Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Rootkit with self-installing chrome extensions [Closed]


  • This topic is locked This topic is locked

#1
samsara666

samsara666

    New Member

  • Member
  • Pip
  • 4 posts

Malwarebytes shows me as clean most of the time but sometimes I get a PuP called appdataFr25.bin. I've run all of this in safe-mode with the internet off and it just comes back again. I get all sorts of pop-ups and it installed an extension called Deal With It that redirects my traffic and reinstall's itself within 15 minutes if I remove it. My connection has started dropping often as well.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-06-2015
Ran by Kyle (administrator) on KYLE-PC on 25-06-2015 10:42:13
Running from C:\Users\Kyle\Downloads
Loaded Profiles: Kyle (Available Profiles: Kyle)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(The Within Network, LLC) C:\Windows\UnsignedThemesSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
() D:\bbLean\blackbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Windows\System32\AtwtusbIcon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() D:\Program Files (x86)\puush\puush.exe
() D:\Program Files (x86)\WhatPulse2\whatpulse.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() D:\Program Files\Rainmeter\Rainmeter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hi-Rez Studios) D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
() C:\Windows\System32\atwtusb.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\atwtusb.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() D:\Program Files (x86)\WhatPulse2\whatpulse-watchdog.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Electronic Arts) D:\Program Files (x86)\Origin Games\Origin\Origin.exe
() C:\Windows\System32\PnkBstrA.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piotr Pawlowski) D:\Program Files (x86)\foobar2000\foobar2000.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [109280 2013-07-29] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-04-08] (NVIDIA Corporation)
HKLM\...\Run: [AtwtusbIcon] => C:\Windows\system32\AtwtusbIcon.exe [3593728 2012-09-10] ()
HKLM-x32\...\Run: [DivXMediaServer] => D:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448520 2015-05-05] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] ()
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-04-14] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [NSIS.Library.RegTool.v3] => D:\Program Files (x86)\DivX\DivX Player\NSIS.Library.RegTool.v3.{0929E825-D350-4A22-996F-C1B95976BD23}.exe [4608 2015-05-14] ()
HKLM\...\Winlogon: [Shell] D:\bbLean\blackbox.exe [182272 2009-12-07] () <=== ATTENTION
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3851110748-137399693-69968796-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3851110748-137399693-69968796-1000\...\Run: [DAEMON Tools Lite] => D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-3851110748-137399693-69968796-1000\...\Run: [puush] => D:\Program Files (x86)\puush\puush.exe [568392 2015-03-29] ()
HKU\S-1-5-21-3851110748-137399693-69968796-1000\...\Run: [WhatPulse] => D:\Program Files (x86)\WhatPulse2\whatpulse.exe [3563520 2014-12-08] ()
HKU\S-1-5-21-3851110748-137399693-69968796-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28785792 2015-06-02] (Skype Technologies S.A.)
Startup: C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2014-01-02]
ShortcutTarget: Rainmeter.lnk -> D:\Program Files\Rainmeter\Rainmeter.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
BHO: QTTabBar AutoLoader -> {d2bf470e-ed1c-487f-a777-2bd8835eb6ce} -> C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
BHO-x32: QTTabBar AutoLoader -> {d2bf470e-ed1c-487f-a777-2bd8835eb6ce} -> C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)
Toolbar: HKLM - QTTabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
Toolbar: HKLM - QTTab Standard Buttons - {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
Toolbar: HKLM-x32 - QTTabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)
Toolbar: HKLM-x32 - QTTab Standard Buttons - {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-23] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-23] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> D:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> D:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2015-05-14] (DivX, LLC)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-14] (Google Inc.)
FF Plugin-x32: Web Components -> C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll No File
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (BetterTTV) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2014-01-01]
CHR Extension: (Theme Creator) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc [2014-01-01]
CHR Extension: (Google Drive) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-01]
CHR Extension: (YouTube) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-01]
CHR Extension: (Scroll To Top Button) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\chiikmhgllekggjhdfjhajkfdkcngplp [2014-01-01]
CHR Extension: (Google Search) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-01]
CHR Extension: (Tampermonkey) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-11-11]
CHR Extension: (ICE Quick Stream) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpioikmjnfipgphjldakcaocbbpnfabl [2014-01-01]
CHR Extension: (Stylish) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2014-01-01]
CHR Extension: (XKit) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2014-01-01]
CHR Extension: (appchan x) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfibffekgcmgabbfaibbbcapgnfobnoi [2014-07-17]
CHR Extension: (AdBlock) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-01-01]
CHR Extension: (ZenBurningChrome Theme) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakjkjcbffhnjeghcfdckehklpeifoma [2014-01-01]
CHR Extension: (WidgetBlock) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgiihiookhijpbhaflohognbhmamdnol [2014-01-01]
CHR Extension: (Last.fm Scrobbler) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhinaapppaileiechjoiifaancjggfjm [2014-01-01]
CHR Extension: (Deathamns) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\immpkjjlgappgfkkfieppnmlhakdmaab [2015-04-29]
CHR Extension: (Pocket Website) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\jijgclgmgjipgefcnnnibgllfonlfdap [2014-01-01]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-01-01]
CHR Extension: (Better Battlelog (BBLog)) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjlfnjepjdmlppapoikepbaabbghofma [2014-01-01]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2015-05-03]
CHR Extension: (Google Wallet) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-01]
CHR Extension: (Google Quick Scroll) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc [2014-01-01]
CHR Extension: (Gmail) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-01]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-05-24] () [File not signed]
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [235744 2015-06-05] (EasyAntiCheat Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-04-08] (NVIDIA Corporation)
U2 HiPatchService; D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2015-02-16] (Hi-Rez Studios) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 MBAMScheduler; D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-04-08] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-04-08] (NVIDIA Corporation)
S3 Origin Client Service; D:\Program Files (x86)\Origin Games\Origin\OriginClientService.exe [1997168 2015-06-07] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [999152 2015-05-04] (Overwolf LTD)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-06-25] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-06-24] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [27360 2013-07-29] (Samsung Electronics Co., Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-13] (The Within Network, LLC)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 WTService; C:\Windows\system32\atwtusb.exe [581120 2012-10-19] () [File not signed]
S2 a8501310; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\BorderlineRunner\BorderlineRunner.dll",serv
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2014-05-08] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-01-01] (Disc Soft Ltd)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2014-05-08] ()
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-06-18] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-06-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [7680 2009-03-08] (Windows ® Codename Longhorn DDK provider)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-04-08] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-04-08] (NVIDIA Corporation)
R3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [38016 2013-05-31] (SteelSeries Corporation)
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [240864 2013-07-29] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111328 2013-07-29] (Samsung Electronics Co., Ltd.)
R2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [30568 2009-07-13] ()
R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7552 2009-08-26] (Windows ® Win 7 DDK provider)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-25 10:42 - 2015-06-25 10:42 - 00022024 _____ C:\Users\Kyle\Downloads\FRST.txt
2015-06-25 10:41 - 2015-06-25 10:42 - 00000000 ____D C:\FRST
2015-06-25 10:41 - 2015-06-25 10:41 - 02112512 _____ (Farbar) C:\Users\Kyle\Downloads\FRST64.exe
2015-06-25 00:25 - 2015-06-25 00:32 - 00000024 _____ C:\Users\Kyle\AppData\Roaming\appdataFr25.bin
2015-06-25 00:25 - 2015-06-25 00:25 - 01640768 _____ C:\Users\Kyle\Downloads\battlelog-web-plugins_2.7.1_162.exe
2015-06-24 12:44 - 2015-06-24 12:44 - 01470335 _____ C:\Users\Kyle\Downloads\notes_plus_for_rainmeter_by_charliedogfhhfd-d4fiba3.rmskin
2015-06-24 10:17 - 2015-06-24 10:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 4
2015-06-23 01:43 - 2015-06-24 01:46 - 00001854 _____ C:\Users\Public\Desktop\Path of Exile.lnk
2015-06-23 01:43 - 2015-06-23 01:43 - 00000000 ____D C:\Program Files (x86)\Grinding Gear Games
2015-06-22 14:59 - 2015-06-22 14:59 - 00043682 _____ C:\Users\Kyle\AppData\Local\Tempdivx7712
2015-06-22 13:27 - 2015-06-22 13:27 - 00043682 _____ C:\Users\Kyle\AppData\Local\Tempdivx018b
2015-06-22 13:10 - 2015-06-23 12:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
2015-06-22 13:10 - 2015-06-22 13:10 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
2015-06-20 15:34 - 2015-06-20 15:34 - 00043682 _____ C:\Users\Kyle\AppData\Local\Tempdivxa8b7
2015-06-18 15:29 - 2015-06-18 15:29 - 00043682 _____ C:\Users\Kyle\AppData\Local\Tempdivx58f9
2015-06-17 20:37 - 2015-06-17 20:37 - 00043682 _____ C:\Users\Kyle\AppData\Local\Tempdivx781f
2015-06-17 14:03 - 2015-06-17 14:03 - 00043682 _____ C:\Users\Kyle\AppData\Local\Tempdivxd180
2015-06-17 02:05 - 2015-06-17 02:05 - 00043682 _____ C:\Users\Kyle\AppData\Local\Tempdivxcdd5
2015-06-17 02:04 - 2015-06-17 02:04 - 00043682 _____ C:\Users\Kyle\AppData\Local\Tempdivxcfdf
2015-06-17 01:43 - 2015-06-17 01:43 - 00043682 _____ C:\Users\Kyle\AppData\Local\Tempdivx9e55
2015-06-17 00:31 - 2015-06-17 00:31 - 00043682 _____ C:\Users\Kyle\AppData\Local\Tempdivx8d85
2015-06-14 20:27 - 2015-06-14 20:27 - 00000579 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Endless Legend.lnk
2015-06-14 11:38 - 2015-06-14 11:38 - 00000781 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-14 11:33 - 2015-06-25 10:11 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-14 11:33 - 2015-06-23 20:11 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-14 11:33 - 2015-06-14 11:33 - 00000000 ____D C:\Users\Kyle\Tracing
2015-06-14 11:32 - 2015-06-23 20:11 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-14 11:32 - 2015-06-14 11:32 - 00000000 ____D C:\Windows\system32\Macromed
2015-06-14 02:09 - 2015-06-14 11:45 - 00000000 ____D C:\Program Files (x86)\WorkAppp
2015-06-14 02:09 - 2015-06-14 11:31 - 00000000 ____D C:\Program Files (x86)\WorkkApp
2015-06-14 02:09 - 2015-06-14 11:31 - 00000000 ____D C:\Program Files (x86)\Invite All
2015-06-14 02:08 - 2015-06-14 11:45 - 00000000 ____D C:\Program Files (x86)\WWOrkApP
2015-06-14 02:08 - 2015-06-14 02:09 - 00000000 ____D C:\ProgramData\16053547305232972317
2015-06-14 00:50 - 2015-06-14 00:50 - 00000000 ____D C:\Users\Kyle\Documents\Close Combat Panthers in the Fog
2015-06-14 00:06 - 2015-06-14 00:06 - 00000914 _____ C:\Users\Public\Desktop\Close Combat Panthers in the Fog (Game Menu).lnk
2015-06-14 00:06 - 2015-06-14 00:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Close Combat Panthers in the Fog
2015-06-14 00:04 - 2015-06-14 00:04 - 00000000 ____D C:\Windows\Close Combat Panthers in the Fog
2015-06-13 20:33 - 2013-08-17 09:37 - 00000000 ____D C:\Users\Kyle\Documents\playfun
2015-06-11 22:23 - 2015-06-11 22:23 - 00043682 _____ C:\Users\Kyle\AppData\Local\Tempdivxaaab
2015-06-11 22:20 - 2015-06-11 22:20 - 00043682 _____ C:\Users\Kyle\AppData\Local\Tempdivx9ba2
2015-06-11 16:48 - 2015-06-14 11:32 - 00000000 ____D C:\Program Files (x86)\BorderlineRunner
2015-06-11 16:47 - 2015-06-11 16:47 - 00000994 _____ C:\Users\Public\Desktop\Order of Battle Pacific 1.5.8.lnk
2015-06-11 16:47 - 2015-06-11 16:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Order of Battle Pacific 1.5.8
2015-06-08 15:47 - 2015-06-08 15:47 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\OpenOffice
2015-06-08 15:45 - 2015-06-08 15:45 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2015-06-08 15:45 - 2015-06-08 15:45 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2015-06-08 15:38 - 2015-06-08 18:16 - 00211456 _____ C:\Users\Kyle\Documents\CNE232 Chapter 5-8 Quizzes.xls
2015-06-08 15:38 - 2015-06-08 16:40 - 00189440 _____ C:\Users\Kyle\Documents\CNE232 Chapter 1-4 Quizzes.xls
2015-06-08 15:38 - 2015-06-08 16:10 - 00203776 _____ C:\Users\Kyle\Documents\CNE232 Chapter 9-12 Quizzes.xls
2015-06-07 22:19 - 2015-06-07 22:19 - 00000000 ___SH C:\ProgramData\.rdata
2015-06-07 22:18 - 2015-06-07 22:26 - 00000000 ____D C:\Users\Kyle\Documents\ProjectReality
2015-06-07 22:17 - 2015-06-07 22:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project Reality
2015-06-07 13:51 - 2015-06-07 13:51 - 00000000 ____D C:\Program Files (x86)\Origin
2015-06-05 21:01 - 2015-06-05 15:00 - 00235744 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-25 10:35 - 2014-07-25 17:36 - 00000000 ____D C:\Users\Kyle\AppData\Local\WhatPulse
2015-06-25 10:31 - 2014-01-01 16:33 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Skype
2015-06-25 09:53 - 2014-01-01 04:56 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-25 07:29 - 2014-07-14 13:41 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-25 02:53 - 2014-01-01 04:56 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-25 02:30 - 2014-01-01 22:42 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\foobar2000
2015-06-25 00:42 - 2014-10-15 22:04 - 00076152 _____ C:\Windows\system32\PnkBstrA.exe
2015-06-25 00:42 - 2014-01-02 16:36 - 00226168 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2015-06-25 00:33 - 2014-01-02 16:36 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2015-06-25 00:29 - 2014-10-07 16:43 - 00000000 ____D C:\ProgramData\Electronic Arts
2015-06-25 00:27 - 2014-01-02 15:27 - 00000000 ____D C:\ProgramData\Origin
2015-06-25 00:25 - 2014-10-15 16:54 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2015-06-24 22:18 - 2014-05-28 18:00 - 00000000 ____D C:\Users\Kyle\AppData\Local\Ubisoft Game Launcher
2015-06-24 22:18 - 2014-02-01 08:06 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2015-06-24 21:22 - 2009-07-13 21:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-24 21:22 - 2009-07-13 21:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-24 21:20 - 2014-01-01 04:13 - 00474530 _____ C:\Windows\WindowsUpdate.log
2015-06-24 21:20 - 2009-07-13 22:13 - 00782462 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-24 21:20 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2015-06-24 21:15 - 2009-07-13 21:51 - 00117946 _____ C:\Windows\setupact.log
2015-06-24 21:15 - 2009-07-13 19:34 - 00000418 _____ C:\Windows\win.ini
2015-06-24 21:14 - 2014-01-01 05:07 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-24 21:14 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-24 20:59 - 2014-01-01 23:42 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\uTorrent
2015-06-24 10:17 - 2014-01-02 16:36 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2015-06-24 10:17 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-06-24 10:16 - 2014-01-01 16:51 - 00495437 _____ C:\Windows\DirectX.log
2015-06-24 01:46 - 2015-05-15 12:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grinding Gear Games
2015-06-23 20:11 - 2015-02-06 02:38 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-23 12:39 - 2010-11-20 20:24 - 00800256 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-06-23 12:38 - 2010-11-20 20:23 - 01927680 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-06-23 12:36 - 2014-01-31 23:04 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\puush
2015-06-23 12:36 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
2015-06-23 12:36 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\AppCompat
2015-06-23 11:41 - 2014-01-01 04:11 - 00000000 ____D C:\Users\Kyle
2015-06-22 13:09 - 2014-11-16 01:14 - 00000000 ____D C:\Users\Kyle\AppData\Local\Glyph
2015-06-19 11:32 - 2014-07-14 13:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-18 08:41 - 2014-07-14 13:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-18 08:41 - 2014-07-14 13:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-18 08:41 - 2014-01-01 22:54 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-14 11:45 - 2010-11-20 20:47 - 00630442 _____ C:\Windows\PFRO.log
2015-06-14 11:33 - 2014-07-20 21:00 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-06-14 11:33 - 2014-01-01 22:35 - 00000000 ____D C:\ProgramData\Skype
2015-06-14 11:32 - 2009-07-13 21:45 - 05106520 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-11 19:47 - 2014-01-06 02:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2015-06-11 19:47 - 2014-01-06 02:02 - 00000000 ____D C:\ProgramData\DivX
2015-06-11 16:51 - 2014-01-27 03:01 - 00000000 ____D C:\Users\Kyle\Documents\My Games
2015-06-11 16:51 - 2014-01-12 03:39 - 00000000 ____D C:\ProgramData\Steam
2015-06-10 01:46 - 2014-01-02 18:49 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\vlc
2015-06-08 15:45 - 2014-01-01 04:56 - 00127712 _____ C:\Users\Kyle\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-07 13:51 - 2014-01-02 15:28 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Origin
2015-05-30 21:15 - 2015-03-30 06:46 - 1277061780 _____ C:\Windows\MEMORY.DMP
2015-05-30 21:15 - 2015-03-30 06:46 - 00000000 ____D C:\Windows\Minidump
 
==================== Files in the root of some directories =======
 
2015-06-25 00:25 - 2015-06-25 00:32 - 0000024 _____ () C:\Users\Kyle\AppData\Roaming\appdataFr25.bin
2014-07-16 20:08 - 2014-12-02 01:35 - 0000081 _____ () C:\Users\Kyle\AppData\Roaming\vibranceGUI.ini
2014-01-01 07:06 - 2014-05-31 17:39 - 0007605 _____ () C:\Users\Kyle\AppData\Local\resmon.resmoncfg
2015-06-22 13:27 - 2015-06-22 13:27 - 0043682 _____ () C:\Users\Kyle\AppData\Local\Tempdivx018b
2015-05-19 02:43 - 2015-05-19 02:43 - 0247298 _____ () C:\Users\Kyle\AppData\Local\Tempdivx0e2e
2015-05-19 02:43 - 2015-05-19 02:43 - 0247298 _____ () C:\Users\Kyle\AppData\Local\Tempdivx18f1
2015-05-19 02:43 - 2015-05-19 02:43 - 0247298 _____ () C:\Users\Kyle\AppData\Local\Tempdivx28d5
2015-06-18 15:29 - 2015-06-18 15:29 - 0043682 _____ () C:\Users\Kyle\AppData\Local\Tempdivx58f9
2015-05-19 02:43 - 2015-05-19 02:43 - 0247298 _____ () C:\Users\Kyle\AppData\Local\Tempdivx591c
2015-06-22 14:59 - 2015-06-22 14:59 - 0043682 _____ () C:\Users\Kyle\AppData\Local\Tempdivx7712
2015-06-17 20:37 - 2015-06-17 20:37 - 0043682 _____ () C:\Users\Kyle\AppData\Local\Tempdivx781f
2015-05-19 02:43 - 2015-05-19 02:43 - 0247298 _____ () C:\Users\Kyle\AppData\Local\Tempdivx81fc
2015-06-17 00:31 - 2015-06-17 00:31 - 0043682 _____ () C:\Users\Kyle\AppData\Local\Tempdivx8d85
2015-06-11 22:20 - 2015-06-11 22:20 - 0043682 _____ () C:\Users\Kyle\AppData\Local\Tempdivx9ba2
2015-06-17 01:43 - 2015-06-17 01:43 - 0043682 _____ () C:\Users\Kyle\AppData\Local\Tempdivx9e55
2015-05-19 02:43 - 2015-05-19 02:43 - 0247298 _____ () C:\Users\Kyle\AppData\Local\Tempdivxa209
2015-06-20 15:34 - 2015-06-20 15:34 - 0043682 _____ () C:\Users\Kyle\AppData\Local\Tempdivxa8b7
2015-06-11 22:23 - 2015-06-11 22:23 - 0043682 _____ () C:\Users\Kyle\AppData\Local\Tempdivxaaab
2015-05-19 02:43 - 2015-05-19 02:43 - 0247298 _____ () C:\Users\Kyle\AppData\Local\Tempdivxb2a0
2015-05-19 02:43 - 2015-05-19 02:43 - 0247298 _____ () C:\Users\Kyle\AppData\Local\Tempdivxb6e1
2015-05-19 02:43 - 2015-05-19 02:43 - 0247298 _____ () C:\Users\Kyle\AppData\Local\Tempdivxb9ac
2015-06-17 02:05 - 2015-06-17 02:05 - 0043682 _____ () C:\Users\Kyle\AppData\Local\Tempdivxcdd5
2015-06-17 02:04 - 2015-06-17 02:04 - 0043682 _____ () C:\Users\Kyle\AppData\Local\Tempdivxcfdf
2015-06-17 14:03 - 2015-06-17 14:03 - 0043682 _____ () C:\Users\Kyle\AppData\Local\Tempdivxd180
2015-05-19 02:43 - 2015-05-19 02:43 - 0247298 _____ () C:\Users\Kyle\AppData\Local\Tempdivxd1ee
2015-05-19 02:43 - 2015-05-19 02:43 - 0247298 _____ () C:\Users\Kyle\AppData\Local\Tempdivxe542
2015-05-19 02:43 - 2015-05-19 02:43 - 0247298 _____ () C:\Users\Kyle\AppData\Local\Tempdivxfca5
2015-06-07 22:19 - 2015-06-07 22:19 - 0000000 ___SH () C:\ProgramData\.rdata
2014-01-01 06:41 - 2014-01-01 06:41 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Kyle\AppData\Local\Temp\1388577524623_DriverUtils.dll
C:\Users\Kyle\AppData\Local\Temp\1388582065788_DriverUtils.dll
C:\Users\Kyle\AppData\Local\Temp\AutoRun.exe
C:\Users\Kyle\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Kyle\AppData\Local\Temp\DivXSetup.exe
C:\Users\Kyle\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Kyle\AppData\Local\Temp\eauninstall.exe
C:\Users\Kyle\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
C:\Users\Kyle\AppData\Local\Temp\HiRezLauncherControls.dll
C:\Users\Kyle\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Kyle\AppData\Local\Temp\nvStInst.exe
C:\Users\Kyle\AppData\Local\Temp\RSPUpgradeInstaller.exe
C:\Users\Kyle\AppData\Local\Temp\SimCity 4 Deluxe_uninst.exe
C:\Users\Kyle\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Kyle\AppData\Local\Temp\sonarinst.exe
C:\Users\Kyle\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Kyle\AppData\Local\Temp\Uninstall.exe
C:\Users\Kyle\AppData\Local\Temp\utils.dll
C:\Users\Kyle\AppData\Local\Temp\x2blapi.dll
C:\Users\Kyle\AppData\Local\Temp\xmlUpdater.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-23 03:00
 
==================== End of log ============================
 
 
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-06-2015
Ran by Kyle at 2015-06-25 10:42:29
Running from C:\Users\Kyle\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3851110748-137399693-69968796-500 - Administrator - Disabled)
Guest (S-1-5-21-3851110748-137399693-69968796-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3851110748-137399693-69968796-1005 - Limited - Enabled)
Kyle (S-1-5-21-3851110748-137399693-69968796-1000 - Administrator - Enabled) => C:\Users\Kyle
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3851110748-137399693-69968796-1000\...\uTorrent) (Version: 3.3.2.30446 - BitTorrent Inc.)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
ANNO 1404 - Venice (HKLM-x32\...\{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}) (Version: 2.0.5008.0 - Ubisoft)
ANNO 1404 (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.02.0000 - Ubisoft)
Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden
Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
Banished 1.0 (HKLM-x32\...\Banished 1.0) (Version: 1.0 - Cat-A-Cat)
Bastion (HKLM-x32\...\1423058311_is1) (Version: 2.0.0.6 - GOG.com)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 2 (HKLM-x32\...\Steam App 24860) (Version:  - DICE)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.30944 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.1 - EA Digital Illusions CE AB)
BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
Braid (HKLM-x32\...\Braid/EN/PL-English_is1) (Version:  - City Interactive)
CDisplayEx 1.10.18 (HKLM\...\CDisplayEx_is1) (Version:  - cdisplayex.com)
Cities Skylines (HKLM-x32\...\Cities Skylines_is1) (Version: 1.0 - Релиз от R.G. Steamgames)
Close Combat Panthers in the Fog (HKLM-x32\...\Close Combat Panthers in the Fog6.00.00) (Version: 6.00.00 - Matrix Games)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Craft The World (HKLM-x32\...\Craft The World_is1) (Version:  - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Dark Souls 2 (HKLM-x32\...\RGFya1NvdWxzMg==_is1) (Version: 1 - )
Distant Star Revenant Fleet (HKLM-x32\...\Distant Star Revenant Fleet_is1) (Version:  - )
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.70 - DivX, LLC)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dungeons of Dredmor 1.1.2. (HKLM-x32\...\Dungeons of Dredmor 1.1.2._is1) (Version: 1.1.2. - )
Endless Legend (HKLM-x32\...\RW5kbGVzc0xlZ2VuZA==_is1) (Version: 1 - )
Europa Universalis IV (HKLM-x32\...\Europa Universalis IV_is1) (Version:  - Paradox Interactive)
FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version:  - Image-Line)
foobar2000 v1.3 (HKLM-x32\...\foobar2000) (Version: 1.3 - Peter Pawlowski)
FTL version 1.03.3 (HKLM-x32\...\{20E23A40-38E5-4DD6-B738-BC8097AE66B6}_is1) (Version: 1.03.3 - Subset Games)
Geeks3D FurMark 1.14.1 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Hammerwatch (HKLM-x32\...\Steam App 239070) (Version:  - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HoneyView3 (HKLM\...\HoneyView3) (Version:  - kippler@gmail.com)
Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Katawa Shoujo (HKLM-x32\...\Katawa Shoujo) (Version:  - )
Kingdoms of Amalur Reckoning (HKLM-x32\...\Kingdoms of Amalur Reckoning_is1) (Version:  - )
K-Lite Codec Pack 10.2.0 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.2.0 - )
Landmark Beta (HKU\S-1-5-21-3851110748-137399693-69968796-1000\...\SOE-Landmark Beta) (Version: 1.0.3.183 - Sony Online Entertainment)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
My Game Long Name (HKLM\...\UDK-2838aecc-c1c6-4e73-b366-231f862acb2b) (Version:  - Epic Games, Inc.)
My Game Long Name (HKLM\...\UDK-7ccd382a-a377-4f06-8173-3dfed02585c4) (Version:  - Epic Games, Inc.)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.49.0 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.3 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 349.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 349.95 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 350.12 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA Graphics Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Order of Battle Pacific 1.5.8 (HKLM-x32\...\{09426681-7B5C-4488-8DA8-BE87504BAB0E}_is1) (Version: 1.5.8 - Slitherine Ltd.)
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{82ad6e9b-7b38-436c-94ce-eb94104c669a}) (Version: latest - ppy Pty Ltd)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.85.190.0 - Overwolf Ltd.)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.3.1.43004 - Grinding Gear Games)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Procurement version 1.9.2 (HKLM-x32\...\{E91043A6-7DC5-4C8A-A6E4-9D618A0B80D4}_is1) (Version: 1.9.2 - Stickymaddness)
Project Reality: BF2 (HKLM\...\Project Reality: BF2 (pr)_is1) (Version: v1.3 - Project Reality)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
QTTabBar 1.5.0.0 Beta 2 (HKLM-x32\...\{7EDF4F60-E41A-4D55-8400-A633443C0065}) (Version: 1.5.260 - Quizo and Paul Accisano)
Quake Live (HKLM-x32\...\Steam App 282440) (Version:  - id Software)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.1 r2290 - )
RAPID Mode (Version: 1.0.1.42 - Samsung Electronics Co., Ltd.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Red Orchestra 2: Heroes of Stalingrad Beta (HKLM-x32\...\Steam App 104320) (Version:  - )
Rising Storm/Red Orchestra 2 Multiplayer (HKLM-x32\...\Steam App 35450) (Version:  - Tripwire Interactive)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.6 - Rockstar Games)
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.3.0 - Samsung Electronics)
Shadowrun Returns (HKLM-x32\...\GOGPACKSHADOWRUNRETURNS_is1) (Version: 2.2.0.10 - GOG.com)
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V Brave New World (HKLM-x32\...\U2lkTWVpZXJzQ2l2aWxpemF0aW9uVg==_is1) (Version: 1 - )
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SteelSeries Engine (HKLM\...\SteelSeries Engine) (Version: 2.8.171.34768 - SteelSeries)
Supraball (HKLM-x32\...\Supraball) (Version:  - Supra Games Gbr)
Surgeon Simulator 2013 Steam Edition 1.0 (HKLM-x32\...\Surgeon Simulator 2013 Steam Edition 1.0) (Version: 1.0 - Cat-A-Cat)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Banner Saga (HKLM-x32\...\VGhlQmFubmVyU2FnYQ==_is1) (Version: 1 - )
The Binding of Isaac Rebirth 1.0 (HKLM-x32\...\The Binding of Isaac Rebirth 1.0) (Version: 1.0 - Games on Cat-A-Cat.Net)
The Elder Scrolls IV: Oblivion  (HKLM-x32\...\Steam App 22330) (Version:  - Bethesda Game Studios)
The Forest v0.08 (HKLM-x32\...\The Forest v0.080.08) (Version: 0.08 - Friends in War)
This War of Mine (HKLM-x32\...\1207666873_is1) (Version: 2.0.0.2 - GOG.com)
Total War - SHOGUN 2 (HKLM-x32\...\Total War - SHOGUN 2_is1) (Version:  - )
Total War: ROME II (HKLM-x32\...\Steam App 214950) (Version:  - Creative Assembly)
Total War: Rome II Additional Depots (HKLM-x32\...\Steam App 243660) (Version:  - )
Tribes: Ascend (HKLM-x32\...\Steam App 17080) (Version:  - Hi-Rez Studios)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
USB Tablet Manager (HKLM\...\RmTablet) (Version: 5.01 - )
UxStyle Core Beta (HKLM\...\{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}) (Version: 0.2.1.1 - The Within Network, LLC)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
War Thunder Launcher 1.0.1.322 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - 2013 Gaijin Entertainment Corporation)
WhatPulse version 2.4 (HKLM-x32\...\{95CC8D5F-90A1-4285-9B2D-8D0FBCFD8D0D}_is1) (Version: 2.4 - WhatPulse)
WinDirStat 1.1.2 (HKU\S-1-5-21-3851110748-137399693-69968796-1000\...\WinDirStat) (Version:  - )
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wooxy version 0.1.0.9 (HKLM-x32\...\{EEA6D474-D21A-43D3-AD39-B8F304CBF5FF}_is1) (Version: 0.1.0.9 - Yurixy Works)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version:  - Wargaming.net)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
23-06-2015 01:43:12 Removed Path of Exile
23-06-2015 01:43:51 Installed Path of Exile
24-06-2015 10:16:34 Installed DirectX
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {285B8C63-40AA-4682-9355-A64EFF2EF25E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-01] (Google Inc.)
Task: {34E8519A-7B3E-4E13-9454-46C3865BC013} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2015-05-04] (Overwolf LTD)
Task: {37462ADA-BFD1-4A39-9B92-A5B032DD2669} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-01] (Google Inc.)
Task: {88CE4EA4-7E11-4911-9299-A8D470D67012} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-23] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-01-01 05:07 - 2015-04-08 14:30 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-01-01 22:14 - 2009-12-07 17:17 - 00182272 _____ () D:\bbLean\blackbox.exe
2014-01-01 22:14 - 2009-12-07 17:17 - 00056320 _____ () D:\bbLean\plugins\bbLeanBar\bbLeanBar.dll
2014-01-01 22:14 - 2009-12-07 17:17 - 00018432 _____ () D:\bbLean\plugins\bbColor3dc\bbColor3dc.dll
2014-11-09 15:08 - 2012-09-10 14:54 - 03593728 _____ () C:\Windows\system32\AtwtusbIcon.exe
2012-01-10 15:41 - 2015-03-29 18:15 - 00568392 _____ () D:\Program Files (x86)\puush\puush.exe
2014-07-25 17:36 - 2014-12-08 15:55 - 03563520 _____ () D:\Program Files (x86)\WhatPulse2\whatpulse.exe
2014-05-25 07:18 - 2014-05-25 07:18 - 00036536 _____ () D:\Program Files\Rainmeter\Rainmeter.exe
2014-05-25 07:18 - 2014-05-25 07:18 - 00747192 _____ () D:\Program Files\Rainmeter\Rainmeter.dll
2014-05-25 07:18 - 2014-05-25 07:18 - 00022528 _____ () D:\Program Files\Rainmeter\Plugins\InputText.dll
2014-11-09 15:08 - 2012-10-19 12:01 - 00581120 _____ () C:\Windows\system32\atwtusb.exe
2014-09-28 14:10 - 2014-09-27 17:24 - 00664064 _____ () D:\Program Files (x86)\WhatPulse2\whatpulse-watchdog.exe
2014-10-15 22:04 - 2015-06-25 00:42 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2011-04-23 01:54 - 2011-04-23 01:54 - 00083968 _____ () D:\Program Files (x86)\QTTabBar\QTHookLib64.dll
2015-05-06 10:20 - 2015-04-08 17:58 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-07-25 17:36 - 2013-04-08 10:34 - 00039936 _____ () D:\Program Files (x86)\WhatPulse2\CrashRpt1402.dll
2014-09-28 14:10 - 2014-09-03 23:26 - 00875520 _____ () D:\Program Files (x86)\WhatPulse2\platforms\qwindows.dll
2014-01-01 06:27 - 2013-09-03 17:52 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-06-22 09:54 - 2015-06-19 22:46 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libglesv2.dll
2015-06-22 09:54 - 2015-06-19 22:46 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libegl.dll
2015-06-22 09:54 - 2015-06-19 22:46 - 15003976 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\PepperFlash\pepflashplayer.dll
2014-10-07 16:45 - 2015-06-07 13:39 - 01007104 _____ () D:\Program Files (x86)\Origin Games\Origin\platforms\qwindows.dll
2014-10-07 16:45 - 2015-06-07 13:39 - 00023552 _____ () D:\Program Files (x86)\Origin Games\Origin\imageformats\qgif.dll
2014-10-07 16:45 - 2015-06-07 13:39 - 00024576 _____ () D:\Program Files (x86)\Origin Games\Origin\imageformats\qico.dll
2014-10-07 16:45 - 2015-06-07 13:39 - 00216576 _____ () D:\Program Files (x86)\Origin Games\Origin\imageformats\qjpeg.dll
2014-10-07 16:45 - 2015-06-07 13:39 - 00261120 _____ () D:\Program Files (x86)\Origin Games\Origin\imageformats\qmng.dll
2014-10-07 16:45 - 2015-06-07 13:39 - 00019456 _____ () D:\Program Files (x86)\Origin Games\Origin\imageformats\qtga.dll
2014-10-07 16:45 - 2015-06-07 13:39 - 00337408 _____ () D:\Program Files (x86)\Origin Games\Origin\imageformats\qtiff.dll
2014-10-07 16:45 - 2015-06-07 13:39 - 00018944 _____ () D:\Program Files (x86)\Origin Games\Origin\imageformats\qwbmp.dll
2014-10-07 16:45 - 2015-06-07 13:39 - 00228352 _____ () D:\Program Files (x86)\Origin Games\Origin\mediaservice\wmfengine.dll
2013-05-04 04:57 - 2013-05-04 04:57 - 00095712 _____ () D:\Program Files (x86)\foobar2000\zlib1.dll
2013-12-27 04:08 - 2013-12-27 04:08 - 00156112 _____ () D:\Program Files (x86)\foobar2000\shared.dll
2014-01-02 17:50 - 2007-01-05 08:36 - 00352256 _____ () D:\Program Files (x86)\foobar2000\components\foo_uie_trackinfo_mod.dll
2014-01-02 17:50 - 2010-09-03 13:28 - 00118784 _____ () D:\Program Files (x86)\foobar2000\components\foo_skip.dll
2014-01-02 17:50 - 2013-01-18 08:29 - 00173056 _____ () D:\Program Files (x86)\foobar2000\components\foo_unpack.dll
2014-01-02 17:50 - 2010-04-12 20:19 - 00957952 _____ () D:\Program Files (x86)\foobar2000\components\foo_uie_lyrics2.dll
2014-01-02 17:50 - 2010-09-19 14:52 - 00337920 _____ () D:\Program Files (x86)\foobar2000\components\foo_uie_biography.dll
2014-01-02 17:50 - 2011-05-29 11:26 - 00334848 _____ () D:\Program Files (x86)\foobar2000\components\foo_quicksearch.dll
2014-01-02 17:50 - 2012-10-10 13:00 - 00099328 _____ () D:\Program Files (x86)\foobar2000\components\foo_musical_spectrum.dll
2014-01-02 17:50 - 2013-01-18 08:29 - 00496128 _____ () D:\Program Files (x86)\foobar2000\components\foo_converter.dll
2014-01-02 17:50 - 2009-09-28 12:32 - 00242176 _____ () D:\Program Files (x86)\foobar2000\components\foo_vis_shpeck.dll
2013-12-27 04:08 - 2013-12-27 04:08 - 01390056 _____ () D:\Program Files (x86)\foobar2000\components\foo_input_std.dll
2013-11-02 12:58 - 2013-11-02 12:58 - 00723968 _____ () D:\Program Files (x86)\foobar2000\avcodec-fb2k-55.dll
2013-12-27 04:08 - 2013-12-27 04:08 - 00335824 _____ () D:\Program Files (x86)\foobar2000\avutil-fb2k-52.dll
2014-01-02 17:50 - 2009-06-07 16:15 - 00369152 _____ () D:\Program Files (x86)\foobar2000\components\foo_run.dll
2014-01-02 17:50 - 2013-01-18 08:29 - 00302592 _____ () D:\Program Files (x86)\foobar2000\components\foo_cdda.dll
2014-01-02 17:50 - 2009-09-18 11:01 - 00327680 _____ () D:\Program Files (x86)\foobar2000\components\foo_masstag.dll
2014-01-02 17:50 - 2007-08-17 13:56 - 00401408 _____ () D:\Program Files (x86)\foobar2000\components\foo_uie_lyrics_panel.dll
2014-01-02 17:50 - 2013-01-18 08:28 - 00281600 _____ () D:\Program Files (x86)\foobar2000\components\foo_fileops.dll
2014-01-02 17:50 - 2008-05-17 15:02 - 00241664 _____ () D:\Program Files (x86)\foobar2000\components\foo_uie_vis_channel_spectrum.dll
2014-01-02 17:50 - 2010-01-14 13:19 - 00401408 _____ () D:\Program Files (x86)\foobar2000\components\foo_discogs.dll
2014-01-02 17:50 - 2013-01-18 08:28 - 00298496 _____ () D:\Program Files (x86)\foobar2000\components\foo_freedb2.dll
2014-01-02 17:50 - 2011-06-12 07:17 - 01858048 _____ () D:\Program Files (x86)\foobar2000\components\foo_dop.dll
2014-01-02 17:50 - 2008-12-12 11:39 - 00365568 _____ () D:\Program Files (x86)\foobar2000\components\foo_uie_lyrics.dll
2014-01-02 17:50 - 2010-10-27 14:38 - 00452608 _____ () D:\Program Files (x86)\foobar2000\components\foo_uie_elplaylist.dll
2013-12-27 04:08 - 2013-12-27 04:08 - 00945128 _____ () D:\Program Files (x86)\foobar2000\components\foo_ui_std.dll
2014-01-02 17:50 - 2007-07-21 07:16 - 00204800 _____ () D:\Program Files (x86)\foobar2000\components\foo_uie_wsh_panel.dll
2014-01-02 17:50 - 2010-01-30 11:17 - 00252416 _____ () D:\Program Files (x86)\foobar2000\components\foo_uie_library_tree.dll
2014-01-02 17:50 - 2009-05-01 15:40 - 00272896 _____ () D:\Program Files (x86)\foobar2000\components\foo_input_monkey.dll
2013-12-27 03:57 - 2013-12-27 03:57 - 00350720 _____ () D:\Program Files (x86)\foobar2000\components\foo_albumlist.dll
2014-01-02 17:50 - 2013-01-18 08:29 - 00198656 _____ () D:\Program Files (x86)\foobar2000\components\foo_dsp_std.dll
2014-01-02 17:50 - 2007-05-17 15:31 - 00278528 _____ () D:\Program Files (x86)\foobar2000\components\foo_uie_quicksearch.dll
2014-01-02 17:50 - 2011-08-18 09:09 - 00242176 _____ () D:\Program Files (x86)\foobar2000\components\foo_ui_hacks.dll
2014-01-02 17:50 - 2013-01-18 08:29 - 00290816 _____ () D:\Program Files (x86)\foobar2000\components\foo_rgscan.dll
2014-01-02 17:50 - 2012-01-10 13:37 - 00150016 _____ () D:\Program Files (x86)\foobar2000\components\foo_popup_panels.dll
2014-01-02 17:50 - 2007-09-08 15:08 - 00163840 _____ () D:\Program Files (x86)\foobar2000\components\foo_uie_tabs.dll
2014-01-02 17:50 - 2011-02-27 15:22 - 01608192 _____ () D:\Program Files (x86)\foobar2000\components\foo_ui_columns.dll
2014-01-02 17:50 - 2009-12-10 16:16 - 00356352 _____ () D:\Program Files (x86)\foobar2000\components\foo_uie_panel_splitter.dll
2014-01-02 17:50 - 2012-10-15 17:45 - 00946176 _____ () D:\Program Files (x86)\foobar2000\components\foo_uie_wsh_panel_mod.dll
2014-01-02 17:50 - 2012-06-15 18:59 - 00802816 _____ () D:\Program Files (x86)\foobar2000\components\foo_uie_lyrics3.dll
2014-01-02 17:50 - 2010-01-11 12:18 - 00169472 _____ () D:\Program Files (x86)\foobar2000\components\foo_ac3.dll
2014-01-02 17:50 - 2010-05-29 13:02 - 00324608 _____ () D:\Program Files (x86)\foobar2000\components\foo_uie_esplaylist.dll
2014-01-02 17:50 - 2010-10-12 16:37 - 00228864 _____ () D:\Program Files (x86)\foobar2000\components\foo_playcount.dll
2014-01-02 17:50 - 2013-01-18 08:30 - 00198656 _____ () D:\Program Files (x86)\foobar2000\components\foo_dsp_eq.dll
2014-01-02 17:50 - 2012-12-20 08:12 - 00132096 _____ () D:\Program Files (x86)\foobar2000\components\foo_cad.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\.rdata:X
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3851110748-137399693-69968796-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^Kyle^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Magician.lnk => C:\Windows\pss\Samsung Magician.lnk.Startup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: DAEMON Tools Lite => "D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Nvtmru => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{AAFE6125-4ECD-4BF9-B78C-1A079B557230}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{00A362F9-B6FB-4196-8D34-5413394BFB49}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{7B43F43F-BBC2-4515-AB27-EEDEF4C74275}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F37AB0B5-308E-4BEA-8CFF-97942E0EFC68}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8797CAC1-CDD3-48B6-909E-AD1F273E87E6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{6AA7C15E-7FD8-41D9-8949-4FA860EDFD61}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{52853AAD-C83D-4FAE-88AB-A97440642204}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{8B273890-D771-411B-95CC-092E066CB81D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{2993BA26-2206-4CCE-9B28-470D2E3A5134}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{73FCFB78-8959-4A9D-AB45-2D11EAAE9CB9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{23439473-A238-4CAD-9774-11DFBD4D82D6}E:\program files (x86)\skype\phone\skype.exe] => (Allow) E:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{690A8C52-BABD-4DE3-BF01-68A1A4AF672C}E:\program files (x86)\skype\phone\skype.exe] => (Allow) E:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{A6430444-D0EC-4038-B1E0-EA2FDF326511}E:\program files (x86)\steam\steam.exe] => (Allow) E:\program files (x86)\steam\steam.exe
FirewallRules: [UDP Query User{FC757F95-00FD-4038-B06C-6F919449C8BA}E:\program files (x86)\steam\steam.exe] => (Allow) E:\program files (x86)\steam\steam.exe
FirewallRules: [{ADD64827-F532-40CC-B3C6-752070A9DBDB}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E6A3A31C-5660-4674-ABAF-8026801C60D7}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3ECD9B3B-4666-4354-A8C5-5387028C22FD}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{12795801-F9DC-4D5C-9F3B-FA46EA074AFC}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\rust\rust.exe
FirewallRules: [{4669574A-CFA0-4F57-995E-7F1007015AC9}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\rust\rust.exe
FirewallRules: [{5B683BB9-ED32-4100-9CFD-A4EFEADD5AB7}] => (Allow) C:\Users\Kyle\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{92B724A1-C8E7-43A1-8E8A-2DE1BF869F18}] => (Allow) C:\Users\Kyle\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EC0DE49A-BD8F-4357-9FB8-A657D217EF7C}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{DAEED0B5-0DCE-426A-BCB7-E06062776107}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{712CDDA6-8F74-40B8-8C42-0CAC8978E20E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{8150C958-710C-4BF3-84CD-A26435B11D6D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{B0EDC14D-E116-468E-A6EE-6B1A288F6FAB}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{4B65BCCA-A48C-48CE-AFFB-AF484E6C4C3C}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{AF56CA1B-DD7B-44E4-BD54-D38382E16CEB}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{091E0C2F-52CD-4D15-9236-F80E30F4AC1D}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{F1C40BBC-4CAC-4082-AF33-291B22D08919}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{E09C5133-E8BA-43D6-9E4B-D3AA7CF0FACD}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [TCP Query User{679ED95F-6CA0-46A4-BA95-BF68946E3B11}D:\program files (x86)\steam\steam.exe] => (Allow) D:\program files (x86)\steam\steam.exe
FirewallRules: [UDP Query User{4696CAE1-DDB5-4F34-8BF3-522DEB7B4703}D:\program files (x86)\steam\steam.exe] => (Allow) D:\program files (x86)\steam\steam.exe
FirewallRules: [{0C7FAD49-0EC9-40F5-8C64-64F81F7F17B7}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\rust\rust.exe
FirewallRules: [{7EC930B5-AF25-424E-9B24-9CB196C5DF95}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\rust\rust.exe
FirewallRules: [{1A8F8E79-D5F1-46D3-80FA-343BE538E3BB}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\rust\rust.exe
FirewallRules: [{1FA66DC6-D324-47E5-9BCD-875EDF60F2DB}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\rust\rust.exe
FirewallRules: [TCP Query User{D184487A-A038-41E1-A5C1-BFA538B6F072}D:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Block) D:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [UDP Query User{4683B3DC-CD5D-4512-92AE-20C05BACAD4D}D:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Block) D:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [{F3BC7000-FE0F-486C-A0D2-F4A656AADFC8}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{0186FAE7-10C3-4607-ADE3-5B0F46376582}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{F982F3D9-0558-42D6-8533-5F4764AF399B}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{5DF09D5F-ED51-446A-ACBE-C3A894B54DC3}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{2A0AFA3E-F121-4834-B780-642F7724ABBF}] => (Allow) D:\Program Files (x86)\WarThunder\launcher.exe
FirewallRules: [{B4DAD819-B8EF-4737-8A66-C35EA5E5FFFC}] => (Allow) D:\Program Files (x86)\WarThunder\launcher.exe
FirewallRules: [{179C5211-C3B6-4493-9ADC-4403BA6ECE3A}] => (Allow) LPort=80
FirewallRules: [{71704742-D645-4AAA-895A-3260C55E9D73}] => (Allow) LPort=443
FirewallRules: [{35E1F00C-20BF-42D0-9199-11605AF907D3}] => (Allow) LPort=20010
FirewallRules: [{533A86AD-DDBB-4FA7-AE93-1D0CB6EB18BC}] => (Allow) LPort=3478
FirewallRules: [{65B73FB5-5A66-4ABD-BBB9-9F0A0CCB10DC}] => (Allow) LPort=7850
FirewallRules: [{D9791183-F1CE-4E09-A90D-1D4A2F14DC25}] => (Allow) LPort=7852
FirewallRules: [{68D6EB5B-C584-4B2D-A68A-26E483135FA0}] => (Allow) LPort=7853
FirewallRules: [{8570CD06-DDEF-40A7-8F6C-E48A640C7299}] => (Allow) LPort=27022
FirewallRules: [{2B743712-EFA1-4DAF-9331-6E67FC6A26F7}] => (Allow) LPort=6881
FirewallRules: [{8F1BFE2F-2201-4255-8930-3B9DFEEAFE4F}] => (Allow) LPort=33333
FirewallRules: [{83010C5F-3403-4556-B800-E3B46A98876E}] => (Allow) LPort=20443
FirewallRules: [{7C660071-405A-4A9F-AAD8-343638B3F5DF}] => (Allow) LPort=8090
FirewallRules: [{400B2136-6667-41A7-8DDE-8FC611EFAB00}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{8185287F-EBF9-4562-A934-160F1A9EDFBE}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{F169D4BD-E6DD-4109-8CEC-A0FE84E0B05F}] => (Allow) D:\Program Files (x86)\Origin Games\Titanfall-Beta\Titanfall.exe
FirewallRules: [{C17C7D65-15C5-430E-A45E-BDABDD2AABE1}] => (Allow) D:\Program Files (x86)\Origin Games\Titanfall-Beta\Titanfall.exe
FirewallRules: [{C69F5425-A02D-48EE-851A-3853720C6617}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{27A7F3ED-B6C8-4EC9-B054-C799E5477A21}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{D25833C6-388A-425E-AB6A-374D539A1D99}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\rust\rustlauncher.exe
FirewallRules: [{A59B8EAB-6D76-4823-8A25-0BCE7E5088A7}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\rust\rustlauncher.exe
FirewallRules: [{1DD0EE61-3D36-4A64-89D9-2DC636B54F20}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Oblivion\OblivionLauncher.exe
FirewallRules: [{E089EF7E-8C71-4A69-B4C5-86CDEEA185BC}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Oblivion\OblivionLauncher.exe
FirewallRules: [{EEAAC738-5CC3-43E5-A50F-DBBD64D6A10B}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\RedOrchestra2Beta\Binaries\Win32\ROGame.exe
FirewallRules: [{2B9DD463-C1B4-496C-B244-224CE97C2483}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\RedOrchestra2Beta\Binaries\Win32\ROGame.exe
FirewallRules: [{EF053CE7-D095-416E-978D-B34F9531AD97}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Red Orchestra 2\Binaries\Win32\ROGame.exe
FirewallRules: [{7B13DB8A-4196-49D4-B567-153B622BED55}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Red Orchestra 2\Binaries\Win32\ROGame.exe
FirewallRules: [{771D587E-366F-4EB1-BBAF-A0BFEE4B12AF}] => (Allow) D:\Program Files\Ubisoft\WATCH_DOGS\bin\Watch_Dogs.exe
FirewallRules: [{2A4A93E4-71E4-447D-A674-5FF63A1A077B}] => (Allow) D:\Program Files\Ubisoft\WATCH_DOGS\bin\Watch_Dogs.exe
FirewallRules: [{BD9036BA-9D0E-462F-9E21-F5A395220229}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Hammerwatch\Hammerwatch.exe
FirewallRules: [{981F9CC0-E2EA-4958-85C3-FAB0B751F601}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Hammerwatch\Hammerwatch.exe
FirewallRules: [{9740534C-1469-4152-B11B-5869390EE2C1}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3.exe
FirewallRules: [{885C7372-DC63-4C44-BB41-5FA2D5DC6782}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3.exe
FirewallRules: [{870E1929-682B-46B0-8DA2-66733F44A7CD}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{9EB80653-935A-45D1-9F69-6001CCE09D3F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{19215AAF-6457-41A4-94CC-1B90A5FD06E8}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [{FE0CBDB1-9858-40CC-B6BE-7EEFB492BE2E}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [{DD61AEE1-6127-4476-9B56-991E743097A9}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{B1D106A6-A061-4D35-80A4-53DCF825C40E}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{27D54E11-3FE0-4771-9F29-D549C1CA76CB}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{8703CB43-3830-4D98-8A70-56644FF4A880}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5493032A-AED9-4CFB-9925-EF57B46AA179}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\rust\legacy\rust.exe
FirewallRules: [{77CCA7DB-87BC-40D6-AB17-29E0B61CC8AA}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\rust\legacy\rust.exe
FirewallRules: [{064A635F-45EA-4C18-920A-BE41ECFFDB4F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\rust\experimental\Rust.exe
FirewallRules: [{577C24AA-EABE-41D7-8341-863F1BA16741}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\rust\experimental\Rust.exe
FirewallRules: [{8326FDE8-818B-4074-B50C-0D954C2B7611}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Quake Live\quakelive_steam.exe
FirewallRules: [{573F0487-82B5-48F9-BD9E-D3C09AFE4CEF}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Quake Live\quakelive_steam.exe
FirewallRules: [{0FC2B34E-4FCA-42BB-9627-8582F2219001}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Battlefield 2\BF2.exe
FirewallRules: [{5571372F-88E6-41A2-A7AA-3F7259F663EB}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Battlefield 2\BF2.exe
FirewallRules: [{7EB1C3DC-551B-4981-BEF6-09BADE89261C}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Battlefield 2\prbf2.exe
FirewallRules: [{05D15EF5-96C2-4344-9DD7-C3ACDAC88BAC}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Battlefield 2\mods\pr\bin\PRLauncher.exe
FirewallRules: [{D7C8B45C-E7AF-4C7B-A74C-34E512280DE3}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Battlefield 2\mods\pr\bin\PRUpdater.exe
FirewallRules: [{FCAFCE9F-6D0E-4177-9CB5-DDB6323E6BEE}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Battlefield 2\mods\pr\bin\PRMumble\PRMumble.exe
FirewallRules: [{04E08E5E-8344-4B02-96C8-F765199B56C1}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\insurgency2\insurgency.exe
FirewallRules: [{02D69305-5FDB-4C27-9D4B-FDC03A104150}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\insurgency2\insurgency.exe
FirewallRules: [{BE73974F-A477-41A4-8838-01E6E7CE4768}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{39ABB233-E0FE-4010-A98D-109A7F9C8716}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{1998DC3A-1D17-4F46-9A7E-A452F7D2BA8C}] => (Allow) LPort=41780
FirewallRules: [{282A7C86-80D0-4030-948D-192EAF10C9DE}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Tribes\Binaries\Win32\HirezBridge.exe
FirewallRules: [{28E347CE-FA77-443E-880E-61B4B3097D5D}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Tribes\Binaries\Win32\HirezBridge.exe
FirewallRules: [{E9B43A04-396B-4820-8C74-67F3A2775443}] => (Block) F:\Tor\Grand Theft Auto V-FULL UNLOCKED-SG-ChaoS\Grand Theft Auto V\GTA5.exe
FirewallRules: [{03C0685D-D39B-49D0-B97E-E4653C7D0CB2}] => (Block) F:\Tor\Grand Theft Auto V-FULL UNLOCKED-SG-ChaoS\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{D3C2F84F-2D21-4DF4-A178-136396EC93A0}] => (Block) F:\Tor\Grand Theft Auto V-FULL UNLOCKED-SG-ChaoS\Grand Theft Auto V\Launcher.exe
FirewallRules: [{8EACD5A3-A774-414A-80BF-E93A32E9B35F}] => (Allow) F:\Tor\Grand Theft Auto V-FULL UNLOCKED-SG-ChaoS\Grand Theft Auto V\PlayGTAV.exe
FirewallRules: [{8FDD61D8-6D53-4CD0-846C-5237CD3EDA08}] => (Block) F:\Tor\Grand Theft Auto V-FULL UNLOCKED-SG-ChaoS\Grand Theft Auto V\GTA5.exe
FirewallRules: [{D2E7A583-32AA-4E69-8B55-FE37C63B0943}] => (Block) F:\Tor\Grand Theft Auto V-FULL UNLOCKED-SG-ChaoS\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{FBE5A67F-7050-4B4C-840A-7D927E2186E0}] => (Block) F:\Tor\Grand Theft Auto V-FULL UNLOCKED-SG-ChaoS\Grand Theft Auto V\Launcher.exe
FirewallRules: [{4B7D82A9-3866-4433-8325-C9FFDDD8BDF5}] => (Block) F:\Tor\Grand Theft Auto V-FULL UNLOCKED-SG-ChaoS\Grand Theft Auto V\PlayGTAV.exe
FirewallRules: [{471BFE61-C230-44D9-8C56-EF15A1EC1AE9}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Hammerwatch\editor\HammerEditor.exe
FirewallRules: [{3CCB2FE4-5EA9-4575-9084-ECDC3E2128FE}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Hammerwatch\editor\HammerEditor.exe
FirewallRules: [{8EF9E6F4-AAF5-429C-BB77-BFDCEF1E9995}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{1F4261E9-646B-4133-9E8C-DE49D59547E8}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{1FA06256-73AC-4716-BBB4-B2102931998F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{19FE0BB2-0031-4334-AD95-61648A9B11BA}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{E45E656E-FD8D-4E50-8AB9-2207E8C23A7E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{AE166B42-7275-4063-90A7-CF3FF03F2DC1}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{06199391-9D73-4E43-A5C8-531BB9E9D2B9}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{C0B5AFE5-D9F7-4788-B977-E4842DFD230B}] => (Allow) C:\Program Files (x86)\Origin\Battlefield 4\Battlefield 4\bf4_x86.exe
FirewallRules: [{0511AB41-30C1-431E-8497-FD65A72841FC}] => (Allow) C:\Program Files (x86)\Origin\Battlefield 4\Battlefield 4\bf4_x86.exe
FirewallRules: [{BFCF4259-08D9-462E-A15F-FB206557F104}] => (Allow) C:\Program Files (x86)\Origin\Battlefield 4\Battlefield 4\bf4.exe
FirewallRules: [{B09B2EC8-AD1A-4127-B876-4011948EAC3D}] => (Allow) C:\Program Files (x86)\Origin\Battlefield 4\Battlefield 4\bf4.exe
 
==================== Faulty Device Manager Devices =============
 
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/24/2015 09:16:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/24/2015 09:09:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/24/2015 09:03:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/23/2015 11:54:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/23/2015 11:43:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/23/2015 01:42:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program PathOfExile.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 32d8
 
Start Time: 01d0ad9069effd25
 
Termination Time: 0
 
Application Path: D:\Program Files (x86)\Grinding Gear Games\Path of Exile\PathOfExile.exe
 
Report Id:
 
Error: (06/14/2015 11:47:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/14/2015 11:34:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/13/2015 08:33:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: learnfun.exe, version: 0.0.0.0, time stamp: 0x51e2ff15
Faulting module name: learnfun.exe, version: 0.0.0.0, time stamp: 0x51e2ff15
Exception code: 0x40000015
Fault offset: 0x000000000021f1ed
Faulting process id: 0x96e8
Faulting application start time: 0xlearnfun.exe0
Faulting application path: learnfun.exe1
Faulting module path: learnfun.exe2
Report Id: learnfun.exe3
 
Error: (06/10/2015 00:00:20 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program insurgency.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 236c
 
Start Time: 01d0a34aa1a2b92f
 
Termination Time: 194
 
Application Path: D:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe
 
Report Id:
 
 
System errors:
=============
Error: (06/24/2015 09:20:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (06/24/2015 09:20:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (06/24/2015 09:20:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (06/24/2015 09:20:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (06/24/2015 09:20:29 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
 
Error: (06/24/2015 09:20:29 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
 
Error: (06/24/2015 09:20:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (06/24/2015 09:20:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (06/24/2015 09:20:18 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
 
Error: (06/24/2015 09:15:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the BorderlineRunner service to connect.
 
 
Microsoft Office:
=========================
Error: (06/24/2015 09:16:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/24/2015 09:09:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/24/2015 09:03:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/23/2015 11:54:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/23/2015 11:43:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/23/2015 01:42:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: PathOfExile.exe0.0.0.032d801d0ad9069effd250D:\Program Files (x86)\Grinding Gear Games\Path of Exile\PathOfExile.exe
 
Error: (06/14/2015 11:47:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/14/2015 11:34:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/13/2015 08:33:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: learnfun.exe0.0.0.051e2ff15learnfun.exe0.0.0.051e2ff1540000015000000000021f1ed96e801d0a652df0e3a03C:\Users\Kyle\Documents\playfun\learnfun.exeC:\Users\Kyle\Documents\playfun\learnfun.exe1d6c25c5-1246-11e5-acc5-ac220b834aa1
 
Error: (06/10/2015 00:00:20 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: insurgency.exe0.0.0.0236c01d0a34aa1a2b92f194D:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-06-23 11:28:38.564
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4670K CPU @ 3.40GHz
Percentage of memory in use: 76%
Total physical RAM: 8129.74 MB
Available physical RAM: 1930.87 MB
Total Pagefile: 16257.68 MB
Available Pagefile: 9279.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.69 GB) (Free:19.81 GB) NTFS
Drive d: () (Fixed) (Total:465.76 GB) (Free:96.85 GB) NTFS
Drive e: (Endless Legend) (CDROM) (Total:1.81 GB) (Free:0 GB) UDF
Drive f: () (Fixed) (Total:931.51 GB) (Free:378.38 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: DB47555D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: EBE8A0D2)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0F78DDD3)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==================== End of log ============================

 


  • 0

Advertisements


#2
Sugartooth

Sugartooth

    Member

  • Member
  • PipPipPip
  • 881 posts

Hello samsara666 and Welcome to Geeks to Go! :)

My name is Sugartooth and I will be helping you with your malware removal. I am currently in training so my posts will need to be reviewed by my instructor. On the positive side, you get to have two people working towards a resolution of your computer problems instead of just one. ;)

A few important points to go over before we begin:

  • I highly recommend backing up any critical personal files on your machine to a safe place (not on this computer) before we start as it is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. Running other programs can interfere with the tools we use and hinder the cleaning process by producing unpredicted results.
  • Please make sure that all the programs I ask you to download are downloaded to, and run from, your Desktop.
  • This is a complicated process. It will require several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order. Just because you no longer see any symptoms, doesn't mean all the malware has been removed. I will need for you to stay with me until I tell you that your computer is clean.
  • Since I am not physically able to view your computer, I will need for you to describe as fully as possible what symptoms you are experiencing and any changes between fixes.
  • If at any time you do not understand my instructions, or something unexpected happens, DO NOT CONTINUE. STOP AND ASK. I will get back to you as soon as I can. If you do not hear from me in 48 hours, send me a PM (Private Message).
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • I recommend printing out these instructions so that you will be able to refer to them while working on your machine or save it to Notepad and place it on your Desktop. Part of the solution to your problem may involve us working in Safe Mode and you will need them to go by.
    • To access Notepad, click on the Start Menu>All Programs>Accessories>Notepad.
  • Please make sure you reply within 4 days to my responses. If there is no reply within 4 days, this topic will be closed and you will need to request that this topic be reopened. To do so, please contact me or any Moderator with the address of this thread by PM (Private Message).

 

I'm currently in the process of reviewing your logs. Please be patient. I'll get back to you as soon as I can. :)


  • 0

#3
Sugartooth

Sugartooth

    Member

  • Member
  • PipPipPip
  • 881 posts

Hello samsara666, :)

Before we get started, I would like to inform you of the following:

Peer To Peer Warning

After reviewing your logs, I see that you have uTorrent installed. Geeks to Go does not recommend using such programs. Please be aware that this can become a gateway for adware to enter your computer. The adware can then bombard you with advertisements and pop-ups, hijack your Web browser, and slow down your computer. There is also the issue of whether the files you download on a P2P network are free of adware, spyware and viruses. It is a known fact that criminals have used P2P programs in order to obtain confidential information resulting in identity theft. Many government agencies have issued a warning against P2P file sharing and their dangers. Here are a few references. Please take the time to read them and inform yourself:

Federal Trade Commission - P2P File-Sharing: Evaluate the Risks
FBI: Risks of Peer-to-Peer Systems
The Seattle Times "Indictment here marks "new age" of ID theft"

If you insist on keeping uTorrent, please do not use it until after we have cleaned up your system. If you would like it removed, let me know and I will help you with that.



Before doing the following, please remove any CD-ROMs from Drive E so they do not interfer with the Fixes.


PunkBuster Advice:

There are some issues with infections in relation to PunkBuster...

Your computer has installed gaming tools. Some of these, like Punkbuster, use spyware techniques to engage in the anti-piracy battle.
In the process, they take control of much of your PC, and they actually meet the definition of spyware/malware.
They are sometimes designed to prevent orderly removal or modification, and they have only limited respect for retaining the overall security and integrity of your machine.

My advice would be to download the removal tool from here. Use this to uninstall PunkBuster Services. Then when I give the all clear, use it again to reinstall PunkBuster Services if you so wish.

After you have downloaded the removal tool for PunkBuster Services, run it as follows...

  • Right-click on pbsvc.exe and select select Run as Administrator.
  • Ensure Un-install/Remove PunkBuster Service is selected.
  • Click on Next >> Yes >> Finish.
  • Reboot(restart) your machine if not prompted to do so.

 

 

 

Step 1
Uninstall Google Chrome

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things, this allows malware to install any extension it wants. Chrome needs to be uninstalled so we can deal with the infections present on your computer. After your computer is clean, Chrome can be reinstalled.

If you have bookmarks/favorites:

  • Open Chrome, click on the 3 bars in the top right hand corner, select Bookmarks and then Bookmarks Manager.
  • Click on Organize and then select Export Bookmarks to HTML file, then choose Desktop to save it.

Sign into Google Sync:

  • Click on the 3 bars in the top right hand corner and select Settings.
  • In the list of Settings under “Sign in” click on Disconnect your Google Account.
  • A pop up box will appear. Click on Google Dashboard, on the Chrome sync screen, click on Reset sync at the bottom.
  • A Reset sync box will open, click on OK (wait for this to complete before doing the next step).
  • When confirmation appears, close that page and then click on Disconnect account and close Google Chrome.

Uninstall:

  • Click on Start > Control Panel > Programs and Features and uninstall Google Chrome. Select Everything for removal if asked.
  • Restart your computer.

 

 

 

Step 2
Move FRST

Farbar Recovery Scan Tool needs to be run from your Desktop.

  • Please click on the Start orb, in the Search box type

Downloads

  • Press the Enter key.
  • Right-click on FRST64 and select Cut.
  • Go to an empty space on your Desktop, right-click and select Paste.
  • Do the same with the FRST and Addition logs.

 

 

 

Step 3
FRST Fix

1. Open notepad (Start =>All Programs => Accessories => Notepad) and copy/paste the text present inside the code box below.
To Copy: Highlight the contents of the box, right-click on it, and choose Copy. To Paste: In the opened notepad, right-click and select Paste.

Warning: These fixes have been customized for this computer only. If you are NOT this user, DO NOT follow these directions as the tools used may damage your computer.


Start
CreateRestorePoint:
CloseProcesses: 
() D:\bbLean\blackbox.exe               
HKLM\...\Winlogon: [Shell] D:\bbLean\blackbox.exe [182272 2009-12-07] () <=== ATTENTION                   
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION                    
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =                                                      
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File           
S2 a8501310; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\BorderlineRunner\BorderlineRunner.dll",serv                              
2015-06-25 00:25 - 2015-06-25 00:32 - 00000024 _____ C:\Users\Kyle\AppData\Roaming\appdataFr25.bin 
2015-06-14 02:09 - 2015-06-14 11:45 - 00000000 ____D C:\Program Files (x86)\WorkAppp              
2015-06-14 02:09 - 2015-06-14 11:31 - 00000000 ____D C:\Program Files (x86)\WorkkApp             
2015-06-14 02:09 - 2015-06-14 11:31 - 00000000 ____D C:\Program Files (x86)\Invite All                
2015-06-14 02:08 - 2015-06-14 11:45 - 00000000 ____D C:\Program Files (x86)\WWOrkApP          
2015-06-14 02:08 - 2015-06-14 02:09 - 00000000 ____D C:\ProgramData\16053547305232972317               
2015-06-11 16:48 - 2015-06-14 11:32 - 00000000 ____D C:\Program Files (x86)\BorderlineRunner              
2015-06-25 00:25 - 2015-06-25 00:32 - 0000024 _____ () C:\Users\Kyle\AppData\Roaming\appdataFr25.bin  
2014-01-01 06:41 - 2014-01-01 06:41 - 0000000 ____H () C:\ProgramData\DP45977C.lfl              
2014-01-01 22:14 - 2009-12-07 17:17 - 00182272 _____ () D:\bbLean\blackbox.exe                                
2014-01-01 22:14 - 2009-12-07 17:17 - 00056320 _____ () D:\bbLean\plugins\bbLeanBar\bbLeanBar.dll                  
2014-01-01 22:14 - 2009-12-07 17:17 - 00018432 _____ () D:\bbLean\plugins\bbColor3dc\bbColor3dc.dll   
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset 
CMD: bitsadmin /reset /allusers
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Hosts:
EmptyTemp:
End

2. Click on File > Save as... and a Save As box will appear.

  • You will need to save this file to your Desktop. Under Favorites in the left column, locate Desktop and click on it.
  • Inside the File Name: box type fixlist.txt
  • Click the Save button and the box will close.

You can now close Notepad by clicking on the X in the top right corner.

NOTE: => It's important that both files, FRST64 and fixlist.txt are in the same location (on the Desktop) or the fix will not work.


3. Right click FRST64 and select Run as administrator. When the tool opens click Yes to the UAC. Click the Fix button just once and wait.
NOTE: => FRST may check and download an updated version.
After the completion, a log (Fixlog.txt) will be produced. Copy and Paste the contents of the log in your next reply.



Things I need to see in your next posting:

1. Your decision regarding uTorrent and PunkBuster. Uninstalled or keeping?
2. Did you have any problems uninstalling Chrome?
3. Fixlog.txt
4. Information on how your computer is running now.


  • 0

#4
samsara666

samsara666

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

I've uninstalled Utorrent and replaced it with Qtorrent. I've uninstalled punkbuster but I'll be reinstalling it when we're finished. My computer seems to be running fine but it disabled my custom shell; (bbLean). I think it just needs to be reinstalled as well. I uninstalled Chrome and installed Mozilla for now. After I restarted my computer I ran another scan and came up with 18 PuP related to something called "Workappp". I should have taken a screenshot but I just cleaned them without thinking about it. They haven't come back yet.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:24-06-2015
Ran by Kyle at 2015-06-26 16:41:20 Run:1
Running from C:\Users\Kyle\Desktop
Loaded Profiles: Kyle (Available Profiles: Kyle)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
() D:\bbLean\blackbox.exe               
HKLM\...\Winlogon: [Shell] D:\bbLean\blackbox.exe [182272 2009-12-07] () <=== ATTENTION                   
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION                    
HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =                                                      
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File           
S2 a8501310; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\BorderlineRunner\BorderlineRunner.dll",serv                              
2015-06-25 00:25 - 2015-06-25 00:32 - 00000024 _____ C:\Users\Kyle\AppData\Roaming\appdataFr25.bin
2015-06-14
02:09 - 2015-06-14 11:45 - 00000000 ____D C:\Program Files (x86)\WorkAppp              
2015-06-14 02:09 - 2015-06-14 11:31 - 00000000 ____D C:\Program Files (x86)\WorkkApp             
2015-06-14 02:09 - 2015-06-14 11:31 - 00000000 ____D C:\Program Files (x86)\Invite All                
2015-06-14 02:08 - 2015-06-14 11:45 - 00000000 ____D C:\Program Files (x86)\WWOrkApP          
2015-06-14 02:08 - 2015-06-14 02:09 - 00000000 ____D C:\ProgramData\16053547305232972317               
2015-06-11 16:48 - 2015-06-14 11:32 - 00000000 ____D C:\Program Files (x86)\BorderlineRunner              
2015-06-25 00:25 - 2015-06-25 00:32 - 0000024 _____ () C:\Users\Kyle\AppData\Roaming\appdataFr25.bin  
2014-01-01 06:41 - 2014-01-01 06:41 - 0000000 ____H () C:\ProgramData\DP45977C.lfl              
2014-01-01 22:14 - 2009-12-07 17:17 - 00182272 _____ () D:\bbLean\blackbox.exe                                
2014-01-01 22:14 - 2009-12-07 17:17 - 00056320 _____ ()
D:\bbLean\plugins\bbLeanBar\bbLeanBar.dll                  
2014-01-01 22:14 - 2009-12-07 17:17 - 00018432 _____ () D:\bbLean\plugins\bbColor3dc\bbColor3dc.dll   
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Hosts:
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
D:\bbLean\blackbox.exe => No running process found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value restored successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKLM\Software\Microsoft\Internet => Error: No automatic fix found for this entry.
Explorer\Main,Search Page = => Error: No automatic fix found for this entry.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully
a8501310 => Service removed successfully
C:\Users\Kyle\AppData\Roaming\appdataFr25.bin => moved successfully.
2015-06-14 => Error: No automatic fix found for this entry.
02:09 - 2015-06-14 11:45 - 00000000 ____D C:\Program Files (x86)\WorkAppp => Error: No automatic fix found for this entry.
C:\Program Files (x86)\WorkkApp => moved successfully.
C:\Program Files (x86)\Invite All => moved successfully.
C:\Program Files (x86)\WWOrkApP => moved successfully.
C:\ProgramData\16053547305232972317 => moved successfully.
C:\Program Files (x86)\BorderlineRunner => moved successfully.
"C:\Users\Kyle\AppData\Roaming\appdataFr25.bin" => File/Folder not found.
C:\ProgramData\DP45977C.lfl => moved successfully.
"2014-01-01 22:14 - 2009-12-07 17:17 - 00182272 _____ () D:\bbLean\blackbox.exe" => File/Folder not found.
"2014-01-01 22:14 - 2009-12-07 17:17 - 00056320 _____ ()" => File/Folder not found.
D:\bbLean\plugins\bbLeanBar\bbLeanBar.dll => moved successfully.
"2014-01-01 22:14 - 2009-12-07 17:17 - 00018432 _____ () D:\bbLean\plugins\bbColor3dc\bbColor3dc.dll" => File/Folder not found.

=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  netsh int ip reset c:\resetlog.txt =========

Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  ipconfig /release =========


Windows IP Configuration


Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::6c5f:25b7:857:7b28%11
   Default Gateway . . . . . . . . . :

Tunnel adapter isatap.Home:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========


=========  ipconfig /renew =========


Windows IP Configuration


Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : Home
   Link-local IPv6 Address . . . . . : fe80::6c5f:25b7:857:7b28%11
   IPv4 Address. . . . . . . . . . . : 192.168.1.65
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.254

Tunnel adapter isatap.Home:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : Home

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========


=========  netsh int ipv4 reset =========

Reseting Interface, OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  netsh int ipv6 reset =========

Reseting Interface, OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.



========= End of Reg: =========


========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.



========= End of Reg: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
EmptyTemp: => 20.3 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 16:42:01 ====


  • 0

#5
Sugartooth

Sugartooth

    Member

  • Member
  • PipPipPip
  • 881 posts

Hi samsara666, :)

We've still got quite a bit of work to do, so could you please refrain from adding more programs to your computer or cleaning things on your own? The reason being that it makes my job more complicated. I'll see new programs in your scans and I won't know if you added the new programs or if it has been added by malware. If you remove things on your own, and I include them in a fix, my fixes won't work. I was aware of "Workappp" so thanks for telling me what you did. As I mentioned previously, running other programs can interfere with the tools we use and hinder the cleaning process by producing unpredicted results. Regarding Qtorrent, it's still a P2P program and as such, shouldn't be used until I give your computer a clean bill of health. Sorry about bbLean and ruining all your fun, but right now, it shouldn't be used either.

 

Step 1
Scan with AdwCleaner

Temporarily disable Windows Defender - instructions here. Re-enable it after you have completed the steps.

I would like for you to do a Scan only. Do not use the Cleaning feature.

1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right click on adwcleaner.pngAdwCleaner and select Run as administrator. Accept the User Account Control prompt.
4. The first time the tool is opened, you will need to accept the Terms of use.

legit-adwcleaner.jpg

5. Click on Scan.
6. Once the scan has finished, it will say Waiting for action. Please uncheck elements you want to keep.
7. Click on the Logfile button. AdwCleaner[R0].txt will open. Copy and paste the log into your next reply for my review.
8. Close the program by clicking on the X located in the top right corner. Click Yes to confirm you want to close the program without cleaning.
*The log is also saved at C:\AdwCleaner\AdwCleaner[R0].txt



Step 2
Junkware Removal Tool

1. Download Junkware Removal Tool to your desktop.
2. Close all open programs and internet browsers.
3. Right click on jrt.png and select Run as Administrator. Accept the User Account Control prompt.
4. A black box will open. Press any key to continue.
5. The tool will start scanning your system.
6. Please be patient as this can take a while to complete depending on your system's specifications.
7. Upon completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
8. Close the text file and reboot your machine.
9. Please copy and paste the contents of JRT.txt into your next reply.



Step 3
Fresh Set of Logs

1. Right click FRST64.exe and select Run as administrator. When the tool opens click Yes to the UAC.
Note: FRST may check for updates. Please allow it to do so.
2. Under Optional Scan, ensure Addition.txt is checked.
3. Press the Scan button.
4. When FRST64 finishes scanning, two logs, FRST.txt and Addition.txt will open.
5. Please copy and paste both logs in your next reply.

Note: Don't forget to re-enable Windows Defender.



Things I need to see in your next posting:

1. AdwCleaner[R0].txt
2. JRT.txt
3. FRST.txt log
4. Addition.txt log
5. Information on how your computer is running now.


  • 0

#6
Sugartooth

Sugartooth

    Member

  • Member
  • PipPipPip
  • 881 posts

Hello samsara666, :)

Do you still require assistance?


  • 0

#7
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP