Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I am infected.

Started by 0x24000 , Sep 04 2015 01:37 PM

  • Please log in to reply

#1
0x24000
Posted 04 September 2015 - 01:37 PM

0x24000

    Member

  • Member
  • PipPip
  • 34 posts

I just got a bluescreen with KERNAL SECURITY CHECK FAILURE so my computer restarted. Then I opened Firefox and a message said I am infected with Adware and I need to call "x" number to remove it. I don't know what download is infected, but I'm hoping we can remove the infection and the original file together.

 

I ran FRST so here are the logs.

 

FRST Log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-09-2015
Ran by Dissident  (administrator) on DISSIDENT (04-09-2015 12:36:20)
Running from C:\Users\Dissident \Downloads
Loaded Profiles: Dissident  &  (Available Profiles: Dissident )
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Arcai.com) C:\Program Files (x86)\netcut\services\aips.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Flux Software LLC) C:\Users\Dissident \AppData\Local\FluxSoftware\Flux\flux.exe
(Hyperdesktop) C:\Users\Dissident \AppData\Roaming\Hyperdesktop\hyperdesktop.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamresearch.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [79376 2013-07-31] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13650648 2013-08-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-06] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [GamecomSound] => C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe [817440 2014-01-21] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-05-01] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [592704 2015-07-08] (Razer Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2761190101-3978823051-44143618-1002\...\Run: [ScreenCloud] => C:\Program Files (x86)\ScreenCloud\ScreenCloud.exe
HKU\S-1-5-21-2761190101-3978823051-44143618-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-2761190101-3978823051-44143618-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2899136 2015-08-19] (Valve Corporation)
HKU\S-1-5-21-2761190101-3978823051-44143618-1002\...\Run: [f.lux] => C:\Users\Dissident \AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-2761190101-3978823051-44143618-1002\...\Run: [Hyperdesktop] => C:\Users\Dissident \AppData\Roaming\Hyperdesktop\hyperdesktop.exe [316000 2015-08-27] (Hyperdesktop)
HKU\S-1-5-21-2761190101-3978823051-44143618-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ScreenCloud] => C:\Program Files (x86)\ScreenCloud\ScreenCloud.exe
HKU\S-1-5-21-2761190101-3978823051-44143618-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-2761190101-3978823051-44143618-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2899136 2015-08-19] (Valve Corporation)
HKU\S-1-5-21-2761190101-3978823051-44143618-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [f.lux] => C:\Users\Dissident \AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-2761190101-3978823051-44143618-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Hyperdesktop] => C:\Users\Dissident \AppData\Roaming\Hyperdesktop\hyperdesktop.exe [316000 2015-08-27] (Hyperdesktop)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174296 2014-03-04] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [174296 2014-03-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [148016 2014-03-04] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.1.1 0.0.0.0 0.0.0.0
Tcpip\..\Interfaces\{03E04746-C36C-41D5-BD44-EC05E2D52C0F}: [DhcpNameServer] 10.0.1.1 0.0.0.0 0.0.0.0
Tcpip\..\Interfaces\{C52EEE0C-310E-4079-9D24-5B40AAF2173C}: [DhcpNameServer] 129.65.16.254 129.65.21.254

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKU\S-1-5-21-2761190101-3978823051-44143618-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
HKU\S-1-5-21-2761190101-3978823051-44143618-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-17] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-17] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Dissident \AppData\Roaming\Mozilla\Firefox\Profiles\tys9uhyk.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-31] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-31] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Extension: HTTPS-Everywhere - C:\Users\Dissident \AppData\Roaming\Mozilla\Firefox\Profiles\tys9uhyk.default\Extensions\[email protected] [2015-08-26]
FF Extension: MEGA - C:\Users\Dissident \AppData\Roaming\Mozilla\Firefox\Profiles\tys9uhyk.default\Extensions\[email protected] [2015-05-10]
FF Extension: AdBlock for Firefox - C:\Users\Dissident \AppData\Roaming\Mozilla\Firefox\Profiles\tys9uhyk.default\Extensions\[email protected] [2015-06-30]
FF Extension: uBlock - C:\Users\Dissident \AppData\Roaming\Mozilla\Firefox\Profiles\tys9uhyk.default\Extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi [2015-08-02]
FF Extension: Adblock Plus - C:\Users\Dissident \AppData\Roaming\Mozilla\Firefox\Profiles\tys9uhyk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-19]
FF Extension: Greasemonkey - C:\Users\Dissident \AppData\Roaming\Mozilla\Firefox\Profiles\tys9uhyk.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-07-01]
FF Extension: No Name - C:\Users\Dissident \AppData\Roaming\Mozilla\Firefox\Profiles\tys9uhyk.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [not found]
FF Extension: No Name - C:\Users\Dissident \AppData\Roaming\Mozilla\Firefox\Profiles\tys9uhyk.default\extensions\[email protected] [not found]

Chrome:
=======
CHR Profile: C:\Users\Dissident \AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Dissident \AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-29]
CHR Extension: (Google Docs) - C:\Users\Dissident \AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-29]
CHR Extension: (Google Drive) - C:\Users\Dissident \AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-29]
CHR Extension: (YouTube) - C:\Users\Dissident \AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-29]
CHR Extension: (Google Search) - C:\Users\Dissident \AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-29]
CHR Extension: (Google Sheets) - C:\Users\Dissident \AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-29]
CHR Extension: (Authy) - C:\Users\Dissident \AppData\Local\Google\Chrome\User Data\Default\Extensions\gaedmjdfmmahhbjefcbgaolhhanlaolb [2015-05-29]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Dissident \AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dissident \AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-29]
CHR Extension: (Gmail) - C:\Users\Dissident \AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AIPS; C:\Program Files (x86)\netcut\services\AIPS.exe [262144 2011-07-28] (Arcai.com) [File not signed]
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [83032 2013-07-31] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [100032 2013-07-31] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [84568 2013-07-31] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [92864 2013-07-31] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-31] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-31] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187048 2015-06-23] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [73512 2014-12-16] (ASUS Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [57216 2013-07-31] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [120256 2013-07-31] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [200808 2013-07-31] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-04] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99800 2013-05-31] (Intel Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 PlantronicsGC; C:\Windows\system32\drivers\PLTGC.sys [1327104 2013-10-08] (C-Media Electronics Inc)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [460872 2013-03-08] (RTS Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-06-12] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [129472 2015-06-26] (Razer, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44024 2015-02-03] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [264000 2015-02-03] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-04 12:35 - 2015-09-04 12:35 - 00042331 _____ C:\Users\Dissident \Downloads\Addition.txt
2015-09-04 12:33 - 2015-09-04 12:36 - 00021299 _____ C:\Users\Dissident \Downloads\FRST.txt
2015-09-04 12:33 - 2015-09-04 12:36 - 00000000 ____D C:\FRST
2015-09-04 12:30 - 2015-09-04 12:30 - 02188800 _____ (Farbar) C:\Users\Dissident \Downloads\FRST64.exe
2015-09-04 12:23 - 2015-09-04 12:24 - 00301744 _____ C:\WINDOWS\Minidump\090415-53562-01.dmp
2015-09-04 12:22 - 2015-09-04 12:22 - 739901494 _____ C:\WINDOWS\MEMORY.DMP
2015-09-04 12:22 - 2015-09-04 12:22 - 00004262 _____ C:\WINDOWS\PFRO.log
2015-09-04 11:52 - 2015-09-04 12:07 - 615370253 _____ C:\Users\Dissident \Downloads\PremiumLeech_file-m023_vmp_rar-58686-Mb--Turbobit.net
2015-09-02 06:14 - 2012-04-21 00:06 - 00000000 ____D C:\Users\Dissident \Downloads\Dark Tranquillity - Zero Distance (EP 2012)
2015-09-01 09:44 - 2015-09-01 09:46 - 45293104 _____ C:\Users\Dissident \Downloads\Dark-Tranquillity---Zero-Distance-(EP-2012).rar
2015-08-27 20:23 - 2015-08-27 20:23 - 00316000 _____ (Hyperdesktop) C:\Users\Dissident \Documents\hyperdesktop.exe
2015-08-27 07:34 - 2015-06-26 16:27 - 00129472 _____ (Razer, Inc.) C:\WINDOWS\system32\Drivers\rzpnk.sys
2015-08-27 07:34 - 2015-06-12 08:51 - 00037184 _____ (Razer, Inc.) C:\WINDOWS\system32\Drivers\rzpmgrk.sys
2015-08-27 07:33 - 2015-08-27 07:34 - 00079488 _____ C:\WINDOWS\DPINST.LOG
2015-08-27 07:28 - 2015-08-27 07:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2015-08-27 07:26 - 2015-08-27 07:27 - 22633520 _____ (Razer Inc.) C:\Users\Dissident \Downloads\Razer_Synapse_Framework_V1.18.21.26914.exe
2015-08-24 12:54 - 2015-08-24 12:54 - 00000012 _____ C:\Users\Dissident \Documents\cliquedox.txt
2015-08-24 09:53 - 2015-08-27 07:26 - 00000000 ____D C:\Users\Dissident \Documents\Cult
