.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-08-31 16:42:51.151

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\hcw95bda.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-08-31 16:42:51.089

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\hcw95bda.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i5-2500K CPU @ 3.30GHz

Percentage of memory in use: 34%

Total physical RAM: 8109.11 MB

Available physical RAM: 5341.64 MB

Total Virtual: 16216.43 MB

Available Virtual: 13122.85 MB

 

==================== Drives ================================

 

Drive c: (SSD) (Fixed) (Total:111.78 GB) (Free:31.58 GB) NTFS ==>[drive with boot components (obtained from BCD)]

Drive d: (Hitachi) (Fixed) (Total:465.63 GB) (Free:246.85 GB) NTFS

Drive f: (Seagate) (Fixed) (Total:232.88 GB) (Free:52.57 GB) NTFS

Drive h: (Seagate) (Fixed) (Total:232.88 GB) (Free:232.76 GB) NTFS

Drive j: () (Removable) (Total:14.9 GB) (Free:13.92 GB) FAT32

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 0001411D)

Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 00000000)

 

Partition: GPT.

 

========================================================

Disk: 2 (Size: 232.9 GB) (Disk ID: 00064635)

Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

 

========================================================

Disk: 3 (Size: 232.9 GB) (Disk ID: 000638FB)

Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

 

========================================================

Disk: 4 (Size: 14.9 GB) (Disk ID: 00000000)

 

Partition: GPT.

 

==================== End of Addition.txt ============================

Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...

 

Let me see those logs, also give an update on any remaining issues or concerns.....

 

Thank you,

 

Kevin

 

 

Fixlist.txt

Link to post
Share on other sites

Hi Kevin

 

Logs are attached below as requested

The infection seems to have been removed from Firefox as I seem to have no instances of advertising or redirects since yesterday. I have not had any since the beginning on Chrome (currently using) either.

Thanks

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Ruairidh (2016-03-09 19:53:28) Run:1
Running from C:\Users\Ruairidh\Desktop
Loaded Profiles: Ruairidh (Available Profiles: Ruairidh)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1249406558-1224608677-726342571-1000\...\MountPoints2: {b108cd82-660d-11e5-9e7f-50e549c930d3} - I:\iLinker.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR Extension: (d37314b556f7983967e7546995f4cba7) - C:\Program Files (x86)\Google\Chrome\Application\d37314b556f7983967e7546995f4cba7 [2016-02-29]
C:\Program Files (x86)\Google\Chrome\Application\d37314b556f7983967e7546995f4cba7
CHR Extension: (fc9e3fe08122c33472dcb62795f4cba7) - C:\Program Files (x86)\Google\Chrome\Application\fc9e3fe08122c33472dcb62795f4cba7 [2016-03-04]
C:\Program Files (x86)\Google\Chrome\Application\fc9e3fe08122c33472dcb62795f4cba7
S3 GalaxyClientService; "C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe" [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S4 SamsungAllShareV2.0; "D:\AllShare\AllShareDMS\AllShareDMS.exe" [X]
S4 SimpleSlideShowServer; "D:\AllShare\AllShareSlideShowService.exe" [X]
S4 Survarium Update Service; D:\Survarium\game\binaries\x86\survarium_service.exe [X]
S4 wampapache; "D:\wamp\bin\apache\apache2.4.4\bin\httpd.exe" -k runservice [X]
S4 wampmysqld; D:\wamp\bin\mysql\mysql5.6.12\bin\mysqld.exe wampmysqld [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
C:\Users\Ruairidh\AppData\Local\{5bafae46-376a-9b76-1b7a-e10a3f86ead3}
C:\Users\Ruairidh\AppData\Local\Temp\binkw32.dll
C:\Users\Ruairidh\AppData\Local\Temp\Core.dll
C:\Users\Ruairidh\AppData\Local\Temp\Engine.dll
C:\Users\Ruairidh\AppData\Local\Temp\GPUpd56D9FD230.exe
C:\Users\Ruairidh\AppData\Local\Temp\i4jdel0.exe
C:\Users\Ruairidh\AppData\Local\Temp\IFC23.dll
C:\Users\Ruairidh\AppData\Local\Temp\msvci70.dll
C:\Users\Ruairidh\AppData\Local\Temp\msvci70d.dll
C:\Users\Ruairidh\AppData\Local\Temp\msvcirt.dll
C:\Users\Ruairidh\AppData\Local\Temp\msvcp70.dll
C:\Users\Ruairidh\AppData\Local\Temp\msvcp70d.dll
C:\Users\Ruairidh\AppData\Local\Temp\msvcp71.dll
C:\Users\Ruairidh\AppData\Local\Temp\msvcp71d.dll
C:\Users\Ruairidh\AppData\Local\Temp\MSVCR70.dll
C:\Users\Ruairidh\AppData\Local\Temp\MSVCR70d.dll
C:\Users\Ruairidh\AppData\Local\Temp\MSVCR71.dll
C:\Users\Ruairidh\AppData\Local\Temp\MSVCR71d.dll
C:\Users\Ruairidh\AppData\Local\Temp\MSVCRt.dll
C:\Users\Ruairidh\AppData\Local\Temp\ogg.dll
C:\Users\Ruairidh\AppData\Local\Temp\ogg_d.dll
C:\Users\Ruairidh\AppData\Local\Temp\Setup.exe
C:\Users\Ruairidh\AppData\Local\Temp\uninst1.exe
C:\Users\Ruairidh\AppData\Local\Temp\Uninstaller-6988.exe
C:\Users\Ruairidh\AppData\Local\Temp\vorbis.dll
C:\Users\Ruairidh\AppData\Local\Temp\vorbisfile.dll
C:\Users\Ruairidh\AppData\Local\Temp\vorbisfile_d.dll
C:\Users\Ruairidh\AppData\Local\Temp\vorbis_d.dll
C:\Users\Ruairidh\AppData\Local\Temp\Window.dll
Task: {19896DB7-CFB3-4A41-9BC4-E22F57A1D8A0} - \DTReg -> No File <==== ATTENTION
Task: {36BD332E-5028-4ED2-96D2-786B2FB3BECD} - \Updater21804.exe -> No File <==== ATTENTION
Task: {DD3F03DA-B705-4E24-9CF9-891855AC113E} - System32\Tasks\Security Checker => C:\Users\Ruairidh\AppData\Roaming\Security Checker\Security Checker.exe <==== ATTENTION
C:\Users\Ruairidh\AppData\Roaming\Security Checker
Task: {F666E968-B430-4837-BE76-2512CBED4BA6} - System32\Tasks\Download Software Service => C:\Program Files (x86)\Download Software\DownloadSoftware.exe <==== ATTENTION
C:\Program Files (x86)\Download Software
Task: {FF8D767E-0F9F-43E4-AC23-1D394780BACA} - System32\Tasks\Beta Viewer Worker => C:\Program Files (x86)\Beta Viewer\swjob.exe
C:\Program Files (x86)\Beta Viewer
AlternateDataStreams: C:\ProgramData\TEMP:6319FF34 [126]
CMD: ipconfig /flushdns
EmptyTemp:
end
 
 
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-1249406558-1224608677-726342571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b108cd82-660d-11e5-9e7f-50e549c930d3}" => key removed successfully
HKCR\CLSID\{b108cd82-660d-11e5-9e7f-50e549c930d3} => key not found. 
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
C:\Program Files (x86)\Google\Chrome\Application\d37314b556f7983967e7546995f4cba7 => moved successfully
"C:\Program Files (x86)\Google\Chrome\Application\d37314b556f7983967e7546995f4cba7" => not found.
C:\Program Files (x86)\Google\Chrome\Application\fc9e3fe08122c33472dcb62795f4cba7 => moved successfully
"C:\Program Files (x86)\Google\Chrome\Application\fc9e3fe08122c33472dcb62795f4cba7" => not found.
GalaxyClientService => service removed successfully
gupdate => service removed successfully
gupdatem => service removed successfully
SamsungAllShareV2.0 => service removed successfully
SimpleSlideShowServer => service removed successfully
Survarium Update Service => service removed successfully
wampapache => service removed successfully
wampmysqld => service removed successfully
dgderdrv => service removed successfully
MREMP50 => service removed successfully
MREMP50a64 => service removed successfully
MREMPR5 => service removed successfully
MRENDIS5 => service removed successfully
MRESP50 => service removed successfully
MRESP50a64 => service removed successfully
C:\Users\Ruairidh\AppData\Local\{5bafae46-376a-9b76-1b7a-e10a3f86ead3} => moved successfully
C:\Users\Ruairidh\AppData\Local\Temp\binkw32.dll => moved successfully
C:\Users\Ruairidh\AppData\Local\Temp\Core.dll => moved successfully
C:\Users\Ruairidh\AppData\Local\Temp\Engine.dll => moved successfully
C:\Users\Ruairidh\AppData\Local\Temp\GPUpd56D9FD230.exe => moved successfully
C:\Users\Ruairidh\AppData\Local\Temp\i4jdel0.exe => moved successfully
C:\Users\Ruairidh\AppData\Local\Temp\IFC23.dll => moved successfully
C:\Users\Ruairidh\AppData\Local\Temp\msvci70.dll => moved successfully
C:\Users\Ruairidh\AppData\Local\Temp\msvci70d.dll => moved successfully
C:\Users\Ruairidh\AppData\Local\Temp\msvcirt.dll => moved successfully
C:\Users\Ruairidh\AppData\Local\Temp\msvcp70.dll => moved successfully
C:\Users\Ruairidh\AppData\Local\Temp\msvcp70d.dll => moved successfully
C:\Users\Ruairidh\AppData\Local\Temp\msvcp71.dll => moved successfully
C:\Users\Ruairidh\AppData\Local\Temp\msvcp71d.dll => moved successfully
C:\Users\Ruairidh\AppData\Local\Temp\MSVCR70.dll => moved successfully
C:\Users\Ruairidh\AppData\Local\Temp\MSVCR70d.dll => moved successfully
C:\Users\Ruairidh\AppData\Local\Temp\MSVCR71.dll => moved successfully
C:\Users\Ruairidh\AppData\Local\Temp\MSVCR71d.dll => moved successfully
C:\Users\Ruairidh\AppData\Local\Temp\MSVCRt.dll => moved successfully
C:\Users\Ruairidh\AppData\Local\Temp\ogg.dll => moved successfully
C:\Users\Ruairidh\AppData\Local\Temp\ogg_d.dll => moved successfully
C:\Users\Ruairidh\AppData\Local\Temp\Setup.exe => moved successfully
C:\Users\Ruairidh\AppData\Local\Temp\uninst1.exe => moved successfully
C:\Users\Ruairidh\AppData\Local\Temp\Uninstaller-6988.exe => moved successfully
C:\Users\Ruairidh\AppData\Local\Temp\vorbis.dll => moved successfully
C:\Users\Ruairidh\AppData\Local\Temp\vorbisfile.dll => moved successfully
C:\Users\Ruairidh\AppData\Local\Temp\vorbisfile_d.dll => moved successfully
C:\Users\Ruairidh\AppData\Local\Temp\vorbis_d.dll => moved successfully
C:\Users\Ruairidh\AppData\Local\Temp\Window.dll => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{19896DB7-CFB3-4A41-9BC4-E22F57A1D8A0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19896DB7-CFB3-4A41-9BC4-E22F57A1D8A0}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DTReg => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{36BD332E-5028-4ED2-96D2-786B2FB3BECD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36BD332E-5028-4ED2-96D2-786B2FB3BECD}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater21804.exe => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD3F03DA-B705-4E24-9CF9-891855AC113E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD3F03DA-B705-4E24-9CF9-891855AC113E}" => key removed successfully
C:\Windows\System32\Tasks\Security Checker => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Checker" => key removed successfully
C:\Users\Ruairidh\AppData\Roaming\Security Checker => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F666E968-B430-4837-BE76-2512CBED4BA6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F666E968-B430-4837-BE76-2512CBED4BA6}" => key removed successfully
C:\Windows\System32\Tasks\Download Software Service => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Download Software Service" => key removed successfully
C:\Program Files (x86)\Download Software => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FF8D767E-0F9F-43E4-AC23-1D394780BACA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF8D767E-0F9F-43E4-AC23-1D394780BACA}" => key removed successfully
C:\Windows\System32\Tasks\Beta Viewer Worker => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Beta Viewer Worker" => key removed successfully
C:\Program Files (x86)\Beta Viewer => moved successfully
C:\ProgramData\TEMP => ":6319FF34" ADS removed successfully.
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
EmptyTemp: => 1.3 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 19:53:56 ====
 
 
 
 
 
 
# AdwCleaner v5.101 - Logfile created 09/03/2016 at 19:59:17
# Updated 07/03/2016 by Xplode
# Database : 2016-03-08.1 [server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Ruairidh - ANTEC-900
# Running from : C:\Users\Ruairidh\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
[-] Key Deleted : HKCU\Software\APN PIP
[-] Key Deleted : HKCU\Software\InstalledBrowserExtensions
[-] Key Deleted : HKCU\Software\Softonic
[-] Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
[-] Key Deleted : HKLM\SOFTWARE\DesktopSearch
[-] Key Deleted : HKLM\SOFTWARE\PIP
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
*************************
 
C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [1435 bytes] - [09/03/2016 19:59:17]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[s1].txt - [1476 bytes] - [09/03/2016 19:58:11]
 
########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [1621 bytes] ##########
 
Link to post
Share on other sites

Excellent, if no remaining issues or concerns I guess we can clean up....

 

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:



  •    
  • Remove disinfection tools
       
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
       
  • Reset system settings



Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…
 

Next,

 

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin...  busy.gif
 

Link to post
Share on other sites

Hello disponded,

 

Yes you did have browser hijacker, there were also remnants of ZeroAccess infection. Where you pick up those nuisances is really hard to pinpoint because there are many possibilities. At least we have a fix so you should be good to go...

 

Also a suggestion for you to think about. You have Windows 7 own Firewall and Security Essentials they are very capable of looking after your system, I do highly recommend that you buy the Premium version of Malwarebytes https://www.malwarebytes.org/antimalware/ as an extra and very worthwhile security layer.... (i`m a volunteer here so have nothing to gain)

I also recommend you install the following:

Malwarebytes Anti-Exploit, the free version is more than adequate for a home user: https://www.malwarebytes.org/antiexploit/ Download and install the "Free Trial" it will revert to the free version when the trial times out....

UnChecky from here: https://unchecky.com/ it is free and will help block unwanted extras from free software that you may try.... Runs at boot but uses minimal resouces..

McShield from here: http://www.mcshield.net/it free and will protect your system from any possible infection when USB devices are used.... Runs at boot and uses minimal resources...

I also recommend that you use Firefox as your Browser, When Firefox is installed and open select these keys together :- Ctrl - Shift - A that will access Addons manger, this gives access to find addons and extensions. Also to use, start, stop or disable those features etc....

Open "Extensions" ensure to use search box to find and install AdBlock plus, Flashblock and DrWeb Anti-Virus Link Checker plus any other addons you normally use....

Will close out shortly........

 

Thank you,

 

Kevin...

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.