Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Crafty Virus [Solved]

Started by Solice93 , Nov 04 2016 11:22 PM

virus malware spyware random uninstalls programs wont work

This topic is locked

#1
Solice93

Posted 04 November 2016 - 11:22 PM

Member

Member
92 posts

Ok, so a few days ago, I was just browsing the internet and all of the sudden my Firefox browser shuts down and so does my computer. It fails to turn back on several times. Every time I would turn it on, It would say " windows is starting", would show a small crash screen for just a few seconds and power off or reboot (I don't remember which). I eventually would go to startup repair and there was this suspicious looking cmd.exe box in the lower left hand corner just out of view. I tried rolling back to a previous restore point, but it failed. After doing so however, my computer started back up normally. The only difference being that now, Firefox uninstalled itself completely. Maybe that was from rolling back to a previous restore point? Who knows. Anyways, I tried using the Eset online scanner tool, and every time it says it detected something, the program would freeze up, or the screen would grey out. Not like it was frozen, but like something else was blocking access to me accessing the program. And now, my GeForce Experience program is saying that it runs into a runtime error whenever I try to access it. It also says that it is uninstalling it. Really wierd behaviour in general. Kaspersky won't pick up on anything, and the pro trial version of Eset won't show anything either. And no, I didn't have them installed at the same time. The only thing that has picked up on the virus at all is the Eset online scanner tool. Any ideas or solutions? Thank you for your time in advance!!!

Update: The Eset Online Scanner has detected no viruses, but I am still convinced that there is something lurking in the shadows. Help?

Edited by Solice93, 05 November 2016 - 11:48 PM.

#2
Solice93

Posted 05 November 2016 - 01:15 AM

Member

Topic Starter
Member
92 posts

Update: The online scanner has made it from the system memory to the "local" folder in "AppData" with no detection of any viruses. I will notify this thread if anything pops up.

#3
Solice93

Posted 05 November 2016 - 01:52 AM

Member

Topic Starter
Member
92 posts

Update: The Eset Online Scanner has detected no viruses, but I am still convinced that there is something lurking in the shadows. Help?

#4
emeraldnzl

Posted 13 November 2016 - 01:00 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello Solice93,

Sorry for the delay.

From what you say this doesn't look like a malware problem but let's get a scan and see what we can find.

Now

Important - We ask that the tools we use be downloaded to your computers desktop.

If you are unsure about how to do that, please press the Show button beside Spoiler below to see guides for the most popular browsers:

Spoiler

Next

Please download Farbar Recovery Scan Tool from here and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator. When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called (FRST.txt) in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

#5
Solice93

Posted 14 November 2016 - 12:51 AM

Member

Topic Starter
Member
92 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2016
Ran by ExoSuitOne (administrator) on EXOSUITONE-PC (14-11-2016 00:43:03)
Running from C:\Users\ExoSuitOne\Desktop
Loaded Profiles: ExoSuitOne (Available Profiles: ExoSuitOne)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Internet Security\ekrn.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(ESET) C:\Program Files\ESET\ESET Internet Security\egui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(MSI) C:\Windows\SysWOW64\muachost.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Flux Software LLC) C:\Users\ExoSuitOne\AppData\Local\FluxSoftware\Flux\flux.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\KillerService.exe
(MSI) C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe
(MSI) C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\Live Update.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8843520 2016-01-29] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Command Center] => C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe [830416 2016-02-16] (MSI)
HKLM-x32\...\Run: [Super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1027024 2016-03-17] (MSI)
HKLM-x32\...\Run: [Sound Blaster Cinema 2] => C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe [1442304 2014-05-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [StereoLinksInstall] => C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe [606264 2016-03-21] (NVIDIA Corporation)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [11340752 2016-06-28] (Micro-Star INT'L CO., LTD.)
HKU\S-1-5-21-772665500-127718560-4139283550-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-12] (Valve Corporation)
HKU\S-1-5-21-772665500-127718560-4139283550-1000\...\Run: [f.lux] => C:\Users\ExoSuitOne\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-772665500-127718560-4139283550-1000\...\MountPoints2: {abe3b00a-126a-11e6-9283-021a434c5206} - G:\LG_PC_Programs.exe
HKU\S-1-5-21-772665500-127718560-4139283550-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2016-05-01]
ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{11945A86-DA92-40E4-B021-3678187A8551}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{6881E57C-1817-4256-9CDB-0A71E5CA5CEA}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
Toolbar: HKU\S-1-5-21-772665500-127718560-4139283550-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

FireFox:
========
FF DefaultProfile: 5yxperd9.default
FF ProfilePath: C:\Users\ExoSuitOne\AppData\Roaming\Mozilla\Firefox\Profiles\5yxperd9.default [2016-11-09]
FF Homepage: Mozilla\Firefox\Profiles\5yxperd9.default -> hxxps://www.pearsonmylabandmastering.com/northamerica/mymathlab/
FF Extension: (Firefox Hotfix) - C:\Users\ExoSuitOne\AppData\Roaming\Mozilla\Firefox\Profiles\5yxperd9.default\Extensions\[email protected] [2016-08-30]
FF Extension: (Video DownloadHelper) - C:\Users\ExoSuitOne\AppData\Roaming\Mozilla\Firefox\Profiles\5yxperd9.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-10-14]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll [2016-11-04] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-11-04] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-21] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-21] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.)
FF Plugin HKU\S-1-5-21-772665500-127718560-4139283550-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ExoSuitOne\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-03-10] (Unity Technologies ApS)

Chrome:
=======
CHR Profile: C:\Users\ExoSuitOne\AppData\Local\Google\Chrome\User Data\Default [2016-11-09]
CHR Extension: (Google Slides) - C:\Users\ExoSuitOne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-24]
CHR Extension: (Google Docs) - C:\Users\ExoSuitOne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-24]
CHR Extension: (Google Drive) - C:\Users\ExoSuitOne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-24]
CHR Extension: (YouTube) - C:\Users\ExoSuitOne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-24]
CHR Extension: (Google Search) - C:\Users\ExoSuitOne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-10-24]
CHR Extension: (Google Sheets) - C:\Users\ExoSuitOne\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-24]
CHR Extension: (Google Docs Offline) - C:\Users\ExoSuitOne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ExoSuitOne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-24]
CHR Extension: (Gmail) - C:\Users\ExoSuitOne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-24]
CHR Extension: (Chrome Media Router) - C:\Users\ExoSuitOne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-04]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-05-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Internet Security\ekrn.exe [2815520 2016-10-11] (ESET)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [277056 2016-09-07] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6514752 2016-09-07] (GOG.com)
S2 GamingApp_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe [37328 2015-12-16] (Micro-Star Int'l Co., Ltd.)
R2 GamingHotkey_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe [2019792 2015-10-16] (Micro-Star INT'L CO., LTD.)
R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [454872 2016-01-28] (Rivet Networks)
S3 MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService.exe [4162512 2016-02-04] (MSI)
S3 MSICOMM_CC; C:\Program Files (x86)\MSI\Command Center\MSICommService.exe [2200872 2016-02-01] (MSI)
S3 MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService.exe [4162512 2016-02-04] (MSI)
R2 MSICTL_CC; C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe [2013648 2016-02-16] (MSI)
R2 MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe [2312144 2016-02-22] (MSI)
S3 MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe [2073040 2016-02-04] (MSI)
S3 MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe [596944 2016-02-01] (MSI)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2247120 2016-06-28] (Micro-Star INT'L CO., LTD.)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [163280 2015-05-18] (MSI)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-01] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-01] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-01] (NVIDIA Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [30720 2015-05-12] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [37376 2015-05-12] (LG Electronics Inc.)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2011-11-13] (Advanced Micro Devices)
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [147528 2016-01-24] (Rivet Networks, LLC.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [232072 2016-10-07] (ESET)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [212096 2016-10-07] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [177792 2016-10-07] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [48768 2016-10-07] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [76416 2016-10-07] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [59528 2016-10-07] (ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [91784 2016-10-07] (ESET)
R3 I2cHkBurn; C:\Windows\System32\drivers\I2cHkBurn.sys [41760 2015-07-27] (FINTEK Corp.)
R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [125488 2015-03-18] (Qualcomm Atheros, Inc.)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 NTIOLib_MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\NTIOLib_X64.sys [13368 2012-11-26] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-01] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-13] (NVIDIA Corporation)
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [4620032 2015-12-15] (Realtek Semiconductor Corporation )
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-11] (Microsoft Corporation)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2014-10-31] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [305664 2014-10-31] (VIA Technologies, Inc.)
S3 MSICDSetup; \??\F:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\F:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-14 00:43 - 2016-11-14 00:46 - 00015250 _____ C:\Users\ExoSuitOne\Desktop\FRST.txt
2016-11-14 00:42 - 2016-11-14 00:43 - 00000000 ____D C:\FRST
2016-11-14 00:41 - 2016-11-14 00:35 - 02411520 _____ (Farbar) C:\Users\ExoSuitOne\Desktop\FRST64.exe
2016-11-11 18:09 - 2016-11-11 21:53 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2016-11-08 02:16 - 2016-11-08 02:16 - 00000000 ____D C:\Users\ExoSuitOne\AppData\Local\Skyrim Special Edition
2016-11-04 23:06 - 2016-11-04 23:06 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-11-04 23:06 - 2016-11-04 23:06 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-11-04 20:20 - 2016-11-04 20:20 - 00000000 ____D C:\Users\ExoSuitOne\AppData\Roaming\ESET
2016-11-04 20:07 - 2016-11-04 20:07 - 00002048 _____ C:\Users\Public\Desktop\ESET Banking & Payment protection.lnk
2016-11-04 20:07 - 2016-11-04 20:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2016-11-04 20:07 - 2016-11-04 20:07 - 00000000 ____D C:\ProgramData\ESET
2016-11-04 20:07 - 2016-11-04 20:07 - 00000000 ____D C:\Program Files\ESET
2016-11-04 20:01 - 2016-11-04 20:01 - 03132032 _____ (ESET) C:\Users\ExoSuitOne\Downloads\eset_internet_security_live_installer_us.exe
2016-11-04 19:58 - 2016-11-04 19:59 - 06761600 _____ (ESET spol. s r.o.) C:\Users\ExoSuitOne\Downloads\esetonlinescanner_enu (1).exe
2016-10-31 23:30 - 2016-10-31 23:30 - 00000000 ____D C:\Users\ExoSuitOne\AppData\Local\AvgSetupLog
2016-10-31 23:30 - 2016-10-31 23:30 - 00000000 ____D C:\Users\ExoSuitOne\AppData\Local\Avg
2016-10-31 23:30 - 2016-10-31 23:30 - 00000000 ____D C:\ProgramData\Avg
2016-10-24 23:36 - 2016-10-24 23:36 - 06761600 _____ (ESET spol. s r.o.) C:\Users\ExoSuitOne\Downloads\esetonlinescanner_enu.exe
2016-10-24 23:33 - 2016-10-24 23:33 - 00002255 _____ C:\Users\ExoSuitOne\Desktop\Google Chrome.lnk
2016-10-24 00:23 - 2016-11-09 22:48 - 00000000 ____D C:\Program Files\Common Files\AV
2016-10-23 21:12 - 2016-11-04 20:14 - 00000000 ____D C:\Users\ExoSuitOne\AppData\Local\ESET
2016-10-22 00:25 - 2016-11-04 23:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-10-16 23:43 - 2016-10-16 23:52 - 00000000 ____D C:\Users\ExoSuitOne\Documents\Cosplay
2016-10-15 16:25 - 2016-10-15 16:25 - 39751151 _____ C:\Users\ExoSuitOne\Downloads\codelite-amd64-9.2.5.7z

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-14 00:40 - 2016-10-07 22:10 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2016-11-14 00:40 - 2016-05-01 01:27 - 00000000 ____D C:\Program Files (x86)\Steam
2016-11-14 00:39 - 2016-05-01 02:11 - 00000000 ____D C:\Users\ExoSuitOne
2016-11-14 00:39 - 2016-05-01 00:54 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-14 00:39 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-10 01:38 - 2016-09-11 16:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-10 00:53 - 2016-05-01 00:54 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-09 22:58 - 2009-07-13 22:45 - 00028320 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-09 22:58 - 2009-07-13 22:45 - 00028320 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-09 22:54 - 2009-07-13 23:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-09 22:54 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2016-11-08 02:16 - 2016-05-01 02:20 - 00000000 ____D C:\Users\ExoSuitOne\Documents\my games
2016-11-08 00:03 - 2016-05-12 23:03 - 00000000 ____D C:\Users\ExoSuitOne\AppData\Local\CrashDumps
2016-11-04 22:59 - 2016-05-01 02:39 - 00059632 _____ C:\Users\ExoSuitOne\AppData\Local\GDIPFONTCACHEV1.DAT
2016-11-04 22:58 - 2016-05-01 01:08 - 00000000 ____D C:\Users\ExoSuitOne\AppData\Local\NVIDIA Corporation
2016-11-04 22:58 - 2016-05-01 01:08 - 00000000 ____D C:\Users\ExoSuitOne\AppData\Local\NVIDIA
2016-11-04 22:57 - 2009-07-13 22:45 - 00273416 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-04 22:45 - 2016-05-11 17:59 - 00000000 ____D C:\Program Files (x86)\GtkSharp
2016-11-04 22:42 - 2016-05-01 01:06 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-11-04 22:42 - 2016-05-01 01:06 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-11-04 22:42 - 2016-05-01 01:05 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-11-04 20:07 - 2016-05-01 01:04 - 00000000 ____D C:\Users\ExoSuitOne\AppData\Local\Google
2016-11-04 19:58 - 2016-09-11 16:09 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-11-04 19:58 - 2016-09-11 16:09 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-11-04 19:58 - 2016-09-11 16:09 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-04 19:58 - 2016-05-04 22:05 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-04 19:58 - 2016-05-04 22:05 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-10-26 16:29 - 2010-11-20 21:27 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-10-23 23:11 - 2016-07-20 18:12 - 00000000 ____D C:\Windows\EOONotify
2016-10-23 23:11 - 2016-05-13 04:23 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-10-23 23:11 - 2016-05-13 04:23 - 00000000 ____D C:\Windows\system32\appraiser
2016-10-23 23:11 - 2016-05-11 17:31 - 00000000 ____D C:\Windows\SysWOW64\LiveUpdate
2016-10-23 23:11 - 2016-05-01 21:07 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-10-23 23:11 - 2016-05-01 21:07 - 00000000 ___SD C:\Windows\system32\GWX
2016-10-23 23:11 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-10-23 23:11 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\Dism
2016-10-23 23:11 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2016-10-23 23:10 - 2016-05-01 00:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-23 23:10 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
2016-10-23 23:10 - 2009-07-13 21:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-10-23 23:08 - 2016-05-01 01:44 - 00000000 ____D C:\Users\ExoSuitOne\AppData\Roaming\codelite
2016-10-23 23:08 - 2016-05-01 00:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2016-10-23 23:07 - 2016-05-01 00:44 - 00000000 ____D C:\Program Files (x86)\MSI
2016-10-23 23:07 - 2016-05-01 00:44 - 00000000 ____D C:\MSI
2016-10-15 16:45 - 2016-05-11 18:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0
2016-10-15 16:45 - 2016-05-01 01:07 - 00000000 ____D C:\ProgramData\Package Cache
2016-10-15 16:43 - 2016-05-11 18:25 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2016-10-15 16:43 - 2016-05-11 18:25 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2016-10-15 16:43 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-10-15 16:42 - 2016-09-26 13:34 - 00000000 ____D C:\Users\ExoSuitOne\AppData\Local\vsixinstaller
2016-10-15 16:39 - 2016-09-24 23:54 - 00000000 ____D C:\Users\ExoSuitOne\Documents\Homework
2016-10-15 16:26 - 2016-05-11 18:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2016-10-15 16:22 - 2016-05-11 18:53 - 00000000 ____D C:\Users\ExoSuitOne\Documents\Visual Studio 2015

==================== Files in the root of some directories =======

2016-05-01 01:00 - 2016-05-01 01:00 - 6871040 _____ () C:\Program Files (x86)\GUT34F5.tmp
2016-05-01 02:31 - 2016-05-01 02:31 - 0000000 _____ () C:\Users\ExoSuitOne\AppData\Local\Driver_LOM_8161Present.flag

Some files in TEMP:
====================
C:\Users\ExoSuitOne\AppData\Local\Temp\vcredist_x64.exe
C:\Users\ExoSuitOne\AppData\Local\Temp\vcredist_x86.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-11-05 22:52

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-11-2016
Ran by ExoSuitOne (14-11-2016 00:46:47)
Running from C:\Users\ExoSuitOne\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2016-05-01 08:11:43)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-772665500-127718560-4139283550-500 - Administrator - Disabled)
ExoSuitOne (S-1-5-21-772665500-127718560-4139283550-1000 - Administrator - Enabled) => C:\Users\ExoSuitOne
Guest (S-1-5-21-772665500-127718560-4139283550-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Internet Security 10.0.369.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Internet Security 10.0.369.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{DD562794-C098-A1E5-66ED-10E8BD1C84C5}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)
Arma 2 (HKLM\...\Steam App 33910) (Version: - Bohemia Interactive)
Arma 2: British Armed Forces (HKLM\...\Steam App 65700) (Version: - Bohemia Interactive)
Arma 2: DayZ Mod (HKLM\...\Steam App 224580) (Version: - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM\...\Steam App 33930) (Version: - Bohemia Interactive)
Arma 2: Private Military Company (HKLM\...\Steam App 65720) (Version: - Bohemia Interactive)
Beneath a Steel Sky (HKLM-x32\...\1207658695_is1) (Version: 2.1.0.11 - GOG.com)
Beyond Good & Evil (HKLM\...\Steam App 15130) (Version: - Ubisoft)
Blue Estate (HKLM\...\Steam App 305380) (Version: - HE SAW)
Broforce (HKLM\...\Steam App 274190) (Version: - Free Lives)
Burnout Paradise: The Ultimate Box (HKLM\...\Steam App 24740) (Version: - Criterion Games)
Celestial Command (HKLM\...\Steam App 330460) (Version: - Romenics)
Cities: Skylines (HKLM\...\Steam App 255710) (Version: - Colossal Order Ltd.)
CodeLite (HKLM-x32\...\CodeLite_is1) (Version: 9.1.6 - Eran Ifrah)
Crusader Kings II (HKLM\...\Steam App 203770) (Version: - Paradox Development Studio)
Darwinia (HKLM\...\Steam App 1500) (Version: - Introversion Software)
DEFCON (HKLM\...\Steam App 1520) (Version: - Introversion Software)
Dragonsphere (HKLM-x32\...\1207658927_is1) (Version: 2.1.0.15 - GOG.com)
ESET Internet Security (HKLM\...\{9F68FC91-8E40-44D0-BD9B-BB89711DC3E7}) (Version: 10.0.369.0 - ESET, spol. s r.o.)
EVE Online (HKU\S-1-5-21-772665500-127718560-4139283550-1000\...\{8cc10d13-fa28-4938-a691-8dd4ed0b9298}) (Version: 1.0.0 - CCP)
f.lux (HKU\S-1-5-21-772665500-127718560-4139283550-1000\...\Flux) (Version: - )
Foreign Legion: Buckets of Blood (HKLM\...\Steam App 36000) (Version: - Sakari Indie)
Foreign Legion: Multi Massacre (HKLM\...\Steam App 205550) (Version: - Sakari Indie & GriN)
Fractured Space (HKLM\...\Steam App 310380) (Version: - Edge Case Games Ltd.)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM\...\Steam App 271590) (Version: - Rockstar North)
Guacamelee! Gold Edition (HKLM\...\Steam App 214770) (Version: - DrinkBox Studios)
Half-Life (HKLM\...\Steam App 70) (Version: - Valve)
Half-Life 2 (HKLM\...\Steam App 220) (Version: - Valve)
Half-Life 2: Deathmatch (HKLM\...\Steam App 320) (Version: - Valve)
Half-Life 2: Episode One (HKLM\...\Steam App 380) (Version: - Valve)
Half-Life 2: Episode Two (HKLM\...\Steam App 420) (Version: - Valve)
Half-Life 2: Lost Coast (HKLM\...\Steam App 340) (Version: - Valve)
Half-Life Deathmatch: Source (HKLM\...\Steam App 360) (Version: - Valve)
Half-Life: Blue Shift (HKLM\...\Steam App 130) (Version: - Gearbox Software)
Half-Life: Opposing Force (HKLM\...\Steam App 50) (Version: - Gearbox Software)
Half-Life: Source (HKLM\...\Steam App 280) (Version: - Valve)
HAWKEN (HKLM\...\Steam App 271290) (Version: - Reloaded Games)
Homeworld Remastered Collection (HKLM\...\Steam App 244160) (Version: - Gearbox Software)
How to Survive (HKLM\...\Steam App 250400) (Version: - EKO Software)
Human Resource Machine (HKLM\...\Steam App 375820) (Version: - Tomorrow Corporation)
Kerbal Space Program (HKLM\...\Steam App 220200) (Version: - Squad)
Killer Bandwidth Control Filter Driver (Version: 1.1.57.1125 - Rivet Networks) Hidden
Killer E220x Drivers (Version: 1.1.57.1125 - Rivet Networks) Hidden
Killer Network Manager (Version: 1.1.57.1125 - Rivet Networks) Hidden
Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.57.1125 - Rivet Networks)
LG Mobile Drivers (HKLM-x32\...\{D8D0327A-72B4-4C79-9883-1B6B6C20ED2B}) (Version: 4.0.3 - LG Electronics)
Lure of the Temptress (HKLM-x32\...\1207658694_is1) (Version: 2.1.0.3 - GOG.com)
MechWarrior Online (HKLM\...\Steam App 342200) (Version: - Piranha Games Inc.)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25123 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual Studio 2015 Tools for Unity (HKLM-x32\...\{D68E6605-F852-4936-AB64-04B80E0C85AD}) (Version: 2.2.0.0 - Microsoft Corporation)
Mozilla Firefox 49.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 en-US)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.1.6109 - Mozilla)
MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD)
MSI Command Center (HKLM-x32\...\{85A2564E-9ED9-448A-91E4-B9211EE58A08}_is1) (Version: 1.0.1.11 - MSI)
MSI Gaming APP (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 5.0.0.32 - MSI)
MSI Kombustor 2.5.9 (HKLM-x32\...\{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1) (Version: - MSI Co., LTD)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.1.020 - MSI)
MSI Super Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.3.0.04 - MSI)
Multiwinia (HKLM\...\Steam App 1530) (Version: - Introversion Software)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.72 - NVIDIA Corporation)
NVIDIA Graphics Driver 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.72 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation)
Oknytt (HKLM\...\Steam App 286320) (Version: - Nemoria Entertainment)
Platform (x32 Version: 1.42 - VIA Technologies, Inc.) Hidden
Portal 2 (HKLM\...\Steam App 620) (Version: - Valve)
POSTAL 2 (HKLM\...\Steam App 223470) (Version: - Running With Scissors)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7634 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Rocksmith 2014 (HKLM\...\Steam App 221680) (Version: - Ubisoft - San Francisco)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.0.5 - Rockstar Games)
Roslyn Language Services - x86 (x32 Version: 14.0.25130 - Microsoft Corporation) Hidden
Sacred 2 Gold (HKLM\...\Steam App 225640) (Version: - Ascaron)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.3.5 - NVIDIA Corporation) Hidden
Sid Meier's Civilization IV (HKLM\...\Steam App 3900) (Version: - Firaxis Games)
Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version: - Firaxis Games)
Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version: - 2K Games, Inc.)
SimCity 4 Deluxe (HKLM\...\Steam App 24780) (Version: - EA - Maxis)
Sir, You Are Being Hunted (HKLM\...\Steam App 242880) (Version: - Big Robot Ltd)
Sound Blaster Cinema 2 (HKLM-x32\...\{B4F6F8CC-2C61-42CC-A4CC-76621F25BDC7}) (Version: 1.00.08 - Creative Technology Limited)
SpeedRunners (HKLM\...\Steam App 207140) (Version: - DoubleDutch Games)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TDM-GCC (HKLM-x32\...\TDM-GCC) (Version: 1.1309.0 - TDM)
Team Fortress 2 (HKLM\...\Steam App 440) (Version: - Valve)
Teenagent (HKLM-x32\...\1207658753_is1) (Version: 2.1.0.16 - GOG.com)
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Elder Scrolls V: Skyrim Special Edition (HKLM\...\Steam App 489830) (Version: - Bethesda Game Studios)
Total War: SHOGUN 2 (HKLM\...\Steam App 34330) (Version: - The Creative Assembly)
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.8.31.0 - Microsoft Corporation) Hidden
Ultima IV - Quest of the Avatar (HKLM-x32\...\1207658962_is1) (Version: 2.1.0.47 - GOG.com)
Unity (HKLM-x32\...\Unity) (Version: 5.3.4f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-772665500-127718560-4139283550-1000\...\UnityWebPlayer) (Version: 5.3.4f1 - Unity Technologies ApS)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)
Vulkan Run Time Libraries 1.0.5.1 (HKLM\...\VulkanRT1.0.5.1-2) (Version: 1.0.5.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.5.1 (Version: 1.0.5.1 - LunarG, Inc.) Hidden
Warhammer 40,000: Dawn of War - Game of the Year Edition (HKLM\...\Steam App 4570) (Version: - Relic Entertainment)
Warhammer® 40,000™: Dawn of War® II - Chaos Rising™ (HKLM\...\Steam App 20570) (Version: - Relic Entertainment)
Warhammer® 40,000™: Dawn of War® II (HKLM\...\Steam App 15620) (Version: - Relic Entertainment)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2092535D-5123-4D36-BCDD-5043A0E56F3A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-01] (Google Inc.)
Task: {316F56E9-772C-47E9-9924-51CA733B30B2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {4E3D5319-B981-48FC-8E98-6FAC1F1EDCAF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-01] (Google Inc.)
Task: {82A41AEB-15A4-49E5-9CFC-38A64E3D6EF7} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe
Task: {D560BE24-CBCE-4891-8215-8F29AE84098D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-04] (Adobe Systems Incorporated)
Task: {F300DCD9-8714-4445-9CFA-E25D85385339} - System32\Tasks\MSISW_Host => C:\Windows\SysWOW64\muachost.exe [2015-08-18] (MSI)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-05-01 01:14 - 2016-03-21 20:25 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-05-04 16:41 - 2012-05-04 16:41 - 00211968 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2011-11-13 15:30 - 2011-11-13 15:30 - 00676864 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2011-11-13 15:31 - 2011-11-13 15:31 - 03643392 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2016-05-01 01:22 - 2015-05-29 18:57 - 00089600 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2016-05-01 01:22 - 2015-05-29 18:56 - 00366080 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2016-05-01 01:07 - 2016-05-01 23:54 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-05-01 01:07 - 2016-05-01 23:54 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-05-01 01:07 - 2016-05-01 23:55 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-05-01 01:07 - 2016-05-01 23:55 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-05-01 01:07 - 2016-05-01 23:55 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-05-01 01:07 - 2016-05-01 23:55 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-05-01 01:07 - 2016-05-01 23:55 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-05-01 01:07 - 2016-05-01 23:55 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-05-01 01:07 - 2016-05-01 23:54 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-05-01 01:07 - 2016-05-01 23:54 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-05-01 01:07 - 2016-05-02 00:02 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-05-01 01:22 - 2015-05-29 18:56 - 00074240 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2016-05-01 01:22 - 2015-05-29 18:54 - 00274944 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2016-07-06 22:49 - 2005-07-18 12:43 - 00160256 _____ () C:\Program Files (x86)\MSI\Live Update\unrar.dll
2015-12-02 10:58 - 2015-11-16 12:32 - 00919040 _____ () C:\Windows\mod_frst.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-772665500-127718560-4139283550-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ExoSuitOne\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: GalaxyClient => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe /launchViaAutoStart
MSCONFIG\startupreg: NvLedServiceHost => C:\Program Files (x86)\NVIDIA Corporation\LED Visualizer\NvLedServiceHost.exe RunStartup

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6168BAEA-9518-40E6-8C9A-4238489DC468}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{871EB35C-9CDB-4E3D-B78F-3BE59CBA8F27}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1C9BB2DC-9635-4E3C-A6B5-1992185F7E53}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{25E85E6E-CBC8-4570-8D48-9C29D5AA54D4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{6DCCF5B7-5480-4DCE-9F98-322CBFFE7A10}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{4D3A816F-54B4-43EB-8668-4DF19A2C2815}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{11186AFF-2BD2-4645-9405-880EF790637E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{0A03019C-DBF7-41D1-A11E-A80AE0CAD14F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A4A4C2A5-E55D-411A-9970-9826697189D8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3F56D729-34B5-4B7C-B874-87C588657052}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{198FD378-A51B-4CF7-A475-B002FABD3CBE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0AA47558-1A45-4AC4-8896-93CC2083529A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{285C2C3C-B905-4C04-A5F1-6A5D5AB1113C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{56C9DB93-0085-491B-8495-23BE91E28CD2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blue Estate\Binaries\Win32\Launch BlueEstate.exe
FirewallRules: [{094CB620-82AA-452C-BDA7-FDF22E005CB0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blue Estate\Binaries\Win32\Launch BlueEstate.exe
FirewallRules: [{ECE73226-A0B8-4886-9902-4D5172428396}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Broforce\Broforce_beta.exe
FirewallRules: [{707789FB-666C-4A06-8CC5-ED87F9BF3D1D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Broforce\Broforce_beta.exe
FirewallRules: [{5CE78D6C-E66C-461A-B105-C727A532AAC7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{3DCF810C-83BB-47EE-AC5D-A5557E5C1559}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{13D50671-BD20-4BDA-911C-A68E6BEFE528}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Human Resource Machine\Human Resource Machine.exe
FirewallRules: [{2BA0AA92-20AC-4627-969E-8CFB654F1594}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Human Resource Machine\Human Resource Machine.exe
FirewallRules: [{E62AAC8C-2930-477B-B92A-4B755B102804}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{E2A56227-135F-4C99-AD82-9A06855FE8ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{9CE4EBBD-A898-4782-8B2A-87B73930114B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP_x64.exe
FirewallRules: [{1AF28D5E-03C9-4686-9B96-D9563C50075D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP_x64.exe
FirewallRules: [{F822418C-698D-4AE0-9A34-16C7FCF4B2D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rocksmith2014\Rocksmith2014.exe
FirewallRules: [{A469D1A6-EAD0-4CDB-A88C-76A2713AF0E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rocksmith2014\Rocksmith2014.exe
FirewallRules: [{72DA0415-4A57-4FEF-AFC4-DB5FA549338B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization IV\Civilization4.exe
FirewallRules: [{80BCD90A-36CF-4039-A77B-C059AC09F037}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization IV\Civilization4.exe
FirewallRules: [{AE0D193D-E09E-4574-BE43-CF22526F7CE7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{C1ABB2B6-513F-41CD-87F2-2DB3B4B737A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{929998AC-8DEA-4BA7-8D04-F08950F9A40D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SimCity 4 Deluxe\Apps\SimCity 4.exe
FirewallRules: [{F39B0803-A1C1-48C9-828F-3CEFB99FD7A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SimCity 4 Deluxe\Apps\SimCity 4.exe
FirewallRules: [{5ADC5A0E-5AD6-4786-80A6-9F4F5FC99457}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War Gold\W40k.exe
FirewallRules: [{F4E72665-1B59-40F0-B035-18C99AB9835C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War Gold\W40k.exe
FirewallRules: [{48070B5F-73FA-44D5-A359-A54030694D23}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{392062C4-0220-4ADA-9A4B-ACCA607A4A56}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{8A9FF37D-F6B1-4DD9-8E21-10E1869907A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Darwinia\darwinia.exe
FirewallRules: [{9E3A3942-5684-4DA5-888A-F8E14B178751}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Darwinia\darwinia.exe
FirewallRules: [{FFA8941F-5F0C-472B-A400-81DD849498F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Defcon\defcon.exe
FirewallRules: [{30F1BB1E-8304-48F2-AA2F-64E92C1647B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Defcon\defcon.exe
FirewallRules: [{784FC882-6D89-4E53-83E0-6E920042B109}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Multiwinia\multiwinia.exe
FirewallRules: [{2D54D7BF-9A6D-4924-96D6-7267AF6CC9EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Multiwinia\multiwinia.exe
FirewallRules: [{22B23F68-D54D-4D15-962B-118B490C0517}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{1FA377C5-9BD8-4710-9847-5772ABD8B93F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{EFA4D9C0-9C5C-434D-ABEB-C2646E216AAB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War 2\DOW2.exe
FirewallRules: [{0F9CCECC-505D-4A62-A4D3-91AA9610B698}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War 2\DOW2.exe
FirewallRules: [{21C6BCF9-C378-485B-91E5-2B57178127FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2\arma2.exe
FirewallRules: [{895BB591-61A0-4735-80DA-EBEAFE2D93EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2\arma2.exe
FirewallRules: [{D20552B1-2DE3-4B77-AA83-BCCC44EF7086}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARMA 2 Operation Arrowhead\DLCsetup\BAF\datacachepreprocessor.exe
FirewallRules: [{51B703BA-E28A-4BAA-8ED4-C9EDCACABFA0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARMA 2 Operation Arrowhead\DLCsetup\BAF\datacachepreprocessor.exe
FirewallRules: [{76283BA2-8F7D-41C2-8BDC-C1F5BBFBDDB2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARMA 2 Operation Arrowhead\ArmA2OA_BE.exe
FirewallRules: [{8BDCE740-DB56-4FBB-8E44-778C90D3DB45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARMA 2 Operation Arrowhead\ArmA2OA_BE.exe
FirewallRules: [{BDAD7FBF-27DC-4F1A-B528-72A00AF7FC3F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARMA 2 Operation Arrowhead\ArmA2OA.exe
FirewallRules: [{26E67868-BF42-4969-987D-0629176BEC54}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARMA 2 Operation Arrowhead\ArmA2OA.exe
FirewallRules: [{4B24DD82-7B76-46A1-87F4-ABEAF10E6250}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARMA 2 Operation Arrowhead\DLCsetup\ACR\datacachepreprocessor.exe
FirewallRules: [{BE34D28C-A3C6-4BF3-B52A-1CD7A67AD414}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARMA 2 Operation Arrowhead\DLCsetup\ACR\datacachepreprocessor.exe
FirewallRules: [{5EFC3E15-7545-4226-B6B4-BF9A486118D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARMA 2 Operation Arrowhead\DLCsetup\PMC\datacachepreprocessor.exe
FirewallRules: [{1E85D6A9-32C4-4F30-8A63-DFAF264796BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARMA 2 Operation Arrowhead\DLCsetup\PMC\datacachepreprocessor.exe
FirewallRules: [{16BA1B7C-E1EA-43FD-AE96-28FFB78F87CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Beyond Good and Evil\CheckApplication.exe
FirewallRules: [{86F258AC-4A05-427E-B0A7-CEE74BF9DEC0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Beyond Good and Evil\CheckApplication.exe
FirewallRules: [{81624C0E-3946-4BF9-90B2-AFAE886BCF02}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Celestial Command\CelestialCommand.exe
FirewallRules: [{4DEC3B3C-A177-44D3-AF67-7A29ED978B76}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Celestial Command\CelestialCommand.exe
FirewallRules: [{C679FE4B-7600-460B-8D59-ED6ECFD75F52}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{BC7B4F83-732C-4279-81B8-61896D25BE06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{C8E9569A-3A6E-449B-86BF-C144DA57B7AA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Foreign Legion (Buckets of Blood)\Foreign Legion.exe
FirewallRules: [{49B47AA4-2066-4DB7-8EFF-16517B0823E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Foreign Legion (Buckets of Blood)\Foreign Legion.exe
FirewallRules: [{1C3CB179-FC68-440C-92A5-287D5CAC5BDC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\foreign legion multi massacre\FL_MM.exe
FirewallRules: [{F63E3B76-CBDF-4B42-A25F-47F586088339}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\foreign legion multi massacre\FL_MM.exe
FirewallRules: [{381FA4D7-A095-4652-8CC0-E9B5FFE0709D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Guacamelee\Guac.exe
FirewallRules: [{76EB5577-F76F-4B89-9204-59B1542EC497}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Guacamelee\Guac.exe
FirewallRules: [{C717601F-481A-4BFC-B509-DA87799F7E1B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{0EEA9669-929F-4AEE-89AE-178F2CFAA851}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{C31338DF-2F37-48C8-AA74-5C0143438C62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [{72709B1A-E831-44CD-8F90-6EDA6E488CA0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [{39599D01-AEDE-49DC-89C9-DE29B13E57CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 1 Source Deathmatch\hl2.exe
FirewallRules: [{2BBD8E1C-6932-44F6-AB7F-EC5CB289163D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 1 Source Deathmatch\hl2.exe
FirewallRules: [{FA6C8619-B9A6-41FE-8D5D-A7626D7FAA48}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Homeworld\HWLauncher\Launcher.exe
FirewallRules: [{72E79CAD-5BBD-497F-9AE9-CDBA906F8D3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Homeworld\HWLauncher\Launcher.exe
FirewallRules: [{F06F0473-6AEB-4BC1-AC92-CF79D3AF12C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\How to Survive\HowToSurvive.exe
FirewallRules: [{E827976A-AF0A-4845-A523-66D9344EA761}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\How to Survive\HowToSurvive.exe
FirewallRules: [{6E40588F-E732-4A6A-A598-FFD23D79691C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\How to Survive\Detect.exe
FirewallRules: [{5E2CAF5D-5C15-4C3B-A66C-DA33F13926C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\How to Survive\Detect.exe
FirewallRules: [{4F7527BC-D249-4906-A972-F16145A80B91}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Oknytt\oknytt.exe
FirewallRules: [{6AEC503D-D7DB-442D-BDC1-EFEEB628B009}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Oknytt\oknytt.exe
FirewallRules: [{46C2DB0F-9648-43D6-9105-F021204A1573}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Oknytt\settings.exe
FirewallRules: [{B99B1EE4-1F77-48B8-8CD7-CABC4AFE098B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Oknytt\settings.exe
FirewallRules: [{829DB264-7517-42A6-82FD-A79911395923}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{C54A82D1-B698-489A-A794-5A314351CABA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{1170309D-7FAD-4C4A-9A16-EF1F2A0FFD17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [{8CEDEF73-003F-4A5B-BEC2-BE37AA075E7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [{D91764D0-EEA2-4DAA-9611-E4761A2EF77F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe
FirewallRules: [{AF0D3486-902D-45E9-9823-A6F18DB402CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe
FirewallRules: [{3D53B09C-9E7D-44B3-B87F-A70A649CC807}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SirYouAreBeingHunted\launcher\sir.exe
FirewallRules: [{266D7464-722C-4FF1-AA96-7E043941C3C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SirYouAreBeingHunted\launcher\sir.exe
FirewallRules: [TCP Query User{64D00EA5-DC8E-4B1D-BBCD-F27333D64D14}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{F8886CD7-2177-4F4B-8892-9672E40A3253}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{0CDE4823-F533-4ED9-A5B6-0273C35E5718}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{64FE5CE9-7371-4BBE-B736-EBC71159F192}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{C21FE3F6-5512-4FEB-B48B-713363053C27}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio Tools for Unity\2015\UnityVS.OpenFile.exe
FirewallRules: [{45417115-44A6-49B2-8ED0-F39B2CC9515E}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{76FB51D3-01BF-4B40-BDDD-88D8A9B50B7C}] => (Allow) C:\PROGRA~1\Unity\Editor\Unity.exe
FirewallRules: [{3A22A1C4-DA7F-49E3-A3EF-75274723CB0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hawken\Binaries\Win32\HawkenGame-Win32-Shipping.exe
FirewallRules: [{8F7C8C4A-1702-42C8-B3ED-8DA50C412829}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hawken\Binaries\Win32\HawkenGame-Win32-Shipping.exe
FirewallRules: [TCP Query User{CE20B26E-9C77-4FA5-AA21-1B29DE4515FA}C:\program files (x86)\msi\gaming app\gamingapp.exe] => (Allow) C:\program files (x86)\msi\gaming app\gamingapp.exe
FirewallRules: [UDP Query User{D900DB0F-487F-47F6-93E2-264262800E92}C:\program files (x86)\msi\gaming app\gamingapp.exe] => (Allow) C:\program files (x86)\msi\gaming app\gamingapp.exe
FirewallRules: [{2E06E601-A592-4EF8-AAFD-5ACE9E8AFA38}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{E104DC54-6134-4B72-AA7E-C0DFB843005E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{E86D0A1E-8C8B-4448-9126-9E730784272B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Burnout™ Paradise The Ultimate Box\BurnoutParadise.exe
FirewallRules: [{9C56DF0A-2A64-442F-A2A6-E3DF0222A0F2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Burnout™ Paradise The Ultimate Box\BurnoutParadise.exe
FirewallRules: [{A2E0E253-FE3E-468D-B4BD-3040989176C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Burnout™ Paradise The Ultimate Box\BurnoutConfigTool.exe
FirewallRules: [{7380F832-F3AE-4D32-A1AC-B2469D7732D8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Burnout™ Paradise The Ultimate Box\BurnoutConfigTool.exe
FirewallRules: [{A11FCFDC-978F-4A1C-B3E8-890054F8D081}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MechWarrior Online\Bin64\MWOClient.exe
FirewallRules: [{C85553F8-34E3-43FA-A238-3942866B81DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MechWarrior Online\Bin64\MWOClient.exe
FirewallRules: [{9B204300-93D4-459A-9D1D-8B93B6B9F6FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{CD1F4FAC-4A5A-4FC7-9D40-F29C13F5D21D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{08B29DB9-52F7-4CF6-80D6-99F6C0C525D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings II\CK2game.exe
FirewallRules: [{430869B3-F594-4D78-9662-BF4A56612A7D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings II\CK2game.exe
FirewallRules: [TCP Query User{02BF9F70-525B-4A51-BA42-CB537FE4EC8D}C:\program files (x86)\steam\steamapps\common\happywars\happywars.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\happywars\happywars.exe
FirewallRules: [UDP Query User{744ED952-62DB-4536-AB51-CB62F8E60472}C:\program files (x86)\steam\steamapps\common\happywars\happywars.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\happywars\happywars.exe
FirewallRules: [{F8F1DE9C-AC41-4B03-8A6F-C1B0D9B1AD6E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sacred 2 Gold\system\sacred2.exe
FirewallRules: [{E34C0CE7-94CD-4959-A949-12A4897ADE11}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sacred 2 Gold\system\sacred2.exe
FirewallRules: [TCP Query User{44BAA153-E40D-454E-B26D-F23A14D19684}C:\program files (x86)\steam\steamapps\common\sacred 2 gold\system\s2gs.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\sacred 2 gold\system\s2gs.exe
FirewallRules: [UDP Query User{4B06501F-9931-446F-BEAE-1D50E56EB9FE}C:\program files (x86)\steam\steamapps\common\sacred 2 gold\system\s2gs.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\sacred 2 gold\system\s2gs.exe
FirewallRules: [TCP Query User{99C6302E-6768-48D7-BDF0-C2694510EA0E}C:\program files (x86)\steam\steamapps\common\space\spacegame\binaries\win64\spserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\space\spacegame\binaries\win64\spserver.exe
FirewallRules: [UDP Query User{583641DC-152E-4E46-AA87-8E6F4F2332D1}C:\program files (x86)\steam\steamapps\common\space\spacegame\binaries\win64\spserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\space\spacegame\binaries\win64\spserver.exe
FirewallRules: [{A446B897-561F-4D3A-B9BA-6EB70CF8D8F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Space\spacegame\Binaries\Win64\Fractured Space.exe
FirewallRules: [{2835EEA5-AFC6-4B78-AC9D-3F030CF3E34C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Space\spacegame\Binaries\Win64\Fractured Space.exe
FirewallRules: [{CA8C40D3-0BFE-428B-A75B-7323DEAFCCCA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0B8CDD49-9CB0-415B-B530-2F5D715AB275}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe
FirewallRules: [{50F721A3-DE02-4602-92C8-282226951567}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe

==================== Restore Points =========================

09-11-2016 23:25:36 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/14/2016 12:41:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/09/2016 10:50:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/08/2016 12:02:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: steamwebhelper.exe, version: 3.65.13.80, time stamp: 0x57fed9f2
Faulting module name: steamwebhelper.exe, version: 3.65.13.80, time stamp: 0x57fed9f2
Exception code: 0xc0000005
Fault offset: 0x00037b59
Faulting process id: 0x1304
Faulting application start time: 0x01d237217a180582
Faulting application path: C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
Faulting module path: C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
Report Id: f8ffe407-a578-11e6-b43a-4ccc6a07eeef

Error: (11/04/2016 10:58:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/04/2016 10:43:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: setup.exe_unknown, version: 0.0.0.0, time stamp: 0x57d87fc5
Faulting module name: NVI2.DLL, version: 2.1002.224.1962, time stamp: 0x57d880dc
Exception code: 0x40000015
Fault offset: 0x00278476
Faulting process id: 0x1ca4
Faulting application start time: 0x01d2371ee60847c0
Faulting application path: C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe
Faulting module path: C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{24459D13-D596-40CE-97E1-E7B453554BA7}\NVI2.DLL
Report Id: 55467baf-a312-11e6-b656-4ccc6a07eeef

Error: (10/31/2016 11:40:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/31/2016 10:24:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/24/2016 11:27:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: steamwebhelper.exe, version: 3.65.13.80, time stamp: 0x57fed9f2
Faulting module name: steamwebhelper.exe, version: 3.65.13.80, time stamp: 0x57fed9f2
Exception code: 0xc0000005
Fault offset: 0x00037b59
Faulting process id: 0x1964
Faulting application start time: 0x01d22e8041e7c1dc
Faulting application path: C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
Faulting module path: C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
Report Id: bb857a15-9a73-11e6-b511-4ccc6a07eeef

Error: (10/24/2016 11:25:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: steamwebhelper.exe, version: 3.65.13.80, time stamp: 0x57fed9f2
Faulting module name: steamwebhelper.exe, version: 3.65.13.80, time stamp: 0x57fed9f2
Exception code: 0xc0000005
Fault offset: 0x00037b59
Faulting process id: 0x658
Faulting application start time: 0x01d22e7df8f3cff2
Faulting application path: C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
Faulting module path: C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
Report Id: 7dae0916-9a73-11e6-b511-4ccc6a07eeef

Error: (10/24/2016 12:20:59 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program esetonlinescanner_enu.exe version 2.0.12.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1478

Start Time: 01d22da47a39f806

Termination Time: 78

Application Path: C:\Users\ExoSuitOne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KFV99J60\esetonlinescanner_enu.exe

Report Id:

System errors:
=============
Error: (11/14/2016 12:39:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GamingApp_Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/14/2016 12:39:45 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the GamingApp_Service service to connect.

Error: (11/11/2016 01:08:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Internet Connection Sharing (ICS) service terminated with the following error:
The class is configured to run as a security id different from the caller

Error: (11/11/2016 01:08:14 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The NvStreamNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error:
The request is not supported.

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (11/11/2016 01:08:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Layer Gateway Service service failed to start due to the following error:
The service did not start due to a logon failure.

Error: (11/11/2016 01:08:14 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The ALG service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
The request is not supported.

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (11/11/2016 01:08:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Human Interface Device Access service failed to start due to the following error:
A system shutdown is in progress.

Error: (11/11/2016 01:08:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostic Service Host service failed to start due to the following error:
The service did not start due to a logon failure.

Error: (11/11/2016 01:08:14 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
The request is not supported.

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (11/11/2016 01:08:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error:
The service did not start due to a logon failure.

==================== Memory info ===========================

Processor: AMD FX™-4350 Quad-Core Processor
Percentage of memory in use: 23%
Total physical RAM: 8140.3 MB
Available physical RAM: 6221.18 MB
Total Virtual: 16278.78 MB
Available Virtual: 14403.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:601.33 GB) NTFS
Drive g: (EXOSUITMINI) (Removable) (Total:15.1 GB) (Free:14.25 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: CA21CA21)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 15.1 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=15.1 GB) - (Type=0C)

==================== End of Addition.txt ============================

#6
Solice93

Posted 14 November 2016 - 01:02 AM

Member

Topic Starter
Member
92 posts

Update: Games load very slowly if at all, internet browsers do not load pages. Several days ago, windows defender actually picked up on this, so here's what it said for both detected files:

BrowserModifier:Win32/SupTab!blnk

File: C:\ProgramData\Microsoft\WindowStart Menu\Programs\Google Chrome.ink

BrowserModifier:Win32/SupTab!blnk

C:\Users\%username%\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.ink

Edited by Solice93, 14 November 2016 - 01:03 AM.

#7
emeraldnzl

Posted 14 November 2016 - 02:25 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello Solice93,

Open notepad.

Please copy the contents of the code box below.

To do this highlight (click in the box and press Ctrl + A) the contents of the box and right click on it. Paste this into the open notepad. Save it to the Desktop as fixlist.txt.

Alternatively type the contents of the box into notepad and save it to your desktop as fixlist.txt.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

C:\Users\ExoSuitOne\AppData\Local\Temp\vcredist_x64.exe
C:\Users\ExoSuitOne\AppData\Local\Temp\vcredist_x86.exe
Task: {316F56E9-772C-47E9-9924-51CA733B30B2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
EmptyTemp:

This script is specifically written for the infection on this person's computer. It should NOT to be used on another machine. It may cause serious damage even to the point of rendering the computer unusable.

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Next

Please download Junkware Removal Tool to your desktop.

Shut down your protection software to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

After that

Please download : ADWCleaner to your desktop (use the Download Now @ BleepingComputer button)..

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon. AdwCleaner will update itself and then open.

Click on Scan and follow the prompts. It may appear not to be doing anything, please be patient and let it run unhindered. When the "Please uncheck elements you don't want to remove" appears just go ahead and click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy and paste back here. If a report doesn't appear, press the report button and Copy & Paste the contents on your next reply.

A copy of the report is also saved in the C:\AdwCleaner folder.

So when you return please post

Fixlog.txt
JRT.txt
AdwCleaner report

#8
Solice93

Posted 14 November 2016 - 05:08 PM

Member

Topic Starter
Member
92 posts

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-11-2016
Ran by ExoSuitOne (14-11-2016 17:03:24) Run:1
Running from C:\Users\ExoSuitOne\Desktop
Loaded Profiles: ExoSuitOne (Available Profiles: ExoSuitOne)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\Users\ExoSuitOne\AppData\Local\Temp\vcredist_x64.exe
C:\Users\ExoSuitOne\AppData\Local\Temp\vcredist_x86.exe
Task: {316F56E9-772C-47E9-9924-51CA733B30B2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
EmptyTemp:
*****************

C:\Users\ExoSuitOne\AppData\Local\Temp\vcredist_x64.exe => moved successfully
C:\Users\ExoSuitOne\AppData\Local\Temp\vcredist_x86.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{316F56E9-772C-47E9-9924-51CA733B30B2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{316F56E9-772C-47E9-9924-51CA733B30B2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

========= End of Reg: =========

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

========= End of Reg: =========

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-772665500-127718560-4139283550-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-772665500-127718560-4139283550-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {3A064DC5-B7FF-46B3-BCE3-4B66955D48EB}.
Unable to cancel {EB730F01-F197-4273-BD69-70CF7381F546}.
Unable to cancel {C7B8CB31-255A-4334-8F86-BA36A2B70615}.
Unable to cancel {03928B91-E642-42ED-A2F3-8AFCE0BF364E}.
Unable to cancel {975CD696-325D-4B0C-A3A6-FD30A94B8D87}.
0 out of 5 jobs canceled.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 52315716 B
Java, Flash, Steam htmlcache => 375798253 B
Windows/system/drivers => 614904450 B
Edge => 0 B
Chrome => 45383305 B
Firefox => 377920545 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66356 B
systemprofile32 => 900971 B
LocalService => 0 B
NetworkService => -1150 B
ExoSuitOne => 1123627164 B

RecycleBin => 544 B
EmptyTemp: => 2.4 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 17:05:39 ====

#9
Solice93

Posted 14 November 2016 - 05:09 PM

Member

Topic Starter
Member
92 posts

Do you think any passwords have been compromised?

#10
Solice93

Posted 14 November 2016 - 05:26 PM

Member

Topic Starter
Member
92 posts

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 7 Home Premium x64
Ran by ExoSuitOne (Administrator) on Mon 11/14/2016 at 17:22:03.35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 2

Successfully deleted: C:\Users\ExoSuitOne\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Program Files (x86)\GUT34F5.tmp (File)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 11/14/2016 at 17:24:13.52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#11
Solice93

Posted 14 November 2016 - 05:46 PM

Member

Topic Starter
Member
92 posts

Scan logs:

# AdwCleaner v6.030 - Logfile created 14/11/2016 at 17:34:30
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-14.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : ExoSuitOne - EXOSUITONE-PC
# Running from : C:\Users\ExoSuitOne\Desktop\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious keys found.

***** [ Shortcuts ] *****

No infected shortcut found.

***** [ Scheduled Tasks ] *****

No malicious task found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found: [C:\Users\ExoSuitOne\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found: [C:\Users\ExoSuitOne\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [1186 Bytes] - [14/11/2016 17:34:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1259 Bytes] ##########

#12
Solice93

Posted 14 November 2016 - 05:47 PM

Member

Topic Starter
Member
92 posts

Cleaner logs:

# AdwCleaner v6.030 - Logfile created 14/11/2016 at 17:34:56
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-14.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : ExoSuitOne - EXOSUITONE-PC
# Running from : C:\Users\ExoSuitOne\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

[-] [C:\Users\ExoSuitOne\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\ExoSuitOne\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1014 Bytes] - [14/11/2016 17:34:56]
C:\AdwCleaner\AdwCleaner[S0].txt - [1338 Bytes] - [14/11/2016 17:34:30]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1160 Bytes] ##########

#13
emeraldnzl

Posted 14 November 2016 - 08:44 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Do you think any passwords have been compromised?

Have you a reason to think they might be?

If there is any reason you think they might be compromised change them immediately. In any event it's a good idea to change your passwords from time to time.

Moving on

I do wonder with the symptoms you are reporting whether there is a hardware fault.

How old is your machine? Is it over heating maybe?

Tell me when you come back.

Meantime

Use the System File Checker tool (SFC.exe) to check your system and replace files where necessary.

To do this, follow these steps:

To do this, click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.
If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.
Type the following command, and then press ENTER:
sfc /scannow Please note that there is a single space between sfc and /scannow.

The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions.

You should see the following on-screen messages:

Beginning the system scan. This process will take some time.

Beginning verification phase of system scan.

Verification % complete.

Once the scan has completed you will receive an onscreen message resembling one of the following:

…found no integrity violations

…found corruption but repaired it

…found corruption that it could not repair

Please reply with the completion message that you received.

After that

Please run Chkdsk:

Right click on the Start > Open Windows Explorer.
Find the hard drive letter (usually local disk C) for which you want to run the Chkdsk utility.
Right-click on the driver letter and select Properties > Tools.
Under the Error-Checking section of the window, click the Check Now button. If you have User Account Controls enabled, a window will pop up asking permission to continue. Click Continue.
Click to have Chkdsk Automatically fix file system errors and to Scan for and attempt recovery of bad sectors.
Click Start.
Chkdsk might take a very long time to run, depending on the number of files and folders, the size of the volume, disk performance, and available system resources (such as processor and memory).

Note: Chkdsk will not run if the drive you wish to check is in use. You will be requested to schedule Chkdsk. Click Schedule Check Disk, it then will run the next time you boot your computer.

Shut down your computer and then turn it back on, Chkdsk will run.

If you need further help go here for information on how to run Chkdsk in Windows 7

Come back and tell me how it went.

So when you return

Tell me how old your machine is.
If it is a laptop and if it seems to run hot.
Tell me what happened when your ran System File Checker
Tell me how the Chkdsk went

#14
Solice93

Posted 14 November 2016 - 10:17 PM

Member

Topic Starter
Member
92 posts

The computer is basically new, everything except for the hard drives I keep in the hot-swap slot of my desktop and the SATA cables I salvaged for my build. The HDD is a 1TB Western Digital drive from 2009. I checked the connections, and the only issue I run into is when I take the HDDs out, and don't put them back in all the way. I already ran a disk check about a week or so ago when this first started happening. Nothing popped up. No bad sectors, nothing. I will run both of those however, and report back as the info comes to me.

#15
Solice93

Posted 14 November 2016 - 10:28 PM

Member

Topic Starter
Member
92 posts

found no integrity violations

Back to Virus, Spyware, Malware Removal · Next Unread Topic →

Also tagged with one or more of these keywords: virus, malware, spyware, random uninstalls, programs wont work

Security → Virus, Spyware, Malware Removal → Having Powersheel.exe Issues ... Need fixlist.txt Started by raj0171 , 19 Mar 2024 Virus, HELP, Malwarebytes	5 replies 2,649 views	DR M 06 Apr 2024
Security → Virus, Spyware, Malware Removal → Hijacked Windows defender [Closed] Started by relay , 17 Nov 2023 shell, spyware, keylogger and 2 more...	8 replies 3,022 views	DR M 23 Nov 2023
Security → Virus, Spyware, Malware Removal → HP desktop - google.com is in Norwegian [Solved] Started by wayneman50 , 23 Jul 2023 internet, google, virus and 1 more... 1 2 3	Hot 41 replies 24,149 views	wayneman50 17 Aug 2023
Security → Virus, Spyware, Malware Removal → Possible Malware infection - help request [Solved] Started by Maffu , 07 May 2023 malware, advapi and 1 more... 1 2 3 4	Hot 51 replies 12,622 views	DR M 26 Jun 2023
Security → Virus, Spyware, Malware Removal → Help getting started checking laptop for malware [Solved] Started by triedeverything , 12 Apr 2023 help, malware, spyware 1 2	Hot 19 replies 5,705 views	DR M 16 Apr 2023