2015-08-22 15:30 - 2015-08-22 15:30 - 00000000 _____ C:\Users\Dissident \Documents\winloss.txt
2015-08-20 23:07 - 2015-08-20 23:07 - 06317380 _____ C:\Users\Dissident \Documents\bit_rush.zip
2015-08-20 17:44 - 2015-08-20 17:44 - 00013704 _____ C:\Users\Dissident \Documents\hurr poker.txt
2015-08-15 14:30 - 2015-08-15 14:30 - 00000474 _____ C:\Users\Dissident \Documents\Lookingforaroom.txt
2015-08-11 20:32 - 2015-08-11 20:32 - 01640567 _____ C:\Users\Dissident \Documents\Bullet for my Valentine Cover.m4a
2015-08-11 12:23 - 2012-12-05 03:34 - 00000000 ____D C:\Users\Dissident \Downloads\The Growlers - Beach Goth (2012)
2015-08-11 12:22 - 2015-08-11 12:22 - 00000000 ____D C:\Users\Dissident \Downloads\Black_Lips_-_Underneath_the_Rainbow_(2014)
2015-08-11 11:44 - 2015-08-11 11:49 - 80786332 _____ C:\Users\Dissident \Downloads\Black_Lips_-_Underneath_the_Rainbow_(2014).rar
2015-08-11 11:33 - 2015-08-11 11:37 - 69175258 _____ C:\Users\Dissident \Downloads\www.NewAlbumReleases.net_The-Growlers---Beach-Goth-(2012).rar
2015-08-11 11:33 - 2013-12-17 00:23 - 00000000 ____D C:\Users\Dissident \Downloads\The Growlers - Hung at Heart (2013)
2015-08-11 11:07 - 2015-08-11 11:14 - 115741980 _____ C:\Users\Dissident \Downloads\The-Growlers---Hung-at-Heart-(2013).rar
2015-08-11 11:06 - 2015-08-11 11:14 - 93466200 _____ C:\Users\Dissident \Documents\i8wexHWEZ8EO5F971TM46IkRcKymkCO5.zip
2015-08-06 15:35 - 2015-08-06 15:35 - 00000428 _____ C:\Users\Dissident \Documents\hi i need a place to .txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-04 12:36 - 2014-05-19 17:46 - 00000000 ____D C:\Users\Dissident \AppData\Roaming\Skype
2015-09-04 12:35 - 2014-05-19 18:53 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2761190101-3978823051-44143618-1002
2015-09-04 12:33 - 2015-03-22 23:57 - 00000418 _____ C:\WINDOWS\Tasks\update-sys.job
2015-09-04 12:31 - 2014-07-19 13:32 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-04 12:30 - 2014-03-18 03:03 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-04 12:29 - 2014-07-19 13:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-04 12:29 - 2014-07-19 13:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-04 12:24 - 2015-05-29 21:04 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-04 12:24 - 2015-05-29 21:04 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-04 12:24 - 2015-02-12 12:38 - 00000000 ____D C:\Program Files (x86)\Steam
2015-09-04 12:24 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-04 12:23 - 2015-07-28 09:58 - 00004851 _____ C:\WINDOWS\setupact.log
2015-09-04 12:23 - 2014-05-22 19:41 - 00000000 ____D C:\WINDOWS\Minidump
2015-09-04 12:23 - 2014-05-21 15:22 - 00000000 ____D C:\Users\Dissident
2015-09-04 12:23 - 2013-08-22 07:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-04 12:23 - 2013-08-22 07:44 - 00543568 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-04 12:22 - 2014-05-19 17:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-04 12:06 - 2015-02-06 01:26 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-09-04 11:37 - 2015-03-22 23:57 - 00000418 _____ C:\WINDOWS\Tasks\update-S-1-5-21-2761190101-3978823051-44143618-1002.job
2015-09-04 11:28 - 2015-07-27 09:33 - 01948129 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-03 21:59 - 2015-01-20 00:21 - 00000000 ____D C:\Users\Dissident \AppData\Local\CrashDumps
2015-09-03 18:46 - 2014-05-28 16:01 - 00000000 ____D C:\Users\Dissident \AppData\Roaming\vlc
2015-09-01 22:39 - 2014-07-07 18:08 - 00000000 ____D C:\Users\Dissident \AppData\Roaming\uTorrent
2015-09-01 09:37 - 2015-07-24 18:28 - 00000000 ____D C:\Users\Dissident \Documents\Guitar Pro Pieces
2015-09-01 09:17 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-08-31 20:53 - 2015-06-09 20:28 - 00000000 ____D C:\Users\Dissident \AppData\Roaming\HexChat
2015-08-28 06:19 - 2015-05-29 21:04 - 00003898 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-28 06:19 - 2015-05-29 21:04 - 00003662 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-27 07:34 - 2014-11-27 13:44 - 00000000 ____D C:\ProgramData\Razer
2015-08-27 07:34 - 2014-11-27 13:44 - 00000000 ____D C:\Program Files (x86)\Razer
2015-08-27 07:29 - 2014-11-27 18:53 - 00000000 ____D C:\Users\Dissident \AppData\Local\Razer
2015-08-20 09:24 - 2015-04-12 13:50 - 00000000 ____D C:\Users\Dissident \Documents\Images
2015-08-14 11:42 - 2015-05-15 18:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-11 21:06 - 2015-02-06 01:26 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

==================== Files in the root of some directories =======

2015-03-22 23:57 - 2015-03-22 23:57 - 0000003 _____ () C:\Users\Dissident \AppData\Local\updater.log
2015-03-22 23:57 - 2015-03-23 00:00 - 0000059 _____ () C:\Users\Dissident \AppData\Local\UserProducts.xml
2014-05-21 15:18 - 2014-05-21 15:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Dissident \AppData\Local\Temp\Inputps.exe
C:\Users\Dissident \AppData\Local\Temp\SkypeSetup.exe
C:\Users\Dissident \AppData\Local\Temp\update.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-02 09:17

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-09-2015
Ran by Dissident  (2015-09-04 12:36:40)
Running from C:\Users\Dissident \Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2761190101-3978823051-44143618-500 - Administrator - Disabled)
Dissident  (S-1-5-21-2761190101-3978823051-44143618-1002 - Administrator - Enabled) => C:\Users\Dissident
Guest (S-1-5-21-2761190101-3978823051-44143618-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2761190101-3978823051-44143618-1002\...\uTorrent) (Version: 3.4.4.40911 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-2761190101-3978823051-44143618-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.4.40911 - BitTorrent Inc.)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Assassins Creed Brotherhood version 1.02 (HKLM-x32\...\{F1B5BB0B-3E42-4D7C-ASCB-34D8164C8391}_is1) (Version: 1.02 - Black Box)
Assassins Creed Chronicles China (HKLM-x32\...\Assassins Creed Chronicles China_is1) (Version:  - )
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 3.0.11 - ASUS)
Burnout Paradise - The Ultimate Box (HKLM-x32\...\Burnout Paradise - The Ultimate Box_is1) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
DEAD OR ALIVE 5 Last Round (HKLM-x32\...\REVBRE9SQUxJVkU1TGFzdFJvdW5k_is1) (Version: 1 - )
DEVIL MAY CRY 4 (HKLM-x32\...\{D4E5A687-797D-44B1-8F96-4FD7A24166A9}) (Version: 1.00.000 - CAPCOM CO., LTD.)
Dishonored  Game of the Year Edition (HKLM-x32\...\RGlzaG9ub3JlZA==_is1) (Version: 1 - )
f.lux (HKU\S-1-5-21-2761190101-3978823051-44143618-1002\...\Flux) (Version:  - )
f.lux (HKU\S-1-5-21-2761190101-3978823051-44143618-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Flux) (Version:  - )
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GitHub (HKU\S-1-5-21-2761190101-3978823051-44143618-1002\...\5f7eb300e2ea4ebf) (Version: 2.14.7.1 - GitHub, Inc.)
GitHub (HKU\S-1-5-21-2761190101-3978823051-44143618-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\5f7eb300e2ea4ebf) (Version: 2.14.7.1 - GitHub, Inc.)
Goat Simulator GoatZ (HKLM-x32\...\Goat Simulator GoatZ_is1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version:  - Arobas Music)
HexChat (HKLM\...\HexChat_is1) (Version: 2.10.2 - HexChat)
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.0.0.2023 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.10.1550 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Metal Gear Solid V Ground Zeroes (HKLM-x32\...\Metal Gear Solid V Ground Zeroes_is1) (Version:  - )
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mortal Kombat X (HKLM-x32\...\TW9ydGFsS29tYmF0WA==_is1) (Version: 1 - )
Mozilla Firefox 40.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.2 (x86 en-US)) (Version: 40.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0a1 - Mozilla)
Need for Speed Most Wanted 2012 (HKLM-x32\...\{09F622D8-7F72-440D-AAB6-9A33CA1CE26B}_is1) (Version: 1.5 - Criterion Games)
NetCut 2.1.4 (HKLM-x32\...\NetCut_is1) (Version:  - arcai.com)
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
OpenSSL 0.9.8l Light (32-bit) (HKLM-x32\...\OpenSSL Light (32-bit)_is1) (Version:  - OpenSSL Win32 Installer Team)
osu! (HKLM-x32\...\{ad9c02e5-54ee-4f74-8a69-021b96e9b469}) (Version: latest - ppy Pty Ltd)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Plantronics® GameCom 780/788 Software for Dolby® Headphone (HKLM-x32\...\{EB3C9064-9140-4279-9E51-965119402151}) (Version: 3.20.0001 - Plantronics)
Prototype (HKLM-x32\...\Prototype_is1) (Version:  - )
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.26914 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.16.614.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.21224 - Realtek Semiconductor Corp.)
Resident Evil 5 Gold.Edition v.1.0.0.129 (HKLM-x32\...\Resident Evil 5 Gold.Edition_is1) (Version:  - )
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version:  - Team Meat)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
Tribler (HKLM-x32\...\Tribler) (Version: 6.4.3 - The Tribler Team)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - ASUS (ATP) Mouse  (10/30/2014 1.0.0.230) (HKLM\...\52EDDD14D2DC9D32A2EA2720C02CBB9E354F8DE2) (Version: 10/30/2014 1.0.0.230 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.10 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
Yaiba Ninja Gaiden Z, âåðñèÿ 1.0.0.0 (HKLM-x32\...\Yaiba Ninja Gaiden Z_is1) (Version: 1.0.0.0 - RePack by SEYTER)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

16-08-2015 12:17:20 Scheduled Checkpoint
24-08-2015 09:34:18 Scheduled Checkpoint
27-08-2015 07:27:59 Installed Razer Synapse.
03-09-2015 15:11:23 Scheduled Checkpoint
03-09-2015 16:34:56 Removed ScreenCloud

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-02-01 01:29 - 2015-02-01 01:29 - 00000830 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {073FE8A2-F1BF-4DAA-80D2-F6083313FA8D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11] (Adobe Systems Incorporated)
Task: {1812112E-F140-487F-9461-4A69B905C51A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-29] (Google Inc.)
Task: {2CD608C8-9FA6-4D2A-B6F4-997F8CEF03C8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-29] (Google Inc.)
Task: {366492A5-4D6D-4812-BE17-3738A8A67237} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: {4FCCAD0E-B77D-4650-B446-56AFCD3EB224} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {60D4EE0C-EF7F-4958-B2A0-A44FEDA18FFC} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe
Task: {D0C92F69-06BD-496A-A35C-F60A503D7F2A} - System32\Tasks\update-S-1-5-21-2761190101-3978823051-44143618-1002 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: {DF35EE55-1CE1-4F38-9A8A-733F756D92A2} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2014-12-16] (AsusTek)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-2761190101-3978823051-44143618-1002.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Loaded Modules (Whitelisted) ==============

2014-05-21 15:17 - 2014-03-04 06:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-12-10 08:13 - 2014-03-04 07:35 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-09-22 11:49 - 2014-09-22 11:49 - 00034304 _____ () C:\WINDOWS\System32\ssj2mlm.dll
2015-06-23 12:11 - 2015-06-23 12:11 - 00187048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2010-03-24 21:38 - 2010-03-24 21:38 - 08794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-12-15 00:51 - 2014-01-21 17:41 - 00817440 ____N () C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe
2014-12-15 00:51 - 2014-01-21 17:41 - 00149792 ____N () C:\Program Files\Plantronics\GameCom 780 & 788\VmixPLGC.dll
2015-02-12 12:39 - 2015-07-03 09:12 - 00778240 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-02-12 12:39 - 2015-07-03 09:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-02-12 12:39 - 2015-08-19 13:39 - 02413248 _____ () C:\Program Files (x86)\Steam\video.dll
2015-02-12 12:39 - 2015-07-03 09:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-02-12 12:39 - 2015-07-03 09:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-02-12 12:39 - 2014-12-01 14:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-02-12 12:39 - 2014-12-01 14:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-02-12 12:39 - 2014-12-01 14:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-02-12 12:39 - 2014-12-01 14:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-02-12 12:39 - 2014-12-01 14:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-02-12 12:39 - 2015-08-19 13:39 - 00704192 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-07-25 08:08 - 2015-07-26 18:13 - 00171008 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2013-12-10 08:13 - 2014-03-04 07:35 - 00014280 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2015-05-19 19:29 - 2015-05-19 19:29 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:17 - 2010-03-24 21:17 - 08794464 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-02-12 12:39 - 2015-07-03 09:12 - 39553928 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-01-04 13:02 - 2013-05-31 14:30 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2761190101-3978823051-44143618-1002\...\skype.com -> hxxps://apps.skype.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2761190101-3978823051-44143618-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Dissident \AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
HKU\S-1-5-21-2761190101-3978823051-44143618-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Dissident \AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 10.0.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "BCSSync"
HKU\S-1-5-21-2761190101-3978823051-44143618-1002\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2761190101-3978823051-44143618-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{55209C08-BD3F-4EE7-A8F4-B6435BF086E0}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [TCP Query User{8092D236-D33D-48B6-9B2A-3211C178BF6C}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{DDB498B6-33DF-4ECE-BE3B-684898D45444}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B1BD17A0-E04C-4EC2-BA07-35560DED91D7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{76462B53-F164-4ECE-BB09-C7290AA01C1B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{738763F2-2E2C-4599-A6DA-685634BA20BB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{3684B996-0867-4892-A3B7-C18807DA266C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{73A79061-45CB-484C-BEAA-1DF3607182D9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B6F4D065-1450-4086-98DA-A8AD95765AB9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{493817B9-0457-4B1F-9347-25FC68748603}] => (Allow) C:\Users\Dissident \AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{42A00EDB-AA06-40AA-9A28-AAFD57193110}] => (Allow) C:\Users\Dissident \AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{89BB3539-8427-4B79-B8A6-8164DF078B15}C:\users\dissident \downloads\left.4.dead.2.fullrip.nosteam.[v2.0.0.3]\left 4 dead 2\left4dead2.exe] => (Allow) C:\users\dissident \downloads\left.4.dead.2.fullrip.nosteam.[v2.0.0.3]\left 4 dead 2\left4dead2.exe
FirewallRules: [UDP Query User{A7F9B5B0-96A2-479D-A982-C1CEEBDF4AF7}C:\users\dissident \downloads\left.4.dead.2.fullrip.nosteam.[v2.0.0.3]\left 4 dead 2\left4dead2.exe] => (Allow) C:\users\dissident \downloads\left.4.dead.2.fullrip.nosteam.[v2.0.0.3]\left 4 dead 2\left4dead2.exe
FirewallRules: [{8B6E0D3C-3D15-4DFF-850B-0294690F917A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0C4EB4F3-95E2-4F7E-8226-BAACBD631985}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{D782C825-3A06-4ECA-BC1F-65F00911BF9A}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{E0F14F38-8FFD-4F57-AB38-AB8A3219592A}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{52D36C4A-C1A8-44F9-BF52-DF4266FF1E53}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0755BABA-E1B7-411E-AD02-2279418C2543}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3142D0B9-E535-4C6E-A7C6-1C92F1877AE0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{3EBF22C3-0CB8-47EE-9992-744258A0052B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{82D1B9FD-7200-47BE-AD33-E1BCC229E689}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{405421DC-0247-427C-A07C-A459CDCCDC1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{741F2F9C-512F-47BB-B670-EE17717503C2}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{9F98EF4D-C1B0-41D8-8454-BD8D8B681FFA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{AA97AEA2-44C3-45DD-BC48-519E8052E1F2}C:\program files (x86)\dishonored\binaries\win32\dishonored.exe] => (Allow) C:\program files (x86)\dishonored\binaries\win32\dishonored.exe
FirewallRules: [UDP Query User{CC41F130-F33E-403F-80BF-2B3C87CD46BA}C:\program files (x86)\dishonored\binaries\win32\dishonored.exe] => (Allow) C:\program files (x86)\dishonored\binaries\win32\dishonored.exe
FirewallRules: [TCP Query User{62C7BB5C-3FF7-480B-ACAD-277A4B066B2F}C:\games\goat simulator goatz\binaries\win32\goatgame-win32-shipping.exe] => (Allow) C:\games\goat simulator goatz\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [UDP Query User{E24DB361-D1E8-49BD-9351-E53B1D583B23}C:\games\goat simulator goatz\binaries\win32\goatgame-win32-shipping.exe] => (Allow) C:\games\goat simulator goatz\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [TCP Query User{DBD39A34-17B1-4004-A11D-24660F7EA51B}C:\games\resident evil 5 gold.edition\launcher.exe] => (Allow) C:\games\resident evil 5 gold.edition\launcher.exe
FirewallRules: [UDP Query User{3B9954E2-FFE1-4200-BCDE-328F60F88C79}C:\games\resident evil 5 gold.edition\launcher.exe] => (Allow) C:\games\resident evil 5 gold.edition\launcher.exe
FirewallRules: [TCP Query User{C396BD1F-ADB0-4878-B0DC-6D8C29719E26}D:\games\assassins creed chronicles china\binaries\win32\accgame-win32-shipping.exe] => (Allow) D:\games\assassins creed chronicles china\binaries\win32\accgame-win32-shipping.exe
FirewallRules: [UDP Query User{3E0106CE-F415-4E7E-9C5A-85A9D380A983}D:\games\assassins creed chronicles china\binaries\win32\accgame-win32-shipping.exe] => (Allow) D:\games\assassins creed chronicles china\binaries\win32\accgame-win32-shipping.exe
FirewallRules: [TCP Query User{442D79E4-EEA7-4AA5-B559-05D77473ABF6}D:\assassins creed brotherhood\acbsp.exe] => (Allow) D:\assassins creed brotherhood\acbsp.exe
FirewallRules: [UDP Query User{05E8C004-895A-4A43-AEAC-F3077CB69A76}D:\assassins creed brotherhood\acbsp.exe] => (Allow) D:\assassins creed brotherhood\acbsp.exe
FirewallRules: [TCP Query User{5BB117FA-995B-4E9B-A82E-312862268B07}D:\dead island riptide\deadislandgame_x86_rwdi.exe] => (Block) D:\dead island riptide\deadislandgame_x86_rwdi.exe
FirewallRules: [UDP Query User{97F0F7DC-0992-4F6C-BE24-F750E6FBB60E}D:\dead island riptide\deadislandgame_x86_rwdi.exe] => (Block) D:\dead island riptide\deadislandgame_x86_rwdi.exe
FirewallRules: [{5304E96F-51C8-4EF0-8338-72DE52E657DC}] => (Allow) C:\Program Files (x86)\Tribler\tribler.exe
FirewallRules: [{6326A0C6-CC9E-43B9-9723-2FEAE51BC238}] => (Allow) C:\Program Files (x86)\Tribler\tribler.exe
FirewallRules: [{8787E264-54CE-4A02-90A5-69D4DBE5975F}] => (Allow) C:\Users\Dissident \AppData\Local\Maelstrom\Application\chrome.native.torrent.exe
FirewallRules: [{F3FD5CDE-C04F-4BC5-8DFB-6FF0B75A308B}] => (Allow) C:\Users\Dissident \AppData\Local\Maelstrom\Application\chrome.native.torrent.exe
FirewallRules: [{D1A966E4-2FDF-4B36-8B8F-880794639025}] => (Allow) D:\SteamLibrary\steamapps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{CC7A8FBE-7BD0-4AC0-90B0-82F111E2519D}] => (Allow) D:\SteamLibrary\steamapps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{1E3F894A-AA9F-475F-91CF-181F18980D22}] => (Allow) D:\SteamLibrary\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{B526752D-438E-4AB6-99F7-FFA5916D2480}] => (Allow) D:\SteamLibrary\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{FBBF0101-61CD-4F89-9074-475078017428}] => (Allow) C:\Program Files\Nightly\firefox.exe
FirewallRules: [{B9606A92-199D-40C9-BB47-2B9C432EF0F5}] => (Allow) D:\SteamLibrary\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{77EF85C4-96AC-499E-A23E-79E50E3C97F4}] => (Allow) D:\SteamLibrary\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{09D65123-7A51-4FE0-9557-ACBF6CEAFF8A}] => (Allow) D:\SteamLibrary\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{F9734CB3-0E32-4311-9217-DBD3C7D36E4F}] => (Allow) D:\SteamLibrary\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{10354FE7-5913-43AB-80A1-2BBF147840E8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/03/2015 09:59:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GuitarPro.exe, version: 0.0.0.0, time stamp: 0x4fd714ab
Faulting module name: SHELL32.dll, version: 6.3.9600.17680, time stamp: 0x54dc233f
Exception code: 0xc0000005
Fault offset: 0x00fb6d3b
Faulting process id: 0x57f0
Faulting application start time: 0xGuitarPro.exe0
Faulting application path: GuitarPro.exe1
Faulting module path: GuitarPro.exe2
Report Id: GuitarPro.exe3
Faulting package full name: GuitarPro.exe4
Faulting package-relative application ID: GuitarPro.exe5

Error: (09/02/2015 03:07:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LolClient.exe, version: 0.0.0.0, time stamp: 0x515663e0
Faulting module name: WebKit.dll, version: 6531.9.0.0, time stamp: 0x51566370
Exception code: 0xc0000005
Fault offset: 0x000a9965
Faulting process id: 0x4ea0
Faulting application start time: 0xLolClient.exe0
Faulting application path: LolClient.exe1
Faulting module path: LolClient.exe2
Report Id: LolClient.exe3
Faulting package full name: LolClient.exe4
Faulting package-relative application ID: LolClient.exe5

Error: (09/01/2015 07:38:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SndVol.exe, version: 6.3.9600.17238, time stamp: 0x53d0e7c3
Faulting module name: ntdll.dll, version: 6.3.9600.17668, time stamp: 0x54c850f5
Exception code: 0xc0000005
Fault offset: 0x0000000000039a5a
Faulting process id: 0x42d8
Faulting application start time: 0xSndVol.exe0
Faulting application path: SndVol.exe1
Faulting module path: SndVol.exe2
Report Id: SndVol.exe3
Faulting package full name: SndVol.exe4
Faulting package-relative application ID: SndVol.exe5

Error: (08/25/2015 06:20:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Steam.exe version 2.92.69.85 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 91c

Start Time: 01d0df9d284cae39

Termination Time: 39

Application Path: C:\Program Files (x86)\Steam\Steam.exe

Report Id: a52757c0-4b90-11e5-bec3-bcee7b28bc31

Faulting package full name:

Faulting package-relative application ID:

Error: (08/23/2015 12:47:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LolClient.exe, version: 0.0.0.0, time stamp: 0x515663e0
Faulting module name: Adobe AIR.dll, version: 3.7.0.1530, time stamp: 0x5156646c
Exception code: 0xc0000005
Fault offset: 0x0006dd76
Faulting process id: 0xc90
Faulting application start time: 0xLolClient.exe0
Faulting application path: LolClient.exe1
Faulting module path: LolClient.exe2
Report Id: LolClient.exe3
Faulting package full name: LolClient.exe4
Faulting package-relative application ID: LolClient.exe5

Error: (08/22/2015 05:21:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program rads_user_kernel.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1424

Start Time: 01d0dd399859dcde

Termination Time: 1

Application Path: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe

Report Id: da2a7bc2-492c-11e5-bec3-bcee7b28bc31

Faulting package full name:

Faulting package-relative application ID:

Error: (08/20/2015 09:22:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LolClient.exe, version: 0.0.0.0, time stamp: 0x515663e0
Faulting module name: Adobe AIR.dll, version: 3.7.0.1530, time stamp: 0x5156646c
Exception code: 0xc0000005
Fault offset: 0x0006dd76
Faulting process id: 0xc44
Faulting application start time: 0xLolClient.exe0
Faulting application path: LolClient.exe1
Faulting module path: LolClient.exe2
Report Id: LolClient.exe3
Faulting package full name: LolClient.exe4
Faulting package-relative application ID: LolClient.exe5

Error: (08/17/2015 04:19:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GuitarPro.exe, version: 0.0.0.0, time stamp: 0x4fd714ab
Faulting module name: filesystem.dll, version: 0.0.0.0, time stamp: 0x4fd70f68
Exception code: 0xc0000005
Fault offset: 0x0000d698
Faulting process id: 0x1118
Faulting application start time: 0xGuitarPro.exe0
Faulting application path: GuitarPro.exe1
Faulting module path: GuitarPro.exe2
Report Id: GuitarPro.exe3
Faulting package full name: GuitarPro.exe4
Faulting package-relative application ID: GuitarPro.exe5

Error: (08/13/2015 09:37:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GuitarPro.exe, version: 0.0.0.0, time stamp: 0x4fd714ab
Faulting module name: MSVCR80.dll, version: 8.0.50727.8428, time stamp: 0x520b1060
Exception code: 0xc000000d
Fault offset: 0x00008aa0
Faulting process id: 0xddc
Faulting application start time: 0xGuitarPro.exe0
Faulting application path: GuitarPro.exe1
Faulting module path: GuitarPro.exe2
Report Id: GuitarPro.exe3
Faulting package full name: GuitarPro.exe4
Faulting package-relative application ID: GuitarPro.exe5

Error: (08/10/2015 03:14:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LolClient.exe, version: 0.0.0.0, time stamp: 0x515663e0
Faulting module name: Adobe AIR.dll, version: 3.7.0.1530, time stamp: 0x5156646c
Exception code: 0xc0000005
Fault offset: 0x0006dd76
Faulting process id: 0x1fbc
Faulting application start time: 0xLolClient.exe0
Faulting application path: LolClient.exe1
Faulting module path: LolClient.exe2
Report Id: LolClient.exe3
Faulting package full name: LolClient.exe4
Faulting package-relative application ID: LolClient.exe5


System errors:
=============
Error: (09/04/2015 12:24:21 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000139 (0x0000000000000003, 0xffffd00021a8e520, 0xffffd00021a8e478, 0x0000000000000000)C:\WINDOWS\MEMORY.DMP090415-53562-01

Error: (09/04/2015 12:23:32 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:13:54 PM on ‎9/‎4/‎2015 was unexpected.

Error: (09/03/2015 02:27:11 PM) (Source: DCOM) (EventID: 10010) (User: Dissident)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (09/03/2015 02:26:41 PM) (Source: DCOM) (EventID: 10010) (User: Dissident)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (09/02/2015 02:04:35 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (09/02/2015 09:19:02 AM) (Source: DCOM) (EventID: 10010) (User: Dissident)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (09/02/2015 09:18:32 AM) (Source: DCOM) (EventID: 10010) (User: Dissident)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (09/02/2015 08:18:09 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (09/01/2015 09:54:09 AM) (Source: DCOM) (EventID: 10010) (User: Dissident)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (09/01/2015 09:53:39 AM) (Source: DCOM) (EventID: 10010) (User: Dissident)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}


Microsoft Office:
=========================
Error: (09/03/2015 09:59:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GuitarPro.exe0.0.0.04fd714abSHELL32.dll6.3.9600.1768054dc233fc000000500fb6d3b57f001d0e6cd6e0f18dbC:\Program Files (x86)\Guitar Pro 6\GuitarPro.exeC:\WINDOWS\SYSTEM32\SHELL32.dllb6b1226d-52c1-11e5-bec3-bcee7b28bc31

Error: (09/02/2015 03:07:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LolClient.exe0.0.0.0515663e0WebKit.dll6531.9.0.051566370c0000005000a99654ea001d0e5828b1cb562C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.158\deploy\LolClient.exeC:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.158\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dllf2b7eeec-51be-11e5-bec3-bcee7b28bc31

Error: (09/01/2015 07:38:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SndVol.exe6.3.9600.1723853d0e7c3ntdll.dll6.3.9600.1766854c850f5c00000050000000000039a5a42d801d0e51fc08f3ec6C:\WINDOWS\System32\SndVol.exeC:\WINDOWS\SYSTEM32\ntdll.dllc324cea6-511b-11e5-bec3-bcee7b28bc31

Error: (08/25/2015 06:20:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Steam.exe2.92.69.8591c01d0df9d284cae3939C:\Program Files (x86)\Steam\Steam.exea52757c0-4b90-11e5-bec3-bcee7b28bc31

Error: (08/23/2015 12:47:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LolClient.exe0.0.0.0515663e0Adobe AIR.dll3.7.0.15305156646cc00000050006dd76c9001d0ddc501ed4fedC:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.157\deploy\LolClient.exeC:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.157\deploy\Adobe AIR\Versions\1.0\Adobe AIR.dllc35bf992-49cf-11e5-bec3-bcee7b28bc31

Error: (08/22/2015 05:21:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: rads_user_kernel.exe0.0.0.0142401d0dd399859dcde1C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exeda2a7bc2-492c-11e5-bec3-bcee7b28bc31

Error: (08/20/2015 09:22:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: LolClient.exe0.0.0.0515663e0Adobe AIR.dll3.7.0.15305156646cc00000050006dd76c4401d0db51b20fb0e0C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.156\deploy\LolClient.exeC:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.156\deploy\Adobe AIR\Versions\1.0\Adobe AIR.dll97afe86d-4757-11e5-bec3-bcee7b28bc31

Error: (08/17/2015 04:19:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GuitarPro.exe0.0.0.04fd714abfilesystem.dll0.0.0.04fd70f68c00000050000d698111801d0d941e0574dafC:\Program Files (x86)\Guitar Pro 6\GuitarPro.exeC:\Program Files (x86)\Guitar Pro 6\filesystem.dll56bb79ab-4536-11e5-bec3-bcee7b28bc31

Error: (08/13/2015 09:37:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: GuitarPro.exe0.0.0.04fd714abMSVCR80.dll8.0.50727.8428520b1060c000000d00008aa0ddc01d0d5e4b5455a37C:\Program Files (x86)\Guitar Pro 6\GuitarPro.exeC:\WINDOWS\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.8428_none_d08a11e2442dc25d\MSVCR80.dlla1bd5d8f-41d9-11e5-bec3-bcee7b28bc31

Error: (08/10/2015 03:14:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LolClient.exe0.0.0.0515663e0Adobe AIR.dll3.7.0.15305156646cc00000050006dd761fbc01d0d39106b4129dC:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.155\deploy\LolClient.exeC:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.155\deploy\Adobe AIR\Versions\1.0\Adobe AIR.dll27aa47b9-3fad-11e5-bec3-bcee7b28bc31


CodeIntegrity:
===================================
  Date: 2015-07-21 21:03:13.872
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-31 01:26:35.201
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-19 11:54:27.747
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-17 16:38:59.775
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-14 11:09:48.685
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-22 19:03:35.483
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-04 12:20:04.492
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-31 20:22:01.928
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-11 21:26:43.568
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-02 13:27:56.358
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4500U CPU @ 1.80GHz
Percentage of memory in use: 31%
Total physical RAM: 8075.46 MB
Available physical RAM: 5546.79 MB
Total Virtual: 16267.46 MB
Available Virtual: 13593.34 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:279.01 GB) (Free:101.8 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:398.07 GB) (Free:262.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: DFCAAEF7)

Partition: GPT.

==================== End of Addition.txt ============================

 


  • 0

Advertisements

#2
0x24000
Posted 04 September 2015 - 02:01 PM

0x24000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

this stuff popped up http://q4exnj.import...9MI3ISMGOOC8QF8


  • 0

#3
0x24000
Posted 06 September 2015 - 06:58 AM

0x24000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Bump


  • 0

#4
0x24000
Posted 07 September 2015 - 07:18 PM

0x24000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Bump.


  • 0

#5
0x24000
Posted 12 September 2015 - 07:56 PM

0x24000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Maybe I'm not infected.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP