Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

removing koobface [Solved]


  • This topic is locked This topic is locked

#1
exitfromreality

exitfromreality

    Member

  • Member
  • PipPip
  • 15 posts

Pretty much this. I've been told I have it, but I'm doubtful that I actually do. Want a good way to scan, make sure, and remove is necessary.

 

thanks

-Colin


  • 0

Advertisements


#2
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Greetings,

Welcome to Geeks to Go--the friendliest online community dedicated to the sole goal of helping people from all around the world! :) I am Pyxis and I will be assisting you. As such, I would like to stress the following reminders:
  • It is important that you do not install anything unless asked while the process is ongoing. Doing so may hinder or even complicate the cleaning of your system. You will get the chance to install things as you would like after the process has been completed.
  • Ensure you take extra caution to precisely follow my instructions. Please only use the tools I have asked you to. The instructions for your computer are unique and should therefore only apply to your system.
  • Since the cleaning process is quite delicate, your timely response is crucial. Topics are marked inactive and thus closed within 3 full days of no activity. If you deem I have overlooked your thread--which is in a matter of more than 48 hours--please send me a PM and I will get back to you shortly.
I hope you keep in mind these reminders. Let's get to work! :thumbsup:
  • Step 1

    Download both versions of Farbar Recovery Scan Tool by Farbar from the links below and save them to your desktop.

    '32-bit'
    '64-bit'
    • Simply double-click the program icon to run it. It will ask for administrator privileges. If the first one you tried does not work, try the other version.
    • The program will initialize. Press Yes to accept the disclaimer.
    • Put a check on Addition.
    • Press the Scan button after.
    • It will produce FRST.txt and Addition.txt on your desktop once done.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the logs in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • Addition.txt (Farbar Recovery Scan Tool)
    • FRST.txt (Farbar Recovery Scan Tool)

  • 0

#3
exitfromreality

exitfromreality

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

I guess I should start out by saying I was told I might have this virus from someone running netstat -ana and pointing out a whole list of established connections to my computer. I'm unfamiliar with a lot of networking stuff so I couldn't tell if they knew what they were doing, or if they were bullshitting me, but Geeks to Go has some crazy good people and you've helped me before, so I just wanted to make sure.

 

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:26-07-2015
Ran by Finch at 2015-07-28 23:21:58
Running from C:\Users\Finch\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3543055688-4141051895-993799836-500 - Administrator - Disabled)
Finch (S-1-5-21-3543055688-4141051895-993799836-1001 - Administrator - Enabled) => C:\Users\Finch
Guest (S-1-5-21-3543055688-4141051895-993799836-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3543055688-4141051895-993799836-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe After Effects CC 2014 (HKLM-x32\...\{2B22C750-5C3B-4738-B621-BA786AC7A494}) (Version: 13.2.0 - Adobe Systems Incorporated)
Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.0.0.74 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.5 64-bit (HKLM\...\{19BBD0F3-7A31-480D-8A23-19AE28035E9C}) (Version: 5.5.0 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.001 - Asmedia Technology)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.18 - Audible, Inc.)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2687664.1637756.4759644.48 - Audible, Inc.)
Autodesk 3ds Max 2010 64-bit (HKLM\...\{A9F1B5F6-0EE6-0409-BADD-F8BD360FACC3}) (Version: 12.0 - Autodesk)
Autodesk 3ds Max 2010 64-bit Components (HKLM\...\{B9E591DD-DAAC-0409-B1B8-5667E359170B}) (Version: 12.0 - Autodesk)
Autodesk 3ds Max 2010 Tutorials Files (HKLM-x32\...\{E551D82D-4D56-4AF7-A2C9-8897D7A0CB00}) (Version: 12.0 - Autodesk)
Autodesk Backburner 2014 (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 14.0.0.0 - Autodesk, Inc.)
Autodesk Composite 2014 (HKLM\...\Autodesk Composite 2014) (Version: 9.0.0.0 - Autodesk)
Autodesk Composite 2014 (Version: 9.0.0.0 - Autodesk) Hidden
Autodesk DirectConnect 2014 64-bit (HKLM\...\Autodesk DirectConnect 2014 64-bit) (Version: 8.0.56.1 - Autodesk)
Autodesk DirectConnect 2014 64-bit (Version: 8.0.56.1 - Autodesk) Hidden
Autodesk FBX Plugin 2009.4 - 3ds Max 2010 64-bit (HKLM\...\Autodesk FBX Plugin 2009.4 - 3ds Max 2010 64-bit) (Version:  - Autodesk)
Autodesk MatchMover 2014 (HKLM\...\{B151ECD3-2DBE-45E9-816E-F8AA6238F6A8}) (Version: 14.00.0000 - Autodesk)
Autodesk Maya 2014 (HKLM\...\Autodesk Maya 2014) (Version: 16.0.0.0 - Autodesk)
Autodesk Maya 2014 (Version: 16.0.0.0 - Autodesk) Hidden
AviSynth (HKLM-x32\...\AviSynth) (Version: 2.6.0 MT - )
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23028 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.1 - EA Digital Illusions CE AB)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cities: Skylines (HKLM-x32\...\Steam App 255710) (Version:  - Colossal Order)
CPUID HWMonitor 1.27 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version:  - FromSoftware)
DiRT Rally (HKLM-x32\...\Steam App 310560) (Version:  - Codemasters Racing Studio)
Enemy Starfighter (HKLM-x32\...\Steam App 283160) (Version:  - )
Epic Games Launcher (HKLM\...\{6EF9417C-C8BF-45D9-B61C-D9EB6007D6E6}) (Version: 1.1.22.0 - Epic Games, Inc.)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
FileBot (HKLM\...\{58D6F585-61CF-4AEE-8C0E-3CEAAFD74B02}) (Version: 4.5.6 - Reinhard Pointner)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
HandBrake 0.10.1 (HKLM-x32\...\HandBrake) (Version: 0.10.1 - )
Hyper Light Drifter (HKLM-x32\...\Steam App 257850) (Version:  - )
Intel® Network Connections 18.1.59.0 (HKLM\...\PROSetDX) (Version: 18.1.59.0 - Intel)
ioquake3 (HKLM-x32\...\ioquake3) (Version:  - )
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Kingdom Come: Deliverance (Alpha Access) (HKLM-x32\...\Steam App 286860) (Version:  - )
Logitech Gaming Software 8.52 (HKLM\...\Logitech Gaming Software) (Version: 8.52.15 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
mental ray renderer for Autodesk Maya 2014 (HKLM\...\{8057481C-0CFC-43BB-8EEC-C6A0E1C82E19}) (Version: 13.0.1.0 - mental ray)
MeshLab_64b 1.3.3 (HKLM-x32\...\MeshLab_64b) (Version: 1.3.3 - Paolo Cignoni - Guido Ranzuglia VCG - ISTI - CNR)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft ESP SimConnect Client v1.0.20.0 (HKLM-x32\...\{C0A9FCC1-9725-4679-8AC2-FE501B139B63}) (Version: 1.0.20.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 347.52 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Oculus Display Driver (Install Only) (HKLM\...\{50700EF8-2D6A-4122-B307-E37A5E1F32D5}) (Version: 1.2.4.0 - Oculus VR, LLC)
Oculus Positional Tracker Driver (Install Only) (HKLM\...\{8741739C-8CB4-47C2-B36C-A860AD180BDA}) (Version: 1.0.9.0 - Oculus VR, LLC)
Oculus Runtime (HKLM-x32\...\Oculus Runtime 0.5.0.1-Release-49138) (Version: 0.5.0.1-Release-49138 - Oculus VR, LLC)
OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.)
Pillars of Eternity (HKLM-x32\...\Steam App 291650) (Version:  - Obsidian Entertainment)
Pixar RenderMan Pro Server 19.0 (HKLM\...\{5841E680-14B8-11E5-8E5D-001CC4171F87}) (Version: 19.0.1497244 - Pixar)
Prepar3D v2 Professional Bundle (x32 Version: 2.2.10437.0 - Lockheed Martin) Hidden
Project CARS (HKLM-x32\...\Steam App 234630) (Version:  - Slightly Mad Studios)
PS3 Media Server (HKLM-x32\...\PS3 Media Server) (Version: 1.90.1 - PS3 Media Server)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
qBittorrent 3.2.0 (HKLM-x32\...\qBittorrent) (Version: 3.2.0 - The qBittorrent project)
Quake III Arena (HKLM-x32\...\ioquake3-q3a) (Version:  - )
Quake Live (HKLM-x32\...\Steam App 282440) (Version:  - id Software)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.26599 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6923 - Realtek Semiconductor Corp.)
Reflex (HKLM-x32\...\Steam App 328070) (Version:  - Turbo Pixel Studios)
RenderManNC-Installer (HKLM\...\{DAB7A2E1-D380-11E4-BBF3-001CC4171F87}) (Version: 1.0.0 - Pixar)
RenderManStudio-19.0-maya2014 (HKLM\...\{D76D7140-14B8-11E5-A2EE-001CC4171F87}) (Version: 19.0.0 - Pixar)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Shovel Knight (HKLM-x32\...\Steam App 250760) (Version:  - Yacht Club Games)
SoulseekQt (HKLM-x32\...\SoulseekQt) (Version:  - )
Spintires (HKLM-x32\...\Steam App 263280) (Version:  - Oovee® Game Studios)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version:  - Nicalis, Inc.)
theHunter (HKLM-x32\...\Steam App 253710) (Version:  - Expansive Worlds)
Universal Media Server (HKLM-x32\...\Universal Media Server) (Version: 5.1.3 - Universal Media Server)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.8-4 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WinDirStat 1.1.2 (HKU\S-1-5-21-3543055688-4141051895-993799836-1001\...\WinDirStat) (Version:  - )
Windows Phone app for desktop (HKLM-x32\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation)
Wing Commander III (HKLM-x32\...\{F96B9930-E22A-44D6-81B5-6C8E92C21B4B}) (Version: 2.0.0.2 - Electronic Arts)
World of Tanks (HKU\S-1-5-21-3543055688-4141051895-993799836-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812na}_is1) (Version:  - Wargaming.net)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3543055688-4141051895-993799836-1001_Classes\CLSID\{83B0E426-D4EE-11D4-BEDF-BAB7F1EEA455}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2010\addflow4.ocx (Lassalle Technologies)

==================== Restore Points =========================

07-07-2015 05:25:35 Scheduled Checkpoint
14-07-2015 23:03:52 Windows Update
21-07-2015 01:12:35 Windows Update
23-07-2015 03:31:23 Installed Windows Phone app for desktop
28-07-2015 11:18:28 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0295AB57-F0EF-465D-A5D1-C404E1AA5ADC} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-03-30] (Adobe Systems Incorporated)
Task: {60D59A58-0757-4B5B-A0AC-5E2844B4E9EE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {664BCDD4-D5BC-4638-B1A2-1FA28F758D14} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {BE1C7137-90D7-4392-9444-829FBE514158} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-23] (Google Inc.)
Task: {C20C936C-A4A4-4A89-976F-A287F25B80B9} - System32\Tasks\0814avUpdateInfo => C:\ProgramData\Avg_Update_0814av\0814av_AVG-Secure-Search-Update.exe
Task: {DAC0A430-375F-4F35-8965-39EBB2559D48} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-23] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-11-26 03:23 - 2015-02-05 12:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-06 02:46 - 2012-10-29 00:48 - 00927232 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
2009-03-12 17:39 - 2009-03-12 17:39 - 00086016 _____ () C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
2014-11-29 00:43 - 2015-05-29 09:10 - 00076152 _____ () C:\WINDOWS\system32\PnkBstrA.exe
2015-02-04 16:24 - 2015-02-04 16:25 - 00187072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2015-04-16 17:42 - 2015-04-16 17:42 - 00997536 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2014-08-02 00:02 - 2014-04-21 15:30 - 01356568 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2014-04-16 02:14 - 2015-01-15 23:42 - 00715080 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\gamecaster64.dll
2014-04-16 02:14 - 2015-01-15 23:42 - 00854344 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\twitchsdk64.dll
2014-04-06 02:46 - 2015-07-28 23:18 - 00038032 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\PEbiosinterface32.dll
2014-04-06 02:46 - 2012-05-07 09:04 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\ATKEX.dll
2015-05-19 19:29 - 2015-05-19 19:29 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Finch\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3543055688-4141051895-993799836-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Finch\Downloads\cWgZ3IP.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-3543055688-4141051895-993799836-1001\...\StartupApproved\Run: => "uTorrent"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{0E0A54CE-9578-49FD-9C7A-66260FCD35D8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1A60E916-2EDC-4316-A615-BF38D71FD4B8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{FA07D39E-F02F-443C-AAB8-8D1BA48B167D}C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe] => (Allow) C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe
FirewallRules: [UDP Query User{2B9E3B61-58EF-4E06-84DE-E62A25AF3C9C}C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe] => (Allow) C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe
FirewallRules: [{2946CD1B-2E44-4286-97AB-7FBDB604A94F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\EnemyStarfighter\enemystarfighter.exe
FirewallRules: [{AEEDAC65-E702-4303-AB75-AB4A7E9111A4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\EnemyStarfighter\enemystarfighter.exe
FirewallRules: [{B8D1DA04-D52F-4E3E-8FC9-F11E7388609E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4C6538F2-C046-489A-8E38-E1428860F95A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9240EAF3-EE9E-41C7-ABE5-AA7AC1926C33}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8C16F9AE-9615-430D-87C6-EFE39694036F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{5B90CE08-D23E-4C6A-A0B4-4EDD3CC229EA}C:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\data.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\data.exe
FirewallRules: [UDP Query User{3579D0F6-B73D-4AE2-B084-6C3E08AA014E}C:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\data.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\data.exe
FirewallRules: [{5CFCF001-1EBF-4B9F-8B92-A457B19E8155}] => (Allow) C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64.exe
FirewallRules: [{16CD0F79-9B67-4291-B3B9-CCB953F9E3F9}] => (Allow) C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64.exe
FirewallRules: [{4C348A84-0284-4A3E-95B6-E0A891AC25AD}] => (Allow) C:\Program Files\Autodesk\3ds Max 2010\3dsmax.exe
FirewallRules: [{ED5104DD-1A13-4767-AAF1-0FBFD85EFBCE}] => (Allow) C:\Program Files\Autodesk\3ds Max 2010\3dsmax.exe
FirewallRules: [{B7B1A38A-A122-423E-AD16-54745AB31C90}] => (Allow) C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
FirewallRules: [{3FA00C6B-A1A7-41EE-BE9C-7DDD6D0530E2}] => (Allow) C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
FirewallRules: [TCP Query User{E9DD550A-B446-43ED-B2A7-6C23F19D49CB}C:\users\finch\documents\starcitizen\citizenclient\bin64\starcitizen.exe] => (Allow) C:\users\finch\documents\starcitizen\citizenclient\bin64\starcitizen.exe
FirewallRules: [UDP Query User{077A61CC-C00C-4FD4-B4CE-270E51FCF1AA}C:\users\finch\documents\starcitizen\citizenclient\bin64\starcitizen.exe] => (Allow) C:\users\finch\documents\starcitizen\citizenclient\bin64\starcitizen.exe
FirewallRules: [TCP Query User{B7218C54-D4B0-468E-8244-1087D4A2000D}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{1BFD7BC2-D6BC-4A48-A9B8-7CEECC860036}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{CD101B08-5F73-404C-8518-98FF3A132FA9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{BEFB2C6C-104B-4F8B-A5E8-A8ADEDE22E85}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{82E0A68A-A822-406D-B34B-AF3320F23EDA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{B5ACD021-355C-49A2-8E80-2E8AA6872B32}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{DD2F6D14-AF7B-4950-B199-1BC659C1F037}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{83EBA6CD-C207-4C92-9DE6-EAC76088DA8F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{F2520B83-69CF-4C85-B95D-22CE851D6D67}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2DC652E2-C322-4FE8-A2C0-8DFC77A882F1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{7A86773B-7397-4387-AB31-25E1F40C81A7}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [UDP Query User{9FB6AD0F-3292-4FBD-904F-A3AB95861DEE}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [{0E980D57-2D3B-4D80-8525-C0F0986CF402}] => (Allow) LPort=80
FirewallRules: [{76B269EB-5C3A-4382-83F0-42A0452162E3}] => (Allow) LPort=443
FirewallRules: [{C38F8232-3755-4B17-89D6-B9AC524E405B}] => (Allow) LPort=20010
FirewallRules: [{D6617013-2959-496E-88BD-9AFC43E1DD7A}] => (Allow) LPort=3478
FirewallRules: [{5F9902D6-91C7-4C8E-B597-074FADF1BA76}] => (Allow) LPort=7850
FirewallRules: [{778D6E7A-508F-48D4-99E2-674C788C1DA5}] => (Allow) LPort=7852
FirewallRules: [{A3A1F4FB-6345-4F11-B1FD-BD9F0329BC5B}] => (Allow) LPort=7853
FirewallRules: [{5A78F5DB-4E7B-46FD-ABD6-AB515FC69445}] => (Allow) LPort=27022
FirewallRules: [{0C775E74-725A-4DAD-A11A-E528239BC8FC}] => (Allow) LPort=6881
FirewallRules: [{3EB7A51F-A403-4C56-BDA8-DBC5CC9AAB3F}] => (Allow) LPort=33333
FirewallRules: [{9B6C9187-1CFA-428A-8F8B-A6B9B306151B}] => (Allow) LPort=20443
FirewallRules: [{3C2070A6-CBA7-43C8-80DB-9E15B08BC2D0}] => (Allow) LPort=8090
FirewallRules: [TCP Query User{BAF751DF-EE76-4CEE-B370-1DA971155E12}C:\program files\guillemot\tools\giwebupdater.exe] => (Allow) C:\program files\guillemot\tools\giwebupdater.exe
FirewallRules: [UDP Query User{C5D0D0A5-245C-495C-A7D6-3B4077048C67}C:\program files\guillemot\tools\giwebupdater.exe] => (Allow) C:\program files\guillemot\tools\giwebupdater.exe
FirewallRules: [{0061A2F4-F8C0-484A-9DE4-00A8422B044F}] => (Allow) C:\Program Files (x86)\Lockheed Martin\Prepar3D v2\Prepar3D.exe
FirewallRules: [{F68D3BD8-5CC5-44A9-B51E-A58885E44037}] => (Allow) C:\Program Files (x86)\Lockheed Martin\Prepar3D v2\Prepar3D.exe
FirewallRules: [TCP Query User{1CCD9888-F083-40C3-A720-CF4A8A5FF240}C:\users\finch\downloads\cryengine_build_pc_v3_5_8_2310_freesdk\bin64\editor.exe] => (Allow) C:\users\finch\downloads\cryengine_build_pc_v3_5_8_2310_freesdk\bin64\editor.exe
FirewallRules: [UDP Query User{3B309D53-8660-46AD-A5D8-2CAD0E76B57D}C:\users\finch\downloads\cryengine_build_pc_v3_5_8_2310_freesdk\bin64\editor.exe] => (Allow) C:\users\finch\downloads\cryengine_build_pc_v3_5_8_2310_freesdk\bin64\editor.exe
FirewallRules: [{320BF1AC-0F97-4179-87BE-AE3AE682872E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Shovel Knight\ShovelKnight.exe
FirewallRules: [{1C1311F8-457B-4FCA-A87B-025389C95268}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Shovel Knight\ShovelKnight.exe
FirewallRules: [{07106CFF-B846-495D-A68B-F46746721C15}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{15BCEC5F-4E7E-4331-AB69-1BAAABFB658B}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [TCP Query User{5C6A791D-4AA9-4DE2-BB49-8141C8B98AA9}C:\program files (x86)\thehunter\launcher\launcher.exe] => (Allow) C:\program files (x86)\thehunter\launcher\launcher.exe
FirewallRules: [UDP Query User{59F01064-8CC2-401A-9718-29685048223D}C:\program files (x86)\thehunter\launcher\launcher.exe] => (Allow) C:\program files (x86)\thehunter\launcher\launcher.exe
FirewallRules: [TCP Query User{16550660-CF5B-4194-9D54-B78D2DED6F65}C:\program files (x86)\thehunter\game\thehunter.exe] => (Allow) C:\program files (x86)\thehunter\game\thehunter.exe
FirewallRules: [UDP Query User{64712AE2-BB89-4FD8-B9D7-ED9C39EDBC8D}C:\program files (x86)\thehunter\game\thehunter.exe] => (Allow) C:\program files (x86)\thehunter\game\thehunter.exe
FirewallRules: [TCP Query User{947A84F4-684A-44E6-B4F2-9AA1C6E23DF6}C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe] => (Allow) C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe
FirewallRules: [UDP Query User{B062ED44-67B5-4F4B-AD1D-F7C0AC94EB74}C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe] => (Allow) C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe
FirewallRules: [TCP Query User{9CC3D023-BC25-431A-B311-CBF1DB0013EC}C:\users\finch\downloads\cryengine_build_pc_v3_5_8_2310_freesdk\bin32\editor.exe] => (Allow) C:\users\finch\downloads\cryengine_build_pc_v3_5_8_2310_freesdk\bin32\editor.exe
FirewallRules: [UDP Query User{A8E5EFDB-5158-48E5-8197-23C5FDF6F8E1}C:\users\finch\downloads\cryengine_build_pc_v3_5_8_2310_freesdk\bin32\editor.exe] => (Allow) C:\users\finch\downloads\cryengine_build_pc_v3_5_8_2310_freesdk\bin32\editor.exe
FirewallRules: [TCP Query User{DB343BD0-1258-44B5-9482-245DDF96B004}C:\users\finch\downloads\cryengine_build_pc_v3_5_8_2310_freesdk\bin32\gamesdk.exe] => (Allow) C:\users\finch\downloads\cryengine_build_pc_v3_5_8_2310_freesdk\bin32\gamesdk.exe
FirewallRules: [UDP Query User{A771F133-9D68-4565-BF22-44E53DFD6E48}C:\users\finch\downloads\cryengine_build_pc_v3_5_8_2310_freesdk\bin32\gamesdk.exe] => (Allow) C:\users\finch\downloads\cryengine_build_pc_v3_5_8_2310_freesdk\bin32\gamesdk.exe
FirewallRules: [{14820AF9-0A9D-4D71-A521-338090E77662}] => (Allow) LPort=41780
FirewallRules: [TCP Query User{1E7BAE2E-8685-4488-8FC2-C30DD3B4452D}C:\users\public\sony online entertainment\installed games\landmark beta\landmark64.exe] => (Allow) C:\users\public\sony online entertainment\installed games\landmark beta\landmark64.exe
FirewallRules: [UDP Query User{00AC27C9-BAA2-470B-9871-E0DA1296EBDD}C:\users\public\sony online entertainment\installed games\landmark beta\landmark64.exe] => (Allow) C:\users\public\sony online entertainment\installed games\landmark beta\landmark64.exe
FirewallRules: [{E54859EE-B00C-49B1-AA1A-52BEC6347E83}] => (Allow) C:\Program Files (x86)\Origin Games\Wing Commander III\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{245C7920-944A-406B-9645-8F0A618A7CBA}] => (Allow) C:\Program Files (x86)\Origin Games\Wing Commander III\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{9774F557-34FA-45F1-9A74-1839A69EC1A7}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{DAAFD31E-B5EC-4FBB-B2B3-823291B07CB7}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{3C66183F-E913-4593-BC3C-2A7751A2BA63}E:\iso storage\quake iii arena (complete)\quake iii arena (complete)\quake iii arena (complete)\ioquake3.x86.exe] => (Allow) E:\iso storage\quake iii arena (complete)\quake iii arena (complete)\quake iii arena (complete)\ioquake3.x86.exe
FirewallRules: [UDP Query User{DEBD8903-FA9D-4458-86E0-9C085E3DA962}E:\iso storage\quake iii arena (complete)\quake iii arena (complete)\quake iii arena (complete)\ioquake3.x86.exe] => (Allow) E:\iso storage\quake iii arena (complete)\quake iii arena (complete)\quake iii arena (complete)\ioquake3.x86.exe
FirewallRules: [TCP Query User{5B2BE393-5ADE-4D38-AE1B-A67CAF60AEC0}E:\iso storage\quake iii arena (complete)\quake iii arena (complete)\quake iii arena (complete)\ioq3ded.x86.exe] => (Block) E:\iso storage\quake iii arena (complete)\quake iii arena (complete)\quake iii arena (complete)\ioq3ded.x86.exe
FirewallRules: [UDP Query User{029DB4ED-4EAA-43B8-A4F1-44F1C9157003}E:\iso storage\quake iii arena (complete)\quake iii arena (complete)\quake iii arena (complete)\ioq3ded.x86.exe] => (Block) E:\iso storage\quake iii arena (complete)\quake iii arena (complete)\quake iii arena (complete)\ioq3ded.x86.exe
FirewallRules: [{5C09C9FA-F6D4-487D-A936-11312E91502A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Quake Live\quakelive_steam.exe
FirewallRules: [{9167E5CA-8EE6-4871-8FFF-8F6A42FA1E16}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Quake Live\quakelive_steam.exe
FirewallRules: [{26655280-F577-4622-BD5E-23F0F550FF3E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\HyperLightDrifter\HyperLightDrifter.exe
FirewallRules: [{D236DDDD-C759-4207-8274-7833AB1D5407}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\HyperLightDrifter\HyperLightDrifter.exe
FirewallRules: [TCP Query User{FADE3287-43CB-43E0-AAA4-17AF85D6AF58}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{DBD9174C-25BF-4C59-BF9B-58C1D07CA4FB}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{810F0CB4-9967-40B6-ADD7-000F574D4519}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{48CDF2C3-D84C-4FE9-B2AE-16F3C171233C}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [{D18BAC1E-69F9-41FE-8D48-5F243133A876}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Spintires\SpinTires.exe
FirewallRules: [{D391F6DC-28BD-451E-AFD5-370C628FDDEF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Spintires\SpinTires.exe
FirewallRules: [{1AEAC088-5D96-4B6F-93B7-11E549204384}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3.exe
FirewallRules: [{A7ECFBE0-6FA6-4F2E-A0FF-AD9A5F8FBE47}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3.exe
FirewallRules: [TCP Query User{7A327FA8-EB80-4DF3-80E2-3835CDE4313E}C:\breaking point\breakingpoint.exe] => (Allow) C:\breaking point\breakingpoint.exe
FirewallRules: [UDP Query User{DFB3E017-183D-4C09-B376-62034A8F3061}C:\breaking point\breakingpoint.exe] => (Allow) C:\breaking point\breakingpoint.exe
FirewallRules: [TCP Query User{6CD8A701-518C-4B29-B107-06251BCA7732}C:\breaking point\breakingpoint.exe] => (Allow) C:\breaking point\breakingpoint.exe
FirewallRules: [UDP Query User{F519DC41-CA5E-4784-B121-57846BDED34E}C:\breaking point\breakingpoint.exe] => (Allow) C:\breaking point\breakingpoint.exe
FirewallRules: [{EEF49DC3-6F43-42C8-9034-9757BA582827}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{234746FC-98BC-4A4D-9C4A-18D8A7EFE1A7}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{4568E4DC-A2B4-4EDC-BEA0-1C750C43A38B}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{76288DF7-BDAF-46A8-8470-72A7260229EE}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [TCP Query User{E14DD019-0AE3-4DF3-9C38-D33471AA25F8}C:\program files (x86)\disney interactive\disney infinity 2.0 pc\disneyinfinity2.exe] => (Allow) C:\program files (x86)\disney interactive\disney infinity 2.0 pc\disneyinfinity2.exe
FirewallRules: [UDP Query User{339BDA8E-9FDC-4458-A5FE-2DD71CB3CEF9}C:\program files (x86)\disney interactive\disney infinity 2.0 pc\disneyinfinity2.exe] => (Allow) C:\program files (x86)\disney interactive\disney infinity 2.0 pc\disneyinfinity2.exe
FirewallRules: [TCP Query User{0E60696C-2551-4E36-9110-42E4023E65A4}C:\program files (x86)\steam\steamapps\common\thehunter\game\thehunter.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\thehunter\game\thehunter.exe
FirewallRules: [UDP Query User{092FC349-EF50-414F-A20B-5CBCB4E28159}C:\program files (x86)\steam\steamapps\common\thehunter\game\thehunter.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\thehunter\game\thehunter.exe
FirewallRules: [{9DA047C8-435B-4B2C-9FE8-5F0481A40130}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{37EAC547-7A86-45FA-851E-93558E624266}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{9B85F9AF-6CB0-4B58-822E-3F660039719C}C:\program files (x86)\steam\steamapps\common\thehunter\launcher\launcher.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\thehunter\launcher\launcher.exe
FirewallRules: [UDP Query User{C432B195-BE5B-4FEC-B9D6-C00954E830DD}C:\program files (x86)\steam\steamapps\common\thehunter\launcher\launcher.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\thehunter\launcher\launcher.exe
FirewallRules: [{06FA721E-144F-44CC-802D-BCC87BC6360F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Lichdom Battlemage\Bin64\LichdomBattlemage.exe
FirewallRules: [{E007EE9B-A615-4380-B74F-F6138A36E452}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Lichdom Battlemage\Bin64\LichdomBattlemage.exe
FirewallRules: [TCP Query User{932D5019-7DA5-434B-ABDD-DB6C816552DC}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [UDP Query User{5951F770-789C-45C9-858F-99B7B015BA24}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [{32F59DE8-9227-404E-AC72-E60F26110011}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kingdom Come Deliverance\Bin64\Game.exe
FirewallRules: [{90E395C6-D81D-4D27-BAFC-7889A7B7FFE7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kingdom Come Deliverance\Bin64\Game.exe
FirewallRules: [TCP Query User{43AF2E52-9273-4780-A5E2-5B9AD9E5D2AB}C:\program files\epic games\4.7\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files\epic games\4.7\engine\binaries\win64\ue4editor.exe
FirewallRules: [UDP Query User{D44047DC-57D3-4D3A-BA5F-A63F36B59DCA}C:\program files\epic games\4.7\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files\epic games\4.7\engine\binaries\win64\ue4editor.exe
FirewallRules: [{1847653F-71E9-49A3-93A1-4E3B2D40B034}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cities_Skylines\Cities.exe
FirewallRules: [{9E05ECFD-994C-40F5-8998-753C5D53B2C8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cities_Skylines\Cities.exe
FirewallRules: [TCP Query User{C6C11EDA-3995-4D8E-9E7A-51BA6F9D6406}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{D9B05005-D78E-47E5-8671-F64F5A8924A7}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{8EAA2466-1D6E-44F0-915A-45511582E8C8}C:\program files\starcitizen\citizenclient\bin64\starcitizen.exe] => (Allow) C:\program files\starcitizen\citizenclient\bin64\starcitizen.exe
FirewallRules: [UDP Query User{A037DF79-CFD6-47E6-A13B-86868F3EF16B}C:\program files\starcitizen\citizenclient\bin64\starcitizen.exe] => (Allow) C:\program files\starcitizen\citizenclient\bin64\starcitizen.exe
FirewallRules: [TCP Query User{C1C80FE3-72DF-4636-9582-046894F3AB7B}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{C95B462F-19E3-4BC8-A340-AB374AA979E2}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{F99A4C20-5A2F-4414-BCB8-25A9863DC8D0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Pillars of Eternity\PillarsOfEternity.exe
FirewallRules: [{F876836F-A0D8-48FE-B78E-8A13FED2CC16}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Pillars of Eternity\PillarsOfEternity.exe
FirewallRules: [{47894F38-A242-4C6A-8527-A12218543D87}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{8D60DFE7-1A08-4A36-A4DE-3B699BC2A1BD}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{B6002031-B94D-41DA-9623-46BD89367408}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{43771D04-D871-44E4-952C-E0694EC0BB3A}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{87F6756C-DD3D-48BB-8CEB-9AE02557C217}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [{5BB011E4-1AAD-46DA-9C14-A2E43C734FB6}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [TCP Query User{AD9D6C34-621A-4A1D-A5E6-61F45246A5FD}C:\program files\autodesk\maya2014\bin\maya.exe] => (Allow) C:\program files\autodesk\maya2014\bin\maya.exe
FirewallRules: [UDP Query User{C06F787B-DD27-47FF-86EA-4E86715EF07D}C:\program files\autodesk\maya2014\bin\maya.exe] => (Allow) C:\program files\autodesk\maya2014\bin\maya.exe
FirewallRules: [TCP Query User{6C47AEA6-4A58-4505-9814-0E2A8262F908}C:\program files\autodesk\maya2014\bin\maya.exe] => (Allow) C:\program files\autodesk\maya2014\bin\maya.exe
FirewallRules: [UDP Query User{BC83F079-3090-4CD3-B9F7-D6F0032F6DA4}C:\program files\autodesk\maya2014\bin\maya.exe] => (Allow) C:\program files\autodesk\maya2014\bin\maya.exe
FirewallRules: [{4990629B-8DE9-4BBB-A871-2872340DDB6D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DiRT Rally\drt.exe
FirewallRules: [{8C1FCFA4-78AD-4699-9FBF-2FCC7E0C098C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DiRT Rally\drt.exe
FirewallRules: [{E3965A01-47B1-4626-87A5-70F9C0148771}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [{4E1D59A4-4FFD-4D29-A3A4-079C3E44FBAF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [{F4E3AF01-CD1A-4F36-B756-1D5F54C68301}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{877B1C34-D88D-47F4-9650-2CA4E66B2DFC}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{C85A8856-5667-46F2-8853-96DB23E56541}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\pCars\pCARS64.exe
FirewallRules: [{3FA80CC0-4B69-4D1F-A457-92EDD67EE518}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\pCars\pCARS64.exe
FirewallRules: [{56638548-E721-4244-AC6D-A378B1BB8007}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\reflexfps\reflex.exe
FirewallRules: [{0FA0C12E-A4BB-4519-B6AA-5EC849D97887}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\reflexfps\reflex.exe
FirewallRules: [TCP Query User{9A3390C7-CEE4-454F-B67B-152A9654372E}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{1D5BBBB7-37DC-4E15-B5D4-AE45A16FBE58}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{11493163-7001-4845-B64E-18D48C0D3AE4}C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe
FirewallRules: [UDP Query User{65CA1803-9326-4EC4-8EFB-5C83FCFC3AEB}C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe
FirewallRules: [{405DE80D-0EF3-4FF3-B065-DF54AFED7F9E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{625A3AD3-D822-484D-82C0-2799392A2417}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{9B80C8A3-9717-4D75-A54A-B651AA3A519A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{8CCC151A-3777-47C3-AC23-5BED0878E45C}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{2B4D5A6D-D02C-4EC0-8F87-C54BE7820988}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{ECC92A8D-1AB1-4FC8-BD9D-6BA7F50CD847}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [TCP Query User{77E8D83D-FA5D-48B8-8ED5-3F4F17D5E128}C:\program files\pixar\rendermanstudio-19.0-maya2014\bin\it.exe] => (Allow) C:\program files\pixar\rendermanstudio-19.0-maya2014\bin\it.exe
FirewallRules: [UDP Query User{18A93346-9066-4E19-B0C3-E45E84E4DA00}C:\program files\pixar\rendermanstudio-19.0-maya2014\bin\it.exe] => (Allow) C:\program files\pixar\rendermanstudio-19.0-maya2014\bin\it.exe
FirewallRules: [{5CDCF016-0CCC-4D9D-BFE8-3CC3D1809EA7}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{E664EE3E-AF90-47D0-9A16-3B68BF69A7BD}] => (Allow) C:\Games\World_of_Tanks\WorldofTanks.exe
FirewallRules: [{04BEDE1A-8375-4D83-AE6E-FB14226FD0DF}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{51AB999A-6623-4613-BABE-8BFEBEDF2EEE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\theHunter\launcher\launcher.exe
FirewallRules: [{92DF1DD0-48B9-4732-AC72-8641BDF61466}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\theHunter\launcher\launcher.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/28/2015 11:18:43 PM) (Source: OVRServiceLauncher) (EventID: 0) (User: )
Description: [LauncherService] Unable to start service: There is no active interactive user session.

Error: (07/28/2015 07:38:28 PM) (Source: OVRServiceLauncher) (EventID: 0) (User: )
Description: [LauncherService] Unable to start service: There is no active interactive user session.

Error: (07/28/2015 11:18:29 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (07/26/2015 04:22:37 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume System Reserved was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (07/25/2015 06:02:46 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume System Reserved was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (07/23/2015 03:36:47 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (07/23/2015 03:31:24 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (07/22/2015 10:41:29 AM) (Source: OVRServiceLauncher) (EventID: 0) (User: )
Description: [LauncherService] Unable to start service: There is no active interactive user session.

Error: (07/22/2015 10:40:47 AM) (Source: OVRServiceLauncher) (EventID: 0) (User: )
Description: [LauncherService] Unable to start service: There is no active interactive user session.

Error: (07/21/2015 01:12:36 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.


System errors:
=============
Error: (07/28/2015 11:18:16 PM) (Source: DCOM) (EventID: 10010) (User: EXITREALITY)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (07/28/2015 11:18:16 PM) (Source: DCOM) (EventID: 10010) (User: EXITREALITY)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (07/28/2015 07:50:13 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Pro.

Error: (07/28/2015 07:37:54 PM) (Source: DCOM) (EventID: 10010) (User: EXITREALITY)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (07/28/2015 07:37:54 PM) (Source: DCOM) (EventID: 10010) (User: EXITREALITY)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (07/26/2015 03:25:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (07/26/2015 03:25:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (07/22/2015 10:40:56 AM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 12291) (User: NT AUTHORITY)
Description: SAM failed to start the TCP/IP or SPX/IPX listening thread

Error: (07/22/2015 10:40:46 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:39:45 AM on ‎7/‎22/‎2015 was unexpected.

Error: (07/20/2015 04:11:24 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000007a (0xfffff6e000c77290, 0xffffffffc000003f, 0x00000000cbd58880, 0xffffc0018ee52ca8)C:\WINDOWS\MEMORY.DMP072015-20234-01


Microsoft Office:
=========================
Error: (07/28/2015 11:18:43 PM) (Source: OVRServiceLauncher) (EventID: 0) (User: )
Description: [LauncherService] Unable to start service: There is no active interactive user session.

Error: (07/28/2015 07:38:28 PM) (Source: OVRServiceLauncher) (EventID: 0) (User: )
Description: [LauncherService] Unable to start service: There is no active interactive user session.

Error: (07/28/2015 11:18:29 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (07/26/2015 04:22:37 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System ReservedThe parameter is incorrect. (0x80070057)

Error: (07/25/2015 06:02:46 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System ReservedThe parameter is incorrect. (0x80070057)

Error: (07/23/2015 03:36:47 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: -2147024883

Error: (07/23/2015 03:31:24 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (07/22/2015 10:41:29 AM) (Source: OVRServiceLauncher) (EventID: 0) (User: )
Description: [LauncherService] Unable to start service: There is no active interactive user session.

Error: (07/22/2015 10:40:47 AM) (Source: OVRServiceLauncher) (EventID: 0) (User: )
Description: [LauncherService] Unable to start service: There is no active interactive user session.

Error: (07/21/2015 01:12:36 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.


CodeIntegrity Error:
===================================
  Date: 2015-07-28 20:12:23.265
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-28 20:12:23.144
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-28 20:12:23.024
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-28 20:12:22.432
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-28 20:12:22.227
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-28 20:12:22.017
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-28 20:12:21.828
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-27 05:12:19.740
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-27 05:12:19.610
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-27 05:12:19.477
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4770K CPU @ 3.50GHz
Percentage of memory in use: 14%
Total physical RAM: 16321.46 MB
Available physical RAM: 13946.55 MB
Total Virtual: 32705.46 MB
Available Virtual: 29556.94 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.42 GB) (Free:94.62 GB) NTFS
Drive d: (1500 Gig) (Fixed) (Total:1397.26 GB) (Free:1178.5 GB) NTFS
Drive e: (500 Gig) (Fixed) (Total:465.75 GB) (Free:332.28 GB) NTFS
Drive g: (3000 Gig) (Fixed) (Total:2794.39 GB) (Free:1181.38 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E933B0CB)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 089CF5CF)
Partition 2: (Active) - (Size=465.8 GB) - (Type=05)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 7F58D56F)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End of log ============================

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:26-07-2015
Ran by Finch (administrator) on EXITREALITY (28-07-2015 23:21:39)
Running from C:\Users\Finch\Desktop
Loaded Profiles: Finch (Available Profiles: Finch)
Platform: Windows 8.1 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Oculus VR) C:\Program Files (x86)\Oculus\Service\OVRServiceLauncher.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Oculus VR) C:\Program Files (x86)\Oculus\Service\OVRServer_x64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\livecomm.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Users\Finch\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Oculus VR, LLC) C:\Program Files (x86)\Oculus\Tools\OculusConfigUtil.exe
(Oracle Corporation) C:\Program Files\Java\jre1.8.0_25\bin\javaw.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16.0.3030.1012_x64__8wekyb3d8bbwe\onenoteim.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188552 2013-05-27] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-15] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8294680 2014-02-27] (Logitech Inc.)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-06-18] (Razer Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2584240 2015-04-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-3543055688-4141051895-993799836-1001\...\Run: [AdobeBridge] => [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OculusConfigUtil.lnk [2015-05-04]
ShortcutTarget: OculusConfigUtil.lnk -> C:\Program Files (x86)\Oculus\Tools\OculusConfigUtil.exe (Oculus VR, LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Universal Media Server.lnk [2015-05-19]
ShortcutTarget: Universal Media Server.lnk -> C:\Program Files (x86)\Universal Media Server\UMS.exe (Universal Media Server)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-04-16] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-04-16] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-04-16] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3543055688-4141051895-993799836-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3543055688-4141051895-993799836-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-11-05] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-05] (Oracle Corporation)
Tcpip\..\Interfaces\{BD4E0A26-2A97-46FD-BC7A-6A4249BC410C}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Finch\AppData\Roaming\Mozilla\Firefox\Profiles\t9o7gwt9.default
FF DefaultSearchEngine: Bing
FF DefaultSearchEngine.US: Bing
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-05] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-04-20] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-04-20] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-3543055688-4141051895-993799836-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF SearchPlugin: C:\Users\Finch\AppData\Roaming\Mozilla\Firefox\Profiles\t9o7gwt9.default\searchplugins\youtube-video-search.xml [2014-07-08]
FF Extension: YouTube Center - C:\Users\Finch\AppData\Roaming\Mozilla\Firefox\Profiles\t9o7gwt9.default\Extensions\[email protected] [2014-07-04]
FF Extension: Adblock Edge - C:\Users\Finch\AppData\Roaming\Mozilla\Firefox\Profiles\t9o7gwt9.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-04-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [603312 2015-04-20] (Adobe Systems Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-15] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 mi-raysat_3dsmax2010_64; C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [86016 2009-03-12] () [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-15] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-06-29] (Electronic Arts)
R2 OVRService; C:\Program Files (x86)\Oculus\Service\OVRServiceLauncher.exe [231560 2015-03-26] (Oculus VR)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2015-05-29] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2015-05-29] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-04] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [635160 2014-04-21] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 asahci64; C:\Windows\System32\drivers\asahci64.sys [47512 2013-01-10] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2012-05-07] ()
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R1 RiftEnabler; C:\Windows\system32\DRIVERS\RiftEnabler.sys [55880 2015-03-26] (Oculus VR, LLC)
R3 rzdaendpt; C:\Windows\System32\drivers\rzdaendpt.sys [33448 2014-09-04] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-02-04] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [129600 2015-03-03] (Razer, Inc.)
R3 rzvkeyboard; C:\Windows\System32\drivers\rzvkeyboard.sys [31912 2014-12-30] (Razer Inc)
S3 tmbulk; C:\Windows\System32\Drivers\tmbulk.sys [88880 2014-02-12] (© Guillemot R&D, 2011. All rights reserved.)
S3 TmBusEn; C:\Windows\System32\drivers\TmBusEn.sys [30208 2011-01-26] (Guillemot Corporation) [File not signed]
S3 TmFilter; C:\Windows\System32\drivers\TmFilter.sys [24576 2011-01-26] (Guillemot Corporation) [File not signed]
S3 TmHid; C:\Windows\system32\DRIVERS\TmHid.sys [24704 2011-01-26] (Guillemot Corporation) [File not signed]
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-28 23:21 - 2015-07-28 23:21 - 00017694 _____ C:\Users\Finch\Desktop\FRST.txt
2015-07-28 23:21 - 2015-07-28 23:21 - 00000000 ____D C:\FRST
2015-07-28 23:20 - 2015-07-28 23:20 - 02146816 _____ (Farbar) C:\Users\Finch\Desktop\FRST64.exe
2015-07-28 20:20 - 2015-07-28 21:26 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-28 20:20 - 2015-07-28 20:20 - 00001114 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-28 20:20 - 2015-07-28 20:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-28 20:20 - 2015-07-28 20:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-28 20:20 - 2015-07-28 20:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-28 20:20 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-07-28 20:20 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-07-28 20:20 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-07-28 20:19 - 2015-07-28 20:19 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Finch\Downloads\mbam-setup-2.1.8.1057.exe
2015-07-28 20:03 - 2015-07-28 20:05 - 00119127 _____ C:\Users\Finch\Desktop\KOOBFACE.txt
2015-07-28 19:43 - 2015-07-28 23:18 - 00000000 ____D C:\Users\Finch\AppData\Local\LogMeIn Rescue Applet
2015-07-28 05:09 - 2015-07-25 06:34 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-07-26 15:25 - 2015-07-26 15:25 - 00000000 ____D C:\Users\Finch\AppData\Local\CEF
2015-07-25 23:25 - 2015-07-25 23:25 - 00001043 _____ C:\Users\Finch\Desktop\WinDirStat.lnk
2015-07-25 23:25 - 2015-07-25 23:25 - 00000000 ____D C:\Users\Finch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
2015-07-25 23:25 - 2015-07-25 23:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
2015-07-25 23:25 - 2015-07-25 23:25 - 00000000 ____D C:\Program Files (x86)\WinDirStat
2015-07-23 03:33 - 2015-07-23 03:33 - 00001765 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-07-23 03:33 - 2015-07-23 03:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-23 03:33 - 2015-07-23 03:33 - 00000000 ____D C:\Program Files\iTunes
2015-07-23 03:33 - 2015-07-23 03:33 - 00000000 ____D C:\Program Files\iPod
2015-07-23 03:33 - 2015-07-23 03:33 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-07-23 03:31 - 2015-07-23 03:31 - 06745792 _____ (Microsoft Corporation) C:\Users\Finch\Downloads\WindowsPhone.exe
2015-07-23 03:31 - 2015-07-23 03:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone
2015-07-23 03:31 - 2015-07-23 03:31 - 00000000 ____D C:\ProgramData\Applications
2015-07-23 03:31 - 2015-07-23 03:31 - 00000000 ____D C:\Program Files (x86)\Windows Phone
2015-07-22 10:12 - 2015-07-22 10:12 - 00000000 ____D C:\Users\Finch\Downloads\Gnomefathers Engines 9.9 fix (Experimental)
2015-07-22 10:11 - 2015-07-22 10:11 - 00000000 ____D C:\Users\Finch\Downloads\HR Gun Mod 9.9 fix
2015-07-22 10:09 - 2015-07-22 10:09 - 119499763 _____ C:\Users\Finch\Downloads\HRMOD Gun Sounds 1.9632.zip
2015-07-22 10:06 - 2015-07-22 10:09 - 194436971 _____ C:\Users\Finch\Downloads\GnomeFathers engines 0.612.zip
2015-07-22 10:04 - 2015-07-22 10:04 - 01968069 _____ C:\Users\Finch\Downloads\HR Gun Mod 9.9 fix.rar
2015-07-22 10:03 - 2015-07-22 10:03 - 00024592 _____ C:\Users\Finch\Downloads\Gnomefathers Engines 9.9 fix (Experimental).rar
2015-07-22 10:01 - 2015-07-22 10:01 - 00000000 ____D C:\Users\Finch\Downloads\realistichnye-zvuki-vystrelov-orudiy
2015-07-22 10:00 - 2015-07-22 10:00 - 00000000 ____D C:\Users\Finch\Downloads\realistichnye-zvuki-dvigateley-radio
2015-07-22 09:54 - 2015-07-22 09:57 - 193636581 _____ C:\Users\Finch\Downloads\realistichnye-zvuki-dvigateley-radio.rar
2015-07-22 09:54 - 2015-07-22 09:56 - 117316298 _____ C:\Users\Finch\Downloads\realistichnye-zvuki-vystrelov-orudiy.rar
2015-07-22 01:52 - 2015-07-22 01:58 - 524847108 _____ C:\Users\Finch\Downloads\superman_1941.mpeg
2015-07-22 01:52 - 2015-07-22 01:56 - 432963588 _____ C:\Users\Finch\Downloads\billion_dollar_limited.mpeg
2015-07-22 01:52 - 2015-07-22 01:53 - 45224702 _____ C:\Users\Finch\Downloads\superman_1941_512kb.mp4
2015-07-22 01:51 - 2015-07-22 01:58 - 233117696 _____ C:\Users\Finch\Downloads\superman_the_mechanical_monsters.mpeg
2015-07-21 22:59 - 2015-07-21 22:59 - 00000000 ____D C:\Users\Finch\Downloads\ReShade 0.18.4 Public Beta with Framework
2015-07-21 22:58 - 2015-07-21 22:58 - 24306672 _____ C:\Users\Finch\Downloads\ReShade 0.18.4 Public Beta with Framework.7z
2015-07-21 22:58 - 2015-05-17 08:15 - 00000000 ____D C:\Users\Finch\Downloads\ReShade
2015-07-21 22:58 - 2015-05-17 07:07 - 00001846 _____ C:\Users\Finch\Downloads\ReShade.fx
2015-07-21 22:58 - 2015-05-13 01:48 - 00593408 _____ (Crosire) C:\Users\Finch\Downloads\ReShade64.dll
2015-07-21 22:58 - 2015-05-13 01:47 - 00500736 _____ (Crosire) C:\Users\Finch\Downloads\ReShade32.dll
2015-07-21 22:58 - 2015-05-04 11:07 - 00005356 _____ C:\Users\Finch\Downloads\README.txt
2015-07-21 22:58 - 2015-04-28 07:16 - 00032256 _____ (Crosire) C:\Users\Finch\Downloads\ReShade Setup.exe
2015-07-21 22:58 - 2015-03-03 03:00 - 00005774 _____ C:\Users\Finch\Downloads\EULA.txt
2015-07-21 22:55 - 2015-07-21 22:55 - 21722231 _____ C:\Users\Finch\Downloads\WoT_ReShade_Milkym4n.zip
2015-07-20 20:20 - 2015-07-14 07:14 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-07-20 20:20 - 2015-07-14 07:14 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-07-20 20:20 - 2015-07-14 07:14 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-07-20 20:20 - 2015-07-14 07:13 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-07-20 04:11 - 2015-07-20 04:11 - 00376976 _____ C:\WINDOWS\Minidump\072015-20234-01.dmp
2015-07-17 00:00 - 2015-07-17 00:00 - 02111295 _____ C:\Users\Finch\Downloads\J1mB0_s_Crosshair_Mod_v1.50.zip
2015-07-16 23:58 - 2015-07-16 23:59 - 01275427 _____ C:\Users\Finch\Downloads\J1mB0_s_Crosshair_Mod_v1.50_-_Curse_Client.zip
2015-07-16 23:56 - 2015-07-16 23:56 - 09395375 _____ C:\Users\Finch\Downloads\QuickyBaby ModPack 9.9 v1.zip
2015-07-14 19:15 - 2015-07-09 12:51 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-07-14 19:15 - 2015-07-09 11:40 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-07-14 19:15 - 2015-07-09 09:03 - 03701760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-07-14 19:15 - 2015-07-09 08:54 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-07-14 19:15 - 2015-07-09 08:53 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-07-14 19:15 - 2015-07-09 08:50 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-07-14 19:15 - 2015-07-09 08:50 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-07-14 19:15 - 2015-07-09 08:48 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-07-14 19:15 - 2015-07-09 08:46 - 02229248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-07-14 19:15 - 2015-07-09 08:38 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-07-14 19:15 - 2015-07-09 08:37 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-07-14 19:15 - 2015-07-09 08:35 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-07-14 19:15 - 2015-07-09 08:34 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-07-14 19:15 - 2015-07-02 14:21 - 19877376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-07-14 19:15 - 2015-07-02 13:49 - 25193984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-07-14 19:15 - 2015-07-01 15:08 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-07-14 19:15 - 2015-07-01 14:14 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-07-14 19:15 - 2015-06-29 15:43 - 00026288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-07-14 19:15 - 2015-06-29 08:07 - 01145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-07-14 19:15 - 2015-06-29 08:07 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-07-14 19:15 - 2015-06-29 08:07 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-07-14 19:15 - 2015-06-29 08:07 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-07-14 19:15 - 2015-06-27 22:07 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-07-14 19:15 - 2015-06-27 22:07 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-07-14 19:15 - 2015-06-27 22:06 - 01311960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-07-14 19:15 - 2015-06-27 22:06 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2015-07-14 19:15 - 2015-06-27 09:42 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-07-14 19:15 - 2015-06-26 20:13 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-07-14 19:15 - 2015-06-26 20:12 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-07-14 19:15 - 2015-06-26 20:12 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2015-07-14 19:15 - 2015-06-26 20:08 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-07-14 19:15 - 2015-06-26 20:08 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-07-14 19:15 - 2015-06-26 19:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-07-14 19:15 - 2015-06-26 19:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-07-14 19:15 - 2015-06-26 19:05 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-07-14 19:15 - 2015-06-26 19:00 - 00989184 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-07-14 19:15 - 2015-06-26 18:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-07-14 19:15 - 2015-06-26 18:26 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-07-14 19:15 - 2015-06-26 16:21 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-07-14 19:15 - 2015-06-26 16:21 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-07-14 19:15 - 2015-06-24 19:31 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-07-14 19:15 - 2015-06-15 15:41 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-07-14 19:15 - 2015-06-15 15:24 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-07-14 19:15 - 2015-06-15 14:16 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-07-14 19:15 - 2015-06-15 14:09 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-07-14 19:15 - 2015-06-15 13:50 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-07-14 19:15 - 2015-06-15 12:57 - 02460160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-07-14 19:15 - 2015-05-30 14:18 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-07-14 19:15 - 2015-05-30 12:36 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-07-14 19:15 - 2015-05-30 12:35 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-07-14 19:15 - 2015-05-07 10:50 - 22292672 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-07-14 19:15 - 2015-05-07 10:00 - 03109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-07-14 19:15 - 2015-05-07 09:53 - 19734960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-07-14 19:15 - 2015-05-07 09:12 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-07-14 19:15 - 2015-05-07 08:21 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2015-07-14 19:15 - 2015-05-07 08:05 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2015-07-14 19:15 - 2015-05-03 08:09 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-14 19:15 - 2015-05-03 07:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-14 19:15 - 2015-05-03 07:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-07-14 19:15 - 2015-05-03 07:49 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-07-14 19:15 - 2015-05-02 17:39 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-07-14 19:15 - 2015-04-29 16:22 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2015-07-14 19:15 - 2015-04-24 19:25 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-07-14 19:15 - 2015-03-08 19:02 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storvsp.sys
2015-07-14 19:15 - 2014-11-04 12:25 - 00059712 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys
2015-07-14 19:15 - 2014-11-04 12:25 - 00051008 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys
2015-07-14 19:15 - 2014-11-03 23:55 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys
2015-07-14 19:15 - 2014-11-03 23:54 - 00108544 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys
2015-07-14 19:15 - 2014-11-03 23:54 - 00032256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2015-07-14 19:15 - 2014-11-03 23:54 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2015-07-14 19:14 - 2015-07-02 13:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-07-14 19:14 - 2015-07-02 13:23 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-07-14 19:14 - 2015-07-02 13:19 - 12855296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-07-14 19:14 - 2015-07-02 12:55 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-07-14 19:14 - 2015-07-02 12:20 - 14453248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-07-14 19:14 - 2015-07-02 11:59 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-07-14 19:14 - 2015-06-15 22:36 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-07-14 19:14 - 2015-06-15 22:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2015-07-14 19:14 - 2015-06-15 15:39 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-07-14 19:14 - 2015-06-15 15:38 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-07-14 19:14 - 2015-06-15 15:26 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-07-14 19:14 - 2015-06-15 15:24 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-07-14 19:14 - 2015-06-15 15:02 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-07-14 19:14 - 2015-06-15 14:58 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-07-14 19:14 - 2015-06-15 14:57 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-07-14 19:14 - 2015-06-15 14:56 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-07-14 19:14 - 2015-06-15 14:55 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-07-14 19:14 - 2015-06-15 14:49 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-07-14 19:14 - 2015-06-15 14:41 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-07-14 19:14 - 2015-06-15 14:38 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-07-14 19:14 - 2015-06-15 14:36 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-07-14 19:14 - 2015-06-15 14:17 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-07-14 19:14 - 2015-06-15 14:16 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-07-14 19:14 - 2015-06-15 14:15 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-07-14 19:14 - 2015-06-15 14:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-07-14 19:14 - 2015-06-15 14:04 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-07-14 19:14 - 2015-06-15 14:03 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-07-14 19:14 - 2015-06-15 13:52 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-07-14 19:14 - 2015-06-15 13:47 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-07-14 19:14 - 2015-06-15 13:44 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-07-14 19:14 - 2015-06-15 13:43 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-07-14 19:14 - 2015-06-15 13:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-07-14 19:14 - 2015-06-15 13:41 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-07-14 19:14 - 2015-06-15 13:37 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-07-14 19:14 - 2015-06-15 13:32 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-07-14 19:14 - 2015-06-15 13:31 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-07-14 19:14 - 2015-06-15 13:30 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-07-14 19:14 - 2015-06-15 13:30 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-07-14 19:14 - 2015-06-15 13:17 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-07-14 19:14 - 2015-06-15 13:07 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-07-14 19:14 - 2015-06-15 13:02 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-07-14 19:14 - 2015-06-10 20:49 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-07-14 19:14 - 2015-06-10 09:13 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-07-14 19:14 - 2015-05-12 06:19 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-07-14 19:14 - 2015-05-11 09:34 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2015-07-14 19:14 - 2015-05-07 09:47 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2015-07-14 19:14 - 2015-05-03 08:07 - 07784448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2015-07-14 19:14 - 2015-05-03 07:57 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2015-07-14 19:14 - 2015-05-01 16:33 - 00410739 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-07-14 19:14 - 2015-04-28 06:13 - 00513480 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-07-14 19:14 - 2015-04-28 06:13 - 00513480 _____ C:\WINDOWS\system32\locale.nls
2015-07-14 19:14 - 2015-04-23 08:47 - 03084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-07-14 19:14 - 2015-04-23 08:16 - 02471424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-07-13 10:40 - 2015-07-13 10:40 - 00367008 _____ C:\WINDOWS\Minidump\071315-10781-01.dmp
2015-07-11 15:15 - 2015-07-11 15:15 - 00931408 _____ (Google Inc.) C:\Users\Finch\Downloads\ChromeSetup.exe
2015-07-11 00:13 - 2015-07-11 00:13 - 00000000 ____D C:\Users\Finch\AppData\Local\RzStats
2015-07-11 00:10 - 2015-03-03 10:47 - 00129600 _____ (Razer, Inc.) C:\WINDOWS\system32\Drivers\rzpnk.sys
2015-07-11 00:10 - 2015-02-04 16:24 - 00037184 _____ (Razer, Inc.) C:\WINDOWS\system32\Drivers\rzpmgrk.sys
2015-07-10 23:54 - 2015-07-28 22:53 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-10 23:54 - 2015-07-15 03:53 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-07-10 06:39 - 2015-07-28 06:10 - 00000000 ___HD C:\$Windows.~BT
2015-07-09 02:54 - 2015-07-09 02:54 - 00000000 ____D C:\Users\Finch\AppData\Roaming\Wargaming.net
2015-07-09 00:15 - 2015-07-09 00:15 - 06038392 _____ (Wargaming.net ) C:\Users\Finch\Downloads\WoT_internet_install_na.exe
2015-07-09 00:15 - 2015-07-09 00:15 - 00000781 _____ C:\Users\Public\Desktop\World of Tanks.lnk
2015-07-09 00:15 - 2015-07-09 00:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
2015-07-09 00:15 - 2015-07-09 00:15 - 00000000 ____D C:\Games
2015-07-08 03:41 - 2015-07-08 03:41 - 00010373 _____ C:\Users\Finch\Downloads\sony-tv-kv34xbr910.zip
2015-06-30 01:39 - 2015-06-30 02:04 - 00000000 ____D C:\ProgramData\.pixartokens
2015-06-30 01:39 - 2015-06-30 01:39 - 00000000 ____D C:\Users\Finch\Documents\rms
2015-06-30 01:39 - 2015-06-30 01:39 - 00000000 ____D C:\Users\Finch\AppData\Roaming\Pixar
2015-06-30 01:33 - 2015-06-30 01:35 - 603746304 _____ C:\Users\Finch\Downloads\RenderManStudio-maya2014-19.0_1497244-windows7_vc10icc121.x86_64.msi
2015-06-30 01:30 - 2015-06-30 01:36 - 00003703 _____ C:\Users\Finch\Downloads\ncr.Hp5492.txt
2015-06-30 01:30 - 2015-06-30 01:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pixar
2015-06-30 01:30 - 2015-06-30 01:36 - 00000000 ____D C:\Program Files\Pixar
2015-06-30 01:30 - 2015-06-30 01:33 - 464257024 _____ C:\Users\Finch\Downloads\RenderManProServer-19.0_1497244-windows7_vc10icc121.x86_64.msi
2015-06-30 01:29 - 2015-06-30 01:30 - 09703424 _____ C:\Users\Finch\Downloads\RenderManNC-Installer-1.0.0_1461462-windows7_vc10icc121.x86_64.msi

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-12 00:06 - 2014-05-26 01:06 - 00003938 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{21DC9B58-2FA9-418B-9938-A2A51D711056}
2015-07-28 23:20 - 2014-04-06 02:46 - 01064304 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-28 23:19 - 2015-05-19 23:45 - 00000000 ____D C:\ProgramData\UMS
2015-07-28 23:19 - 2014-05-23 18:38 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-28 23:19 - 2014-04-06 13:31 - 00000000 ___DO C:\Users\Finch\SkyDrive
2015-07-28 23:19 - 2013-08-22 07:46 - 00479167 _____ C:\WINDOWS\setupact.log
2015-07-28 23:18 - 2015-05-04 22:05 - 00000000 ____D C:\Users\Finch\AppData\Local\Oculus
2015-07-28 23:18 - 2014-11-26 03:23 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-28 23:18 - 2013-11-14 00:20 - 00233450 _____ C:\WINDOWS\PFRO.log
2015-07-28 23:18 - 2013-08-22 07:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-28 23:18 - 2013-08-22 06:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-07-28 23:13 - 2014-05-23 18:38 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-28 23:02 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-28 20:27 - 2014-04-06 01:31 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3543055688-4141051895-993799836-1001
2015-07-28 20:17 - 2014-05-23 18:38 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-28 20:17 - 2014-05-23 18:34 - 00000000 ____D C:\Users\Finch\AppData\Local\Google
2015-07-28 20:09 - 2014-04-12 14:28 - 00619008 ___SH C:\Users\Finch\Desktop\Thumbs.db
2015-07-28 20:07 - 2014-04-06 01:08 - 00000000 ____D C:\Users\Finch\AppData\Local\Packages
2015-07-28 19:44 - 2013-11-14 00:29 - 00865408 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-28 19:37 - 2014-04-06 02:47 - 00000000 ____D C:\Users\Finch
2015-07-28 19:37 - 2014-04-06 02:21 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-28 11:18 - 2012-07-26 00:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-28 06:00 - 2014-04-06 03:45 - 00000000 ___DC C:\WINDOWS\Panther
2015-07-28 05:19 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-27 22:56 - 2015-03-07 15:14 - 00000000 ____D C:\Users\Finch\AppData\Roaming\qBittorrent
2015-07-26 04:28 - 2014-07-04 19:33 - 00247808 ___SH C:\Users\Finch\Downloads\Thumbs.db
2015-07-25 18:24 - 2014-04-06 03:22 - 00000000 ____D C:\Users\Finch\AppData\Roaming\vlc
2015-07-25 00:07 - 2015-04-05 01:40 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-07-23 03:34 - 2014-04-06 16:21 - 00000000 ____D C:\Users\Finch\AppData\Roaming\Apple Computer
2015-07-23 03:33 - 2015-05-13 09:34 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-07-23 03:33 - 2014-04-06 16:21 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-23 02:00 - 2014-04-06 20:21 - 00000000 ____D C:\Users\Finch\AppData\Local\Adobe
2015-07-22 10:41 - 2013-08-22 07:44 - 05095416 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-20 04:11 - 2014-04-26 16:52 - 921657952 ____N C:\WINDOWS\MEMORY.DMP
2015-07-20 04:11 - 2014-04-26 16:52 - 00000000 ____D C:\WINDOWS\Minidump
2015-07-18 03:56 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\rescache
2015-07-17 23:39 - 2015-04-05 01:40 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-07-17 23:39 - 2013-08-22 08:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-07-17 23:39 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\WinStore
2015-07-17 23:39 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-07-14 23:05 - 2015-04-17 23:32 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-07-14 23:05 - 2015-03-22 03:29 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-07-14 23:05 - 2014-04-06 01:36 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-13 14:10 - 2013-08-22 08:38 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-07-13 14:10 - 2013-08-22 08:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-13 10:40 - 2014-04-06 01:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-13 01:59 - 2015-05-29 09:09 - 00226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2015-07-13 01:58 - 2014-04-14 03:41 - 00000000 ____D C:\ProgramData\Origin
2015-07-13 00:57 - 2015-05-21 02:17 - 00000000 ____D C:\Users\Finch\AppData\Roaming\.minecraft
2015-07-11 15:15 - 2015-04-22 00:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-11 07:08 - 2014-05-23 18:38 - 00003890 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-11 07:08 - 2014-05-23 18:38 - 00003654 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-11 00:12 - 2014-04-06 13:28 - 00000000 ____D C:\Users\Finch\AppData\Local\Razer
2015-07-11 00:10 - 2014-04-06 13:28 - 00000000 ____D C:\ProgramData\Razer
2015-07-11 00:10 - 2014-04-06 13:28 - 00000000 ____D C:\Program Files (x86)\Razer
2015-07-11 00:10 - 2014-04-06 01:23 - 00387394 _____ C:\WINDOWS\DPINST.LOG
2015-07-11 00:09 - 2014-04-06 13:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2015-07-09 09:24 - 2014-04-14 05:33 - 00226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2015-07-07 02:11 - 2015-05-28 02:37 - 00000880 _____ C:\Users\Finch\Desktop\Handbrake.lnk
2015-07-07 02:11 - 2015-04-18 00:25 - 00000946 _____ C:\Users\Finch\Desktop\MeshLab.lnk
2015-07-07 02:11 - 2015-03-20 22:19 - 00001079 _____ C:\Users\Finch\Desktop\StarCitizen.lnk
2015-07-05 03:08 - 2014-04-06 01:36 - 00300704 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-07-03 08:43 - 2014-04-06 01:36 - 130333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-29 23:24 - 2014-04-14 03:41 - 00000000 ____D C:\Program Files (x86)\Origin
2015-06-29 02:15 - 2015-05-28 02:39 - 00000000 ____D C:\Users\Finch\AppData\Roaming\HandBrake

==================== Files in the root of some directories =======

2014-06-09 23:24 - 2014-06-10 09:51 - 0000132 _____ () C:\Users\Finch\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-11-05 22:56 - 2014-11-30 23:10 - 0000297 _____ () C:\Users\Finch\AppData\Roaming\BreakingPoint_Login.ini
2014-11-05 22:57 - 2014-12-01 23:46 - 0001408 _____ () C:\Users\Finch\AppData\Roaming\BreakingPoint_Options.ini
2014-06-02 21:30 - 2015-04-12 00:06 - 0000101 _____ () C:\Users\Finch\AppData\Roaming\LauncherSettings_live.cfg
2014-07-12 02:49 - 2015-02-06 10:10 - 0008146 _____ () C:\Users\Finch\AppData\Roaming\TheHunterSettings_live.bin
2014-04-06 14:15 - 2014-07-24 01:52 - 0000040 _____ () C:\Users\Finch\AppData\Roaming\TheHunterSettings_live.cfg
2015-01-10 00:44 - 2015-04-12 00:01 - 0000040 _____ () C:\Users\Finch\AppData\Roaming\TheHunterSettings_steam_live.cfg
2014-04-30 02:14 - 2014-04-30 02:15 - 1065984 _____ () C:\Users\Finch\AppData\Local\file__0.localstorage
2015-03-07 15:17 - 2015-03-07 15:17 - 0000218 _____ () C:\Users\Finch\AppData\Local\recently-used.xbel
2014-04-24 22:41 - 2014-08-30 17:45 - 0007607 _____ () C:\Users\Finch\AppData\Local\Resmon.ResmonCfg
2014-09-22 21:32 - 2014-09-22 21:32 - 0200987 _____ () C:\ProgramData\1411446607.bdinstall.bin
2014-10-12 01:10 - 2014-10-12 01:10 - 0037670 _____ () C:\ProgramData\1413101421.bdinstall.bin
2014-10-12 01:11 - 2014-10-12 01:11 - 0098232 _____ () C:\ProgramData\1413101423.bdinstall.bin

Some files in TEMP:
====================
C:\Users\Finch\AppData\Local\Temp\AcDeltree.exe
C:\Users\Finch\AppData\Local\Temp\jna1124040814699414390.dll
C:\Users\Finch\AppData\Local\Temp\jna1610536682758839784.dll
C:\Users\Finch\AppData\Local\Temp\jna1799623703452130544.dll
C:\Users\Finch\AppData\Local\Temp\jna1875408839266065442.dll
C:\Users\Finch\AppData\Local\Temp\jna2364086276139489126.dll
C:\Users\Finch\AppData\Local\Temp\jna2895878377221214392.dll
C:\Users\Finch\AppData\Local\Temp\jna2939401191535901298.dll
C:\Users\Finch\AppData\Local\Temp\jna3083997898142508153.dll
C:\Users\Finch\AppData\Local\Temp\jna3093198018973839317.dll
C:\Users\Finch\AppData\Local\Temp\jna3235375886593667277.dll
C:\Users\Finch\AppData\Local\Temp\jna3486566289864543665.dll
C:\Users\Finch\AppData\Local\Temp\jna3927257216117323703.dll
C:\Users\Finch\AppData\Local\Temp\jna4131929661739577483.dll
C:\Users\Finch\AppData\Local\Temp\jna4427160250798987302.dll
C:\Users\Finch\AppData\Local\Temp\jna4695998305519615651.dll
C:\Users\Finch\AppData\Local\Temp\jna5378054613228554376.dll
C:\Users\Finch\AppData\Local\Temp\jna5384769603160591846.dll
C:\Users\Finch\AppData\Local\Temp\jna5780878780787869807.dll
C:\Users\Finch\AppData\Local\Temp\jna6067285499366011976.dll
C:\Users\Finch\AppData\Local\Temp\jna6129297149992167744.dll
C:\Users\Finch\AppData\Local\Temp\jna6352544866074576082.dll
C:\Users\Finch\AppData\Local\Temp\jna6946776493066531523.dll
C:\Users\Finch\AppData\Local\Temp\jna696066297622666510.dll
C:\Users\Finch\AppData\Local\Temp\jna7060282176348927395.dll
C:\Users\Finch\AppData\Local\Temp\jna7193493496128817093.dll
C:\Users\Finch\AppData\Local\Temp\jna7260940373096932160.dll
C:\Users\Finch\AppData\Local\Temp\namebench.exe
C:\Users\Finch\AppData\Local\Temp\Nv3DVisionIePlugin64.dll
C:\Users\Finch\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Finch\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Finch\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Finch\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Finch\AppData\Local\Temp\nvStInst.exe
C:\Users\Finch\AppData\Local\Temp\python27.dll
C:\Users\Finch\AppData\Local\Temp\tcl85.dll
C:\Users\Finch\AppData\Local\Temp\tk85.dll
C:\Users\Finch\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Finch\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\Finch\AppData\Local\Temp\vlc-2.2.1-win32.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-24 05:48

==================== End of log ============================


  • 0

#4
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Hi exitfromreality,

I see some traces of infections alright, but none being the one you allegedly have. This computer looks fairly clean, quite honestly. :)
  • Step 1

    After examining your logs, I have seen that you currently have one or more P2P Programs installed. I would recommend their removal as the networks these programs are involved in are breeding places for malware. The things you are downloading are not one hundred percent safe as they can be uploaded by anyone on the Internet, some possibly aiding in the propagation of malware.

    More can be read from the following sources:You are advised to remove the following programs by uninstalling them:
    • qBittorrent
    Note: This step is optional. You may or may not remove the programs, however I strongly suggest getting rid or disabling them before we continue with the process.
  • Step 2

    Copy and paste the following into Notepad and save as fixlist.txt to your desktop:
    CloseProcesses:
    EmptyTemp:
    
    Task: {C20C936C-A4A4-4A89-976F-A287F25B80B9} - System32\Tasks\0814avUpdateInfo => C:\ProgramData\Avg_Update_0814av\0814av_AVG-Secure-Search-Update.exe
    IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
    IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
    IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
    IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-3543055688-4141051895-993799836-1001\...\Run: [AdobeBridge] => [X]
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-3543055688-4141051895-993799836-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-3543055688-4141051895-993799836-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
    FF DefaultSearchEngine: Bing
    FF DefaultSearchEngine.US: Bing
    FF SearchPlugin: C:\Users\Finch\AppData\Roaming\Mozilla\Firefox\Profiles\t9o7gwt9.default\searchplugins\youtube-video-search.xml [2014-07-08]
    2014-09-22 21:32 - 2014-09-22 21:32 - 0200987 _____ () C:\ProgramData\1411446607.bdinstall.bin
    2014-10-12 01:10 - 2014-10-12 01:10 - 0037670 _____ () C:\ProgramData\1413101421.bdinstall.bin
    2014-10-12 01:11 - 2014-10-12 01:11 - 0098232 _____ () C:\ProgramData\1413101423.bdinstall.bin
    
    RemoveProxy:
    CMD: bitsadmin /reset /allusers
    • Run your copy of FRST. It is important to ensure it is located in your desktop.
    • Press the Fix button.
    • It will produce a log (fixlog.txt) once done.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 3

    Download 'AdwCleaner by Xplode' and save it to your desktop.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • Read the Terms of Use and click I Agree.
    • Click Scan and choose Clean after.
    • Wait for it to finish. It won't take long.
    • Click OK for the next prompts. Your system will automatically reboot.
    • A log will automatically pop-up after rebooting. Alternatively, you can find it at C:\AdwCleaner\AdwCleaner[S*].txt.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 4

    Download 'Junkware Removal Tool by thisisu' and save it to your desktop.
    • Ensure all programs and windows are closed before proceeding.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • A black window will appear. Press any key to continue.
    • Wait for it to finish. It won't take long.
    • A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • fixlog.txt (Farbar Recovery Scan Tool)
    • AdwCleaner[S*].txt (AdwCleaner)
    • JRT.txt (Junkware Removal Tool)

  • 0

#5
exitfromreality

exitfromreality

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Fixlog.txt

 

Fix result of Farbar Recovery Scan Tool (x64) Version:28-07-2015
Ran by Finch (2015-07-29 03:02:04) Run:1
Running from C:\Users\Finch\Desktop
Loaded Profiles: Finch (Available Profiles: Finch)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
EmptyTemp:

Task: {C20C936C-A4A4-4A89-976F-A287F25B80B9} - System32\Tasks\0814avUpdateInfo => C:\ProgramData\Avg_Update_0814av\0814av_AVG-Secure-Search-Update.exe
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3543055688-4141051895-993799836-1001\...\Run: [AdobeBridge] => [X]
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3543055688-4141051895-993799836-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3543055688-4141051895-993799836-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
FF DefaultSearchEngine: Bing
FF DefaultSearchEngine.US: Bing
FF SearchPlugin: C:\Users\Finch\AppData\Roaming\Mozilla\Firefox\Profiles\t9o7gwt9.default\searchplugins\youtube-video-search.xml [2014-07-08]
2014-09-22 21:32 - 2014-09-22 21:32 - 0200987 _____ () C:\ProgramData\1411446607.bdinstall.bin
2014-10-12 01:10 - 2014-10-12 01:10 - 0037670 _____ () C:\ProgramData\1413101421.bdinstall.bin
2014-10-12 01:11 - 2014-10-12 01:11 - 0098232 _____ () C:\ProgramData\1413101423.bdinstall.bin

RemoveProxy:
CMD: bitsadmin /reset /allusers
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C20C936C-A4A4-4A89-976F-A287F25B80B9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C20C936C-A4A4-4A89-976F-A287F25B80B9}" => key removed successfully
C:\Windows\System32\Tasks\0814avUpdateInfo => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0814avUpdateInfo" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com" => key removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-3543055688-4141051895-993799836-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-3543055688-4141051895-993799836-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-3543055688-4141051895-993799836-1001\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value removed successfully
Firefox DefaultSearchEngine removed successfully
Firefox DefaultSearchEngine.US removed successfully
C:\Users\Finch\AppData\Roaming\Mozilla\Firefox\Profiles\t9o7gwt9.default\searchplugins\youtube-video-search.xml => moved successfully.
C:\ProgramData\1411446607.bdinstall.bin => moved successfully.
C:\ProgramData\1413101421.bdinstall.bin => moved successfully.
C:\ProgramData\1413101423.bdinstall.bin => moved successfully.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3543055688-4141051895-993799836-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3543055688-4141051895-993799836-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

EmptyTemp: => 9.8 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 03:02:38 ====

 

 

AdwCleaner[S0].txt

 

# AdwCleaner v4.208 - Logfile created 29/07/2015 at 03:08:21
# Updated 09/07/2015 by Xplode
# Database : 2015-07-09.2 [Local]
# Operating system : Windows 8.1 Pro  (x64)
# Username : Finch - EXITREALITY
# Running from : C:\Users\Finch\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKCU\Software\Avg Secure Update
Key Deleted : HKU\.DEFAULT\Software\AVG SafeGuard toolbar
Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v39.0 (x86 en-US)


*************************

AdwCleaner[R0].txt - [1434 bytes] - [29/07/2015 03:07:47]
AdwCleaner[S0].txt - [1320 bytes] - [29/07/2015 03:08:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1379  bytes] ##########
 

 

JRT.txt

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.4 (07.27.2015:1)
OS: Windows 8.1 Pro x64
Ran by Finch on Wed 07/29/2015 at  3:10:51.16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Users\Finch\Appdata\Local\crashrpt





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/29/2015 at  3:12:15.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


  • 0

#6
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
  • Step 1

    Download the free version of 'Malwarebytes Anti-Malware by Malwarebytes Corporation' and save it to your desktop.
    • Double-click mbam-setup-*.exe and proceed to installing the program.
      • Accept the License Agreement.
      • At the end, untick Enable free trial of Malwarebytes Anti-Malware Premium and ensure Launch Malwarebytes' Anti-Malware is checked.
      • Click Finish after.
    • Once the program has loaded, navigate to the Settings tab and select Detection and Protection.
      • Tick the Scan For Rootkits box.
    • Go back to the Dashboard and select Update Now. Click Scan Now after.
      • Updates can sometimes still be present. Be sure to select Update Now again if you are prompted.
      • Once the scan is complete, click Apply Actions.
      • If you are prompted to reboot, allow it by pressing Yes.
    • Navigate to the program's History tab to retrieve the log.
      • Click Application Logs and double-click on the most recent Scan Log.
      • Export the log to your desktop as a .TXT file.
      • You can also choose to directly copy the log by selecting Copy to Clipboard.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 2

    You currently have the following outdated program(s) installed. I highly recommend that you perform an update. You will find the download link(s) for the new version(s) below.
    • Java Runtime Environment -- Update
    Uninstall the previous version(s) before installing the updated one(s). If you run into any errors, let me know.
  • Step 4

    Download 'SecurityCheck by screen317' and save it to your desktop.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • A black window will appear. Press any key to continue.
    • Wait for it to finish. It won't take long.
    • A log will automatically pop-up after once done.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
    Note: If you get an error about an unsupported operating system, please reboot your computer and try again.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • checkup.txt (SecurityCheck)
    • mbam-log-YYYY-MM-DD (HH-MM-SS).xml (Malwarebytes Anti-Malware)

  • 0

#7
exitfromreality

exitfromreality

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

MalwareBytes Log

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/29/2015
Scan Time: 10:55 PM
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.30.01
Rootkit Database: v2015.07.29.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Finch

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 425417
Time Elapsed: 7 min, 40 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

Checkup.txt

 

 Results of screen317's Security Check version 1.006  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java version 32-bit out of Date!
 Adobe Flash Player     18.0.0.209  
 Mozilla Firefox (39.0)
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 


  • 0

#8
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Things are A-OK. :) As per my instructions, did you proceed to install the latest version of Java? You will also need an anti-virus.
  • 0

#9
exitfromreality

exitfromreality

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

yes, I have updated Java and installed Avast.

 

Thanks a ton!


  • 0

#10
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts

Thank you for your cooperation. Your logs show no sign of infection. Congratulations, your system is now clean. :thumbsup: Below are the last few steps for you to accomplish.

Remove Temporary Files with TFC by OldTimer

  • Download 'TFC by OldTimer' and save it to your desktop.
    • Ensure all programs and windows are closed before proceeding.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • Click the Start button and wait for the process to complete.
    • You will be prompted to reboot. Please allow it by choosing Yes.

Remove Special Tools with DelFix by Xplode

  • Download 'DelFix by Xplode' and save it to your desktop.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • Ensure the following options are checked:
      • Remove disinfection tools
      • Create registry backup
      • Purge system restore
      • Reset system settings
    • Press Run.
    • A log will automatically pop-up. Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.

  • 0

#11
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Since this issue appears to be resolved, this topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a new topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP