Monstrous virus, combats my efforts to kill it!

LambentTyto

LambentTyto

Member
So I was being stupid and I downloading an exe from an unofficial source and got screwed. I later checked the official website for the product and realized they don't even make a version for windows, lol.

Okay, so this is what it basically did, I downloaded programs onto my PC. Tencent for one. It's some kind of Chinese program. Fortunately I was able to remove it simple by uninstalling it, since the program is legitimate. Had to go to youtube and watch a Chinese guy explain how to do it since the program will not go into English. Anyway, I think the fact the virus put that on my PC is to divert attention away from it.

Now, I ran malware bytes and AVG. Malware Bytes detected over six hundred entities that were potentially harmful to my PC. (my pc was clean before I got this virus.) I removed them. Avg detected an entire host of viruses, Trojans, etc as it scanned by PC and I removed them one at a time. In total it was probably around 15 viruses.

But I still have a serious issue. Another program slipped onto my PC located in the program files under a folder called "Rising." Inside is the symbol for this program, which looks like a shield with a lions head on it. It's some kind of anti spyware I've never seen or heard of in my life! It sucks up a lot of RAM and I know that it's trouble, along with whatever else is STILL on my PC that I'm not seeing.

I've tried multiple ways to delete this bastard. I've tried going into Admin mode, File Assassin, I've tried to reboot into safe mode but my PC crashes every time. When I try to delete this Rising folder I get a pop up saying that it's protecting itself from delete measures.

I've come to the point where I want to make sure I eradicate anything not belonging on my PC, so I'd like to either refresh the thing or do a clean restore. But here's the thing, when I try, I get a pop up saying "Missing files, please insert media that came on disk with this PC."

Now that's garbage right there, because I've restored and refreshed this puppy without that happening. In fact, this PC didn't come with any media because it has no disk drive!

So, bottom line, I'm not interested in wiping the virus, I want to restore or refresh this thing and I can't seem to so it, and I want help. Please.

Now, while my PC was fraking up while I was trying to boot in safe mode, I was pushing buttons and stuff, and somehow got to this blue screen that said "please wait while PC prepares to reset." When it was done, I got a warning that everything on the PC would be erased during this procedure. I canceled it because I have files I wanted to get off of here, which I now have done.

Is a reset the same thing as restoring, or is that a clean wipe, destroying the OS and stuff? Because I don't want to do that. I don't have $100 for a new OS.

If anyone could help me out, I'd appreciate it. Ask any questions, give suggestion, or just tell me how to fix this nightmare!

Thanks!
 
1.

Please download AdwCleaner by Xplode onto your Desktop.



•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Scan.
•After the scan you will need to click on clean for it to delete the adware.
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

2.

Please download Junkware Removal Tool to your desktop.

•Shutdown your antivirus to avoid any conflicts.
•Very important that you run the tool in this manner:
Right-mouse click JRT.exe and select Run as administrator
Do NOT just double-click it.
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Post the contents of JRT.txt in your next message.

3.

Please download Malwarebytes' Anti-Malware and save it to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.

EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE

But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.

Please post the log that Malwarebytes displays on your screen.

4.

Download OTL to your Desktop


•Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
•Click on Minimal Output at the top
•Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
◦When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Just post the OTL.txt file in your reply.

So in your original thread asking for help, please give us a short description of what the problem is and then post the logs from the following 4 programs.

1. Adwcleaner
2. Junkware removal tool
3. Malwarebytes
4. OTL
 
Thanks for taking the time to post all this vayagerfan.

Problems I'm experiences are:
Strange programs having downloaded themselves onto my PC bringing along with them a host of viruses and other malware. Got rid of a lot of it with initial AVG and MalwareBytes scans.
Programs running in the background using up a lot of RAM.
Can't boot in safe mode.
Cant refresh or restore PC.

AdwCleaner

# AdwCleaner v5.007 - Logfile created 17/09/2015 at 11:38:05
# Updated 08/09/2015 by Xplode
# Database : 2015-09-15.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Angelo - ASUS
# Running from : C:\Users\Angelo\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : QMUdisk
[-] Service Deleted : TS888x64
[-] Service Deleted : RsMgrSvc
[-] Service Deleted : RsRavMon

***** [ Folders ] *****

[-] Folder Deleted : C:\IQIYI Video
[-] Folder Deleted : C:\Program Files (x86)\globalUpdate
[-] Folder Deleted : C:\Program Files (x86)\tencent
[#] Folder Deleted : C:\Program Files (x86)\Rising
[-] Folder Deleted : C:\Program Files (x86)\Common Files\tencent
[-] Folder Deleted : C:\Program Files\Common Files\tencent
[-] Folder Deleted : C:\ProgramData\tencent
[-] Folder Deleted : C:\ProgramData\TXQMPC
[#] Folder Deleted : C:\ProgramData\Rising
[-] Folder Deleted : C:\Users\Angelo\AppData\Local\globalUpdate
[-] Folder Deleted : C:\Users\Angelo\AppData\Local\Temp\tencent
[-] Folder Deleted : C:\Users\Angelo\AppData\Roaming\RHEng
[-] Folder Deleted : C:\Users\Angelo\AppData\Roaming\IQIYI Video
[-] Folder Deleted : C:\Users\Angelo\AppData\Roaming\tencent
[-] Folder Deleted : C:\Users\Angelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????
[-] Folder Deleted : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\tencent

***** [ Files ] *****

[-] File Deleted : C:\WINDOWS\Sysnative\drivers\TFsFltX64.sys
[-] File Deleted : C:\WINDOWS\SysWOW64\drivers\TS888x64.sys

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\METNSD
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP
[-] Key Deleted : HKLM\SOFTWARE\Classes\qygameclient
[-] Key Deleted : HKLM\SOFTWARE\Classes\HCDNProxy
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{307B3CDB-9EE3-4137-9D18-F9AD6537ECEB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CF3CDEFB-31BE-43AE-B064-B9C62C883259}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D96C1D26-5CDF-4506-9244-57233C3984DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B6360BD3-5CD0-40D3-BD87-DAFF37889F50}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E1D75F62-CBBD-45C7-9D1D-6B5ECEC2E006}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6BE0FB-8B18-4DFC-959F-233651CC4D7F}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAC94FEE-45B4-4FD4-9EEA-D8978EC96C6E}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
[-] Key Deleted : HKCU\Software\GlobalUpdate
[-] Key Deleted : HKCU\Software\InstalledBrowserExtensions
[-] Key Deleted : HKCU\Software\Avg Secure Update
[-] Key Deleted : HKCU\Software\QyGameClient
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate
[-] Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
[!] Key Not Deleted : [x64] HKCU\Software\GlobalUpdate
[!] Key Not Deleted : [x64] HKCU\Software\InstalledBrowserExtensions
[!] Key Not Deleted : [x64] HKCU\Software\Avg Secure Update
[!] Key Not Deleted : [x64] HKCU\Software\QyGameClient
[-] Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tab]

***** [ Web browsers ] *****

[-] [C:\Users\Angelo\AppData\Roaming\Mozilla\Firefox\Profiles\kkm7hpkv.default\prefs.js] [Preference] Deleted : user_pref("extensions.aAVJYFVOD75109374HCDE39471360com72895.72895.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%22%[...]

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [7915 bytes] ##########
 
JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.2 (09.14.2015:1)
OS: Windows 8.1 x64
Ran by Angelo on Thu 09/17/2015 at 14:58:33.62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\WINDOWS\system32\tasks\QQBrowser Udpater Task
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\QQBrowser Udpater Task(Core)
Successfully deleted: [Task] C:\WINDOWS\Tasks\QQBrowser Udpater Task(Core).job
Successfully deleted: [Task] C:\WINDOWS\Tasks\QQBrowser Udpater Task.job



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ASUS



~~~ Files

Successfully deleted: [File] C:\Users\Angelo\AppData\Roaming\sp_data.sys



~~~ Folders

Successfully deleted: [Folder] C:\Users\Angelo\AppData\Roaming\ppslog
Successfully deleted: [Folder] C:\Users\Public\qiyi





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 09/17/2015 at 15:02:04.21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Malware Bytes

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/17/2015
Scan Time: 3:16 PM
Logfile: Malware Bytes txt.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.09.17.05
Rootkit Database: v2015.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Angelo

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 404692
Time Elapsed: 26 min, 38 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
 
OTL

OTL logfile created on: 9/17/2015 3:49:11 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Angelo\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18036)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.89 Gb Total Physical Memory | 2.65 Gb Available Physical Memory | 68.11% Memory free
7.89 Gb Paging File | 6.57 Gb Available in Paging File | 83.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 118.79 Gb Total Space | 43.40 Gb Free Space | 36.53% Space Free | Partition Type: NTFS
Drive D: | 157.55 Gb Total Space | 19.51 Gb Free Space | 12.38% Space Free | Partition Type: NTFS
Computer Name: ASUS | User Name: Angelo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Angelo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV:64bit: - (DiagTrack) -- C:\Windows\SysNative\diagtrack.dll (Microsoft Corporation)
SRV:64bit: - (WdNisSvc) -- C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (Disc Soft Lite Bus Service) -- C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe (Disc Soft Ltd)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (lfsvc) -- C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (IEEtwCollectorService) -- C:\WINDOWS\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (NcbService) -- C:\Windows\SysNative\ncbservice.dll (Microsoft Corporation)
SRV:64bit: - (workfolderssvc) -- C:\Windows\SysNative\workfolderssvc.dll (Microsoft Corporation)
SRV:64bit: - (AppReadiness) -- C:\Windows\SysNative\AppReadiness.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (WEPHOSTSVC) -- C:\Windows\SysNative\wephostsvc.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (ScDeviceEnum) -- C:\Windows\SysNative\ScDeviceEnum.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (smphost) -- C:\Windows\SysNative\smphost.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppXSvc) -- C:\Windows\SysNative\AppXDeploymentServer.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicguestinterface) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (BthHFSrv) -- C:\Windows\SysNative\BthHFSrv.dll (Microsoft Corporation)
SRV:64bit: - (DptfPolicyConfigTDPService) -- C:\Windows\SysNative\DptfPolicyConfigTDPService.exe ()
SRV:64bit: - (DptfParticipantProcessorService) -- C:\Windows\SysNative\DptfParticipantProcessorService.exe ()
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (avgsvc) -- C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (AVG Technologies CZ, s.r.o.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (RzKLService) -- C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe (Razer Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Razer Game Scanner Service) -- C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TeamViewer) -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Origin Client Service) -- C:\Program Files (x86)\Origin\OriginClientService.exe (Electronic Arts)
SRV - (lfsvc) -- C:\Windows\SysWOW64\GeofenceMonitorService.dll (Microsoft Corporation)
SRV - (smphost) -- C:\Windows\SysWOW64\smphost.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (PrintNotify) -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
========== Driver Services (SafeList) ==========
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgwfpa) -- C:\Windows\SysNative\drivers\avgwfpa.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (WdNisDrv) -- C:\Windows\SysNative\drivers\WdNisDrv.sys (Microsoft Corporation)
DRV:64bit: - (MBAMWebAccessControl) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (rzpmgrk) -- C:\Windows\SysNative\drivers\rzpmgrk.sys (Razer, Inc.)
DRV:64bit: - (dtlitescsibus) -- C:\Windows\SysNative\drivers\dtlitescsibus.sys (Disc Soft Ltd)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (sysmon) -- C:\Windows\SysNative\drivers\sysmon.sys (Beijing Rising Information Technology Co., Ltd.)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (rsutils) -- C:\Windows\SysNative\drivers\rsutils.sys (Beijing Rising Information Technology Co., Ltd.)
DRV:64bit: - (Avgboota) -- C:\Windows\SysNative\drivers\avgboota.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (ahcache) -- C:\Windows\SysNative\drivers\ahcache.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (Avgdiska) -- C:\Windows\SysNative\drivers\avgdiska.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (Wof) -- C:\WINDOWS\SysNative\drivers\wof.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (ReFS) -- C:\WINDOWS\SysNative\drivers\refs.sys (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc63.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (intelpep) -- C:\Windows\SysNative\drivers\intelpep.sys (Microsoft Corporation)
DRV:64bit: - (SerCx2) -- C:\Windows\SysNative\drivers\SerCx2.sys (Microsoft Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\drivers\BthLEEnum.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (stornvme) -- C:\Windows\SysNative\drivers\stornvme.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\WINDOWS\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (LSI_SAS3) -- C:\Windows\SysNative\drivers\lsi_sas3.sys (LSI Corporation)
DRV:64bit: - (ADP80XX) -- C:\Windows\SysNative\drivers\adp80xx.sys (PMC-Sierra)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (UEFI) -- C:\Windows\SysNative\drivers\uefi.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (NdisVirtualBus) -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (bcmfn2) -- C:\Windows\SysNative\drivers\bcmfn2.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (iaStorAV) -- C:\Windows\SysNative\drivers\iaStorAV.sys (Intel Corporation)
DRV:64bit: - (iaLPSSi_GPIO) -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys (Intel Corporation)
DRV:64bit: - (iaLPSSi_I2C) -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys (Intel Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athw8x.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C63x64.sys (Qualcomm Atheros Co., Ltd.)
DRV:64bit: - (ATP) -- C:\Windows\SysNative\drivers\AsusTP.sys (ASUS Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (AiCharger) -- C:\Windows\SysNative\drivers\AiCharger.sys (ASUSTek Computer Inc.)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (DptfManager) -- C:\Windows\SysNative\drivers\DptfManager.sys (Intel Corporation)
DRV:64bit: - (DptfDevGen) -- C:\Windows\SysNative\drivers\DptfDevGen.sys (Intel Corporation)
DRV:64bit: - (DptfDevDram) -- C:\Windows\SysNative\drivers\DptfDevDram.sys (Intel Corporation)
DRV:64bit: - (DptfDevFan) -- C:\Windows\SysNative\drivers\DptfDevFan.sys (Intel Corporation)
DRV:64bit: - (DptfDevProc) -- C:\Windows\SysNative\drivers\DptfDevProc.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (HIDSwitch) -- C:\Windows\SysNative\drivers\AsHIDSwitch64.sys (ASUS)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.countryCode: "EC"
FF - prefs.js..browser.search.region: "EC"
FF - prefs.js..browser.startup.homepage: "https://ca.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: imageblock%40hemantvats.com:2.1.1-signed
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:40.0.3
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rising.com.cn/nprising: C:\Program Files (x86)\Rising\RAV\nprising.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@rising.com.cn/nprising: C:\Program Files (x86)\Rising\RAV\nprising.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Angelo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 40.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 40.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 40.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 40.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2015/06/11 22:24:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angelo\AppData\Roaming\mozilla\Extensions
[2015/09/16 17:38:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angelo\AppData\Roaming\mozilla\Firefox\Profiles\kkm7hpkv.default\extensions
[2015/09/16 19:12:17 | 000,000,000 | ---D | M] (ADB Helper) -- C:\Users\Angelo\AppData\Roaming\mozilla\Firefox\Profiles\kkm7hpkv.default\extensions\[email protected]
[2015/06/21 14:29:58 | 000,022,699 | ---- | M] () (No name found) -- C:\Users\Angelo\AppData\Roaming\mozilla\firefox\profiles\kkm7hpkv.default\extensions\[email protected]
[2015/08/14 11:22:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/08/28 17:25:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
O1 HOSTS File: ([2013/08/22 08:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [DptfPolicyLpmServiceHelper] C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2015\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AvgUi] C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [RavTRAY] "C:\Program Files (x86)\Rising\RAV\RSTRAY.EXE" -system File not found
O4 - HKLM..\Run: [RSDTRAY] "C:\Program Files (x86)\Rising\RSD\popwndexe.exe" File not found
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [wenguanjia] C:\Users\Angelo\AppData\Roaming\wenguanjia\Mapyboard.exe /autorun File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [DAEMON Tools Lite Automount] C:\Program Files\DAEMON Tools Lite\DTAgent.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 191.100.0.4 200.55.224.66
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78DE9C8F-323F-4FEC-9066-0A3FB49F851E}: DhcpNameServer = 191.100.0.4 200.55.224.66
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{93c75317-1135-11e5-be76-6c71d92f22ac}\Shell - "" = AutoRun
O33 - MountPoints2\{93c75317-1135-11e5-be76-6c71d92f22ac}\Shell\AutoRun\command - "" = "F:\Setup\rsrc\Autorun.exe"
O33 - MountPoints2\{93c75317-1135-11e5-be76-6c71d92f22ac}\Shell\dinstall\command - "" = F:\Directx\dxsetup.exe
O33 - MountPoints2\{93c75a39-1135-11e5-be76-6c71d92f22ac}\Shell - "" = AutoRun
O33 - MountPoints2\{93c75a39-1135-11e5-be76-6c71d92f22ac}\Shell\AutoRun\command - "" = "G:\autorun.exe"
O33 - MountPoints2\{febb6540-70c3-11e3-be83-6c71d92f22ac}\Shell - "" = AutoRun
O33 - MountPoints2\{febb6540-70c3-11e3-be83-6c71d92f22ac}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2015/09/17 15:17:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Angelo\Desktop\OTL.exe
[2015/09/17 14:58:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Rising
[2015/09/17 14:56:41 | 001,798,976 | ---- | C] (Malwarebytes) -- C:\Users\Angelo\Desktop\JRT.exe
[2015/09/17 11:35:00 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/09/16 17:31:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
[2015/09/16 17:31:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileASSASSIN
[2015/09/16 15:45:49 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2015/09/16 15:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rising Antivirus
[2015/09/16 15:16:16 | 000,091,928 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\SysWow64\vpatch.dll
[2015/09/16 15:16:15 | 000,000,000 | R--D | C] -- C:\RavBin
[2015/09/16 15:16:13 | 000,000,000 | ---D | C] -- C:\Users\Angelo\AppData\Roaming\AVG2015
[2015/09/16 15:14:06 | 000,325,400 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\SysNative\ravext64.dll
[2015/09/16 15:14:05 | 000,256,280 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\SysWow64\ravext.dll
[2015/09/16 15:14:00 | 000,240,472 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\SysWow64\bsmain.exe
[2015/09/16 15:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2015/09/16 15:13:18 | 000,119,256 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\SysNative\drivers\sysmon.sys
[2015/09/16 15:13:18 | 000,071,760 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\SysNative\drivers\rsutils.sys
[2015/09/16 15:13:18 | 000,011,888 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\SysNative\drivers\rsndisp.sys
[2015/09/16 15:11:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rising
[2015/09/16 15:10:17 | 000,000,000 | -H-D | C] -- C:\$AVG
[2015/09/16 15:10:16 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2015
[2015/09/16 15:01:51 | 000,000,000 | ---D | C] -- C:\Users\Angelo\AppData\Local\Avg2015
[2015/09/16 15:01:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
[2015/09/16 15:00:57 | 000,000,000 | ---D | C] -- C:\ProgramData\LocalStorage
[2015/09/16 14:58:18 | 000,000,000 | ---D | C] -- C:\Users\Angelo\.android
[2015/09/16 14:57:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Avg
[2015/09/16 14:57:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2015/09/16 14:51:24 | 000,000,000 | ---D | C] -- C:\Users\Angelo\AppData\Local\Avg
[2015/09/16 14:51:23 | 000,000,000 | ---D | C] -- C:\Users\Angelo\AppData\Local\AvgSetupLog
[2015/09/16 14:36:46 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacksSetup
[2015/09/16 14:36:44 | 000,000,000 | ---D | C] -- C:\Users\Angelo\AppData\Local\Bluestacks
[2015/09/16 14:35:31 | 000,000,000 | ---D | C] -- C:\Users\Angelo\AppData\Roaming\WB_CFG
[2015/09/16 14:34:20 | 000,000,000 | ---D | C] -- C:\Users\Angelo\AppData\Local\Opera Software
[2015/09/16 14:34:19 | 000,000,000 | ---D | C] -- C:\Users\Angelo\AppData\Roaming\Opera Software
[2015/09/16 14:31:22 | 000,000,000 | ---D | C] -- C:\ProgramData\adb
[2015/09/16 14:31:20 | 000,000,000 | ---D | C] -- C:\Users\Angelo\AppData\Roaming\wenguanjia
[2015/09/16 14:30:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2015/09/16 14:30:44 | 000,000,000 | ---D | C] -- C:\qycache
[2015/09/16 14:30:44 | 000,000,000 | ---D | C] -- C:\ppsfile
[2015/09/16 14:30:27 | 000,000,000 | ---D | C] -- C:\Users\Angelo\AppData\Local\Unity
[2015/09/16 14:28:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\baidu
[2015/09/14 15:51:25 | 000,000,000 | ---D | C] -- C:\Users\Angelo\Desktop\New Project [Single POV]
[2015/09/12 14:53:42 | 000,000,000 | ---D | C] -- C:\Users\Angelo\Desktop\Nightwish - Endless Forms Most Beautifulak6103
[2015/09/12 14:08:17 | 000,000,000 | ---D | C] -- C:\Users\Angelo\Desktop\KotOR MODS
[2015/09/12 09:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flawless Widescreen
[2015/09/12 09:48:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Flawless Widescreen
[2015/09/10 10:50:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2015/09/10 10:50:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2015/09/10 10:50:52 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2015/09/09 11:29:22 | 000,000,000 | ---D | C] -- C:\Users\Angelo\Desktop\Fallout NV MODS
[2015/08/31 19:33:23 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2015/08/31 19:31:16 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2015/08/31 19:24:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2015/08/31 17:40:55 | 000,000,000 | ---D | C] -- C:\Users\Angelo\AppData\Local\Razer_Inc
[2015/08/31 17:40:45 | 000,000,000 | ---D | C] -- C:\Users\Angelo\Documents\Razer
[2015/08/31 17:39:31 | 000,000,000 | ---D | C] -- C:\Users\Angelo\AppData\Local\Razer
[2015/08/31 17:39:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
[2015/08/31 17:38:45 | 000,037,184 | ---- | C] (Razer, Inc.) -- C:\WINDOWS\SysNative\drivers\rzpmgrk.sys
[2015/08/31 17:38:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer
[2015/08/31 17:38:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer
[2015/08/31 13:40:10 | 000,000,000 | ---D | C] -- C:\Users\Angelo\Desktop\Current Project
[2015/08/25 18:08:17 | 000,000,000 | ---D | C] -- C:\Users\Angelo\AppData\Roaming\Audacity
[2015/08/25 18:06:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2015/08/23 12:59:18 | 000,000,000 | ---D | C] -- C:\Users\Angelo\AppData\Roaming\TeamViewer
[2015/08/21 18:27:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2015/08/19 11:53:56 | 000,297,904 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\drivers\avgidsha.sys
[2015/08/19 11:52:30 | 000,313,264 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\drivers\avgidsdrivera.sys
[1 C:\WINDOWS\SysNative\drivers\*.tmp files -> C:\WINDOWS\SysNative\drivers\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2015/09/17 15:32:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2015/09/17 15:17:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Angelo\Desktop\OTL.exe
[2015/09/17 15:07:27 | 000,113,880 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2015/09/17 15:05:12 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/09/17 14:57:00 | 001,798,976 | ---- | M] (Malwarebytes) -- C:\Users\Angelo\Desktop\JRT.exe
[2015/09/17 11:45:04 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2015/09/17 11:43:18 | 000,000,212 | ---- | M] () -- C:\WINDOWS\tasks\AutoKMS.job
[2015/09/17 11:43:03 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2015/09/17 11:43:02 | 3340,107,776 | -HS- | M] () -- C:\hiberfil.sys
[2015/09/17 11:32:12 | 001,660,416 | ---- | M] () -- C:\Users\Angelo\Desktop\AdwCleaner.exe
[2015/09/17 10:30:03 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\AVG.lnk
[2015/09/16 22:30:19 | 000,054,718 | ---- | M] () -- C:\Users\Angelo\Desktop\bookmarks.html
[2015/09/16 22:28:49 | 000,737,708 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2015/09/16 22:28:49 | 000,138,276 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2015/09/16 22:28:48 | 000,863,592 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2015/09/16 18:02:59 | 004,988,608 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2015/09/16 17:32:00 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk
[2015/09/16 15:46:02 | 000,000,836 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2015/09/16 15:16:22 | 000,000,150 | RHS- | M] () -- C:\rising.ini
[2015/09/16 14:35:11 | 000,000,004 | ---- | M] () -- C:\WINDOWS\SysWow64\029B560A371F4E00AB32838EBC01B9E7
[2015/08/19 11:53:56 | 000,297,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\drivers\avgidsha.sys
[2015/08/19 11:52:30 | 000,313,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\drivers\avgidsdrivera.sys
[1 C:\WINDOWS\SysNative\drivers\*.tmp files -> C:\WINDOWS\SysNative\drivers\*.tmp -> ]
========== Files Created - No Company Name ==========
[2015/09/17 15:05:12 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/09/17 11:32:06 | 001,660,416 | ---- | C] () -- C:\Users\Angelo\Desktop\AdwCleaner.exe
[2015/09/16 22:30:18 | 000,054,718 | ---- | C] () -- C:\Users\Angelo\Desktop\bookmarks.html
[2015/09/16 17:35:14 | 000,001,087 | ---- | C] () -- C:\Users\Angelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RAV.lnk
[2015/09/16 17:32:00 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk
[2015/09/16 15:46:01 | 000,000,836 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2015/09/16 15:16:22 | 000,000,150 | RHS- | C] () -- C:\rising.ini
[2015/09/16 15:01:02 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\AVG.lnk
[2015/09/16 14:39:08 | 000,002,935 | ---- | C] () -- C:\Users\Angelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\firefox.lnk
[2015/09/16 14:35:11 | 000,000,004 | ---- | C] () -- C:\WINDOWS\SysWow64\029B560A371F4E00AB32838EBC01B9E7
[2015/09/09 10:58:11 | 000,411,455 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2015/08/31 19:33:10 | 000,001,093 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
[2015/08/31 19:32:22 | 000,001,225 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
[2015/08/31 19:31:21 | 000,001,055 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
[2015/08/31 19:30:44 | 000,001,187 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
[2015/08/31 19:27:26 | 000,001,371 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
[2015/08/31 19:27:15 | 000,001,541 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2015/08/25 18:07:20 | 000,001,033 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2015/08/21 18:27:56 | 000,001,057 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
[2015/06/12 14:28:42 | 000,000,135 | ---- | C] () -- C:\WINDOWS\AutoKMS.ini
[2015/06/12 00:14:32 | 000,002,944 | ---- | C] () -- C:\WINDOWS\SysWow64\LavasoftTcpServiceOff.ini
[2015/04/14 11:28:56 | 000,004,387 | ---- | C] () -- C:\Users\Angelo\AppData\Roaming\zjoavuZPuzvP5f0YL
[2014/11/21 04:16:51 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2014/11/21 04:15:14 | 000,107,008 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2014/11/21 03:52:42 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2013/10/01 13:02:30 | 000,303,104 | ---- | C] () -- C:\WINDOWS\SysWow64\igdmd32.dll
[2013/10/01 13:02:26 | 000,180,736 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2013/10/01 13:02:26 | 000,142,848 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll
[2012/11/27 13:26:00 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe
[2012/11/27 13:26:00 | 000,000,256 | ---- | C] () -- C:\ProgramData\SetStretch.cmd
[2012/11/27 13:26:00 | 000,000,103 | ---- | C] () -- C:\ProgramData\SetStretch.VBS
========== ZeroAccess Check ==========
[2015/08/14 12:28:36 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/05/07 12:50:50 | 022,292,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/05/07 11:53:12 | 019,734,960 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2014/11/21 04:15:30 | 001,013,760 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2014/11/21 04:16:30 | 000,786,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2014/11/21 04:15:30 | 000,512,512 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2015/06/11 22:20:41 | 000,000,000 | ---D | M] -- C:\Users\Angelo\AppData\Roaming\ASUS WebStorage
[2015/08/25 18:20:23 | 000,000,000 | ---D | M] -- C:\Users\Angelo\AppData\Roaming\Audacity
[2015/09/16 15:16:13 | 000,000,000 | ---D | M] -- C:\Users\Angelo\AppData\Roaming\AVG2015
[2015/06/12 00:19:55 | 000,000,000 | ---D | M] -- C:\Users\Angelo\AppData\Roaming\DAEMON Tools Lite
[2015/09/16 14:53:10 | 000,000,000 | ---D | M] -- C:\Users\Angelo\AppData\Roaming\Opera Software
[2015/06/16 14:53:55 | 000,000,000 | ---D | M] -- C:\Users\Angelo\AppData\Roaming\Origin
[2015/08/28 18:47:29 | 000,000,000 | ---D | M] -- C:\Users\Angelo\AppData\Roaming\TeamViewer
[2015/08/15 11:24:20 | 000,000,000 | ---D | M] -- C:\Users\Angelo\AppData\Roaming\The Creative Assembly
[2015/06/11 22:40:55 | 000,000,000 | ---D | M] -- C:\Users\Angelo\AppData\Roaming\TuneUp Software
[2015/09/13 13:56:49 | 000,000,000 | ---D | M] -- C:\Users\Angelo\AppData\Roaming\uTorrent
[2015/09/16 14:35:31 | 000,000,000 | ---D | M] -- C:\Users\Angelo\AppData\Roaming\WB_CFG
[2015/09/16 21:28:48 | 000,000,000 | ---D | M] -- C:\Users\Angelo\AppData\Roaming\wenguanjia
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2015/09/16 15:09:24 | 000,002,269 | ---- | M] ()(C:\Users\Angelo\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ???.lnk) -- C:\Users\Angelo\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ浏览器.lnk
[2015/09/16 15:09:24 | 000,002,269 | ---- | C] ()(C:\Users\Angelo\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ???.lnk) -- C:\Users\Angelo\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ浏览器.lnk
[2015/09/16 14:31:22 | 000,000,000 | ---D | C](C:\Users\Angelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\???(916)) -- C:\Users\Angelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\文管家(916)
========== Alternate Data Streams ==========
@Alternate Data Stream - 94 bytes -> C:\Users\Angelo\OneDrive:ms-properties
@Alternate Data Stream - 237 bytes -> C:\Users\Angelo\SkyDrive:ms-properties

< End of report >

EXTRAS

OTL Extras logfile created on: 9/17/2015 3:49:11 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Angelo\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18036)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.89 Gb Total Physical Memory | 2.65 Gb Available Physical Memory | 68.11% Memory free
7.89 Gb Paging File | 6.57 Gb Available in Paging File | 83.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 118.79 Gb Total Space | 43.40 Gb Free Space | 36.53% Space Free | Partition Type: NTFS
Drive D: | 157.55 Gb Total Space | 19.51 Gb Free Space | 12.38% Space Free | Partition Type: NTFS
Computer Name: ASUS | User Name: Angelo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DD4B8BE-7774-425E-8C61-EDB3593EF57A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{29444027-7A1E-43C0-B15B-198EB19CC505}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7B980042-1893-454E-93B7-F12C7134A57B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{89A8808F-8A4A-4CD6-8FFD-B8643FC13ABF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{963C85A6-046F-40AB-92E5-424F10D98037}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B5D0B5ED-8250-4D04-93AF-9A8E9C0AEA43}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C230A088-22FC-4657-99AE-602A5175DED0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D68F0EE7-A792-4FF7-9E8C-47FAD30FC8DB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D8F9CDCA-6ADD-466A-A509-35DDD1874353}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DCB17856-6499-4006-A8D5-D8D53B50B443}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F8AB4328-9C84-40B0-8F64-DC1197484B9A}" = rport=10243 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06B4523F-D790-48C5-A6C6-D0856026543F}" = dir=in | app=c:\iqiyi video\lstyle\qyclient.exe |
"{06D7C62E-77F6-45B9-8227-94B4206135C5}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20947_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{0C4762F7-5964-44B5-9CC5-F75D2AD04BC4}" = dir=in | app=c:\iqiyi video\lstyle\qyminiplayer.exe |
"{0D14D549-C0E1-44CA-A170-6A0FF43815E0}" = dir=in | app=c:\users\angelo\appdata\roaming\tencent\qqbrowser\liveup\temp\qqbrowserliveup.exe |
"{0D751394-6A96-4410-8E66-E445279D97BC}" = dir=in | app=c:\users\angelo\appdata\roaming\iqiyi video\lstyle\qyupdate.exe |
"{1144C857-1EA8-4069-B0C4-89A4AB5C025E}" = dir=in | name=juniper networks junos pulse |
"{14E2811A-B125-4AC7-9126-F654CA645D1D}" = dir=out | name=sonicwall mobile connect |
"{150066D9-307E-45A2-A47D-8232988EB83C}" = dir=in | name=taptiles |
"{18CF7926-C4C9-4E44-9102-DD2D87EB7A04}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{1B6826D5-D5E4-4BB9-9971-29FB6F5A4F2B}" = dir=in | app=c:\iqiyi video\lstyle\qyplayer.exe |
"{1B98131E-535D-4EA9-A501-E5B111078AFC}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer.exe |
"{1D5B9EB0-705F-4D6A-BBE8-37DDA092FA75}" = dir=out | name=windows_ie_ac_001 |
"{1DD1D7CE-4F4C-4F1A-B5B8-1DC67CB36F0B}" = dir=out | name=onenote |
"{1E2B0167-C004-409D-8E55-72C2409D12B1}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{1FE9E5F7-1994-4A5E-A6DF-08F31FF061A7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{215DBC5A-A49D-43F5-BFDF-D3A332FB9AC6}" = dir=out | name=@{microsoft.bingtravel_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} |
"{22DBA6B9-D8AD-413E-ABD9-161C4242E4A3}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{23A35CE8-C779-4F0A-867D-973D7F70BFFE}" = protocol=17 | dir=in | app=c:\program files (x86)\id software\quake 4\quake4.exe |
"{2512C29F-65D8-43F8-A520-411AFBA95450}" = dir=in | name=microsoft solitaire collection |
"{27B43A88-7FD3-4F93-ACE4-685D3109C7BA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe |
"{2DDDE956-A4AB-482F-90B6-8DB4D59E3C21}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2E91045D-D7B5-4BD2-AD4D-67E7A4323185}" = protocol=6 | dir=in | app=c:\program files (x86)\id software\quake 4\quake4.exe |
"{30847A1D-7CFD-4FC0-B017-4D6DD24004A3}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\counter-strike global offensive\csgo.exe |
"{31AB895D-6565-4EF6-AE22-8B646B02C08C}" = dir=out | name=@{microsoft.bingnews_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} |
"{3332B97C-C63C-4C60-9D41-99AC806795AA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgnsa.exe |
"{365921E5-8B97-45B9-98A3-97822A82D224}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{37BD0859-46A4-4565-8394-22975D8E7D3C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unturned\unturned.exe |
"{381E8562-61F2-430C-9154-FB9EA4AC6E37}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{3872C449-1C63-47D8-9216-D6D9730D41C0}" = protocol=6 | dir=out | app=system |
"{3A64115A-39A9-4303-B509-EA3025E975B5}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{3BF54360-1C48-45AB-A170-2F2C0C3EB2BA}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{3CA449DF-D39A-4747-81B4-F2E075E99F48}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20947_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{3F5714DE-5417-4041-8F15-11CF2FF88BB4}" = dir=in | app=c:\users\angelo\appdata\roaming\iqiyi video\lstyle\gpupdate.exe |
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn |
"{43DADD66-5F2E-4BEB-AC6F-F310A00CE0DA}" = dir=in | name=f5 vpn |
"{4A168689-1865-4C1D-978B-3CCAE2AA1EBC}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{52982B56-7F0D-4EB1-945E-9C8CE09B2C2D}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer_service.exe |
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{55AE3895-A6A9-466F-85E5-94A8920B1364}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unturned\unturned.exe |
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect |
"{57AF5073-6E7D-4539-B32B-E040583F53B9}" = dir=in | name=skype |
"{5E6FD56D-0B36-43F8-B0BC-50DF6DD6E3B4}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
"{5F2102D5-50CD-4F33-928F-F0520E687123}" = dir=in | name=onenote |
"{5F412195-DF12-460A-A153-6DCEB8DAAE1E}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect |
"{5F9C30C8-BE2C-42E7-850D-1F920623CFF9}" = dir=in | name=@{microsoft.skypeapp_1.0.0.266_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{6012E607-F60C-4B40-BC6D-74360EA1DF17}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6086056E-7DFC-43E5-93AD-88184672D6B5}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{608DE6E8-2F98-4A7E-AE54-BD2408640A68}" = dir=in | app=c:\iqiyi video\lstyle\qykernel.exe |
"{62DD38B0-72C5-4ACA-B8CD-59829372A7B8}" = dir=in | name=sonicwall mobile connect |
"{65EE6AED-B459-47B7-9D52-063AB49305A8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\guild wars\gw.exe |
"{67BE6F75-39D0-47A9-B360-19F39BB47B7F}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{6A22EF92-AAB6-4480-A4E5-E11F472BFE5D}" = dir=out | name=windows_ie_ac_001 |
"{6A35F177-AB3A-4FBA-839D-215BFE4AB2BB}" = dir=out | name=juniper networks junos pulse |
"{6B0DACDB-D659-479A-98F3-2DF1C571BF5E}" = dir=out | name=adera |
"{6F02C943-B6EA-4982-9173-C72280945541}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6F0F0DA1-7D6D-416D-AC6A-F9FB78DEAD43}" = dir=in | app=c:\program files (x86)\tencent\qqbrowser\bugreport.exe |
"{71210A86-F062-4299-9833-FE8CE4FD0ECD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\guild wars\gw.exe |
"{74EFB420-3C61-4AFC-952D-76A6FABA791D}" = dir=in | app=c:\iqiyi video\geeplayer\geeplayer.exe |
"{77941A0A-F305-401B-B805-0755F09280FB}" = dir=in | app=c:\users\angelo\appdata\roaming\iqiyi video\lstyle\qyupdate.exe |
"{7BCA524B-22FD-4138-8FA0-C8997B78F027}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{7C4CBF1B-158A-457F-943F-0D18A7E8B4B1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7D565758-3F03-4410-B7FE-70EC4133E9AD}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer.exe |
"{7D7D8C54-AD6A-41E0-B6A6-578AA189A7C1}" = protocol=17 | dir=in | app=c:\program files (x86)\rising\rav\ravmond.exe |
"{7E41143B-AD46-4E52-9A31-F4BD965D458B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7ED4C891-212B-4EC3-B9DC-BCEC8685D317}" = dir=out | name=@{microsoft.bingweather_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/brandedapptitle} |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{81F6B35A-7A32-4DF2-B0D0-36589D35BAAF}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{83ABAADD-7735-44F5-A359-B86BA5D99F3E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgemca.exe |
"{84BB8C46-6C7A-43E2-AE5E-48672F9106B1}" = dir=in | app=c:\iqiyi video\lstyle\qyplayer.exe |
"{8549BA6F-1903-4A55-8D76-9B219C97E1B1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{857810BD-D873-47FC-B53E-EB1A203EC6A5}" = dir=out | name=@{microsoft.bingsports_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} |
"{85A23808-8BF9-48D3-83CD-A35ACF381DCB}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{8912BBC6-DC9C-4F3F-AAC9-EC1B56307F09}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\age2hd\launcher.exe |
"{8A368FD0-95B5-4E83-83F3-F9576E8FB819}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer_service.exe |
"{8A38FE23-1FC3-4020-BEED-016C942F6E61}" = dir=out | name=microsoft solitaire collection |
"{8E111FFA-7403-41C1-8090-B3DCD1869FE8}" = dir=out | name=windows_ie_ac_001 |
"{8FEEAA91-1F00-44BC-B730-1DE30C75A8DA}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{948517F0-043D-4653-B0BB-7E9053B4B357}" = dir=in | app=c:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe |
"{94B8010A-FFEF-4D84-80B8-B18E0539F8B6}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{9A7C6F25-DD46-4516-AA44-D9CC42B2FB82}" = dir=out | name=taptiles |
"{9D07A0B4-D0BB-4687-B8CA-BD6E3FD32952}" = dir=out | name=fresh paint |
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{A931B798-1D73-45A7-8BF9-3EF60CD24262}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\shareit\shareit.exe |
"{AA856DC9-9BB1-4622-8511-D155B8E25CD2}" = dir=out | name=pinball fx2 |
"{AD43A8B6-CDEA-4359-A1B8-DD162A019127}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AF6FA9CA-0073-46BB-AF8F-F747F1E993C3}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{AFEE6128-D54E-4F35-998A-50C48DF5E907}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgmfapx.exe |
"{B27CAE11-E67A-4913-8368-959DD3956CC8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B3899514-BE96-4880-9976-85A3F8D0C124}" = dir=out | name=skype |
"{B44CD234-AF8C-40E5-A18F-81CA329DC4F0}" = dir=out | name=@{microsoft.zunemusic_2.6.672.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{B7EF40E7-0C11-4E99-A162-60EBAB2D14B2}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{B817702A-CB1E-4ABB-8461-53568BAEC851}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{B82A70F3-DD73-4E16-912D-A466E3629512}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgemca.exe |
"{B8EE8DA9-5458-442A-848A-FC2A8E3EE1A2}" = dir=in | app=c:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe |
"{BA59FE20-7568-44DF-AB98-B4414AF1429A}" = protocol=6 | dir=in | app=c:\users\angelo\appdata\roaming\utorrent\utorrent.exe |
"{BC8BE384-7F12-409B-824D-07613056A19E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{BD8523B3-928D-4512-BFB5-EAB8B4403B52}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{BDB381DA-F41B-4913-8108-24A70019AFD4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe |
"{BDDFEFE5-C936-45E4-A3BA-137DE4238C9A}" = dir=out | name=f5 vpn |
"{BF5E82C3-93C8-4115-902A-B19308E4C427}" = dir=in | app=c:\iqiyi video\lstyle\qywebplayer.exe |
"{BF803049-6F08-43C0-8652-A4F7DB8003DA}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\age2hd\launcher.exe |
"{BFD045D0-F9A7-495D-8CEE-496BFD628A17}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{D259935E-EED2-4933-890A-7445B0048966}" = dir=in | app=c:\program files (x86)\tencent\qqbrowser\qqbrowser.exe |
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn |
"{D70958DB-B875-4BFF-B2C7-0C4A1613515D}" = dir=in | app=c:\iqiyi video\geeplayer\geeplayer.exe |
"{D9C3CD42-FB07-41C9-BFE3-16BE52F149BE}" = dir=in | name=pinball fx2 |
"{DB0D6BE4-C6FC-4B7E-AE35-17A6EB2F32B2}" = dir=in | app=c:\iqiyi video\lstyle\qyclient.exe |
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn |
"{DD497902-495F-4BDF-B440-53CDFD5A9926}" = dir=in | name=check point vpn |
"{DE95DDA4-4712-4CB8-89D4-5CA20E840A9E}" = protocol=17 | dir=in | app=c:\users\angelo\appdata\roaming\utorrent\utorrent.exe |
"{DE970CC1-2B73-4843-B622-FCB9D5BA9D36}" = dir=in | name=@{microsoft.skypeapp_1.0.0.266_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{E07B58AF-6AA7-48C7-8021-F7A50652A7E3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgmfapx.exe |
"{E0972142-F2E1-4022-92B2-E62CE9D0EBCB}" = dir=out | name=@{microsoft.zunevideo_2.6.441.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{E33A3C65-0C91-4CA5-97E7-B370D1AC181E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgnsa.exe |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E83382BE-16BE-43B5-A2FF-D516FE8BCF79}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{EB6F30B4-EC95-457E-832C-6A0C0118BB61}" = dir=out | name=check point vpn |
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn |
"{EC985A11-D1E3-4CCF-8FDB-31AFC2CA1252}" = protocol=6 | dir=in | app=c:\program files (x86)\rising\rav\ravmond.exe |
"{EDB2190C-B36C-454D-AACB-86DCDD77B093}" = dir=out | name=@{microsoft.bingmaps_2.1.3230.2048_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{EDE4C726-14B0-4D7B-BB3C-9F357660E7C1}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\shareit\shareit.exe |
"{F36933BD-77D7-444B-8528-7811FEEFC928}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgdiagex.exe |
"{F5021380-1187-4261-B62D-A9098F573420}" = dir=out | name=@{microsoft.skypeapp_1.0.0.266_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client |
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client |
"{F8B7284E-4EBB-450C-A3F7-1665000B12CD}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\counter-strike global offensive\csgo.exe |
"{F8C2FC57-DB98-499E-B3BD-E5990908DF28}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgdiagex.exe |
"{F9D35D89-29E6-4410-BAC4-F740273F2CF4}" = dir=out | name=@{microsoft.bingfinance_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} |
"{FC818DE0-358F-4CA8-8D44-B951AD58782F}" = dir=in | app=c:\iqiyi video\common\qykernel.exe |
"{FE4ED5F3-A531-49A1-AD93-62C5E469C76D}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"TCP Query User{64261F90-38A0-4B85-BBB3-1EEC91534EDE}C:\program files (x86)\halo combat evolved\halo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\halo combat evolved\halo.exe |
"UDP Query User{C38D0DA5-9A97-42F7-9AD3-337FF731C78B}C:\program files (x86)\halo combat evolved\halo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\halo combat evolved\halo.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}" = ASUS Screen Saver
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{68C5B75C-F00B-4E78-928C-6D8F6A494E89}" = AVG Zen
"{7A1832FA-B5B0-4F93-A5DE-87A04DDCB126}" = FMW 1
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{A7BD472C-814B-4BB8-915A-E0CB35F763FD}" = AVG 2015
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CEEAE734-B717-41D1-BF50-378EC081C6B1}" = AVG 2015
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"4A9DE1E9EBC800B7F01739D4DE7363EF6751BDF5" = Windows Driver Package - ASUS (ATP) Mouse (01/10/2013 1.0.0.170)
"7-Zip" = 7-Zip 15.05 beta x64
"AVG" = AVG 2015
"AvgZen" = AVG
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017E337D-D709-437C-83DB-71F82AA78BF6}" = 照片库
"{022C7C52-B294-4346-88BC-C7C2FF7FF1B7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{050d4fc8-5d48-4b8f-8972-47c82c46020f}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
"{061FF8F3-5226-4278-8AAB-282C1B024F58}" = Photo Common
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{13F3CEA5-9E2C-4C4E-9F0F-D0DB389CF4A9}" = Movie Maker
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FEE19BC-6F0C-42E4-82FF-FB597F6141DF}" = Windows Live Essentials
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros Client Installation Program
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{3C63F944-803E-49A7-B3A2-B8AB3313E883}" = Windows Live UX Platform Language Pack
"{446CC8CE-0E90-44F7-ADD0-774B243EF090}" = Galerie de photos
"{44A3A561-AE74-472D-A51C-43F4C9E7B5E5}" = Windows Live 软件包
"{4592BAE7-B99A-47A5-9B6B-3BC236B9D3E9}" = Alcor Micro USB Card Reader
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4D3286A6-F6AB-498A-82A4-E4F040529F3D}" = ASUS Smart Gesture
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{631C4E4F-6FDC-4CC0-A067-E9876A9BA7FD}" = 影像中心
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6A0549A9-1B96-498C-ACBC-3943001FEB19}" = Skype™ 7.8
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7348D82E-8C68-48FF-BA2D-8C97B5B4B3D8}_is1" = Flawless Widescreen version 1.0.15
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{802E137D-DA8F-47CC-AC21-6DD075CD948C}" = Windows Live UX Platform Language Pack
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8D813AFF-D91D-4EE0-821F-B901FC2E89FA}" = Windows Live
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8F7FECEC-088F-431D-A5FB-2B59E1E69943}" = Galería de fotos
"{90140000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90150000-0138-0409-0000-0000000FF1CE}" = Microsoft Office
"{90993BD9-C7D9-4C2F-B56C-2F7AFEBD4CD0}" = Windows Live UX Platform Language Pack
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{A17946CA-18E5-4CF0-8D55-A56D804718F8}" = Movie Maker
"{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}" = ASUS USB Charger Plus
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = globalupdate Helper
"{AC76BA86-0804-1033-1959-001824147215}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1033-7B44-AC0F074E4100}" = Adobe Acrobat Reader DC
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}" = Metric Collection SDK 35
"{C40D110E-0718-4E11-A69B-D4EC7BF2EB04}" = Windows Live UX Platform Language Pack
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{D5082B89-2E86-447E-A02C-922534592FA8}" = Photo Common
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B5FDF0-6940-44B2-8204-CFA746A6B4AF}" = Movie Maker
"{E935B41A-F632-4DCD-95D7-0EF67992650A}" = Merriam-Webster
"{EA2BE047-FF29-4336-BB70-6AF201085BAF}" = Windows Live 程式集
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EE2E1BED-0821-4244-ABDC-149E9F9750C3}" = Photo Common
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3812D83-86D2-4445-A841-3E0BA4F9A11C}" = Merriam-Webster 3.0
"{F54030F3-14B6-432D-9361-78DCB1473920}" = Photo Common
"{f65db027-aff3-4070-886a-0d87064aabb1}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4K Video Downloader_is1" = 4K Video Downloader 3.5
"Adobe Digital Editions 3.0" = Adobe Digital Editions 3.0
"Adobe Flash Player NPAPI" = Adobe Flash Player 18 NPAPI
"AmUStor" = Alcor Micro USB Card Reader
"Audacity_is1" = Audacity 2.1.0
"FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C" = Intel(R) Dynamic Platform and Thermal Framework
"FileASSASSIN" = FileASSASSIN
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.1.8.1057
"Mozilla Firefox 40.0.3 (x86 en-US)" = Mozilla Firefox 40.0.3 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyBitCast" = MyBitCast 2.0
"Office14.WORD" = Microsoft Word 2010
"OJOsoft Audio Converter_is1" = OJOsoft Audio Converter
"Origin" = Origin
"Razer Cortex_is1" = Razer Cortex
"Star Wars.The Force Unleashed.Ultimate Sith Edit~4A370C4E_is1" = Star Wars.The Force Unleashed.Ultimate Sith Edition.v 1.2.1.29028
"Steam" = Steam
"Steam App 221380" = Age of Empires II: HD Edition
"Steam App 29720" = Guild Wars
"Steam App 304930" = Unturned
"Steam App 730" = Counter-Strike: Global Offensive
"TeamViewer" = TeamViewer 10
"VLC media player" = VLC media player
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"35c9d60442fbb010" = Magic The Gathering Online
"Guild Wars" = Guild Wars
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 9/14/2015 8:59:49 PM | Computer Name = Asus | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 40.0.3.5716,
time stamp: 0x55ddb213 Faulting module name: mozglue.dll, version: 40.0.3.5716,
time stamp: 0x55dda062 Exception code: 0x80000003 Fault offset: 0x0000e250 Faulting
process id: 0x14c0 Faulting application start time: 0x01d0ef4bf846be9e Faulting application
path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module
path: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll Report Id: 0fcf74be-5b45-11e5-be96-74d02b04335c
Faulting
package full name: Faulting package-relative application ID:
Error - 9/14/2015 9:28:54 PM | Computer Name = Asus | Source = Application Error | ID = 1000
Description = Faulting application name: GWXDetector.exe, version: 6.3.9600.17924,
time stamp: 0x5595927f Faulting module name: WINHTTP.dll, version: 6.3.9600.17415,
time stamp: 0x54503f56 Exception code: 0xc0000005 Fault offset: 0x0000000000009c75
Faulting
process id: 0x1334 Faulting application start time: 0x01d0ef55e1d73492 Faulting application
path: C:\WINDOWS\system32\GWX\GWXDetector.exe Faulting module path: C:\WINDOWS\SYSTEM32\WINHTTP.dll
Report
Id: 2040d749-5b49-11e5-be96-74d02b04335c Faulting package full name: Faulting package-relative
application ID:
Error - 9/14/2015 10:25:47 PM | Computer Name = Asus | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 40.0.3.5716,
time stamp: 0x55ddb213 Faulting module name: mozglue.dll, version: 40.0.3.5716,
time stamp: 0x55dda062 Exception code: 0x80000003 Fault offset: 0x0000e250 Faulting
process id: 0x1c48 Faulting application start time: 0x01d0ef5d8aa7586b Faulting application
path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module
path: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll Report Id: 12a9dadc-5b51-11e5-be96-74d02b04335c
Faulting
package full name: Faulting package-relative application ID:
Error - 9/14/2015 11:09:14 PM | Computer Name = Asus | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 40.0.3.5716,
time stamp: 0x55ddb213 Faulting module name: mozglue.dll, version: 40.0.3.5716,
time stamp: 0x55dda062 Exception code: 0x80000003 Fault offset: 0x0000e250 Faulting
process id: 0x9a4 Faulting application start time: 0x01d0ef5e9d8df9b8 Faulting application
path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module
path: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll Report Id: 242b70d1-5b57-11e5-be96-74d02b04335c
Faulting
package full name: Faulting package-relative application ID:
Error - 9/14/2015 11:09:16 PM | Computer Name = Asus | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 40.0.3.5716 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: a10 Start
Time: 01d0ef5e85a5054e Termination Time: 4294967295 Application Path: C:\Program
Files (x86)\Mozilla Firefox\firefox.exe Report Id: 23d87f36-5b57-11e5-be96-74d02b04335c

Faulting
package full name: Faulting package-relative application ID:
Error - 9/14/2015 11:09:17 PM | Computer Name = Asus | Source = Application Hang | ID = 1002
Description = The program merriam-webster.exe version 3.0.0.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1100 Start
Time: 01d0eef9a4202f1d Termination Time: 4294967295 Application Path: C:\Program
Files (x86)\Merriam-Webster\merriam-webster.exe Report Id: 2530683d-5b57-11e5-be96-74d02b04335c

Faulting
package full name: Faulting package-relative application ID:
Error - 9/15/2015 8:40:16 PM | Computer Name = Asus | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 40.0.3.5716,
time stamp: 0x55ddb213 Faulting module name: mozglue.dll, version: 40.0.3.5716,
time stamp: 0x55dda062 Exception code: 0x80000003 Fault offset: 0x0000e250 Faulting
process id: 0x17cc Faulting application start time: 0x01d0efcf51cc813a Faulting application
path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module
path: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll Report Id: 7f185ae9-5c0b-11e5-be96-74d02b04335c
Faulting
package full name: Faulting package-relative application ID:
Error - 9/15/2015 10:47:06 PM | Computer Name = Asus | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 40.0.3.5716 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1004 Start
Time: 01d0f024f700e6b6 Termination Time: 4294967295 Application Path: C:\Program
Files (x86)\Mozilla Firefox\firefox.exe Report Id: 3717f126-5c1d-11e5-be96-74d02b04335c

Faulting
package full name: Faulting package-relative application ID:
Error - 9/15/2015 10:47:06 PM | Computer Name = Asus | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 40.0.3.5716,
time stamp: 0x55ddb213 Faulting module name: mozglue.dll, version: 40.0.3.5716,
time stamp: 0x55dda062 Exception code: 0x80000003 Fault offset: 0x0000e250 Faulting
process id: 0x17a8 Faulting application start time: 0x01d0f025113bfbcc Faulting application
path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module
path: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll Report Id: 37722d81-5c1d-11e5-be96-74d02b04335c
Faulting
package full name: Faulting package-relative application ID:
Error - 9/16/2015 3:53:39 PM | Computer Name = Asus | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 11.0.9600.17840 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 2358 Start
Time: 01d0f0b9510939ff Termination Time: 4294967295 Application Path: C:\Program
Files (x86)\Internet Explorer\IEXPLORE.EXE Report Id: 9cd51abe-5cac-11e5-be96-74d02b04335c

Faulting
package full name: Faulting package-relative application ID:
[ System Events ]
Error - 9/17/2015 3:59:11 PM | Computer Name = Asus | Source = Service Control Manager | ID = 7031
Description = The Intel(R) Capability Licensing Service Interface service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 0 milliseconds: Restart the service.
Error - 9/17/2015 3:59:11 PM | Computer Name = Asus | Source = Service Control Manager | ID = 7034
Description = The Intel(R) Dynamic Application Loader Host Interface Service service
terminated unexpectedly. It has done this 1 time(s).
Error - 9/17/2015 3:59:11 PM | Computer Name = Asus | Source = Service Control Manager | ID = 7034
Description = The RzKLService service terminated unexpectedly. It has done this
1 time(s).
Error - 9/17/2015 3:59:11 PM | Computer Name = Asus | Source = Service Control Manager | ID = 7034
Description = The Intel(R) Dynamic Platform & Thermal Framework Processor Participant
Service Application service terminated unexpectedly. It has done this 1 time(s).
Error - 9/17/2015 3:59:11 PM | Computer Name = Asus | Source = Service Control Manager | ID = 7031
Description = The AVG WatchDog service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 0 milliseconds: Restart
the service.
Error - 9/17/2015 3:59:13 PM | Computer Name = Asus | Source = Service Control Manager | ID = 7034
Description = The Disc Soft Lite Bus Service service terminated unexpectedly. It
has done this 1 time(s).
Error - 9/17/2015 3:59:14 PM | Computer Name = Asus | Source = Service Control Manager | ID = 7034
Description = The Intel(R) ME Service service terminated unexpectedly. It has done
this 1 time(s).
Error - 9/17/2015 3:59:14 PM | Computer Name = Asus | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.
Error - 9/17/2015 3:59:14 PM | Computer Name = Asus | Source = Service Control Manager | ID = 7034
Description = The Intel(R) Management and Security Application User Notification
Service service terminated unexpectedly. It has done this 1 time(s).
Error - 9/17/2015 3:59:15 PM | Computer Name = Asus | Source = Service Control Manager | ID = 7034
Description = The Steam Client Service service terminated unexpectedly. It has
done this 1 time(s).
< End of report >
 
I'll be taking over now.

So start off by doing this OTL fix.

Open OTL again but this time copy and paste the following inside the custom scan/fixes box at the bottom and then click on run fix at the top.

Code: 
:OTL
FF - HKLM\Software\MozillaPlugins\@rising.com.cn/nprising: C:\Program Files (x86)\Rising\RAV\nprising.dll File not found
FF - HKCU\Software\MozillaPlugins\@rising.com.cn/nprising: C:\Program Files (x86)\Rising\RAV\nprising.dll File not found
O4:64bit: - HKLM..\Run: [DptfPolicyLpmServiceHelper] C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe File not found
O4 - HKLM..\Run: [RavTRAY] "C:\Program Files (x86)\Rising\RAV\RSTRAY.EXE" -system File not found
O4 - HKLM..\Run: [RSDTRAY] "C:\Program Files (x86)\Rising\RSD\popwndexe.exe" File not found
O4 - HKLM..\Run: [wenguanjia] C:\Users\Angelo\AppData\Roaming\wenguanjia\Mapyboard.exe /autorun File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
[2015/09/17 14:58:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Rising
[2015/09/16 15:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rising Antivirus
[2015/09/16 15:16:15 | 000,000,000 | R--D | C] -- C:\RavBin
[2015/09/16 15:14:06 | 000,325,400 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\SysNative\ravext64.dll
[2015/09/16 15:14:05 | 000,256,280 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\SysWow64\ravext.dll
[2015/09/16 15:14:00 | 000,240,472 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\SysWow64\bsmain.exe
[2015/09/16 15:13:18 | 000,119,256 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\SysNative\drivers\sysmon.sys
[2015/09/16 15:13:18 | 000,071,760 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\SysNative\drivers\rsutils.sys
[2015/09/16 15:13:18 | 000,011,888 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\SysNative\drivers\rsndisp.sys
[2015/09/16 15:11:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rising
[2015/09/16 14:28:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\baidu
[2015/09/16 15:16:22 | 000,000,150 | RHS- | M] () -- C:\rising.ini
[2015/09/16 21:28:48 | 000,000,000 | ---D | M] -- C:\Users\Angelo\AppData\Roaming\wenguanjia
 
Last edited:
Okay, done.

Here's the fix log:


Error: Unable to interpret <[FF - HKLM\Software\MozillaPlugins\@rising.com.cn/nprising: C:\Program Files (x86)\Rising\RAV\nprising.dll File not found> in the current context!
Error: Unable to interpret <FF - HKCU\Software\MozillaPlugins\@rising.com.cn/nprising: C:\Program Files (x86)\Rising\RAV\nprising.dll File not found> in the current context!
Error: Unable to interpret <O4:64bit: - HKLM..\Run: [DptfPolicyLpmServiceHelper] C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [RavTRAY] "C:\Program Files (x86)\Rising\RAV\RSTRAY.EXE" -system File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [RSDTRAY] "C:\Program Files (x86)\Rising\RSD\popwndexe.exe" File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [wenguanjia] C:\Users\Angelo\AppData\Roaming\wenguanjia\Mapyboard.exe /autorun File not found> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [AdobeBridge] File not found> in the current context!
Error: Unable to interpret <[2015/09/17 14:58:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Rising> in the current context!
Error: Unable to interpret <[2015/09/16 15:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rising Antivirus> in the current context!
Error: Unable to interpret <[2015/09/16 15:16:15 | 000,000,000 | R--D | C] -- C:\RavBin> in the current context!
Error: Unable to interpret <[2015/09/16 15:14:06 | 000,325,400 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\SysNative\ravext64.dll> in the current context!
Error: Unable to interpret <[2015/09/16 15:14:05 | 000,256,280 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\SysWow64\ravext.dll> in the current context!
Error: Unable to interpret <[2015/09/16 15:14:00 | 000,240,472 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\SysWow64\bsmain.exe> in the current context!
Error: Unable to interpret <[2015/09/16 15:13:18 | 000,119,256 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\SysNative\drivers\sysmon.sys> in the current context!
Error: Unable to interpret <[2015/09/16 15:13:18 | 000,071,760 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\SysNative\drivers\rsutils.sys> in the current context!
Error: Unable to interpret <[2015/09/16 15:13:18 | 000,011,888 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\SysNative\drivers\rsndisp.sys> in the current context!
Error: Unable to interpret <[2015/09/16 15:11:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rising> in the current context!
Error: Unable to interpret <[2015/09/16 14:28:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\baidu> in the current context!
Error: Unable to interpret <[2015/09/16 15:16:22 | 000,000,150 | RHS- | M] () -- C:\rising.ini> in the current context!
Error: Unable to interpret <[2015/09/16 21:28:48 | 000,000,000 | ---D | M] -- C:\Users\Angelo\AppData\Roaming\wenguanjia> in the current context!
OTL by OldTimer - Version 3.2.69.0 log created on 09172015_172713
 
Oops, my mistake. I omitted something by accident. Copy and paste it again. I edited in added text.

After running the fix, reboot the machine and let me know how its running.
 
You must log in or register to reply here.
Back
Top