Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Rundll32 using lots of memory.

Started by gbns , Jul 25 2015 09:54 PM

  • Please log in to reply

#1
gbns
Posted 25 July 2015 - 09:54 PM

gbns

    New Member

  • Member
  • Pip
  • 3 posts

Hello there! I'm running windows 7 64bit and I've been having a bit of an issue lately.

Recently my computer's fan has been switching on and running like a chainsaw. I play games fairly frequently so at first I figured maybe I was just running it hard and it needed to cool down. But then while doing fairly low stress things like Netflix, or Youtube, or just watching movies it would still do it. I looked at my processes and saw rundll32.exe under the syswow32 folder was using almost 700k memory. :upset:  So I decided to kill the process while my fan was running, and within seconds of killing the process, the fan cut off. Upon doing further research the internet told me that Rundll32 might have been highjacked.

Normally I'm pretty good about killing rogue software, malware, and the like, but this has me stumped.

This has been happening about a month now.

Attatched are the farbar logs.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-07-2015
Ran by Gunnar (administrator) on MRSLAVE (25-07-2015 20:43:56)
Running from C:\Users\Gunnar\Downloads
Loaded Profiles: Gunnar (Available Profiles: Gunnar)
Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\SimracewayUpdater\SRWUpdate.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(IgniteGT) C:\IgniteGT\Simraceway\SRWAgent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Alexander Roshal) C:\Program Files (x86)\WinRAR\WinRAR.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [819984 2014-03-13] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKU\S-1-5-21-278295415-4203223567-2615167640-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671872 2012-04-17] (DT Soft Ltd)
HKU\S-1-5-21-278295415-4203223567-2615167640-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-278295415-4203223567-2615167640-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2895552 2015-07-23] (Valve Corporation)
HKU\S-1-5-21-278295415-4203223567-2615167640-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53288576 2015-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-278295415-4203223567-2615167640-1000\...\Run: [XCHSGQLLE] => rundll32 "C:\Users\Gunnar\AppData\Roaming\scriptov.dll",nmewpwtib
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRW Download Manager.lnk [2013-09-08]
ShortcutTarget: SRW Download Manager.lnk -> C:\IgniteGT\Simraceway\SRWAgent.exe (IgniteGT)
Startup: C:\Users\Gunnar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2012-08-28]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-278295415-4203223567-2615167640-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-278295415-4203223567-2615167640-1000 -> DefaultScope {6D98695A-DD58-405F-BECF-E628552DA8E4} URL =
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-15] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-15] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.26
Tcpip\..\Interfaces\{4E2C42F6-C41A-429B-8688-FDCF455DB7B5}: [DhcpNameServer] 192.168.0.1 205.171.2.26

FireFox:
========
FF ProfilePath: C:\Users\Gunnar\AppData\Roaming\Mozilla\Firefox\Profiles\n85kn1ob.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: google.com
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-11-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-04-15] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-278295415-4203223567-2615167640-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Gunnar\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-26] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-278295415-4203223567-2615167640-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-04-15] (Pando Networks)
FF Plugin HKU\S-1-5-21-278295415-4203223567-2615167640-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2012-08-20] (Ubisoft)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-12-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-12-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-12-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-12-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-12-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2013-12-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012-06-28] (Nullsoft, Inc.)
FF Extension: Ant Video Downloader - C:\Users\Gunnar\AppData\Roaming\Mozilla\Firefox\Profiles\n85kn1ob.default\Extensions\[email protected] [2015-05-28]
FF Extension: LavaFox V2 - C:\Users\Gunnar\AppData\Roaming\Mozilla\Firefox\Profiles\n85kn1ob.default\Extensions\[email protected] [2015-07-12]
FF Extension: Block site - C:\Users\Gunnar\AppData\Roaming\Mozilla\Firefox\Profiles\n85kn1ob.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2015-06-02]
FF Extension: FDislike - C:\Users\Gunnar\AppData\Roaming\Mozilla\Firefox\Profiles\n85kn1ob.default\Extensions\[email protected] [2012-09-03]
FF Extension: Firebug - C:\Users\Gunnar\AppData\Roaming\Mozilla\Firefox\Profiles\n85kn1ob.default\Extensions\[email protected] [2013-12-30]
FF Extension: Lost Friends Notifier - C:\Users\Gunnar\AppData\Roaming\Mozilla\Firefox\Profiles\n85kn1ob.default\Extensions\[email protected] [2014-11-06]
FF Extension: NASA Night Launch - C:\Users\Gunnar\AppData\Roaming\Mozilla\Firefox\Profiles\n85kn1ob.default\Extensions\[email protected] [2012-08-02]
FF Extension: PDF Viewer - C:\Users\Gunnar\AppData\Roaming\Mozilla\Firefox\Profiles\n85kn1ob.default\Extensions\[email protected] [2014-03-27]
FF Extension: Adblock Plus - C:\Users\Gunnar\AppData\Roaming\Mozilla\Firefox\Profiles\n85kn1ob.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-08-02]
FF Extension: Greasemonkey - C:\Users\Gunnar\AppData\Roaming\Mozilla\Firefox\Profiles\n85kn1ob.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-04-27]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-07-03]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2012-08-28] (Adobe Systems) [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-03-13] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-03-13] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [770832 2014-03-13] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-08-10] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-10-16] (Realtek Semiconductor)
R2 Simraceway Update Service; C:\Program Files (x86)\SimracewayUpdater\SRWUpdate.exe [1630720 2013-07-11] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [19456 2010-08-02] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [27648 2010-08-02] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [27136 2010-08-02] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [33792 2010-08-02] (LG Electronics Inc.)
S3 androidusb; C:\Windows\System32\Drivers\lgandadb.sys [31744 2010-08-02] (Google Inc)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [121616 2014-03-13] (BlueStack Systems)
R3 camfilt2; C:\Windows\System32\DRIVERS\camfilt2.sys [139264 2007-08-29] (Guillemot Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-08-20] (DT Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [121416 2014-10-16] (MotioninJoy) [File not signed]
R3 OM0530; C:\Windows\System32\Drivers\ov530vx.sys [172928 2007-07-13] (OmniVision Technology Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-04-25] (Apple, Inc.) [File not signed]
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2010-10-14] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [28160 2010-10-14] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [34816 2010-10-14] (LG Electronics Inc.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-25 20:43 - 2015-07-25 20:44 - 00019691 _____ C:\Users\Gunnar\Downloads\FRST.txt
2015-07-25 20:43 - 2015-07-25 20:44 - 00000000 ____D C:\FRST
2015-07-25 20:43 - 2015-07-25 20:43 - 00000000 ____D C:\Users\Gunnar\Downloads\FRST-OlderVersion
2015-07-25 20:41 - 2015-07-25 20:43 - 02146816 _____ (Farbar) C:\Users\Gunnar\Downloads\FRST64.exe
2015-07-24 21:21 - 2015-07-24 21:21 - 00000218 _____ C:\Users\Gunnar\AppData\Local\recently-used.xbel
2015-07-24 09:09 - 2015-07-24 21:07 - 00000000 ____D C:\Users\Gunnar\AppData\Roaming\deluge
2015-07-24 09:09 - 2015-07-24 09:15 - 00000000 ____D C:\Users\Gunnar\Downloads\VA - Best of Trap Music [2014]
2015-07-24 09:06 - 2015-07-24 09:06 - 13595245 _____ C:\Users\Gunnar\Downloads\deluge-1.3.11-win32-setup.exe
2015-07-24 09:06 - 2015-07-24 09:06 - 00000939 _____ C:\Users\Public\Desktop\Deluge.lnk
2015-07-24 09:06 - 2015-07-24 09:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge
2015-07-24 09:06 - 2015-07-24 09:06 - 00000000 ____D C:\Program Files (x86)\Deluge
2015-07-23 19:58 - 2015-07-23 19:58 - 00000000 ____D C:\Users\Gunnar\AppData\Local\CEF
2015-07-20 23:03 - 2015-07-14 20:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-20 23:03 - 2015-07-14 20:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-20 23:03 - 2015-07-14 20:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-20 23:03 - 2015-07-14 20:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-20 23:03 - 2015-07-14 19:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-20 23:03 - 2015-07-14 19:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-20 23:03 - 2015-07-14 19:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-20 23:03 - 2015-07-14 19:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-20 23:03 - 2015-07-14 18:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-20 23:03 - 2015-07-14 18:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-18 18:52 - 2015-07-18 18:53 - 00000000 ____D C:\Users\Gunnar\AppData\Local\PAYDAY 2
2015-07-18 18:52 - 2015-07-18 18:52 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-07-18 18:52 - 2015-07-18 18:52 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2015-07-16 23:32 - 2015-07-16 23:41 - 00000000 ____D C:\Users\Gunnar\Documents\shred
2015-07-15 13:06 - 2012-11-10 13:46 - 00821736 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2015-07-15 13:06 - 2012-11-10 13:46 - 00746984 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2015-07-15 13:05 - 2015-07-15 13:06 - 00000000 ____D C:\ProgramData\Oracle
2015-07-15 13:02 - 2015-07-15 13:02 - 00562784 _____ (Oracle Corporation) C:\Users\Gunnar\Downloads\jxpiinstall(1).exe
2015-07-14 23:22 - 2015-07-02 14:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-14 23:22 - 2015-07-02 14:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-14 23:22 - 2015-07-02 13:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-14 23:22 - 2015-07-02 13:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-14 23:22 - 2015-07-02 13:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-14 23:22 - 2015-07-02 13:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-14 23:22 - 2015-07-02 13:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-14 23:22 - 2015-07-02 13:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-14 23:22 - 2015-07-02 13:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-14 23:22 - 2015-07-02 12:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-14 23:22 - 2015-07-02 12:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-14 23:22 - 2015-07-02 11:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-14 23:22 - 2015-06-26 19:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-14 23:22 - 2015-06-26 19:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-14 23:22 - 2015-06-26 18:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-14 23:22 - 2015-06-26 18:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-14 23:22 - 2015-06-25 01:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-14 23:22 - 2015-06-17 10:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-14 23:22 - 2015-06-17 10:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-14 23:22 - 2015-06-01 17:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-14 23:22 - 2015-06-01 16:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-14 23:21 - 2015-06-25 11:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-14 23:21 - 2015-06-25 10:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-14 23:21 - 2015-06-20 13:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-14 23:21 - 2015-06-20 12:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-14 23:21 - 2015-06-20 12:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-14 23:21 - 2015-06-20 12:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-14 23:21 - 2015-06-20 12:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-14 23:21 - 2015-06-20 12:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-14 23:21 - 2015-06-20 12:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-14 23:21 - 2015-06-20 12:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-14 23:21 - 2015-06-20 12:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-14 23:21 - 2015-06-20 12:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-14 23:21 - 2015-06-20 12:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-14 23:21 - 2015-06-20 12:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-14 23:21 - 2015-06-20 12:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-14 23:21 - 2015-06-20 12:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-14 23:21 - 2015-06-20 12:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-14 23:21 - 2015-06-20 12:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-14 23:21 - 2015-06-20 12:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-14 23:21 - 2015-06-20 11:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-14 23:21 - 2015-06-20 11:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-14 23:21 - 2015-06-20 11:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-14 23:21 - 2015-06-20 11:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-14 23:21 - 2015-06-20 11:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-14 23:21 - 2015-06-20 11:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-14 23:21 - 2015-06-19 11:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-14 23:21 - 2015-06-19 11:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-14 23:21 - 2015-06-19 11:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-14 23:21 - 2015-06-19 11:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-14 23:21 - 2015-06-19 11:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-14 23:21 - 2015-06-19 11:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-14 23:21 - 2015-06-19 11:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-14 23:21 - 2015-06-19 11:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-14 23:21 - 2015-06-19 11:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-14 23:21 - 2015-06-19 11:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-14 23:21 - 2015-06-19 10:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-14 23:21 - 2015-06-19 10:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-14 23:21 - 2015-06-19 10:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-14 23:21 - 2015-06-19 10:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-14 23:21 - 2015-06-19 10:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-14 23:21 - 2015-06-19 10:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-14 23:21 - 2015-06-19 10:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-14 23:21 - 2015-06-19 10:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-14 23:21 - 2015-06-19 10:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-14 23:20 - 2015-07-04 11:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-14 23:20 - 2015-07-04 10:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-14 23:20 - 2015-07-01 13:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-14 23:20 - 2015-07-01 13:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-14 23:20 - 2015-07-01 13:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-14 23:20 - 2015-07-01 13:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-14 23:20 - 2015-07-01 13:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-14 23:20 - 2015-07-01 13:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-14 23:20 - 2015-07-01 13:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-14 23:20 - 2015-07-01 13:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-14 23:20 - 2015-07-01 13:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-14 23:20 - 2015-07-01 13:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-14 23:20 - 2015-07-01 13:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-14 23:20 - 2015-07-01 13:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-14 23:20 - 2015-07-01 13:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-14 23:20 - 2015-07-01 13:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-14 23:20 - 2015-07-01 13:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-14 23:20 - 2015-07-01 13:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-14 23:20 - 2015-07-01 13:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-14 23:20 - 2015-07-01 13:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-14 23:20 - 2015-07-01 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-14 23:20 - 2015-07-01 13:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-14 23:20 - 2015-07-01 13:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-14 23:20 - 2015-07-01 13:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-14 23:20 - 2015-07-01 13:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-14 23:20 - 2015-07-01 13:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-14 23:20 - 2015-07-01 13:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-14 23:20 - 2015-07-01 13:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-14 23:20 - 2015-07-01 13:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-14 23:20 - 2015-07-01 13:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-14 23:20 - 2015-07-01 13:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-14 23:20 - 2015-07-01 13:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-14 23:20 - 2015-07-01 13:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-14 23:20 - 2015-07-01 13:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-14 23:20 - 2015-07-01 13:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-14 23:20 - 2015-07-01 13:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-14 23:20 - 2015-07-01 13:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-14 23:20 - 2015-07-01 12:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-14 23:20 - 2015-07-01 12:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-14 23:20 - 2015-07-01 12:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-14 23:20 - 2015-06-15 14:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-14 23:20 - 2015-06-15 14:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-14 23:20 - 2015-06-15 14:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-14 23:20 - 2015-06-15 14:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-14 23:20 - 2015-06-15 14:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-14 23:20 - 2015-06-15 14:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-14 23:20 - 2015-06-15 14:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-14 23:20 - 2015-06-15 14:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-14 23:20 - 2015-06-15 14:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-14 23:20 - 2015-06-15 14:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-14 23:20 - 2015-06-15 14:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-14 23:20 - 2015-06-15 14:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-14 23:20 - 2015-06-11 10:56 - 01112576 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-14 23:20 - 2015-06-11 10:16 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-07-14 23:20 - 2015-06-11 10:15 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-07-14 15:10 - 2015-07-14 15:10 - 18524336 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-07-13 21:42 - 2015-07-13 22:04 - 00000000 ____D C:\Users\Gunnar\AppData\Local\BoringManGame
2015-07-08 14:50 - 2015-07-08 14:57 - 00000000 ____D C:\Users\Gunnar\Documents\TrackMania
2015-07-08 14:50 - 2015-07-08 14:56 - 00000000 ____D C:\ProgramData\TrackMania
2015-07-08 12:37 - 2015-07-08 12:37 - 00001270 _____ C:\Users\Public\Desktop\WTAssetViewer.lnk
2015-07-08 12:37 - 2015-07-08 12:37 - 00001260 _____ C:\Users\Public\Desktop\WTMissionEditor.lnk
2015-07-08 12:30 - 2015-07-08 12:36 - 151820656 _____ (Gaijin Entertainment ) C:\Users\Gunnar\Downloads\WarThunderCDK_2015_07_02__17_26.exe
2015-07-03 01:27 - 2015-07-15 10:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-01 02:13 - 2015-07-01 02:13 - 00000000 ____D C:\Users\Gunnar\Desktop\GAME OF THE YEAR 420BLAZEIT

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-25 20:43 - 2015-02-06 04:02 - 00000000 ____D C:\Users\Gunnar\AppData\Roaming\Skype
2015-07-25 20:39 - 2013-04-24 00:53 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-25 20:30 - 2014-09-12 10:49 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-25 20:17 - 2012-08-01 23:54 - 01651643 _____ C:\Windows\WindowsUpdate.log
2015-07-25 20:17 - 2009-07-13 21:45 - 00018768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-25 20:17 - 2009-07-13 21:45 - 00018768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-25 20:10 - 2013-04-17 16:40 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-25 16:39 - 2013-04-24 00:53 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-25 08:19 - 2012-12-15 18:45 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-24 13:49 - 2013-09-08 12:59 - 16550095 _____ C:\Simraceway.log
2015-07-23 08:57 - 2013-12-21 16:45 - 00000000 ____D C:\Program Files (x86)\WarThunder
2015-07-21 09:13 - 2009-07-13 22:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-21 09:08 - 2009-07-13 21:45 - 02897352 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-21 09:07 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-21 09:06 - 2014-02-16 02:00 - 00024297 _____ C:\Windows\setupact.log
2015-07-21 09:06 - 2012-08-02 10:46 - 00244144 _____ C:\Windows\PFRO.log
2015-07-16 23:48 - 2013-12-11 22:45 - 00000000 ____D C:\titties
2015-07-16 09:10 - 2014-03-17 15:58 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-16 09:05 - 2015-01-15 10:11 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-15 20:56 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2015-07-15 16:34 - 2013-04-24 00:53 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-15 16:34 - 2013-04-24 00:53 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-15 13:05 - 2012-11-10 13:46 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-07-15 13:05 - 2012-11-10 13:46 - 00000000 ____D C:\Program Files (x86)\Java
2015-07-15 13:00 - 2012-08-16 15:45 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2015-07-15 12:53 - 2015-06-17 13:00 - 00000000 ____D C:\Users\Gunnar\AppData\Local\Battle.net
2015-07-15 10:58 - 2015-06-17 13:11 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2015-07-15 10:52 - 2015-06-17 12:59 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-07-15 10:52 - 2015-02-06 04:02 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-15 10:52 - 2015-02-06 04:02 - 00000000 ____D C:\ProgramData\Skype
2015-07-15 10:52 - 2013-09-08 13:00 - 00000000 ____D C:\Users\Gunnar\AppData\Roaming\Simraceway
2015-07-15 10:47 - 2012-09-24 18:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-14 15:10 - 2013-04-17 16:40 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-14 15:10 - 2012-08-02 00:22 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-14 15:10 - 2012-08-02 00:22 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-14 11:47 - 2014-05-19 23:17 - 00000000 ____D C:\Users\Gunnar\AppData\Roaming\vlc
2015-07-08 12:37 - 2013-12-21 16:45 - 00000000 ____D C:\Users\Gunnar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder
2015-06-30 20:35 - 2012-08-13 22:57 - 00000000 ____D C:\Users\Gunnar\AppData\Local\Adobe
2015-06-30 20:12 - 2014-09-12 10:48 - 00001062 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-30 20:12 - 2014-09-12 10:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-30 13:11 - 2009-07-13 22:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-25 00:34 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2015-05-21 11:23 - 2015-05-21 11:23 - 0192512 __RSH () C:\Users\Gunnar\AppData\Roaming\scriptov.dll
2013-06-29 23:42 - 2014-05-19 23:10 - 0005632 _____ () C:\Users\Gunnar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-31 16:35 - 2014-03-31 16:35 - 0000000 ___SH () C:\Users\Gunnar\AppData\Local\LumaEmu
2015-07-24 21:21 - 2015-07-24 21:21 - 0000218 _____ () C:\Users\Gunnar\AppData\Local\recently-used.xbel

Files to move or delete:
====================
C:\Users\Gunnar\Rosetta Stone v3 Japanese & Speech Preinstalled.exe


Some files in TEMP:
====================
C:\Users\Gunnar\AppData\Local\Temp\AutoRun.exe
C:\Users\Gunnar\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Gunnar\AppData\Local\Temp\drm_dyndata_7380015.dll
C:\Users\Gunnar\AppData\Local\Temp\ICReinstall_Open OfficeSetup.exe
C:\Users\Gunnar\AppData\Local\Temp\SRLDetectionLibrary3800261731291482403.dll
C:\Users\Gunnar\AppData\Local\Temp\SRLDetectionLibrary8102258288014690517.dll
C:\Users\Gunnar\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Gunnar\AppData\Local\Temp\utt580C.tmp.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-23 00:37

==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-07-2015
Ran by Gunnar at 2015-07-25 20:45:02
Running from C:\Users\Gunnar\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-278295415-4203223567-2615167640-500 - Administrator - Disabled)
Guest (S-1-5-21-278295415-4203223567-2615167640-501 - Limited - Disabled)
Gunnar (S-1-5-21-278295415-4203223567-2615167640-1000 - Administrator - Enabled) => C:\Users\Gunnar
HomeGroupUser$ (S-1-5-21-278295415-4203223567-2615167640-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2.3 (HKLM-x32\...\{590B031A-4935-47A9-A6DD-7377DDB2ED3A}_is1) (Version: 2.3 - PlayWay S.A.)
Acoustica Mixcraft 6 (HKLM-x32\...\Acoustica Mixcraft 6) (Version: b189 - Acoustica)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.2.443 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Master Collection (HKLM-x32\...\Adobe_d2f336b2c5feeb945c28b7a0a45170f) (Version: 4.0 - Adobe Systems Incorporated)
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.2.152 - Adobe Systems, Inc.)
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Age of Empires III (HKLM-x32\...\InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Aimersoft DVD Creator(Build 2.5.2.15) (HKLM-x32\...\Aimersoft DVD Creator_is1) (Version:  - Wondershare Software)
AMD Catalyst Install Manager (HKLM\...\{3C378793-5288-0165-FCA4-D319D5E4A490}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
APB Reloaded (HKLM-x32\...\Steam App 113400) (Version:  - Reloaded Productions)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Assassin's Creed II 1.01 (HKLM-x32\...\Assassin's Creed II_is1) (Version:  - ea)
Assassin's Creed Revelations (HKLM-x32\...\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}) (Version: 1.01 - Ubisoft)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Automation - The Car Company Tycoon Game (HKLM-x32\...\Steam App 293760) (Version:  - Camshaft Software)
Automation (HKLM-x32\...\Automation) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.7.3069 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{FE5ABB0E-EDEA-4023-B0FB-9DEA39A98D76}) (Version: 0.8.7.3069 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Boring Man - Online Tactical Stickman Combat (HKLM-x32\...\Steam App 346120) (Version:  - Spasman Games)
Bruteforce Save Data (HKLM-x32\...\Bruteforce Save Data) (Version:  - )
CamStudio OSS Desktop Recorder (HKLM-x32\...\{FD9C31B6-F572-414D-81E3-89368C97A125}_is1) (Version: 2.6 Beta r294 - CamStudio Open Source Dev Team)
Car Mechanic Simulator 2014 (HKLM-x32\...\Car Mechanic Simulator 2014_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0315 - DT Soft Ltd)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Deluge 1.3.11 (HKLM-x32\...\Deluge) (Version:  - )
eSupport UndeletePlus 3.0.5.313 (HKLM-x32\...\eSupport UndeletePlus_is1) (Version:  - Copyright © 2013 eSupport.com • All Rights Reserved)
File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version:  - Pow Tools)
Five Nights at Freddy's (HKU\S-1-5-21-278295415-4203223567-2615167640-1000\...\Five Nights at Freddy's) (Version:  - )
FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version:  - Image-Line)
FreeStyle2: Street Basketball (HKLM-x32\...\Steam App 339610) (Version:  - Joycity)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Halo 2 for Windows Vista (HKLM-x32\...\Halo 2) (Version:  - Microsoft Game Studios)
Halo 2 for Windows Vista (x32 Version: 1.0.0.0 - Microsoft Corporation) Hidden
Hearts of iron 3 Their Finest Hour 4.01 (HKLM-x32\...\Hearts of iron 3 Their Finest Hour 4.01) (Version: 4.01 - Hoi2.ru)
Hearts of Iron III (HKLM-x32\...\{D0106CC2-E34B-4FA3-B6B6-91F0ACEA2CC3}) (Version:  - )
Hercules Classic Webcam Drivers (HKLM-x32\...\{5F0EE12C-44B1-4FCB-87E3-4686C888774A}) (Version: 1.00.0000 - Hercules)
Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version:  - Reto-Moto)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Kill The Bad Guy (HKLM-x32\...\Kill The Bad Guy_is1) (Version:  - )
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
LG United Mobile Drivers (HKLM-x32\...\{2D371881-67FB-4EAB-B59A-F59DC43199DD}) (Version: 2.1 - LG Electronics)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Games for Windows - LIVE  (HKLM-x32\...\{4D243BA7-9AC4-46D1-90E5-EEB88974F501}) (Version: 2.0.687.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}) (Version: 2.0.687.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.30319 - Microsoft Corporation)
Mirror's Edge™ (HKLM-x32\...\{AEDBD563-24BB-4EE3-8366-A654DAC2D988}) (Version: 1.0.0.0 - Electronic Arts)
MotioninJoy Gamepad tool 0.7.0000 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.0000 - www.motioninjoy.com)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MultiBit 0.5.16 (HKLM-x32\...\MultiBit 0.5.16) (Version: 0.5.16 - )
Need for Speed Underground 2 (HKLM-x32\...\{909F8EBC-EC7F-48FF-0085-475D818F0F31}) (Version:  - )
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PandoraRecovery (Remove Only) (HKLM-x32\...\PandoraRecovery) (Version:  - )
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version:  - )
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pixel Bender Toolkit (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Quake Live (HKLM-x32\...\Steam App 282440) (Version:  - id Software)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Resident Evil 4 1.10 (HKLM-x32\...\Resident Evil 4_is1) (Version:  - )
RESIDENT EVIL 5 (HKLM-x32\...\{AC08BBA0-96B9-431A-A7D0-D8598E493775}) (Version: 1.0.0.129 - CAPCOM CO., LTD.)
Rosetta Stone Version 3 (HKLM-x32\...\{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}) (Version: 3.4.7.0 - Rosetta Stone Ltd.)
RZ DVD Creator (HKLM-x32\...\{3F32058A-343A-4C16-BD1B-BE35E9A42352}) (Version: 4.52 - RealZeal Soft)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.999 - SAMSUNG Electronics Co., Ltd.)
Search Protection (HKU\S-1-5-21-278295415-4203223567-2615167640-1000\...\Search Protection) (Version: 8.7.0.1 - Spigot, Inc.) <==== ATTENTION
SimCity, âåðñèÿ 1.0.0.0 (HKLM-x32\...\SimCity_is1) (Version: 1.0.0.0 - RePack by SEYTER)
Simraceway 28.92 (HKLM-x32\...\Simraceway) (Version: 28.92 - Simraceway)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Source SDK (HKLM-x32\...\Steam App 211) (Version:  - Valve)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Star wars Battlefront II version 1.3 (HKLM-x32\...\{2EF34761-F147-4984-8AF1-BB9F8DA76CDD}_is1) (Version: 1.3 - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab (HKLM-x32\...\{FEE1F166-EAE4-4C4B-8988-D82521F9F63F}) (Version: 6.1.5.0 - Husdawg, LLC)
TrackMania Nations Forever (HKLM-x32\...\Steam App 11020) (Version:  - Nadeo)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Ubuntu (HKLM-x32\...\Wubi) (Version: 12.04.3-rev279 - Ubuntu)
Unity (HKLM-x32\...\Unity) (Version: 4.5.0f6 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-278295415-4203223567-2615167640-1000\...\UnityWebPlayer) (Version: 4.5.0f6 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
War Thunder CDK 0.1 (HKLM-x32\...\{ed8deea4-29fe-1932-9612-e2122d8a62d9}}_is1) (Version:  - Gaijin Entertainment)
War Thunder Launcher 1.0.1.299 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - 2013 Gaijin Entertainment Corporation)
West Point Bridge Designer 2014 (2nd Edition) (remove only) (HKLM-x32\...\West Point Bridge Designer 2014 (2nd Edition)) (Version:  - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-278295415-4203223567-2615167640-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinUAE 2.6.1 (HKLM-x32\...\WinUAE) (Version: 2.6.1 - Arabuusimiehet)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version:  - )
Xvid MPEG-4 Video Codec (HKLM-x32\...\xvid) (Version:  - Xvid Development Team)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

20-07-2015 22:59:05 Windows Update
21-07-2015 03:00:12 Windows Update
24-07-2015 14:11:57 Windows Update

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03B975DA-85B3-4577-936C-6285C5DE78A8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {06D29252-84B2-4C98-93CE-8C998089CA0E} - System32\Tasks\IR5 => cmd.exe /c cscript.exe /b C:\Windows\System32\slmgr.vbs /rearm &amp;&amp; net stop sppsvc &amp;&amp; net start sppsvc
Task: {16FC838A-5143-4DA1-AB45-C35381FCDFD2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-24] (Google Inc.)
Task: {8C8797EE-C8FE-4DEA-B866-459F88157341} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-24] (Google Inc.)
Task: {949A2318-DF54-45CC-A5DF-E89E861800F6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-12-06 17:06 - 2013-12-06 17:06 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2013-07-26 06:59 - 2013-07-26 06:59 - 00814592 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2013-07-26 06:59 - 2013-07-26 06:59 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-12-06 17:06 - 2013-12-06 17:06 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-20 11:04 - 2013-08-10 15:42 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-07-11 14:04 - 2013-07-11 14:04 - 01630720 _____ () C:\Program Files (x86)\SimracewayUpdater\SRWUpdate.exe
2013-12-06 17:06 - 2013-12-06 17:06 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-07-11 14:03 - 2013-07-11 14:03 - 00252832 _____ () C:\Program Files (x86)\SimracewayUpdater\PATCHW32.dll
2013-07-01 08:20 - 2015-07-03 09:12 - 00778240 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-25 00:00 - 2015-07-03 09:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-25 00:00 - 2015-07-03 09:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-25 00:00 - 2015-07-03 09:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-05-22 20:46 - 2015-07-23 16:24 - 02410176 _____ () C:\Program Files (x86)\Steam\video.dll
2014-09-12 10:55 - 2014-12-01 14:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-09-12 10:55 - 2014-12-01 14:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-09-12 10:55 - 2014-12-01 14:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-09-12 10:55 - 2014-12-01 14:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-09-12 10:55 - 2014-12-01 14:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2012-12-15 18:48 - 2015-07-23 16:23 - 00703168 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-07-23 19:58 - 2015-07-07 13:41 - 00169984 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2012-12-15 18:48 - 2015-07-03 09:12 - 39553928 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Gunnar\Downloads\Der kleine Eisbär - Besuch vom Südpol Full German.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Gunnar\Downloads\Der kleine Eisbär - Lars und der kleine Tiger - aus_ Neue Abenteuer, neue Freunde.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Gunnar\Downloads\IMG_9642.JPG:Mac_Metadata

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-278295415-4203223567-2615167640-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Gunnar\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.0.1 - 205.171.2.26
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{72BF8D4C-2E19-4D6A-A846-3DA709A37F8F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CC602CB6-DA0A-4685-B23C-44768768393A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BFFBB460-0613-4710-9D96-6D1E8F30DD2D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D69FAB4F-174B-4A2E-B4FE-9474FFF79AFF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3BA4D1DE-7F17-4CF9-A5A4-CC2301B47457}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{8C2CEEB6-9BA2-4BB4-B797-124413A4AD79}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{1D986FE7-4CD9-4BF4-AECA-5F154426EF29}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{8481D853-D85A-46E0-8C05-120C4643622A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{A854C668-F1B0-4B2C-AA1C-97D651F5D795}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{A4BCF1A3-7385-452A-8ED8-FD1BE0850CDB}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{A8C6F3B4-A581-4A50-8F41-A0EAECD46BB9}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\ACRSP.exe
FirewallRules: [{EDC102A1-1531-4DD4-AF85-BB28BA9E8749}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\ACRSP.exe
FirewallRules: [{D9485DE7-5006-44F3-B8C3-E3ABC6D6206A}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\ACRMP.exe
FirewallRules: [{301C2A3E-8BA0-43A7-835B-2C4C8238B306}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\ACRMP.exe
FirewallRules: [{1CD45FA9-8496-4FA2-9C7F-3ED74DD55CDD}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\AssassinsCreedRevelations.exe
FirewallRules: [{4FA25663-8991-4053-80E4-3B7392D57590}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\AssassinsCreedRevelations.exe
FirewallRules: [{4DA39227-D678-4F44-A1C2-C4BE7A7A088F}] => (Allow) LPort=5353
FirewallRules: [{0EADABD6-8EE1-4B2E-BCA2-EF0CB82BEE8C}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
FirewallRules: [{F656FF07-3D57-44AE-9359-0C3EDF4A1F55}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
FirewallRules: [{B821B55E-AFE0-42FF-931F-FB0686AE46B8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{625266AB-E4AF-4FD7-BE1E-B0ED1D1F09CE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{221C858F-FA4E-415F-A7DC-368289B83F17}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{CFB89727-8CED-4248-B74F-511DEE9DE664}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [{5FDEDFA5-3333-4613-A030-A1D98EE73AEE}] => (Allow) LPort=1688
FirewallRules: [TCP Query User{D0B2CB9C-0A66-4AB8-85AD-A0A12EB5E878}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{3255380B-91FC-491B-8FF9-7D542C4A9C4E}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{D55D167F-791D-456C-9439-CF65AC8385E9}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{2AF45EFB-DBBB-4731-9324-DB1CF615865E}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{6F54ACEC-A94D-41CA-A079-50EBB4C6620F}] => (Allow) C:\Program Files (x86)\CAPCOM\RESIDENT EVIL 5\RE5DX9.EXE
FirewallRules: [{A7ACFBE5-73D0-4159-9D93-878D4FCA1EC8}] => (Allow) C:\Program Files (x86)\CAPCOM\RESIDENT EVIL 5\RE5DX9.EXE
FirewallRules: [{6E757AC9-6FA2-4984-B01C-A57617F9C5A9}] => (Allow) C:\Program Files (x86)\CAPCOM\RESIDENT EVIL 5\RE5DX10.EXE
FirewallRules: [{6FA284F6-FCE4-4F5E-BC8D-3DB337215EDB}] => (Allow) C:\Program Files (x86)\CAPCOM\RESIDENT EVIL 5\RE5DX10.EXE
FirewallRules: [{F9158D0E-97EB-4BAB-BD52-4E896AE0DC59}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D70CE955-2E72-4991-8025-725302B0B006}] => (Allow) LPort=2869
FirewallRules: [{1456B32E-B7EB-4E03-8F09-E05195ABBAF7}] => (Allow) LPort=1900
FirewallRules: [{DA280ACB-3FEA-4E4C-9C96-5FC6FEA02898}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{7DC5D9AA-AD4B-45D7-9B59-EC0BF5DAC448}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{B7E0BE6B-0B25-4A4C-8E55-0108E35A18D5}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{1E296B4D-5392-44F3-95E3-3D47FF62A96E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{6827CCE9-09B6-4946-BABD-86900FFC3525}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\APB Reloaded\Binaries\APB.exe
FirewallRules: [{DB9D9BC2-DB5E-4D7E-919D-67421BF403D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\APB Reloaded\Binaries\APB.exe
FirewallRules: [{26DEAE49-F68D-499F-9A1A-BB73227D1976}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [{B0833326-85FC-4093-90DF-84F374D81970}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [TCP Query User{6D86D4F1-0210-4409-8582-3E9987EBF181}C:\ignitegt\simraceway\simracewaygame.exe] => (Allow) C:\ignitegt\simraceway\simracewaygame.exe
FirewallRules: [UDP Query User{73BFADEE-00E4-40CB-96E7-B6367D8A9EE9}C:\ignitegt\simraceway\simracewaygame.exe] => (Allow) C:\ignitegt\simraceway\simracewaygame.exe
FirewallRules: [{AF6EF51F-1277-4466-BE5B-661FA37C472E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{4530C422-3F5A-4F99-945F-2AA4839CEC52}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{B1B40E45-A8F9-4139-A2BF-23CF79A0E526}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\APB Reloaded\Launcher\APBLauncher.exe
FirewallRules: [{AD37ECE6-CE0D-4052-9FCE-B4F852D58AC7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\APB Reloaded\Launcher\APBLauncher.exe
FirewallRules: [TCP Query User{06DBB0BB-FD3A-4B62-A76D-617DE7AEF8E0}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [UDP Query User{27891B5F-FE0A-4D9B-BF33-F40CCECCE24A}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [{E91D716A-66A8-4371-9B48-07CC12ABF879}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\APB Reloaded\Launcher\APBLauncher.exe
FirewallRules: [{25DA3761-BE65-4F89-B928-C33A075F4054}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\APB Reloaded\Launcher\APBLauncher.exe
FirewallRules: [{2337C05B-6492-415B-9875-EF7CCA698823}] => (Allow) C:\Program Files (x86)\WarThunder\launcher.exe
FirewallRules: [{CF45C9A7-C983-43C2-BF9E-DF84B0ECEF89}] => (Allow) C:\Program Files (x86)\WarThunder\launcher.exe
FirewallRules: [{ED4704EF-CE0F-4F1D-ADA2-EDDD9C924C58}] => (Allow) LPort=80
FirewallRules: [{321347EF-5162-41D9-9E31-3A04918C4530}] => (Allow) LPort=443
FirewallRules: [{A447C112-4FE8-445A-91E8-0E876028F348}] => (Allow) LPort=20010
FirewallRules: [{CD25A9BE-B8A3-4BA3-92D2-F2A5F4C35D8D}] => (Allow) LPort=3478
FirewallRules: [{5E623DF3-ABB9-46E6-AE0F-A43E70B9B43A}] => (Allow) LPort=7850
FirewallRules: [{E657DD70-8C57-40F2-BE21-AC59246F882B}] => (Allow) LPort=27022
FirewallRules: [{297B6DB8-1066-4C98-B029-4AF77ECA8762}] => (Allow) LPort=6881
FirewallRules: [{0ECBB379-CEFC-408E-A764-781EBC023690}] => (Allow) LPort=33333
FirewallRules: [{EC1DD7F6-C4FE-499A-93EC-8A49BBC5CC13}] => (Allow) LPort=20443
FirewallRules: [{F6AC7CD9-9514-4E1A-919E-3C24EAF61B91}] => (Allow) LPort=8090
FirewallRules: [TCP Query User{45F04A93-03BA-42C8-B2CC-42C694F034E9}C:\program files (x86)\warthunder\aces.exe] => (Allow) C:\program files (x86)\warthunder\aces.exe
FirewallRules: [UDP Query User{BB99AE92-6C14-472D-B111-4942025D68E7}C:\program files (x86)\warthunder\aces.exe] => (Allow) C:\program files (x86)\warthunder\aces.exe
FirewallRules: [{6AE7E29F-7711-4D3B-8CBC-BF50E72BFF95}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{39DD33AE-736F-433C-9012-9C071E81D5C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{71F86D96-1588-4B69-B16B-6F2604480A55}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{3C6481E3-910C-4EA9-A13B-47F4C13DA29C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{EA804CD6-F141-46E3-A72D-73614DD4F24E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{AE3603F3-DB7B-4664-947B-F2227F2C7137}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{22535EBC-53C4-491A-A679-31DA224B03D1}] => (Allow) C:\Users\Gunnar\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1138021C-B913-47AB-82B5-490C17590442}] => (Allow) C:\Users\Gunnar\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{75E97049-F873-4F3A-8E5E-679B586AC5C0}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3.exe
FirewallRules: [{E602CC65-4CEE-472F-94B3-0EDB155E7A60}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3.exe
FirewallRules: [{CA977058-4B32-46EC-999E-C0F93705B5F5}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{07126085-6A44-4A98-AAA4-C9FDFB21A80C}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{8DD31974-56E4-41C3-AEA8-F560ABED9224}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{DF982A58-0518-49BA-863D-3A1336A9369B}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{0611414F-8785-426F-98E8-C7A0D7A5DE0B}] => (Allow) LPort=57513
FirewallRules: [{1CFB49E5-A990-439F-ADCD-97F7F47DF59C}] => (Allow) LPort=57513
FirewallRules: [{02EEAF91-4D86-40AF-B0AF-F4167DDC01A0}] => (Allow) LPort=57513
FirewallRules: [{CBA1AD96-3D90-4CF9-AC59-6A5885B4E676}] => (Allow) LPort=57513
FirewallRules: [{657486B1-DB07-4484-BD48-BEF349FA53E7}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{A538D460-6A3B-4BB2-A4F0-9681DF9162BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{E4AC4F29-0F54-4FB5-864D-98C55122DD6C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{50720A24-AA07-4CD2-84C6-CBCE88E0F4C0}] => (Allow) C:\Program Files (x86)\SimCity\SimCity\SimCity.exe
FirewallRules: [{AE60BD34-7189-4A12-AB61-F1CA00D4EE42}] => (Allow) C:\Program Files (x86)\SimCity\SimCity\SimCity.exe
FirewallRules: [{27599509-7629-431E-9BF8-F4339D752BAC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceSDK\bin\SDKLauncher.exe
FirewallRules: [{B0A4DA91-044B-4E23-AEDC-08CFBED8DF30}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceSDK\bin\SDKLauncher.exe
FirewallRules: [{FD6A7D30-7D02-401A-B748-0CA39E93471F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{D94436FC-7297-41CF-93EF-C07DA1F6C3BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{439E25AA-729D-4045-AE22-9DF7C9468E53}] => (Allow) C:\Program Files (x86)\EA GAMES\Mirror's Edge\Binaries\MirrorsEdge.exe
FirewallRules: [{187A0CF3-9660-4DD0-A972-689C825357EF}] => (Allow) C:\Program Files (x86)\EA GAMES\Mirror's Edge\Binaries\MirrorsEdge.exe
FirewallRules: [{E9C11CED-F5E4-498F-BD31-9C24FC94E116}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{8EDE676F-01B7-4035-98D4-0B25526AAFAB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{263ED903-4123-4C23-A8A6-680457AA5DE5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ.exe
FirewallRules: [{4B5538F3-49EF-49F6-8BFB-08DEF5854C42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ.exe
FirewallRules: [{160FEC2F-585C-4795-8586-D32ED37C8E15}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{6A762C6B-8020-42EC-ABA8-51DCFDB82874}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{FD365C5B-B104-40E5-B62F-9627B1832C35}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe
FirewallRules: [{70253268-E35E-4A9F-93E3-1216E79C18D3}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe
FirewallRules: [{DAA05D41-0309-4B46-B0B4-A0C8417C3351}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe
FirewallRules: [{12F53FB9-5879-4029-A81A-4B45D9D74954}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe
FirewallRules: [{4DC80E15-1EF7-499C-8D21-C469A59323D0}] => (Allow) C:\Program Files (x86)\Microsoft Games\Halo 2\halo2.exe
FirewallRules: [{421EFA3B-F7D4-44B8-917A-3A0BB220AEF4}] => (Allow) C:\Program Files (x86)\Microsoft Games\Halo 2\halo2.exe
FirewallRules: [{B4F58A65-FA8B-4BF7-8BB3-585D9269ECB8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{904DA7EB-D790-499A-B524-9E1B130C233C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{489CC162-BECB-4F41-8A77-33FEAB440152}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{01479246-61BE-421D-AFC7-1093A64C8821}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D9047527-4801-4BDE-9198-12A97BFBDA2B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{F45C1B22-CDEA-4117-9CCA-1E88CA83C5CF}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{C89EDBEE-F46F-4903-979D-27F744B6372D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{6B93F5C9-7E8A-4F23-BA68-DDBD511FAE2A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Automation\Automation Launcher Steam.exe
FirewallRules: [{086E005A-61A1-4D64-8470-C221557B0739}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Automation\Automation Launcher Steam.exe
FirewallRules: [{7D848486-5A0E-4117-8753-6E37345AB112}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FreeStyle2\LauncherSteam.exe
FirewallRules: [{4D8D76B2-0110-4284-8580-9DCBF560B30D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FreeStyle2\LauncherSteam.exe
FirewallRules: [{E435056F-AF12-437D-84C6-558B387DD90D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quake Live\quakelive_steam.exe
FirewallRules: [{753976B4-5285-4D94-9178-E46C8EB8C105}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quake Live\quakelive_steam.exe
FirewallRules: [{E81DD328-957E-4139-8E6E-706A88D7BAF8}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{DA826CE3-7B08-4377-A72A-9A44EEFFAE09}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe
FirewallRules: [UDP Query User{46633B7B-4B46-46D2-9D24-858830E2EFEB}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe
FirewallRules: [{B2717A9A-6ECE-4A40-B96A-A61BC13FEA8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Automation\Automation_Shipping_Steam.exe
FirewallRules: [{19E336C9-77CF-45EE-A343-9FB91BD7D700}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Automation\Automation_Shipping_Steam.exe
FirewallRules: [{214A451A-C83D-4046-A489-AAD2A722417A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{D513F291-837B-41D0-83C8-D55A5B079467}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{343EFBF7-B6EB-4EFD-BE45-A452D253C4CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TrackMania Nations Forever\TmForever.exe
FirewallRules: [{90D1149F-3221-424D-BA1A-3EBFCF0F635D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TrackMania Nations Forever\TmForever.exe
FirewallRules: [{92E7AE1B-6082-4B4C-B3EF-515A7E189819}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TrackMania Nations Forever\TmForeverLauncher.exe
FirewallRules: [{4AC6FA53-EB31-40BE-8D0A-F8833C6875B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TrackMania Nations Forever\TmForeverLauncher.exe
FirewallRules: [{DEA347E2-A0A4-4CBD-9A6E-73C18A016E6A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Boring Man - Online Tactical Stickman Combat\BoringManGame.exe
FirewallRules: [{52E01C25-984C-4C8E-AF5E-E3D6380D0AEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Boring Man - Online Tactical Stickman Combat\BoringManGame.exe
FirewallRules: [{30EEA4C3-A21A-440B-B1DE-1B6B84962C37}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Boring Man - Online Tactical Stickman Combat\BoringEditor\BoringEditor.exe
FirewallRules: [{88623EAC-4FBF-497A-AD4B-E06F879B92A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Boring Man - Online Tactical Stickman Combat\BoringEditor\BoringEditor.exe
FirewallRules: [{D33E005D-3501-4D60-B5C7-0125D162A6A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{EDA8F41C-E240-4C4A-8251-1576EBC8E97C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe

==================== Faulty Device Manager Devices =============

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/25/2015 08:07:43 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005

Error: (07/25/2015 07:42:29 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005

Error: (07/25/2015 07:07:43 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005

Error: (07/25/2015 06:07:43 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005

Error: (07/25/2015 05:42:29 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005

Error: (07/25/2015 05:07:43 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005

Error: (07/25/2015 04:07:43 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005

Error: (07/25/2015 03:42:29 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005

Error: (07/25/2015 03:07:43 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005

Error: (07/25/2015 02:07:43 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005


System errors:
=============
Error: (07/25/2015 08:17:18 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/25/2015 10:07:43 AM) (Source: DCOM) (EventID: 10001) (User: )
Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}

Error: (07/25/2015 08:17:12 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/25/2015 08:17:12 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/25/2015 08:17:11 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/25/2015 08:17:05 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/24/2015 07:52:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (07/24/2015 07:52:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (07/24/2015 07:49:12 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/24/2015 01:42:36 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.


Microsoft Office:
=========================
Error: (07/25/2015 08:07:43 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005

Error: (07/25/2015 07:42:29 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005

Error: (07/25/2015 07:07:43 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005

Error: (07/25/2015 06:07:43 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005

Error: (07/25/2015 05:42:29 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005

Error: (07/25/2015 05:07:43 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005

Error: (07/25/2015 04:07:43 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005

Error: (07/25/2015 03:42:29 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005

Error: (07/25/2015 03:07:43 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005

Error: (07/25/2015 02:07:43 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005


==================== Memory info ===========================

Processor: AMD A6-3620 APU with Radeon™ HD Graphics
Percentage of memory in use: 57%
Total physical RAM: 7666.81 MB
Available physical RAM: 3229.9 MB
Total Virtual: 15331.81 MB
Available Virtual: 10140.43 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:914.61 GB) (Free:302.8 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:16.81 GB) (Free:16.7 GB) NTFS
Drive j: (AOE III DISC 1) (CDROM) (Total:0.59 GB) (Free:0 GB) CDFS
Drive k: (hssar) (CDROM) (Total:1.38 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A79749BB)
Partition 1: (Active) - (Size=914.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=16.8 GB) - (Type=07 NTFS)

==================== End of log ============================

Thanks in advance you guys!

-Gunnar


  • 0

Advertisements

#2
RKinner
Posted 25 July 2015 - 10:14 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.


  • 0

#3
gbns
Posted 25 July 2015 - 10:30 PM

gbns

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

Here we go! Round 2:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-07-2015
Ran by Gunnar (administrator) on MRSLAVE (25-07-2015 21:25:55)
Running from C:\Users\Gunnar\Desktop\frst
Loaded Profiles: Gunnar (Available Profiles: Gunnar)
Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
() C:\Program Files (x86)\SimracewayUpdater\SRWUpdate.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(IgniteGT) C:\IgniteGT\Simraceway\SRWAgent.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [819984 2014-03-13] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKU\S-1-5-21-278295415-4203223567-2615167640-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671872 2012-04-17] (DT Soft Ltd)
HKU\S-1-5-21-278295415-4203223567-2615167640-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-278295415-4203223567-2615167640-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2895552 2015-07-23] (Valve Corporation)
HKU\S-1-5-21-278295415-4203223567-2615167640-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53288576 2015-06-29] (Skype Technologies S.A.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRW Download Manager.lnk [2013-09-08]
ShortcutTarget: SRW Download Manager.lnk -> C:\IgniteGT\Simraceway\SRWAgent.exe (IgniteGT)
Startup: C:\Users\Gunnar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2012-08-28]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-278295415-4203223567-2615167640-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-278295415-4203223567-2615167640-1000 -> DefaultScope {6D98695A-DD58-405F-BECF-E628552DA8E4} URL =
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-15] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-15] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.26
Tcpip\..\Interfaces\{4E2C42F6-C41A-429B-8688-FDCF455DB7B5}: [DhcpNameServer] 192.168.0.1 205.171.2.26

FireFox:
========
FF ProfilePath: C:\Users\Gunnar\AppData\Roaming\Mozilla\Firefox\Profiles\n85kn1ob.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: google.com
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-11-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-04-15] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-278295415-4203223567-2615167640-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Gunnar\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-26] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-278295415-4203223567-2615167640-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-04-15] (Pando Networks)
FF Plugin HKU\S-1-5-21-278295415-4203223567-2615167640-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2012-08-20] (Ubisoft)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-12-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-12-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-12-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-12-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-12-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2013-12-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012-06-28] (Nullsoft, Inc.)
FF Extension: Ant Video Downloader - C:\Users\Gunnar\AppData\Roaming\Mozilla\Firefox\Profiles\n85kn1ob.default\Extensions\[email protected] [2015-05-28]
FF Extension: LavaFox V2 - C:\Users\Gunnar\AppData\Roaming\Mozilla\Firefox\Profiles\n85kn1ob.default\Extensions\[email protected] [2015-07-12]
FF Extension: Block site - C:\Users\Gunnar\AppData\Roaming\Mozilla\Firefox\Profiles\n85kn1ob.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2015-06-02]
FF Extension: FDislike - C:\Users\Gunnar\AppData\Roaming\Mozilla\Firefox\Profiles\n85kn1ob.default\Extensions\[email protected] [2012-09-03]
FF Extension: Firebug - C:\Users\Gunnar\AppData\Roaming\Mozilla\Firefox\Profiles\n85kn1ob.default\Extensions\[email protected] [2013-12-30]
FF Extension: Lost Friends Notifier - C:\Users\Gunnar\AppData\Roaming\Mozilla\Firefox\Profiles\n85kn1ob.default\Extensions\[email protected] [2014-11-06]
FF Extension: NASA Night Launch - C:\Users\Gunnar\AppData\Roaming\Mozilla\Firefox\Profiles\n85kn1ob.default\Extensions\[email protected] [2012-08-02]
FF Extension: PDF Viewer - C:\Users\Gunnar\AppData\Roaming\Mozilla\Firefox\Profiles\n85kn1ob.default\Extensions\[email protected] [2014-03-27]
FF Extension: Adblock Plus - C:\Users\Gunnar\AppData\Roaming\Mozilla\Firefox\Profiles\n85kn1ob.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-08-02]
FF Extension: Greasemonkey - C:\Users\Gunnar\AppData\Roaming\Mozilla\Firefox\Profiles\n85kn1ob.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-04-27]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-07-03]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2012-08-28] (Adobe Systems) [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-03-13] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-03-13] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [770832 2014-03-13] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-08-10] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-10-16] (Realtek Semiconductor)
R2 Simraceway Update Service; C:\Program Files (x86)\SimracewayUpdater\SRWUpdate.exe [1630720 2013-07-11] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [19456 2010-08-02] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [27648 2010-08-02] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [27136 2010-08-02] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [33792 2010-08-02] (LG Electronics Inc.)
S3 androidusb; C:\Windows\System32\Drivers\lgandadb.sys [31744 2010-08-02] (Google Inc)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [121616 2014-03-13] (BlueStack Systems)
R3 camfilt2; C:\Windows\System32\DRIVERS\camfilt2.sys [139264 2007-08-29] (Guillemot Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-08-20] (DT Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [121416 2014-10-16] (MotioninJoy) [File not signed]
R3 OM0530; C:\Windows\System32\Drivers\ov530vx.sys [172928 2007-07-13] (OmniVision Technology Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-04-25] (Apple, Inc.) [File not signed]
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2010-10-14] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [28160 2010-10-14] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [34816 2010-10-14] (LG Electronics Inc.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-25 21:16 - 2015-07-25 21:25 - 00000000 ____D C:\Users\Gunnar\Desktop\frst
2015-07-25 20:45 - 2015-07-25 20:45 - 00050809 _____ C:\Users\Gunnar\Downloads\Addition.txt
2015-07-25 20:43 - 2015-07-25 21:26 - 00000000 ____D C:\FRST
2015-07-25 20:43 - 2015-07-25 20:45 - 00043635 _____ C:\Users\Gunnar\Downloads\FRST.txt
2015-07-25 20:43 - 2015-07-25 20:43 - 00000000 ____D C:\Users\Gunnar\Downloads\FRST-OlderVersion
2015-07-24 21:21 - 2015-07-24 21:21 - 00000218 _____ C:\Users\Gunnar\AppData\Local\recently-used.xbel
2015-07-24 09:09 - 2015-07-24 21:07 - 00000000 ____D C:\Users\Gunnar\AppData\Roaming\deluge
2015-07-24 09:09 - 2015-07-24 09:15 - 00000000 ____D C:\Users\Gunnar\Downloads\VA - Best of Trap Music [2014]
2015-07-24 09:06 - 2015-07-24 09:06 - 13595245 _____ C:\Users\Gunnar\Downloads\deluge-1.3.11-win32-setup.exe
2015-07-24 09:06 - 2015-07-24 09:06 - 00000939 _____ C:\Users\Public\Desktop\Deluge.lnk
2015-07-24 09:06 - 2015-07-24 09:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge
2015-07-24 09:06 - 2015-07-24 09:06 - 00000000 ____D C:\Program Files (x86)\Deluge
2015-07-23 19:58 - 2015-07-23 19:58 - 00000000 ____D C:\Users\Gunnar\AppData\Local\CEF
2015-07-20 23:03 - 2015-07-14 20:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-20 23:03 - 2015-07-14 20:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-20 23:03 - 2015-07-14 20:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-20 23:03 - 2015-07-14 20:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-20 23:03 - 2015-07-14 19:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-20 23:03 - 2015-07-14 19:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-20 23:03 - 2015-07-14 19:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-20 23:03 - 2015-07-14 19:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-20 23:03 - 2015-07-14 18:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-20 23:03 - 2015-07-14 18:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-18 18:52 - 2015-07-18 18:53 - 00000000 ____D C:\Users\Gunnar\AppData\Local\PAYDAY 2
2015-07-18 18:52 - 2015-07-18 18:52 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-07-18 18:52 - 2015-07-18 18:52 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2015-07-16 23:32 - 2015-07-16 23:41 - 00000000 ____D C:\Users\Gunnar\Documents\shred
2015-07-15 13:06 - 2012-11-10 13:46 - 00821736 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2015-07-15 13:06 - 2012-11-10 13:46 - 00746984 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2015-07-15 13:05 - 2015-07-15 13:06 - 00000000 ____D C:\ProgramData\Oracle
2015-07-15 13:02 - 2015-07-15 13:02 - 00562784 _____ (Oracle Corporation) C:\Users\Gunnar\Downloads\jxpiinstall(1).exe
2015-07-14 23:22 - 2015-07-02 14:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-14 23:22 - 2015-07-02 14:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-14 23:22 - 2015-07-02 13:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-14 23:22 - 2015-07-02 13:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-14 23:22 - 2015-07-02 13:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-14 23:22 - 2015-07-02 13:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-14 23:22 - 2015-07-02 13:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-14 23:22 - 2015-07-02 13:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-14 23:22 - 2015-07-02 13:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-14 23:22 - 2015-07-02 12:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-14 23:22 - 2015-07-02 12:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-14 23:22 - 2015-07-02 11:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-14 23:22 - 2015-06-26 19:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-14 23:22 - 2015-06-26 19:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-14 23:22 - 2015-06-26 18:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-14 23:22 - 2015-06-26 18:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-14 23:22 - 2015-06-25 01:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-14 23:22 - 2015-06-17 10:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-14 23:22 - 2015-06-17 10:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-14 23:22 - 2015-06-01 17:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-14 23:22 - 2015-06-01 16:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-14 23:21 - 2015-06-25 11:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-14 23:21 - 2015-06-25 10:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-14 23:21 - 2015-06-20 13:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-14 23:21 - 2015-06-20 12:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-14 23:21 - 2015-06-20 12:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-14 23:21 - 2015-06-20 12:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-14 23:21 - 2015-06-20 12:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-14 23:21 - 2015-06-20 12:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-14 23:21 - 2015-06-20 12:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-14 23:21 - 2015-06-20 12:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-14 23:21 - 2015-06-20 12:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-14 23:21 - 2015-06-20 12:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-14 23:21 - 2015-06-20 12:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-14 23:21 - 2015-06-20 12:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-14 23:21 - 2015-06-20 12:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-14 23:21 - 2015-06-20 12:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-14 23:21 - 2015-06-20 12:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-14 23:21 - 2015-06-20 12:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-14 23:21 - 2015-06-20 12:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-14 23:21 - 2015-06-20 11:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-14 23:21 - 2015-06-20 11:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-14 23:21 - 2015-06-20 11:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-14 23:21 - 2015-06-20 11:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-14 23:21 - 2015-06-20 11:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-14 23:21 - 2015-06-20 11:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-14 23:21 - 2015-06-19 11:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-14 23:21 - 2015-06-19 11:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-14 23:21 - 2015-06-19 11:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-14 23:21 - 2015-06-19 11:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-14 23:21 - 2015-06-19 11:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-14 23:21 - 2015-06-19 11:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-14 23:21 - 2015-06-19 11:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-14 23:21 - 2015-06-19 11:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-14 23:21 - 2015-06-19 11:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-14 23:21 - 2015-06-19 11:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-14 23:21 - 2015-06-19 10:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-14 23:21 - 2015-06-19 10:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-14 23:21 - 2015-06-19 10:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-14 23:21 - 2015-06-19 10:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-14 23:21 - 2015-06-19 10:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-14 23:21 - 2015-06-19 10:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-14 23:21 - 2015-06-19 10:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-14 23:21 - 2015-06-19 10:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-14 23:21 - 2015-06-19 10:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-14 23:20 - 2015-07-04 11:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-14 23:20 - 2015-07-04 10:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-14 23:20 - 2015-07-01 13:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-14 23:20 - 2015-07-01 13:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-14 23:20 - 2015-07-01 13:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-14 23:20 - 2015-07-01 13:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-14 23:20 - 2015-07-01 13:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-14 23:20 - 2015-07-01 13:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-14 23:20 - 2015-07-01 13:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-14 23:20 - 2015-07-01 13:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-14 23:20 - 2015-07-01 13:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-14 23:20 - 2015-07-01 13:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-14 23:20 - 2015-07-01 13:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-14 23:20 - 2015-07-01 13:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-14 23:20 - 2015-07-01 13:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-14 23:20 - 2015-07-01 13:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-14 23:20 - 2015-07-01 13:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-14 23:20 - 2015-07-01 13:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-14 23:20 - 2015-07-01 13:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-14 23:20 - 2015-07-01 13:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-14 23:20 - 2015-07-01 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-14 23:20 - 2015-07-01 13:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-14 23:20 - 2015-07-01 13:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-14 23:20 - 2015-07-01 13:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-14 23:20 - 2015-07-01 13:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-14 23:20 - 2015-07-01 13:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-14 23:20 - 2015-07-01 13:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-14 23:20 - 2015-07-01 13:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-14 23:20 - 2015-07-01 13:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-14 23:20 - 2015-07-01 13:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-14 23:20 - 2015-07-01 13:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-14 23:20 - 2015-07-01 13:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-14 23:20 - 2015-07-01 13:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-14 23:20 - 2015-07-01 13:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-14 23:20 - 2015-07-01 13:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-14 23:20 - 2015-07-01 13:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-14 23:20 - 2015-07-01 13:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-14 23:20 - 2015-07-01 12:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-14 23:20 - 2015-07-01 12:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-14 23:20 - 2015-07-01 12:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-14 23:20 - 2015-06-15 14:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-14 23:20 - 2015-06-15 14:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-14 23:20 - 2015-06-15 14:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-14 23:20 - 2015-06-15 14:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-14 23:20 - 2015-06-15 14:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-14 23:20 - 2015-06-15 14:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-14 23:20 - 2015-06-15 14:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-14 23:20 - 2015-06-15 14:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-14 23:20 - 2015-06-15 14:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-14 23:20 - 2015-06-15 14:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-14 23:20 - 2015-06-15 14:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-14 23:20 - 2015-06-15 14:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-14 23:20 - 2015-06-11 10:56 - 01112576 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-14 23:20 - 2015-06-11 10:16 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-07-14 23:20 - 2015-06-11 10:15 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-07-14 15:10 - 2015-07-14 15:10 - 18524336 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-07-13 21:42 - 2015-07-13 22:04 - 00000000 ____D C:\Users\Gunnar\AppData\Local\BoringManGame
2015-07-08 14:50 - 2015-07-08 14:57 - 00000000 ____D C:\Users\Gunnar\Documents\TrackMania
2015-07-08 14:50 - 2015-07-08 14:56 - 00000000 ____D C:\ProgramData\TrackMania
2015-07-08 12:37 - 2015-07-08 12:37 - 00001270 _____ C:\Users\Public\Desktop\WTAssetViewer.lnk
2015-07-08 12:37 - 2015-07-08 12:37 - 00001260 _____ C:\Users\Public\Desktop\WTMissionEditor.lnk
2015-07-08 12:30 - 2015-07-08 12:36 - 151820656 _____ (Gaijin Entertainment ) C:\Users\Gunnar\Downloads\WarThunderCDK_2015_07_02__17_26.exe
2015-07-03 01:27 - 2015-07-15 10:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-01 02:13 - 2015-07-01 02:13 - 00000000 ____D C:\Users\Gunnar\Desktop\GAME OF THE YEAR 420BLAZEIT

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-25 21:25 - 2015-02-06 04:02 - 00000000 ____D C:\Users\Gunnar\AppData\Roaming\Skype
2015-07-25 21:24 - 2013-09-08 12:59 - 16550342 _____ C:\Simraceway.log
2015-07-25 21:23 - 2014-02-16 02:00 - 00024353 _____ C:\Windows\setupact.log
2015-07-25 21:23 - 2013-04-24 00:53 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-25 21:23 - 2012-12-15 18:45 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-25 21:23 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-25 21:22 - 2012-08-02 10:46 - 00245802 _____ C:\Windows\PFRO.log
2015-07-25 21:22 - 2009-07-13 21:45 - 00018768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-25 21:22 - 2009-07-13 21:45 - 00018768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-25 21:21 - 2012-08-01 23:54 - 01665799 _____ C:\Windows\WindowsUpdate.log
2015-07-25 21:10 - 2013-04-17 16:40 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-25 20:39 - 2013-04-24 00:53 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-25 20:30 - 2014-09-12 10:49 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-23 08:57 - 2013-12-21 16:45 - 00000000 ____D C:\Program Files (x86)\WarThunder
2015-07-21 09:13 - 2009-07-13 22:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-21 09:08 - 2009-07-13 21:45 - 02897352 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-16 23:48 - 2013-12-11 22:45 - 00000000 ____D C:\titties
2015-07-16 09:10 - 2014-03-17 15:58 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-16 09:05 - 2015-01-15 10:11 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-15 20:56 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2015-07-15 16:34 - 2013-04-24 00:53 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-15 16:34 - 2013-04-24 00:53 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-15 13:05 - 2012-11-10 13:46 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-07-15 13:05 - 2012-11-10 13:46 - 00000000 ____D C:\Program Files (x86)\Java
2015-07-15 13:00 - 2012-08-16 15:45 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2015-07-15 12:53 - 2015-06-17 13:00 - 00000000 ____D C:\Users\Gunnar\AppData\Local\Battle.net
2015-07-15 10:58 - 2015-06-17 13:11 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2015-07-15 10:52 - 2015-06-17 12:59 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-07-15 10:52 - 2015-02-06 04:02 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-15 10:52 - 2015-02-06 04:02 - 00000000 ____D C:\ProgramData\Skype
2015-07-15 10:52 - 2013-09-08 13:00 - 00000000 ____D C:\Users\Gunnar\AppData\Roaming\Simraceway
2015-07-15 10:47 - 2012-09-24 18:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-14 15:10 - 2013-04-17 16:40 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-14 15:10 - 2012-08-02 00:22 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-14 15:10 - 2012-08-02 00:22 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-14 11:47 - 2014-05-19 23:17 - 00000000 ____D C:\Users\Gunnar\AppData\Roaming\vlc
2015-07-08 12:37 - 2013-12-21 16:45 - 00000000 ____D C:\Users\Gunnar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder
2015-06-30 20:35 - 2012-08-13 22:57 - 00000000 ____D C:\Users\Gunnar\AppData\Local\Adobe
2015-06-30 20:12 - 2014-09-12 10:48 - 00001062 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-30 20:12 - 2014-09-12 10:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-30 13:11 - 2009-07-13 22:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-25 00:34 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2013-06-29 23:42 - 2014-05-19 23:10 - 0005632 _____ () C:\Users\Gunnar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-31 16:35 - 2014-03-31 16:35 - 0000000 ___SH () C:\Users\Gunnar\AppData\Local\LumaEmu
2015-07-24 21:21 - 2015-07-24 21:21 - 0000218 _____ () C:\Users\Gunnar\AppData\Local\recently-used.xbel

Files to move or delete:
====================
C:\Users\Gunnar\Rosetta Stone v3 Japanese & Speech Preinstalled.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-23 00:37

==================== End of log ============================


Next:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-07-2015
Ran by Gunnar at 2015-07-25 21:27:56
Running from C:\Users\Gunnar\Desktop\frst
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-278295415-4203223567-2615167640-500 - Administrator - Disabled)
Guest (S-1-5-21-278295415-4203223567-2615167640-501 - Limited - Disabled)
Gunnar (S-1-5-21-278295415-4203223567-2615167640-1000 - Administrator - Enabled) => C:\Users\Gunnar
HomeGroupUser$ (S-1-5-21-278295415-4203223567-2615167640-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2.3 (HKLM-x32\...\{590B031A-4935-47A9-A6DD-7377DDB2ED3A}_is1) (Version: 2.3 - PlayWay S.A.)
Acoustica Mixcraft 6 (HKLM-x32\...\Acoustica Mixcraft 6) (Version: b189 - Acoustica)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.2.443 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Master Collection (HKLM-x32\...\Adobe_d2f336b2c5feeb945c28b7a0a45170f) (Version: 4.0 - Adobe Systems Incorporated)
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.2.152 - Adobe Systems, Inc.)
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Age of Empires III (HKLM-x32\...\InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Aimersoft DVD Creator(Build 2.5.2.15) (HKLM-x32\...\Aimersoft DVD Creator_is1) (Version:  - Wondershare Software)
AMD Catalyst Install Manager (HKLM\...\{3C378793-5288-0165-FCA4-D319D5E4A490}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
APB Reloaded (HKLM-x32\...\Steam App 113400) (Version:  - Reloaded Productions)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Assassin's Creed II 1.01 (HKLM-x32\...\Assassin's Creed II_is1) (Version:  - ea)
Assassin's Creed Revelations (HKLM-x32\...\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}) (Version: 1.01 - Ubisoft)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Automation - The Car Company Tycoon Game (HKLM-x32\...\Steam App 293760) (Version:  - Camshaft Software)
Automation (HKLM-x32\...\Automation) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.7.3069 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{FE5ABB0E-EDEA-4023-B0FB-9DEA39A98D76}) (Version: 0.8.7.3069 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Boring Man - Online Tactical Stickman Combat (HKLM-x32\...\Steam App 346120) (Version:  - Spasman Games)
Bruteforce Save Data (HKLM-x32\...\Bruteforce Save Data) (Version:  - )
CamStudio OSS Desktop Recorder (HKLM-x32\...\{FD9C31B6-F572-414D-81E3-89368C97A125}_is1) (Version: 2.6 Beta r294 - CamStudio Open Source Dev Team)
Car Mechanic Simulator 2014 (HKLM-x32\...\Car Mechanic Simulator 2014_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0315 - DT Soft Ltd)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Deluge 1.3.11 (HKLM-x32\...\Deluge) (Version:  - )
eSupport UndeletePlus 3.0.5.313 (HKLM-x32\...\eSupport UndeletePlus_is1) (Version:  - Copyright © 2013 eSupport.com • All Rights Reserved)
File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version:  - Pow Tools)
Five Nights at Freddy's (HKU\S-1-5-21-278295415-4203223567-2615167640-1000\...\Five Nights at Freddy's) (Version:  - )
FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version:  - Image-Line)
FreeStyle2: Street Basketball (HKLM-x32\...\Steam App 339610) (Version:  - Joycity)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Halo 2 for Windows Vista (HKLM-x32\...\Halo 2) (Version:  - Microsoft Game Studios)
Halo 2 for Windows Vista (x32 Version: 1.0.0.0 - Microsoft Corporation) Hidden
Hearts of iron 3 Their Finest Hour 4.01 (HKLM-x32\...\Hearts of iron 3 Their Finest Hour 4.01) (Version: 4.01 - Hoi2.ru)
Hearts of Iron III (HKLM-x32\...\{D0106CC2-E34B-4FA3-B6B6-91F0ACEA2CC3}) (Version:  - )
Hercules Classic Webcam Drivers (HKLM-x32\...\{5F0EE12C-44B1-4FCB-87E3-4686C888774A}) (Version: 1.00.0000 - Hercules)
Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version:  - Reto-Moto)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Kill The Bad Guy (HKLM-x32\...\Kill The Bad Guy_is1) (Version:  - )
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
LG United Mobile Drivers (HKLM-x32\...\{2D371881-67FB-4EAB-B59A-F59DC43199DD}) (Version: 2.1 - LG Electronics)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Games for Windows - LIVE  (HKLM-x32\...\{4D243BA7-9AC4-46D1-90E5-EEB88974F501}) (Version: 2.0.687.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}) (Version: 2.0.687.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.30319 - Microsoft Corporation)
Mirror's Edge™ (HKLM-x32\...\{AEDBD563-24BB-4EE3-8366-A654DAC2D988}) (Version: 1.0.0.0 - Electronic Arts)
MotioninJoy Gamepad tool 0.7.0000 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.0000 - www.motioninjoy.com)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MultiBit 0.5.16 (HKLM-x32\...\MultiBit 0.5.16) (Version: 0.5.16 - )
Need for Speed Underground 2 (HKLM-x32\...\{909F8EBC-EC7F-48FF-0085-475D818F0F31}) (Version:  - )
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PandoraRecovery (Remove Only) (HKLM-x32\...\PandoraRecovery) (Version:  - )
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version:  - )
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pixel Bender Toolkit (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Quake Live (HKLM-x32\...\Steam App 282440) (Version:  - id Software)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Resident Evil 4 1.10 (HKLM-x32\...\Resident Evil 4_is1) (Version:  - )
RESIDENT EVIL 5 (HKLM-x32\...\{AC08BBA0-96B9-431A-A7D0-D8598E493775}) (Version: 1.0.0.129 - CAPCOM CO., LTD.)
Rosetta Stone Version 3 (HKLM-x32\...\{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}) (Version: 3.4.7.0 - Rosetta Stone Ltd.)
RZ DVD Creator (HKLM-x32\...\{3F32058A-343A-4C16-BD1B-BE35E9A42352}) (Version: 4.52 - RealZeal Soft)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.999 - SAMSUNG Electronics Co., Ltd.)
Search Protection (HKU\S-1-5-21-278295415-4203223567-2615167640-1000\...\Search Protection) (Version: 8.7.0.1 - Spigot, Inc.) <==== ATTENTION
SimCity, âåðñèÿ 1.0.0.0 (HKLM-x32\...\SimCity_is1) (Version: 1.0.0.0 - RePack by SEYTER)
Simraceway 28.92 (HKLM-x32\...\Simraceway) (Version: 28.92 - Simraceway)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Source SDK (HKLM-x32\...\Steam App 211) (Version:  - Valve)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Star wars Battlefront II version 1.3 (HKLM-x32\...\{2EF34761-F147-4984-8AF1-BB9F8DA76CDD}_is1) (Version: 1.3 - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab (HKLM-x32\...\{FEE1F166-EAE4-4C4B-8988-D82521F9F63F}) (Version: 6.1.5.0 - Husdawg, LLC)
TrackMania Nations Forever (HKLM-x32\...\Steam App 11020) (Version:  - Nadeo)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Ubuntu (HKLM-x32\...\Wubi) (Version: 12.04.3-rev279 - Ubuntu)
Unity (HKLM-x32\...\Unity) (Version: 4.5.0f6 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-278295415-4203223567-2615167640-1000\...\UnityWebPlayer) (Version: 4.5.0f6 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
War Thunder CDK 0.1 (HKLM-x32\...\{ed8deea4-29fe-1932-9612-e2122d8a62d9}}_is1) (Version:  - Gaijin Entertainment)
War Thunder Launcher 1.0.1.299 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - 2013 Gaijin Entertainment Corporation)
West Point Bridge Designer 2014 (2nd Edition) (remove only) (HKLM-x32\...\West Point Bridge Designer 2014 (2nd Edition)) (Version:  - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-278295415-4203223567-2615167640-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinUAE 2.6.1 (HKLM-x32\...\WinUAE) (Version: 2.6.1 - Arabuusimiehet)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version:  - )
Xvid MPEG-4 Video Codec (HKLM-x32\...\xvid) (Version:  - Xvid Development Team)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

20-07-2015 22:59:05 Windows Update
21-07-2015 03:00:12 Windows Update
24-07-2015 14:11:57 Windows Update

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03B975DA-85B3-4577-936C-6285C5DE78A8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {06D29252-84B2-4C98-93CE-8C998089CA0E} - System32\Tasks\IR5 => cmd.exe /c cscript.exe /b C:\Windows\System32\slmgr.vbs /rearm &amp;&amp; net stop sppsvc &amp;&amp; net start sppsvc
Task: {16FC838A-5143-4DA1-AB45-C35381FCDFD2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-24] (Google Inc.)
Task: {8C8797EE-C8FE-4DEA-B866-459F88157341} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-24] (Google Inc.)
Task: {949A2318-DF54-45CC-A5DF-E89E861800F6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-12-06 17:06 - 2013-12-06 17:06 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2013-07-26 06:59 - 2013-07-26 06:59 - 00814592 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2013-07-26 06:59 - 2013-07-26 06:59 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-12-06 17:06 - 2013-12-06 17:06 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-20 11:04 - 2013-08-10 15:42 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-07-11 14:04 - 2013-07-11 14:04 - 01630720 _____ () C:\Program Files (x86)\SimracewayUpdater\SRWUpdate.exe
2013-12-06 17:06 - 2013-12-06 17:06 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-07-11 14:03 - 2013-07-11 14:03 - 00252832 _____ () C:\Program Files (x86)\SimracewayUpdater\PATCHW32.dll
2013-07-01 08:20 - 2015-07-03 09:12 - 00778240 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-25 00:00 - 2015-07-03 09:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-25 00:00 - 2015-07-03 09:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-25 00:00 - 2015-07-03 09:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-05-22 20:46 - 2015-07-23 16:24 - 02410176 _____ () C:\Program Files (x86)\Steam\video.dll
2014-09-12 10:55 - 2014-12-01 14:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-09-12 10:55 - 2014-12-01 14:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-09-12 10:55 - 2014-12-01 14:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-09-12 10:55 - 2014-12-01 14:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-09-12 10:55 - 2014-12-01 14:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2012-12-15 18:48 - 2015-07-23 16:23 - 00703168 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-07-23 19:58 - 2015-07-07 13:41 - 00169984 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2012-12-15 18:48 - 2015-07-03 09:12 - 39553928 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Gunnar\Downloads\Der kleine Eisbär - Besuch vom Südpol Full German.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Gunnar\Downloads\Der kleine Eisbär - Lars und der kleine Tiger - aus_ Neue Abenteuer, neue Freunde.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Gunnar\Downloads\IMG_9642.JPG:Mac_Metadata

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-278295415-4203223567-2615167640-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Gunnar\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.0.1 - 205.171.2.26
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{72BF8D4C-2E19-4D6A-A846-3DA709A37F8F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CC602CB6-DA0A-4685-B23C-44768768393A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BFFBB460-0613-4710-9D96-6D1E8F30DD2D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D69FAB4F-174B-4A2E-B4FE-9474FFF79AFF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3BA4D1DE-7F17-4CF9-A5A4-CC2301B47457}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{8C2CEEB6-9BA2-4BB4-B797-124413A4AD79}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{1D986FE7-4CD9-4BF4-AECA-5F154426EF29}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{8481D853-D85A-46E0-8C05-120C4643622A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{A854C668-F1B0-4B2C-AA1C-97D651F5D795}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{A4BCF1A3-7385-452A-8ED8-FD1BE0850CDB}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{A8C6F3B4-A581-4A50-8F41-A0EAECD46BB9}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\ACRSP.exe
FirewallRules: [{EDC102A1-1531-4DD4-AF85-BB28BA9E8749}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\ACRSP.exe
FirewallRules: [{D9485DE7-5006-44F3-B8C3-E3ABC6D6206A}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\ACRMP.exe
FirewallRules: [{301C2A3E-8BA0-43A7-835B-2C4C8238B306}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\ACRMP.exe
FirewallRules: [{1CD45FA9-8496-4FA2-9C7F-3ED74DD55CDD}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\AssassinsCreedRevelations.exe
FirewallRules: [{4FA25663-8991-4053-80E4-3B7392D57590}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\AssassinsCreedRevelations.exe
FirewallRules: [{4DA39227-D678-4F44-A1C2-C4BE7A7A088F}] => (Allow) LPort=5353
FirewallRules: [{0EADABD6-8EE1-4B2E-BCA2-EF0CB82BEE8C}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
FirewallRules: [{F656FF07-3D57-44AE-9359-0C3EDF4A1F55}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
FirewallRules: [{B821B55E-AFE0-42FF-931F-FB0686AE46B8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{625266AB-E4AF-4FD7-BE1E-B0ED1D1F09CE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{221C858F-FA4E-415F-A7DC-368289B83F17}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{CFB89727-8CED-4248-B74F-511DEE9DE664}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [{5FDEDFA5-3333-4613-A030-A1D98EE73AEE}] => (Allow) LPort=1688
FirewallRules: [TCP Query User{D0B2CB9C-0A66-4AB8-85AD-A0A12EB5E878}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{3255380B-91FC-491B-8FF9-7D542C4A9C4E}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{D55D167F-791D-456C-9439-CF65AC8385E9}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{2AF45EFB-DBBB-4731-9324-DB1CF615865E}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{6F54ACEC-A94D-41CA-A079-50EBB4C6620F}] => (Allow) C:\Program Files (x86)\CAPCOM\RESIDENT EVIL 5\RE5DX9.EXE
FirewallRules: [{A7ACFBE5-73D0-4159-9D93-878D4FCA1EC8}] => (Allow) C:\Program Files (x86)\CAPCOM\RESIDENT EVIL 5\RE5DX9.EXE
FirewallRules: [{6E757AC9-6FA2-4984-B01C-A57617F9C5A9}] => (Allow) C:\Program Files (x86)\CAPCOM\RESIDENT EVIL 5\RE5DX10.EXE
FirewallRules: [{6FA284F6-FCE4-4F5E-BC8D-3DB337215EDB}] => (Allow) C:\Program Files (x86)\CAPCOM\RESIDENT EVIL 5\RE5DX10.EXE
FirewallRules: [{F9158D0E-97EB-4BAB-BD52-4E896AE0DC59}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D70CE955-2E72-4991-8025-725302B0B006}] => (Allow) LPort=2869
FirewallRules: [{1456B32E-B7EB-4E03-8F09-E05195ABBAF7}] => (Allow) LPort=1900
FirewallRules: [{DA280ACB-3FEA-4E4C-9C96-5FC6FEA02898}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{7DC5D9AA-AD4B-45D7-9B59-EC0BF5DAC448}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{B7E0BE6B-0B25-4A4C-8E55-0108E35A18D5}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{1E296B4D-5392-44F3-95E3-3D47FF62A96E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{6827CCE9-09B6-4946-BABD-86900FFC3525}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\APB Reloaded\Binaries\APB.exe
FirewallRules: [{DB9D9BC2-DB5E-4D7E-919D-67421BF403D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\APB Reloaded\Binaries\APB.exe
FirewallRules: [{26DEAE49-F68D-499F-9A1A-BB73227D1976}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [{B0833326-85FC-4093-90DF-84F374D81970}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [TCP Query User{6D86D4F1-0210-4409-8582-3E9987EBF181}C:\ignitegt\simraceway\simracewaygame.exe] => (Allow) C:\ignitegt\simraceway\simracewaygame.exe
FirewallRules: [UDP Query User{73BFADEE-00E4-40CB-96E7-B6367D8A9EE9}C:\ignitegt\simraceway\simracewaygame.exe] => (Allow) C:\ignitegt\simraceway\simracewaygame.exe
FirewallRules: [{AF6EF51F-1277-4466-BE5B-661FA37C472E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{4530C422-3F5A-4F99-945F-2AA4839CEC52}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{B1B40E45-A8F9-4139-A2BF-23CF79A0E526}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\APB Reloaded\Launcher\APBLauncher.exe
FirewallRules: [{AD37ECE6-CE0D-4052-9FCE-B4F852D58AC7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\APB Reloaded\Launcher\APBLauncher.exe
FirewallRules: [TCP Query User{06DBB0BB-FD3A-4B62-A76D-617DE7AEF8E0}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [UDP Query User{27891B5F-FE0A-4D9B-BF33-F40CCECCE24A}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [{E91D716A-66A8-4371-9B48-07CC12ABF879}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\APB Reloaded\Launcher\APBLauncher.exe
FirewallRules: [{25DA3761-BE65-4F89-B928-C33A075F4054}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\APB Reloaded\Launcher\APBLauncher.exe
FirewallRules: [{2337C05B-6492-415B-9875-EF7CCA698823}] => (Allow) C:\Program Files (x86)\WarThunder\launcher.exe
FirewallRules: [{CF45C9A7-C983-43C2-BF9E-DF84B0ECEF89}] => (Allow) C:\Program Files (x86)\WarThunder\launcher.exe
FirewallRules: [{ED4704EF-CE0F-4F1D-ADA2-EDDD9C924C58}] => (Allow) LPort=80
FirewallRules: [{321347EF-5162-41D9-9E31-3A04918C4530}] => (Allow) LPort=443
FirewallRules: [{A447C112-4FE8-445A-91E8-0E876028F348}] => (Allow) LPort=20010
FirewallRules: [{CD25A9BE-B8A3-4BA3-92D2-F2A5F4C35D8D}] => (Allow) LPort=3478
FirewallRules: [{5E623DF3-ABB9-46E6-AE0F-A43E70B9B43A}] => (Allow) LPort=7850
FirewallRules: [{E657DD70-8C57-40F2-BE21-AC59246F882B}] => (Allow) LPort=27022
FirewallRules: [{297B6DB8-1066-4C98-B029-4AF77ECA8762}] => (Allow) LPort=6881
FirewallRules: [{0ECBB379-CEFC-408E-A764-781EBC023690}] => (Allow) LPort=33333
FirewallRules: [{EC1DD7F6-C4FE-499A-93EC-8A49BBC5CC13}] => (Allow) LPort=20443
FirewallRules: [{F6AC7CD9-9514-4E1A-919E-3C24EAF61B91}] => (Allow) LPort=8090
FirewallRules: [TCP Query User{45F04A93-03BA-42C8-B2CC-42C694F034E9}C:\program files (x86)\warthunder\aces.exe] => (Allow) C:\program files (x86)\warthunder\aces.exe
FirewallRules: [UDP Query User{BB99AE92-6C14-472D-B111-4942025D68E7}C:\program files (x86)\warthunder\aces.exe] => (Allow) C:\program files (x86)\warthunder\aces.exe
FirewallRules: [{6AE7E29F-7711-4D3B-8CBC-BF50E72BFF95}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{39DD33AE-736F-433C-9012-9C071E81D5C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{71F86D96-1588-4B69-B16B-6F2604480A55}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{3C6481E3-910C-4EA9-A13B-47F4C13DA29C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{EA804CD6-F141-46E3-A72D-73614DD4F24E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{AE3603F3-DB7B-4664-947B-F2227F2C7137}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{22535EBC-53C4-491A-A679-31DA224B03D1}] => (Allow) C:\Users\Gunnar\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1138021C-B913-47AB-82B5-490C17590442}] => (Allow) C:\Users\Gunnar\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{75E97049-F873-4F3A-8E5E-679B586AC5C0}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3.exe
FirewallRules: [{E602CC65-4CEE-472F-94B3-0EDB155E7A60}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3.exe
FirewallRules: [{CA977058-4B32-46EC-999E-C0F93705B5F5}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{07126085-6A44-4A98-AAA4-C9FDFB21A80C}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{8DD31974-56E4-41C3-AEA8-F560ABED9224}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{DF982A58-0518-49BA-863D-3A1336A9369B}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{0611414F-8785-426F-98E8-C7A0D7A5DE0B}] => (Allow) LPort=57513
FirewallRules: [{1CFB49E5-A990-439F-ADCD-97F7F47DF59C}] => (Allow) LPort=57513
FirewallRules: [{02EEAF91-4D86-40AF-B0AF-F4167DDC01A0}] => (Allow) LPort=57513
FirewallRules: [{CBA1AD96-3D90-4CF9-AC59-6A5885B4E676}] => (Allow) LPort=57513
FirewallRules: [{657486B1-DB07-4484-BD48-BEF349FA53E7}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{A538D460-6A3B-4BB2-A4F0-9681DF9162BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{E4AC4F29-0F54-4FB5-864D-98C55122DD6C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{50720A24-AA07-4CD2-84C6-CBCE88E0F4C0}] => (Allow) C:\Program Files (x86)\SimCity\SimCity\SimCity.exe
FirewallRules: [{AE60BD34-7189-4A12-AB61-F1CA00D4EE42}] => (Allow) C:\Program Files (x86)\SimCity\SimCity\SimCity.exe
FirewallRules: [{27599509-7629-431E-9BF8-F4339D752BAC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceSDK\bin\SDKLauncher.exe
FirewallRules: [{B0A4DA91-044B-4E23-AEDC-08CFBED8DF30}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceSDK\bin\SDKLauncher.exe
FirewallRules: [{FD6A7D30-7D02-401A-B748-0CA39E93471F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{D94436FC-7297-41CF-93EF-C07DA1F6C3BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{439E25AA-729D-4045-AE22-9DF7C9468E53}] => (Allow) C:\Program Files (x86)\EA GAMES\Mirror's Edge\Binaries\MirrorsEdge.exe
FirewallRules: [{187A0CF3-9660-4DD0-A972-689C825357EF}] => (Allow) C:\Program Files (x86)\EA GAMES\Mirror's Edge\Binaries\MirrorsEdge.exe
FirewallRules: [{E9C11CED-F5E4-498F-BD31-9C24FC94E116}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{8EDE676F-01B7-4035-98D4-0B25526AAFAB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{263ED903-4123-4C23-A8A6-680457AA5DE5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ.exe
FirewallRules: [{4B5538F3-49EF-49F6-8BFB-08DEF5854C42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ.exe
FirewallRules: [{160FEC2F-585C-4795-8586-D32ED37C8E15}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{6A762C6B-8020-42EC-ABA8-51DCFDB82874}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{FD365C5B-B104-40E5-B62F-9627B1832C35}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe
FirewallRules: [{70253268-E35E-4A9F-93E3-1216E79C18D3}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe
FirewallRules: [{DAA05D41-0309-4B46-B0B4-A0C8417C3351}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe
FirewallRules: [{12F53FB9-5879-4029-A81A-4B45D9D74954}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe
FirewallRules: [{4DC80E15-1EF7-499C-8D21-C469A59323D0}] => (Allow) C:\Program Files (x86)\Microsoft Games\Halo 2\halo2.exe
FirewallRules: [{421EFA3B-F7D4-44B8-917A-3A0BB220AEF4}] => (Allow) C:\Program Files (x86)\Microsoft Games\Halo 2\halo2.exe
FirewallRules: [{B4F58A65-FA8B-4BF7-8BB3-585D9269ECB8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{904DA7EB-D790-499A-B524-9E1B130C233C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{489CC162-BECB-4F41-8A77-33FEAB440152}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{01479246-61BE-421D-AFC7-1093A64C8821}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D9047527-4801-4BDE-9198-12A97BFBDA2B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{F45C1B22-CDEA-4117-9CCA-1E88CA83C5CF}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{C89EDBEE-F46F-4903-979D-27F744B6372D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{6B93F5C9-7E8A-4F23-BA68-DDBD511FAE2A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Automation\Automation Launcher Steam.exe
FirewallRules: [{086E005A-61A1-4D64-8470-C221557B0739}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Automation\Automation Launcher Steam.exe
FirewallRules: [{7D848486-5A0E-4117-8753-6E37345AB112}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FreeStyle2\LauncherSteam.exe
FirewallRules: [{4D8D76B2-0110-4284-8580-9DCBF560B30D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FreeStyle2\LauncherSteam.exe
FirewallRules: [{E435056F-AF12-437D-84C6-558B387DD90D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quake Live\quakelive_steam.exe
FirewallRules: [{753976B4-5285-4D94-9178-E46C8EB8C105}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quake Live\quakelive_steam.exe
FirewallRules: [{E81DD328-957E-4139-8E6E-706A88D7BAF8}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{DA826CE3-7B08-4377-A72A-9A44EEFFAE09}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe
FirewallRules: [UDP Query User{46633B7B-4B46-46D2-9D24-858830E2EFEB}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe
FirewallRules: [{B2717A9A-6ECE-4A40-B96A-A61BC13FEA8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Automation\Automation_Shipping_Steam.exe
FirewallRules: [{19E336C9-77CF-45EE-A343-9FB91BD7D700}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Automation\Automation_Shipping_Steam.exe
FirewallRules: [{214A451A-C83D-4046-A489-AAD2A722417A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{D513F291-837B-41D0-83C8-D55A5B079467}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{343EFBF7-B6EB-4EFD-BE45-A452D253C4CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TrackMania Nations Forever\TmForever.exe
FirewallRules: [{90D1149F-3221-424D-BA1A-3EBFCF0F635D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TrackMania Nations Forever\TmForever.exe
FirewallRules: [{92E7AE1B-6082-4B4C-B3EF-515A7E189819}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TrackMania Nations Forever\TmForeverLauncher.exe
FirewallRules: [{4AC6FA53-EB31-40BE-8D0A-F8833C6875B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TrackMania Nations Forever\TmForeverLauncher.exe
FirewallRules: [{DEA347E2-A0A4-4CBD-9A6E-73C18A016E6A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Boring Man - Online Tactical Stickman Combat\BoringManGame.exe
FirewallRules: [{52E01C25-984C-4C8E-AF5E-E3D6380D0AEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Boring Man - Online Tactical Stickman Combat\BoringManGame.exe
FirewallRules: [{30EEA4C3-A21A-440B-B1DE-1B6B84962C37}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Boring Man - Online Tactical Stickman Combat\BoringEditor\BoringEditor.exe
FirewallRules: [{88623EAC-4FBF-497A-AD4B-E06F879B92A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Boring Man - Online Tactical Stickman Combat\BoringEditor\BoringEditor.exe
FirewallRules: [{D33E005D-3501-4D60-B5C7-0125D162A6A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{EDA8F41C-E240-4C4A-8251-1576EBC8E97C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe

==================== Faulty Device Manager Devices =============

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/25/2015 09:23:22 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (07/25/2015 09:12:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17909, time stamp: 0x55844c24
Faulting module name: SteadyVideo.dll_unloaded, version: 0.0.0.0, time stamp: 0x4f39573b
Exception code: 0xc0000005
Fault offset: 0x6cf01cd8
Faulting process id: 0x27c24
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (07/25/2015 09:07:43 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005

Error: (07/25/2015 08:07:43 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005

Error: (07/25/2015 07:42:29 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005

Error: (07/25/2015 07:07:43 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005

Error: (07/25/2015 06:07:43 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005

Error: (07/25/2015 05:42:29 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005

Error: (07/25/2015 05:07:43 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005

Error: (07/25/2015 04:07:43 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005


System errors:
=============
Error: (07/25/2015 09:23:55 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/25/2015 09:23:41 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/25/2015 09:23:31 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/25/2015 09:23:22 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/25/2015 09:22:04 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/25/2015 08:17:18 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/25/2015 10:07:43 AM) (Source: DCOM) (EventID: 10001) (User: )
Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}

Error: (07/25/2015 08:17:12 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/25/2015 08:17:12 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/25/2015 08:17:11 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.


Microsoft Office:
=========================
Error: (07/25/2015 09:23:22 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000

Error: (07/25/2015 09:12:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1790955844c24SteadyVideo.dll_unloaded0.0.0.04f39573bc00000056cf01cd827c2401d0c7594ead3649C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXESteadyVideo.dll9237abef-334c-11e5-a2da-d0df9ade6034

Error: (07/25/2015 09:07:43 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005

Error: (07/25/2015 08:07:43 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005

Error: (07/25/2015 07:42:29 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005

Error: (07/25/2015 07:07:43 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005

Error: (07/25/2015 06:07:43 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005

Error: (07/25/2015 05:42:29 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005

Error: (07/25/2015 05:07:43 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005

Error: (07/25/2015 04:07:43 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005


==================== Memory info ===========================

Processor: AMD A6-3620 APU with Radeon™ HD Graphics
Percentage of memory in use: 42%
Total physical RAM: 7666.81 MB
Available physical RAM: 4399.23 MB
Total Virtual: 15331.81 MB
Available Virtual: 11884.13 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:914.61 GB) (Free:306.47 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:16.81 GB) (Free:16.7 GB) NTFS
Drive j: (AOE III DISC 1) (CDROM) (Total:0.59 GB) (Free:0 GB) CDFS
Drive k: (hssar) (CDROM) (Total:1.38 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A79749BB)
Partition 1: (Active) - (Size=914.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=16.8 GB) - (Type=07 NTFS)

==================== End of log ============================


  • 0

#4
RKinner
Posted 25 July 2015 - 11:13 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

scan-results.jpg

Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.



Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site

  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

Let's check for damaged files:

 

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).

sfc  /scannow

(This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:

Copy the next two lines:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

 

Then let's see if the CPU is still over busy.

 

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

 

Does it seem to be better now?  I've got to go to bed now.  It's past 1 AM here in Florida. 
 


  • 0

#5
gbns
Posted 26 July 2015 - 12:32 AM

gbns

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

Here we go;

# AdwCleaner v4.208 - Logfile created 25/07/2015 at 22:23:10
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 7 Enterprise Service Pack 1 (x64)
# Username : Gunnar - MRSLAVE
# Running from : C:\Users\Gunnar\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\SoftSafe
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSupport.com
Folder Deleted : C:\Program Files (x86)\DriverTuner
Folder Deleted : C:\Users\Gunnar\AppData\Local\DriverTuner
Folder Deleted : C:\Users\Gunnar\AppData\Roaming\defaulttab
Folder Deleted : C:\Users\Gunnar\AppData\Roaming\Search Protection
Folder Deleted : C:\Users\Gunnar\Documents\Updater
Folder Deleted : C:\Users\Gunnar\AppData\Roaming\Mozilla\Firefox\Profiles\n85kn1ob.default\Extensions\[email protected]
File Deleted : C:\Users\Gunnar\AppData\Roaming\Mozilla\Firefox\Profiles\n85kn1ob.default\Extensions\[email protected]

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\.bdc
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : HKCU\Software\eSupport.com
Key Deleted : HKCU\Software\DriverTuner_Init
Key Deleted : HKCU\Software\DriverTuner
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17909


-\\ Mozilla Firefox v39.0 (x86 en-US)


*************************

AdwCleaner[R0].txt - [2096 bytes] - [25/07/2015 22:19:19]
AdwCleaner[R1].txt - [2155 bytes] - [25/07/2015 22:21:09]
AdwCleaner[R2].txt - [2214 bytes] - [25/07/2015 22:22:08]
AdwCleaner[S0].txt - [2028 bytes] - [25/07/2015 22:23:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2087  bytes] ##########


Then;

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.1 (07.16.2015:1)
OS: Windows 7 Enterprise x64
Ran by Gunnar on Sat 07/25/2015 at 22:32:49.71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Users\Gunnar\Appdata\Local\crashrpt
Successfully deleted: [Folder] C:\Windows\SysWOW64\ai_recyclebin
Successfully deleted: [Folder] C:\Users\Gunnar\AppData\Roaming\3909



~~~ FireFox

Emptied folder: C:\Users\Gunnar\AppData\Roaming\mozilla\firefox\profiles\n85kn1ob.default\minidumps [486 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 07/25/2015 at 22:42:25.70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



2015-07-25 22:48:40, Info                  CSI    00000009 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:48:40, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
2015-07-25 22:48:42, Info                  CSI    0000000c [SR] Verify complete
2015-07-25 22:48:43, Info                  CSI    0000000d [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:48:43, Info                  CSI    0000000e [SR] Beginning Verify and Repair transaction
2015-07-25 22:48:45, Info                  CSI    00000010 [SR] Verify complete
2015-07-25 22:48:47, Info                  CSI    00000011 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:48:47, Info                  CSI    00000012 [SR] Beginning Verify and Repair transaction
2015-07-25 22:48:50, Info                  CSI    00000014 [SR] Verify complete
2015-07-25 22:48:53, Info                  CSI    00000015 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:48:53, Info                  CSI    00000016 [SR] Beginning Verify and Repair transaction
2015-07-25 22:48:55, Info                  CSI    00000018 [SR] Verify complete
2015-07-25 22:48:57, Info                  CSI    00000019 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:48:57, Info                  CSI    0000001a [SR] Beginning Verify and Repair transaction
2015-07-25 22:48:59, Info                  CSI    0000001c [SR] Verify complete
2015-07-25 22:49:01, Info                  CSI    0000001d [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:49:01, Info                  CSI    0000001e [SR] Beginning Verify and Repair transaction
2015-07-25 22:49:03, Info                  CSI    00000020 [SR] Verify complete
2015-07-25 22:49:05, Info                  CSI    00000021 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:49:05, Info                  CSI    00000022 [SR] Beginning Verify and Repair transaction
2015-07-25 22:49:06, Info                  CSI    00000024 [SR] Verify complete
2015-07-25 22:49:07, Info                  CSI    00000025 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:49:07, Info                  CSI    00000026 [SR] Beginning Verify and Repair transaction
2015-07-25 22:49:09, Info                  CSI    00000028 [SR] Verify complete
2015-07-25 22:49:11, Info                  CSI    00000029 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:49:11, Info                  CSI    0000002a [SR] Beginning Verify and Repair transaction
2015-07-25 22:49:12, Info                  CSI    0000002c [SR] Verify complete
2015-07-25 22:49:14, Info                  CSI    0000002d [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:49:14, Info                  CSI    0000002e [SR] Beginning Verify and Repair transaction
2015-07-25 22:49:15, Info                  CSI    00000030 [SR] Verify complete
2015-07-25 22:49:17, Info                  CSI    00000031 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:49:17, Info                  CSI    00000032 [SR] Beginning Verify and Repair transaction
2015-07-25 22:49:18, Info                  CSI    00000034 [SR] Verify complete
2015-07-25 22:49:19, Info                  CSI    00000035 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:49:19, Info                  CSI    00000036 [SR] Beginning Verify and Repair transaction
2015-07-25 22:49:21, Info                  CSI    00000038 [SR] Verify complete
2015-07-25 22:49:22, Info                  CSI    00000039 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:49:22, Info                  CSI    0000003a [SR] Beginning Verify and Repair transaction
2015-07-25 22:49:24, Info                  CSI    0000003c [SR] Verify complete
2015-07-25 22:49:25, Info                  CSI    0000003d [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:49:25, Info                  CSI    0000003e [SR] Beginning Verify and Repair transaction
2015-07-25 22:49:27, Info                  CSI    00000040 [SR] Verify complete
2015-07-25 22:49:28, Info                  CSI    00000041 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:49:28, Info                  CSI    00000042 [SR] Beginning Verify and Repair transaction
2015-07-25 22:49:29, Info                  CSI    00000044 [SR] Verify complete
2015-07-25 22:49:30, Info                  CSI    00000045 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:49:30, Info                  CSI    00000046 [SR] Beginning Verify and Repair transaction
2015-07-25 22:49:33, Info                  CSI    00000048 [SR] Verify complete
2015-07-25 22:49:34, Info                  CSI    00000049 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:49:34, Info                  CSI    0000004a [SR] Beginning Verify and Repair transaction
2015-07-25 22:49:36, Info                  CSI    0000004c [SR] Verify complete
2015-07-25 22:49:37, Info                  CSI    0000004d [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:49:37, Info                  CSI    0000004e [SR] Beginning Verify and Repair transaction
2015-07-25 22:49:39, Info                  CSI    00000050 [SR] Verify complete
2015-07-25 22:49:41, Info                  CSI    00000051 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:49:41, Info                  CSI    00000052 [SR] Beginning Verify and Repair transaction
2015-07-25 22:49:42, Info                  CSI    00000054 [SR] Verify complete
2015-07-25 22:49:43, Info                  CSI    00000055 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:49:43, Info                  CSI    00000056 [SR] Beginning Verify and Repair transaction
2015-07-25 22:49:47, Info                  CSI    00000058 [SR] Verify complete
2015-07-25 22:49:48, Info                  CSI    00000059 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:49:48, Info                  CSI    0000005a [SR] Beginning Verify and Repair transaction
2015-07-25 22:49:52, Info                  CSI    0000005c [SR] Verify complete
2015-07-25 22:49:53, Info                  CSI    0000005d [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:49:53, Info                  CSI    0000005e [SR] Beginning Verify and Repair transaction
2015-07-25 22:49:56, Info                  CSI    00000060 [SR] Verify complete
2015-07-25 22:49:57, Info                  CSI    00000061 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:49:57, Info                  CSI    00000062 [SR] Beginning Verify and Repair transaction
2015-07-25 22:50:00, Info                  CSI    00000064 [SR] Verify complete
2015-07-25 22:50:01, Info                  CSI    00000065 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:50:01, Info                  CSI    00000066 [SR] Beginning Verify and Repair transaction
2015-07-25 22:50:04, Info                  CSI    00000068 [SR] Verify complete
2015-07-25 22:50:05, Info                  CSI    00000069 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:50:05, Info                  CSI    0000006a [SR] Beginning Verify and Repair transaction
2015-07-25 22:50:14, Info                  CSI    0000006c [SR] Verify complete
2015-07-25 22:50:14, Info                  CSI    0000006d [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:50:14, Info                  CSI    0000006e [SR] Beginning Verify and Repair transaction
2015-07-25 22:50:17, Info                  CSI    00000070 [SR] Verify complete
2015-07-25 22:50:18, Info                  CSI    00000071 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:50:18, Info                  CSI    00000072 [SR] Beginning Verify and Repair transaction
2015-07-25 22:50:20, Info                  CSI    00000074 [SR] Verify complete
2015-07-25 22:50:21, Info                  CSI    00000075 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:50:21, Info                  CSI    00000076 [SR] Beginning Verify and Repair transaction
2015-07-25 22:50:25, Info                  CSI    00000078 [SR] Verify complete
2015-07-25 22:50:25, Info                  CSI    00000079 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:50:25, Info                  CSI    0000007a [SR] Beginning Verify and Repair transaction
2015-07-25 22:50:33, Info                  CSI    0000007d [SR] Verify complete
2015-07-25 22:50:33, Info                  CSI    0000007e [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:50:33, Info                  CSI    0000007f [SR] Beginning Verify and Repair transaction
2015-07-25 22:50:40, Info                  CSI    00000084 [SR] Verify complete
2015-07-25 22:50:40, Info                  CSI    00000085 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:50:40, Info                  CSI    00000086 [SR] Beginning Verify and Repair transaction
2015-07-25 22:50:46, Info                  CSI    00000089 [SR] Verify complete
2015-07-25 22:50:46, Info                  CSI    0000008a [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:50:46, Info                  CSI    0000008b [SR] Beginning Verify and Repair transaction
2015-07-25 22:50:52, Info                  CSI    0000008d [SR] Verify complete
2015-07-25 22:50:52, Info                  CSI    0000008e [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:50:52, Info                  CSI    0000008f [SR] Beginning Verify and Repair transaction
2015-07-25 22:51:00, Info                  CSI    000000ad [SR] Verify complete
2015-07-25 22:51:01, Info                  CSI    000000ae [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:51:01, Info                  CSI    000000af [SR] Beginning Verify and Repair transaction
2015-07-25 22:51:06, Info                  CSI    000000b8 [SR] Verify complete
2015-07-25 22:51:07, Info                  CSI    000000b9 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:51:07, Info                  CSI    000000ba [SR] Beginning Verify and Repair transaction
2015-07-25 22:51:12, Info                  CSI    000000bc [SR] Verify complete
2015-07-25 22:51:12, Info                  CSI    000000bd [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:51:12, Info                  CSI    000000be [SR] Beginning Verify and Repair transaction
2015-07-25 22:51:20, Info                  CSI    000000c0 [SR] Verify complete
2015-07-25 22:51:21, Info                  CSI    000000c1 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:51:21, Info                  CSI    000000c2 [SR] Beginning Verify and Repair transaction
2015-07-25 22:51:27, Info                  CSI    000000c4 [SR] Verify complete
2015-07-25 22:51:28, Info                  CSI    000000c5 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:51:28, Info                  CSI    000000c6 [SR] Beginning Verify and Repair transaction
2015-07-25 22:51:33, Info                  CSI    000000c8 [SR] Verify complete
2015-07-25 22:51:33, Info                  CSI    000000c9 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:51:33, Info                  CSI    000000ca [SR] Beginning Verify and Repair transaction
2015-07-25 22:51:38, Info                  CSI    000000cc [SR] Verify complete
2015-07-25 22:51:38, Info                  CSI    000000cd [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:51:38, Info                  CSI    000000ce [SR] Beginning Verify and Repair transaction
2015-07-25 22:51:46, Info                  CSI    000000d2 [SR] Verify complete
2015-07-25 22:51:46, Info                  CSI    000000d3 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:51:46, Info                  CSI    000000d4 [SR] Beginning Verify and Repair transaction
2015-07-25 22:51:53, Info                  CSI    000000f5 [SR] Verify complete
2015-07-25 22:51:54, Info                  CSI    000000f6 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:51:54, Info                  CSI    000000f7 [SR] Beginning Verify and Repair transaction
2015-07-25 22:52:07, Info                  CSI    000000f9 [SR] Verify complete
2015-07-25 22:52:07, Info                  CSI    000000fa [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:52:07, Info                  CSI    000000fb [SR] Beginning Verify and Repair transaction
2015-07-25 22:52:17, Info                  CSI    000000fd [SR] Verify complete
2015-07-25 22:52:17, Info                  CSI    000000fe [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:52:17, Info                  CSI    000000ff [SR] Beginning Verify and Repair transaction
2015-07-25 22:52:20, Info                  CSI    00000103 [SR] Verify complete
2015-07-25 22:52:21, Info                  CSI    00000104 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:52:21, Info                  CSI    00000105 [SR] Beginning Verify and Repair transaction
2015-07-25 22:52:22, Info                  CSI    00000107 [SR] Verify complete
2015-07-25 22:52:22, Info                  CSI    00000108 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:52:22, Info                  CSI    00000109 [SR] Beginning Verify and Repair transaction
2015-07-25 22:52:23, Info                  CSI    0000010b [SR] Verify complete
2015-07-25 22:52:24, Info                  CSI    0000010c [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:52:24, Info                  CSI    0000010d [SR] Beginning Verify and Repair transaction
2015-07-25 22:52:30, Info                  CSI    00000111 [SR] Verify complete
2015-07-25 22:52:30, Info                  CSI    00000112 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:52:30, Info                  CSI    00000113 [SR] Beginning Verify and Repair transaction
2015-07-25 22:52:36, Info                  CSI    00000124 [SR] Verify complete
2015-07-25 22:52:37, Info                  CSI    00000125 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:52:37, Info                  CSI    00000126 [SR] Beginning Verify and Repair transaction
2015-07-25 22:52:38, Info                  CSI    00000128 [SR] Verify complete
2015-07-25 22:52:39, Info                  CSI    00000129 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:52:39, Info                  CSI    0000012a [SR] Beginning Verify and Repair transaction
2015-07-25 22:52:45, Info                  CSI    0000012c [SR] Verify complete
2015-07-25 22:52:46, Info                  CSI    0000012d [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:52:46, Info                  CSI    0000012e [SR] Beginning Verify and Repair transaction
2015-07-25 22:52:49, Info                  CSI    00000130 [SR] Verify complete
2015-07-25 22:52:50, Info                  CSI    00000131 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:52:50, Info                  CSI    00000132 [SR] Beginning Verify and Repair transaction
2015-07-25 22:52:59, Info                  CSI    00000135 [SR] Verify complete
2015-07-25 22:52:59, Info                  CSI    00000136 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:52:59, Info                  CSI    00000137 [SR] Beginning Verify and Repair transaction
2015-07-25 22:53:08, Info                  CSI    0000013a [SR] Verify complete
2015-07-25 22:53:08, Info                  CSI    0000013b [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:53:08, Info                  CSI    0000013c [SR] Beginning Verify and Repair transaction
2015-07-25 22:53:11, Info                  CSI    0000013e [SR] Verify complete
2015-07-25 22:53:12, Info                  CSI    0000013f [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:53:12, Info                  CSI    00000140 [SR] Beginning Verify and Repair transaction
2015-07-25 22:53:14, Info                  CSI    00000142 [SR] Verify complete
2015-07-25 22:53:15, Info                  CSI    00000143 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:53:15, Info                  CSI    00000144 [SR] Beginning Verify and Repair transaction
2015-07-25 22:53:20, Info                  CSI    00000146 [SR] Verify complete
2015-07-25 22:53:20, Info                  CSI    00000147 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:53:20, Info                  CSI    00000148 [SR] Beginning Verify and Repair transaction
2015-07-25 22:53:26, Info                  CSI    0000014a [SR] Verify complete
2015-07-25 22:53:26, Info                  CSI    0000014b [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:53:26, Info                  CSI    0000014c [SR] Beginning Verify and Repair transaction
2015-07-25 22:53:31, Info                  CSI    0000014e [SR] Verify complete
2015-07-25 22:53:32, Info                  CSI    0000014f [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:53:32, Info                  CSI    00000150 [SR] Beginning Verify and Repair transaction
2015-07-25 22:53:42, Info                  CSI    00000168 [SR] Verify complete
2015-07-25 22:53:43, Info                  CSI    00000169 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:53:43, Info                  CSI    0000016a [SR] Beginning Verify and Repair transaction
2015-07-25 22:53:48, Info                  CSI    0000016c [SR] Verify complete
2015-07-25 22:53:49, Info                  CSI    0000016d [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:53:49, Info                  CSI    0000016e [SR] Beginning Verify and Repair transaction
2015-07-25 22:54:01, Info                  CSI    00000170 [SR] Verify complete
2015-07-25 22:54:02, Info                  CSI    00000171 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:54:02, Info                  CSI    00000172 [SR] Beginning Verify and Repair transaction
2015-07-25 22:54:09, Info                  CSI    00000175 [SR] Verify complete
2015-07-25 22:54:09, Info                  CSI    00000176 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:54:09, Info                  CSI    00000177 [SR] Beginning Verify and Repair transaction
2015-07-25 22:54:19, Info                  CSI    00000179 [SR] Verify complete
2015-07-25 22:54:19, Info                  CSI    0000017a [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:54:19, Info                  CSI    0000017b [SR] Beginning Verify and Repair transaction
2015-07-25 22:54:24, Info                  CSI    0000017d [SR] Verify complete
2015-07-25 22:54:25, Info                  CSI    0000017e [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:54:25, Info                  CSI    0000017f [SR] Beginning Verify and Repair transaction
2015-07-25 22:54:30, Info                  CSI    00000181 [SR] Verify complete
2015-07-25 22:54:30, Info                  CSI    00000182 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:54:30, Info                  CSI    00000183 [SR] Beginning Verify and Repair transaction
2015-07-25 22:54:36, Info                  CSI    00000185 [SR] Verify complete
2015-07-25 22:54:36, Info                  CSI    00000186 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:54:36, Info                  CSI    00000187 [SR] Beginning Verify and Repair transaction
2015-07-25 22:54:39, Info                  CSI    0000018b [SR] Verify complete
2015-07-25 22:54:40, Info                  CSI    0000018c [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:54:40, Info                  CSI    0000018d [SR] Beginning Verify and Repair transaction
2015-07-25 22:54:44, Info                  CSI    0000018f [SR] Verify complete
2015-07-25 22:54:44, Info                  CSI    00000190 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:54:44, Info                  CSI    00000191 [SR] Beginning Verify and Repair transaction
2015-07-25 22:54:58, Info                  CSI    00000193 [SR] Verify complete
2015-07-25 22:54:59, Info                  CSI    00000194 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:54:59, Info                  CSI    00000195 [SR] Beginning Verify and Repair transaction
2015-07-25 22:55:04, Info                  CSI    00000198 [SR] Verify complete
2015-07-25 22:55:04, Info                  CSI    00000199 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:55:04, Info                  CSI    0000019a [SR] Beginning Verify and Repair transaction
2015-07-25 22:55:13, Info                  CSI    0000019d [SR] Verify complete
2015-07-25 22:55:14, Info                  CSI    0000019e [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:55:14, Info                  CSI    0000019f [SR] Beginning Verify and Repair transaction
2015-07-25 22:55:20, Info                  CSI    000001a1 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:18{9}]"slwga.dll" from store
2015-07-25 22:55:20, Info                  CSI    000001a2 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:18{9}]"slmgr.vbs" from store
2015-07-25 22:55:21, Info                  CSI    000001a4 [SR] Verify complete
2015-07-25 22:55:22, Info                  CSI    000001a5 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:55:22, Info                  CSI    000001a6 [SR] Beginning Verify and Repair transaction
2015-07-25 22:55:32, Info                  CSI    000001a9 [SR] Verify complete
2015-07-25 22:55:32, Info                  CSI    000001aa [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:55:32, Info                  CSI    000001ab [SR] Beginning Verify and Repair transaction
2015-07-25 22:55:36, Info                  CSI    000001ad [SR] Verify complete
2015-07-25 22:55:37, Info                  CSI    000001ae [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:55:37, Info                  CSI    000001af [SR] Beginning Verify and Repair transaction
2015-07-25 22:55:41, Info                  CSI    000001b1 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:26{13}]"systemcpl.dll" from store
2015-07-25 22:55:42, Info                  CSI    000001b3 [SR] Verify complete
2015-07-25 22:55:42, Info                  CSI    000001b4 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:55:42, Info                  CSI    000001b5 [SR] Beginning Verify and Repair transaction
2015-07-25 22:55:47, Info                  CSI    000001b7 [SR] Verify complete
2015-07-25 22:55:48, Info                  CSI    000001b8 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:55:48, Info                  CSI    000001b9 [SR] Beginning Verify and Repair transaction
2015-07-25 22:55:52, Info                  CSI    000001bc [SR] Verify complete
2015-07-25 22:55:53, Info                  CSI    000001bd [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:55:53, Info                  CSI    000001be [SR] Beginning Verify and Repair transaction
2015-07-25 22:56:02, Info                  CSI    000001c0 [SR] Verify complete
2015-07-25 22:56:02, Info                  CSI    000001c1 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:56:02, Info                  CSI    000001c2 [SR] Beginning Verify and Repair transaction
2015-07-25 22:56:06, Info                  CSI    000001c4 [SR] Verify complete
2015-07-25 22:56:06, Info                  CSI    000001c5 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:56:06, Info                  CSI    000001c6 [SR] Beginning Verify and Repair transaction
2015-07-25 22:56:11, Info                  CSI    000001c9 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"user32.dll" from store
2015-07-25 22:56:11, Info                  CSI    000001cb [SR] Verify complete
2015-07-25 22:56:12, Info                  CSI    000001cc [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:56:12, Info                  CSI    000001cd [SR] Beginning Verify and Repair transaction
2015-07-25 22:56:18, Info                  CSI    000001cf [SR] Verify complete
2015-07-25 22:56:18, Info                  CSI    000001d0 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:56:18, Info                  CSI    000001d1 [SR] Beginning Verify and Repair transaction
2015-07-25 22:56:23, Info                  CSI    000001d5 [SR] Verify complete
2015-07-25 22:56:23, Info                  CSI    000001d6 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:56:23, Info                  CSI    000001d7 [SR] Beginning Verify and Repair transaction
2015-07-25 22:56:29, Info                  CSI    000001d9 [SR] Verify complete
2015-07-25 22:56:29, Info                  CSI    000001da [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:56:29, Info                  CSI    000001db [SR] Beginning Verify and Repair transaction
2015-07-25 22:56:37, Info                  CSI    000001de [SR] Verify complete
2015-07-25 22:56:38, Info                  CSI    000001df [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:56:38, Info                  CSI    000001e0 [SR] Beginning Verify and Repair transaction
2015-07-25 22:56:51, Info                  CSI    000001e2 [SR] Verify complete
2015-07-25 22:56:51, Info                  CSI    000001e3 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:56:51, Info                  CSI    000001e4 [SR] Beginning Verify and Repair transaction
2015-07-25 22:56:54, Info                  CSI    000001e6 [SR] Verify complete
2015-07-25 22:56:55, Info                  CSI    000001e7 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:56:55, Info                  CSI    000001e8 [SR] Beginning Verify and Repair transaction
2015-07-25 22:56:58, Info                  CSI    000001ea [SR] Verify complete
2015-07-25 22:56:59, Info                  CSI    000001eb [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:56:59, Info                  CSI    000001ec [SR] Beginning Verify and Repair transaction
2015-07-25 22:57:05, Info                  CSI    000001ee [SR] Verify complete
2015-07-25 22:57:06, Info                  CSI    000001ef [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:57:06, Info                  CSI    000001f0 [SR] Beginning Verify and Repair transaction
2015-07-25 22:57:12, Info                  CSI    000001f2 [SR] Verify complete
2015-07-25 22:57:13, Info                  CSI    000001f3 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:57:13, Info                  CSI    000001f4 [SR] Beginning Verify and Repair transaction
2015-07-25 22:57:18, Info                  CSI    000001f6 [SR] Verify complete
2015-07-25 22:57:19, Info                  CSI    000001f7 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:57:19, Info                  CSI    000001f8 [SR] Beginning Verify and Repair transaction
2015-07-25 22:57:22, Info                  CSI    000001fa [SR] Verify complete
2015-07-25 22:57:23, Info                  CSI    000001fb [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:57:23, Info                  CSI    000001fc [SR] Beginning Verify and Repair transaction
2015-07-25 22:57:33, Info                  CSI    000001fe [SR] Verify complete
2015-07-25 22:57:33, Info                  CSI    000001ff [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:57:33, Info                  CSI    00000200 [SR] Beginning Verify and Repair transaction
2015-07-25 22:57:49, Info                  CSI    00000202 [SR] Verify complete
2015-07-25 22:57:49, Info                  CSI    00000203 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:57:49, Info                  CSI    00000204 [SR] Beginning Verify and Repair transaction
2015-07-25 22:57:52, Info                  CSI    00000206 [SR] Verify complete
2015-07-25 22:57:52, Info                  CSI    00000207 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:57:52, Info                  CSI    00000208 [SR] Beginning Verify and Repair transaction
2015-07-25 22:57:55, Info                  CSI    0000020a [SR] Verify complete
2015-07-25 22:57:56, Info                  CSI    0000020b [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:57:56, Info                  CSI    0000020c [SR] Beginning Verify and Repair transaction
2015-07-25 22:57:57, Info                  CSI    0000020e [SR] Verify complete
2015-07-25 22:57:58, Info                  CSI    0000020f [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:57:58, Info                  CSI    00000210 [SR] Beginning Verify and Repair transaction
2015-07-25 22:58:02, Info                  CSI    00000212 [SR] Verify complete
2015-07-25 22:58:02, Info                  CSI    00000213 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:58:02, Info                  CSI    00000214 [SR] Beginning Verify and Repair transaction
2015-07-25 22:58:06, Info                  CSI    00000216 [SR] Verify complete
2015-07-25 22:58:06, Info                  CSI    00000217 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:58:06, Info                  CSI    00000218 [SR] Beginning Verify and Repair transaction
2015-07-25 22:58:09, Info                  CSI    0000021a [SR] Verify complete
2015-07-25 22:58:09, Info                  CSI    0000021b [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:58:09, Info                  CSI    0000021c [SR] Beginning Verify and Repair transaction
2015-07-25 22:58:10, Info                  CSI    0000021e [SR] Verify complete
2015-07-25 22:58:10, Info                  CSI    0000021f [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:58:10, Info                  CSI    00000220 [SR] Beginning Verify and Repair transaction
2015-07-25 22:58:15, Info                  CSI    00000228 [SR] Verify complete
2015-07-25 22:58:15, Info                  CSI    00000229 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:58:15, Info                  CSI    0000022a [SR] Beginning Verify and Repair transaction
2015-07-25 22:58:19, Info                  CSI    0000022c [SR] Verify complete
2015-07-25 22:58:19, Info                  CSI    0000022d [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:58:19, Info                  CSI    0000022e [SR] Beginning Verify and Repair transaction
2015-07-25 22:58:23, Info                  CSI    00000230 [SR] Verify complete
2015-07-25 22:58:24, Info                  CSI    00000231 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:58:24, Info                  CSI    00000232 [SR] Beginning Verify and Repair transaction
2015-07-25 22:58:27, Info                  CSI    00000234 [SR] Verify complete
2015-07-25 22:58:28, Info                  CSI    00000235 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:58:28, Info                  CSI    00000236 [SR] Beginning Verify and Repair transaction
2015-07-25 22:58:32, Info                  CSI    00000238 [SR] Verify complete
2015-07-25 22:58:33, Info                  CSI    00000239 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:58:33, Info                  CSI    0000023a [SR] Beginning Verify and Repair transaction
2015-07-25 22:58:38, Info                  CSI    0000023c [SR] Verify complete
2015-07-25 22:58:38, Info                  CSI    0000023d [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:58:38, Info                  CSI    0000023e [SR] Beginning Verify and Repair transaction
2015-07-25 22:58:44, Info                  CSI    00000241 [SR] Verify complete
2015-07-25 22:58:44, Info                  CSI    00000242 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:58:44, Info                  CSI    00000243 [SR] Beginning Verify and Repair transaction
2015-07-25 22:58:45, Info                  CSI    00000245 [SR] Verify complete
2015-07-25 22:58:46, Info                  CSI    00000246 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:58:46, Info                  CSI    00000247 [SR] Beginning Verify and Repair transaction
2015-07-25 22:58:47, Info                  CSI    00000249 [SR] Verify complete
2015-07-25 22:58:48, Info                  CSI    0000024a [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:58:48, Info                  CSI    0000024b [SR] Beginning Verify and Repair transaction
2015-07-25 22:58:59, Info                  CSI    00000250 [SR] Verify complete
2015-07-25 22:58:59, Info                  CSI    00000251 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:58:59, Info                  CSI    00000252 [SR] Beginning Verify and Repair transaction
2015-07-25 22:59:09, Info                  CSI    00000255 [SR] Verify complete
2015-07-25 22:59:09, Info                  CSI    00000256 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:59:09, Info                  CSI    00000257 [SR] Beginning Verify and Repair transaction
2015-07-25 22:59:15, Info                  CSI    0000025b [SR] Verify complete
2015-07-25 22:59:16, Info                  CSI    0000025c [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:59:16, Info                  CSI    0000025d [SR] Beginning Verify and Repair transaction
2015-07-25 22:59:21, Info                  CSI    0000025f [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:20{10}]"user32.dll" from store
2015-07-25 22:59:22, Info                  CSI    0000026a [SR] Verify complete
2015-07-25 22:59:23, Info                  CSI    0000026b [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:59:23, Info                  CSI    0000026c [SR] Beginning Verify and Repair transaction
2015-07-25 22:59:29, Info                  CSI    00000273 [SR] Verify complete
2015-07-25 22:59:30, Info                  CSI    00000274 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:59:30, Info                  CSI    00000275 [SR] Beginning Verify and Repair transaction
2015-07-25 22:59:34, Info                  CSI    00000277 [SR] Verify complete
2015-07-25 22:59:34, Info                  CSI    00000278 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:59:34, Info                  CSI    00000279 [SR] Beginning Verify and Repair transaction
2015-07-25 22:59:38, Info                  CSI    0000027d [SR] Verify complete
2015-07-25 22:59:38, Info                  CSI    0000027e [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:59:38, Info                  CSI    0000027f [SR] Beginning Verify and Repair transaction
2015-07-25 22:59:42, Info                  CSI    00000281 [SR] Verify complete
2015-07-25 22:59:42, Info                  CSI    00000282 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:59:42, Info                  CSI    00000283 [SR] Beginning Verify and Repair transaction
2015-07-25 22:59:47, Info                  CSI    000002a8 [SR] Verify complete
2015-07-25 22:59:47, Info                  CSI    000002a9 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:59:47, Info                  CSI    000002aa [SR] Beginning Verify and Repair transaction
2015-07-25 22:59:51, Info                  CSI    000002ac [SR] Verify complete
2015-07-25 22:59:51, Info                  CSI    000002ad [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:59:51, Info                  CSI    000002ae [SR] Beginning Verify and Repair transaction
2015-07-25 22:59:54, Info                  CSI    000002b0 [SR] Verify complete
2015-07-25 22:59:55, Info                  CSI    000002b1 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:59:55, Info                  CSI    000002b2 [SR] Beginning Verify and Repair transaction
2015-07-25 22:59:59, Info                  CSI    000002b4 [SR] Verify complete
2015-07-25 22:59:59, Info                  CSI    000002b5 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 22:59:59, Info                  CSI    000002b6 [SR] Beginning Verify and Repair transaction
2015-07-25 23:00:03, Info                  CSI    000002c4 [SR] Verify complete
2015-07-25 23:00:03, Info                  CSI    000002c5 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 23:00:03, Info                  CSI    000002c6 [SR] Beginning Verify and Repair transaction
2015-07-25 23:00:09, Info                  CSI    000002c8 [SR] Verify complete
2015-07-25 23:00:09, Info                  CSI    000002c9 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 23:00:09, Info                  CSI    000002ca [SR] Beginning Verify and Repair transaction
2015-07-25 23:00:14, Info                  CSI    000002d6 [SR] Verify complete
2015-07-25 23:00:14, Info                  CSI    000002d7 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 23:00:14, Info                  CSI    000002d8 [SR] Beginning Verify and Repair transaction
2015-07-25 23:00:18, Info                  CSI    000002dc [SR] Verify complete
2015-07-25 23:00:18, Info                  CSI    000002dd [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 23:00:18, Info                  CSI    000002de [SR] Beginning Verify and Repair transaction
2015-07-25 23:00:21, Info                  CSI    000002e0 [SR] Verify complete
2015-07-25 23:00:21, Info                  CSI    000002e1 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 23:00:21, Info                  CSI    000002e2 [SR] Beginning Verify and Repair transaction
2015-07-25 23:00:28, Info                  CSI    000002e5 [SR] Verify complete
2015-07-25 23:00:28, Info                  CSI    000002e6 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 23:00:28, Info                  CSI    000002e7 [SR] Beginning Verify and Repair transaction
2015-07-25 23:00:29, Info                  CSI    000002e9 [SR] Verify complete
2015-07-25 23:00:30, Info                  CSI    000002ea [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 23:00:30, Info                  CSI    000002eb [SR] Beginning Verify and Repair transaction
2015-07-25 23:00:33, Info                  CSI    000002ed [SR] Verify complete
2015-07-25 23:00:33, Info                  CSI    000002ee [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 23:00:33, Info                  CSI    000002ef [SR] Beginning Verify and Repair transaction
2015-07-25 23:00:36, Info                  CSI    000002f1 [SR] Verify complete
2015-07-25 23:00:37, Info                  CSI    000002f2 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 23:00:37, Info                  CSI    000002f3 [SR] Beginning Verify and Repair transaction
2015-07-25 23:00:41, Info                  CSI    000002f5 [SR] Verify complete
2015-07-25 23:00:41, Info                  CSI    000002f6 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 23:00:41, Info                  CSI    000002f7 [SR] Beginning Verify and Repair transaction
2015-07-25 23:00:48, Info                  CSI    00000311 [SR] Verify complete
2015-07-25 23:00:48, Info                  CSI    00000312 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 23:00:48, Info                  CSI    00000313 [SR] Beginning Verify and Repair transaction
2015-07-25 23:01:01, Info                  CSI    00000315 [SR] Verify complete
2015-07-25 23:01:01, Info                  CSI    00000316 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 23:01:01, Info                  CSI    00000317 [SR] Beginning Verify and Repair transaction
2015-07-25 23:01:05, Info                  CSI    00000319 [SR] Verify complete
2015-07-25 23:01:05, Info                  CSI    0000031a [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 23:01:05, Info                  CSI    0000031b [SR] Beginning Verify and Repair transaction
2015-07-25 23:01:09, Info                  CSI    0000031d [SR] Verify complete
2015-07-25 23:01:09, Info                  CSI    0000031e [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 23:01:09, Info                  CSI    0000031f [SR] Beginning Verify and Repair transaction
2015-07-25 23:01:11, Info                  CSI    00000323 [SR] Verify complete
2015-07-25 23:01:11, Info                  CSI    00000324 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 23:01:11, Info                  CSI    00000325 [SR] Beginning Verify and Repair transaction
2015-07-25 23:01:14, Info                  CSI    00000327 [SR] Verify complete
2015-07-25 23:01:14, Info                  CSI    00000328 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 23:01:14, Info                  CSI    00000329 [SR] Beginning Verify and Repair transaction
2015-07-25 23:01:18, Info                  CSI    0000032b [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:18{9}]"slwga.dll" from store
2015-07-25 23:01:18, Info                  CSI    0000032c [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:18{9}]"slmgr.vbs" from store
2015-07-25 23:01:19, Info                  CSI    0000032e [SR] Verify complete
2015-07-25 23:01:19, Info                  CSI    0000032f [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 23:01:19, Info                  CSI    00000330 [SR] Beginning Verify and Repair transaction
2015-07-25 23:01:22, Info                  CSI    00000332 [SR] Verify complete
2015-07-25 23:01:23, Info                  CSI    00000333 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 23:01:23, Info                  CSI    00000334 [SR] Beginning Verify and Repair transaction
2015-07-25 23:01:26, Info                  CSI    00000337 [SR] Verify complete
2015-07-25 23:01:27, Info                  CSI    00000338 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 23:01:27, Info                  CSI    00000339 [SR] Beginning Verify and Repair transaction
2015-07-25 23:01:30, Info                  CSI    0000033b [SR] Verify complete
2015-07-25 23:01:30, Info                  CSI    0000033c [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 23:01:30, Info                  CSI    0000033d [SR] Beginning Verify and Repair transaction
2015-07-25 23:01:33, Info                  CSI    0000033f [SR] Verify complete
2015-07-25 23:01:33, Info                  CSI    00000340 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 23:01:33, Info                  CSI    00000341 [SR] Beginning Verify and Repair transaction
2015-07-25 23:01:37, Info                  CSI    00000343 [SR] Verify complete
2015-07-25 23:01:37, Info                  CSI    00000344 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 23:01:37, Info                  CSI    00000345 [SR] Beginning Verify and Repair transaction
2015-07-25 23:01:42, Info                  CSI    00000348 [SR] Verify complete
2015-07-25 23:01:43, Info                  CSI    00000349 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 23:01:43, Info                  CSI    0000034a [SR] Beginning Verify and Repair transaction
2015-07-25 23:01:46, Info                  CSI    0000034c [SR] Verify complete
2015-07-25 23:01:47, Info                  CSI    0000034d [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 23:01:47, Info                  CSI    0000034e [SR] Beginning Verify and Repair transaction
2015-07-25 23:01:53, Info                  CSI    00000350 [SR] Verify complete
2015-07-25 23:01:54, Info                  CSI    00000351 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 23:01:54, Info                  CSI    00000352 [SR] Beginning Verify and Repair transaction
2015-07-25 23:01:59, Info                  CSI    00000354 [SR] Verify complete
2015-07-25 23:02:00, Info                  CSI    00000355 [SR] Verifying 100 (0x0000000000000064) components
2015-07-25 23:02:00, Info                  CSI    00000356 [SR] Beginning Verify and Repair transaction
2015-07-25 23:02:05, Info                  CSI    00000358 [SR] Verify complete
2015-07-25 23:02:05, Info                  CSI    00000359 [SR] Verifying 51 (0x0000000000000033) components
2015-07-25 23:02:05, Info                  CSI    0000035a [SR] Beginning Verify and Repair transaction
2015-07-25 23:02:08, Info                  CSI    0000035c [SR] Verify complete
2015-07-25 23:02:08, Info                  CSI    0000035d [SR] Repairing 7 components
2015-07-25 23:02:08, Info                  CSI    0000035e [SR] Beginning Verify and Repair transaction
2015-07-25 23:02:08, Info                  CSI    00000360 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:26{13}]"systemcpl.dll" from store
2015-07-25 23:02:08, Info                  CSI    00000361 [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:18{9}]"slmgr.vbs" from store
2015-07-25 23:02:08, Info                  CSI    00000362 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:18{9}]"slmgr.vbs" from store
2015-07-25 23:02:08, Info                  CSI    00000364 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"user32.dll" from store
2015-07-25 23:02:08, Info                  CSI    00000366 [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:20{10}]"user32.dll" from store
2015-07-25 23:02:09, Info                  CSI    00000368 [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:18{9}]"slwga.dll" from store
2015-07-25 23:02:09, Info                  CSI    0000036a [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:18{9}]"slwga.dll" from store
2015-07-25 23:02:09, Info                  CSI    0000036c [SR] Repair complete
2015-07-25 23:02:09, Info                  CSI    0000036d [SR] Committing transaction
2015-07-25 23:02:09, Info                  CSI    00000371 [SR] Unable to complete Verify and Repair transaction because some of the files that need to be repaired are in use. A reboot is required to complete this operation.
2015-07-25 23:02:09, Info                  CSI    00000372 [SR] Repairing 7 components
2015-07-25 23:02:09, Info                  CSI    00000373 [SR] Beginning Verify and Repair transaction
2015-07-25 23:02:09, Info                  CSI    00000375 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:26{13}]"systemcpl.dll" from store
2015-07-25 23:02:09, Info                  CSI    00000376 [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:18{9}]"slmgr.vbs" from store
2015-07-25 23:02:09, Info                  CSI    00000377 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:18{9}]"slmgr.vbs" from store
2015-07-25 23:02:09, Info                  CSI    00000379 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"user32.dll" from store
2015-07-25 23:02:09, Info                  CSI    0000037b [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:20{10}]"user32.dll" from store
2015-07-25 23:02:10, Info                  CSI    0000037d [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:18{9}]"slwga.dll" from store
2015-07-25 23:02:10, Info                  CSI    0000037f [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:18{9}]"slwga.dll" from store
2015-07-25 23:02:10, Info                  CSI    00000381 [SR] Repair complete


Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 25/07/2015 11:15:24 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 26/07/2015 5:56:18 AM
Type: Error Category: 0
Event: 10001 Source: Microsoft-Windows-DistributedCOM
Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding

Log: 'System' Date/Time: 26/07/2015 5:47:43 AM
Type: Error Category: 0
Event: 1012 Source: Microsoft-Windows-DNS-Client
There was an error while attempting to read the local hosts file.

Log: 'System' Date/Time: 26/07/2015 5:47:11 AM
Type: Error Category: 0
Event: 1012 Source: Microsoft-Windows-DNS-Client
There was an error while attempting to read the local hosts file.

Log: 'System' Date/Time: 26/07/2015 5:46:48 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The BlueStacks Android Service service terminated with the following error:  An exception occurred in the service when handling the control request.

Log: 'System' Date/Time: 26/07/2015 5:46:26 AM
Type: Error Category: 0
Event: 1012 Source: Microsoft-Windows-DNS-Client
There was an error while attempting to read the local hosts file.

Log: 'System' Date/Time: 26/07/2015 5:45:37 AM
Type: Error Category: 0
Event: 10003 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped unexpectedly.  Module Path: C:\Windows\System32\bcmihvsrv64.dll

Log: 'System' Date/Time: 26/07/2015 5:45:37 AM
Type: Error Category: 0
Event: 10003 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped unexpectedly.  Module Path: C:\Windows\System32\bcmihvsrv64.dll

Log: 'System' Date/Time: 26/07/2015 5:45:37 AM
Type: Error Category: 0
Event: 1012 Source: Microsoft-Windows-DNS-Client
There was an error while attempting to read the local hosts file.

Log: 'System' Date/Time: 26/07/2015 5:45:35 AM
Type: Error Category: 0
Event: 10003 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped unexpectedly.  Module Path: C:\Windows\System32\bcmihvsrv64.dll

Log: 'System' Date/Time: 26/07/2015 5:45:31 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {3EB3C877-1F16-487C-9050-104DBCD66683} did not register with DCOM within the required timeout.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 26/07/2015 5:45:37 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.



Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
AppleMobileDeviceHelper.exe        3,876 K    13,136 K    5080    MobileDeviceHelper    Apple Inc.    
armsvc.exe        1,208 K    4,044 K    1712    Adobe Acrobat Update Service    Adobe Systems Incorporated    
atieclxx.exe        2,828 K    7,980 K    1352            
atiesrxx.exe        1,496 K    4,400 K    832    AMD External Events Service Module    AMD    
cmd.exe        2,152 K    3,180 K    2392            
conhost.exe        2,100 K    5,620 K    940            
conhost.exe        1,440 K    3,688 K    1068    Console Window Host    Microsoft Corporation    
conhost.exe        1,440 K    3,624 K    3664    Console Window Host    Microsoft Corporation    
conhost.exe        1,068 K    2,888 K    1452            
distnoted.exe        1,772 K    5,964 K    5404    distnoted    Apple Inc.    
dllhost.exe        2,900 K    7,484 K    5012            
dllhost.exe        4,912 K    15,080 K    7132    COM Surrogate    Microsoft Corporation    
Fuel.Service.exe        5,472 K    11,828 K    1732    AMD Fuel Service    Advanced Micro Devices, Inc.    
GoogleCrashHandler.exe        1,620 K    528 K    2652            
GoogleCrashHandler64.exe        1,732 K    528 K    2664            
jusched.exe        1,500 K    5,192 K    2232    Java Update Scheduler    Oracle Corporation    
lsm.exe        2,652 K    4,388 K    568            
mDNSResponder.exe        2,648 K    6,144 K    1784    Bonjour Service    Apple Inc.    
notepad.exe        12,356 K    25,728 K    2688            
procexp.exe        2,308 K    7,268 K    6484    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    
RAVBg64.exe        15,032 K    11,828 K    1136            
RtkAudioService64.exe        2,140 K    5,484 K    1096    Realtek Audio Service    Realtek Semiconductor    
SearchFilterHost.exe        2,308 K    5,324 K    2472            
services.exe        7,256 K    10,396 K    544            
SkypeC2CAutoUpdateSvc.exe        1,384 K    4,896 K    396    Updates Skype Click to Call    Microsoft Corporation    
SkypeC2CPNRSvc.exe        1,916 K    5,076 K    1220    Phone Number Recognition (PNR) module    Microsoft Corporation    
smss.exe        700 K    1,284 K    272            
sppsvc.exe        6,224 K    13,696 K    5132    Microsoft Software Protection Platform Service    Microsoft Corporation    
SRWUpdate.exe        5,392 K    11,900 K    2660            
svchost.exe        2,752 K    6,208 K    3740    Host Process for Windows Services    Microsoft Corporation    
svchost.exe        1,828 K    4,868 K    3700    Host Process for Windows Services    Microsoft Corporation    
svchost.exe        1,968 K    5,572 K    2444    Host Process for Windows Services    Microsoft Corporation    
svchost.exe        13,992 K    15,372 K    1588    Host Process for Windows Services    Microsoft Corporation    
TrustedInstaller.exe        9,040 K    16,084 K    3956    Windows Modules Installer    Microsoft Corporation    
winampa.exe        1,168 K    4,428 K    3008    Winamp Agent    Nullsoft, Inc.    
wininit.exe        1,724 K    4,652 K    484            
winlogon.exe        3,368 K    7,736 K    824            
wlanext.exe        1,956 K    5,300 K    1444            
WLIDSVCM.EXE        1,504 K    3,588 K    3120            
wuauclt.exe        2,252 K    6,752 K    4532    Windows Update    Microsoft Corporation    
WUDFHost.exe        2,332 K    6,396 K    3908            
iTunesHelper.exe    < 0.01    5,068 K    13,644 K    2448    iTunesHelper    Apple Inc.    
SearchProtocolHost.exe    < 0.01    2,684 K    7,932 K    8184            
HD-LogRotatorService.exe    < 0.01    11,676 K    8,428 K    1820    BlueStacks Log Rotator Service    BlueStack Systems, Inc.    
lsass.exe    < 0.01    5,480 K    12,972 K    560    Local Security Authority Process    Microsoft Corporation    
wmpnetwk.exe    < 0.01    13,580 K    12,052 K    4864    Windows Media Player Network Sharing Service    Microsoft Corporation    
spoolsv.exe    < 0.01    8,708 K    15,348 K    1560    Spooler SubSystem App    Microsoft Corporation    
svchost.exe    < 0.01    58,676 K    21,204 K    5284    Host Process for Windows Services    Microsoft Corporation    
HD-UpdaterService.exe    < 0.01    16,596 K    16,024 K    1972    BlueStacks Updater Service    BlueStack Systems, Inc.    
PnkBstrA.exe    < 0.01    1,244 K    4,340 K    2544            
SteamService.exe    < 0.01    6,192 K    8,696 K    3376    Steam Client Service    Valve Corporation    
csrss.exe    < 0.01    2,288 K    4,652 K    404            
WLIDSVC.EXE    < 0.01    7,280 K    14,800 K    2648            
steamwebhelper.exe    0.01    7,944 K    17,760 K    2764    Steam Client WebHelper    Valve Corporation    
iPodService.exe    0.01    2,596 K    6,900 K    3324    iPodService Module (64-bit)    Apple Inc.    
SearchIndexer.exe    0.01    42,568 K    30,712 K    3464    Microsoft Windows Search Indexer    Microsoft Corporation    
taskhost.exe    0.01    13,648 K    14,764 K    2052    Host Process for Windows Tasks    Microsoft Corporation    
svchost.exe    0.01    13,148 K    23,364 K    976    Host Process for Windows Services    Microsoft Corporation    
svchost.exe    0.02    14,920 K    16,416 K    1188    Host Process for Windows Services    Microsoft Corporation    
CCC.exe    0.02    98,148 K    19,108 K    3976    Catalyst Control Center: Host application    ATI Technologies Inc.    
svchost.exe    0.02    4,200 K    7,924 K    748    Host Process for Windows Services    Microsoft Corporation    
explorer.exe    0.03    45,760 K    65,792 K    2268    Windows Explorer    Microsoft Corporation    
AppleMobileDeviceService.exe    0.03    3,876 K    10,580 K    1764    MobileDeviceService    Apple Inc.    
svchost.exe    0.03    27,560 K    24,428 K    884    Host Process for Windows Services    Microsoft Corporation    
MOM.exe    0.03    27,668 K    6,440 K    3048    Catalyst Control Center: Monitoring program    Advanced Micro Devices Inc.    
HD-Agent.exe    0.03    29,352 K    24,108 K    3068    BlueStacks Agent    BlueStack Systems, Inc.    
svchost.exe    0.04    22,884 K    39,364 K    1000    Host Process for Windows Services    Microsoft Corporation    
svchost.exe    0.08    8,872 K    16,440 K    4152    Host Process for Windows Services    Microsoft Corporation    
svchost.exe    0.09    4,976 K    9,884 K    672    Host Process for Windows Services    Microsoft Corporation    
dwm.exe    0.13    30,684 K    30,156 K    2204    Desktop Window Manager    Microsoft Corporation    
csrss.exe    0.20    3,608 K    10,028 K    520            
Steam.exe    0.33    52,672 K    71,004 K    2492    Steam Client Bootstrapper    Valve Corporation    
Skype.exe    0.33    124,812 K    149,828 K    2600    Skype     Skype Technologies S.A.    
svchost.exe    0.49    188,296 K    200,148 K    924    Host Process for Windows Services    Microsoft Corporation    
svchost.exe    0.61    11,440 K    14,196 K    4344    Host Process for Windows Services    Microsoft Corporation    
SRWAgent.exe    0.62    67,584 K    61,468 K    2616    SRWAgent    IgniteGT    
Interrupts    0.75    0 K    0 K    n/a    Hardware Interrupts and DPCs        
System    0.83    144 K    1,008 K    4            
procexp64.exe    1.20    29,668 K    49,744 K    7020    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    
audiodg.exe    1.67    30,092 K    28,252 K    624            
iTunes.exe    2.03    86,920 K    118,132 K    2380    iTunes    Apple Inc.    
firefox.exe    9.72    855,904 K    825,872 K    760    Firefox    Mozilla Corporation    
System Idle Process    80.58    0 K    24 K    0            



So far it's worked. The fix list seems to be what did it. What all is in the fix list? Did anything in particular catch your eye?


  • 0

#6
RKinner
Posted 26 July 2015 - 06:10 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

The top two lines in the fixlist were definitely malware:

 

HKU\S-1-5-21-278295415-4203223567-2615167640-1000\...\Run: [XCHSGQLLE] => rundll32 "C:\Users\Gunnar\AppData\Roaming\scriptov.dll",nmewpwtib
2015-05-21 11:23 - 2015-05-21 11:23 - 0192512 __RSH () C:\Users\Gunnar\AppData\Roaming\scriptov.dll

 

XCHSGQLLE is a random name as is nmewpwtib.  Scriptov.dll may actually be a standard Visual Basic file used to run another file.  Not sure about it as I got lots of hits but none at virustotal.com

 

SFC corrected user32.dll which may have also been involved. 

 

The event logs are complaining about your hosts file.  Let's fix it:

 

This is the easy way:

 

Download HostsXpert from http://www.majorgeek...hostsxpert.htmlSave the file then right click and Extract All.  It will create a new folder in the same place.  In the folder find HostsXpert.exe and right click on it and Run As Administrator.

It will take a few seconds to appear.  If the top line in the left column says Make Writeable, click on it and it should change to Make Read Only?  If it already says Make Read Only? that's OK just go on to the next step.
Now click on the left column entry that says: Restore MSHosts file.  Click on the Make Read Only? entry then close HostXpert.

 

This is the hard way if the above doesn't work:

 

First make sure the files are visible.

Open the Control Panel menu and click Folder Options.
    After the new window appears select the View tab.
    Put a checkmark in the checkbox labeled Display the contents of system folders.
    Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
    Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
    Remove the checkmark from the checkbox labeled Hide protected operating system files.
    Press the Apply button and then the OK button

Right click on the start and select Open Windows Explorer.  Click on the arrow in front of Local Drive (C; )

Click on the arrow in front of Windows

Click on the arrow in front of System32  (You will have to scroll down a bit to see it)

Click on the arrow in front of Drivers

Click on  etc.  You should see hosts  in the right pane

Right click on it and select Properties.

Click on Security

Click on Advanced

Click on Owner

Current Owner is usually System.  Click on Edit.

You should see Administrators and also your user name in the Change Owner to box.  Click on Administrators.  OK, OK, OK , OK

This should close the Properties box.  Right click on Hosts and select Properties again.  Click on Security.  Click on Edit.

Click on Users and then check the Full Control box and then Apply.  Yes.

Click on Administrators and it should already have the Full Control checked.

OK OK

Now double click on hosts.

Click on Notepad and then OK.

It should open in notepad.

Normally the first stuff in a hosts files is:

Quote
# Copyright © 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handled within DNS itself.
# 127.0.0.1       localhost
#

The " # " indicates a comment and means the line  is ignored.  In Win 7 there is normally nothing in the hosts file but comments.

You can delete everything but the comments.  If there are no comments then just add one:

# comment

Then File, Save.  It should not give you an error this time.

File, Exit.

You can reopen hosts to make sure it took.  (You will have to click on Notepad again as hosts does not have an extension)

 

 

The other error is with your licensing.  Is it complaining that you aren't registered?

 

 

 

 


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP