Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

napstat.exe is annoying, sends me back in desktop when im doing something else


  • This topic is locked This topic is locked
2 replies to this topic

#1 saionaid

saionaid

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 13 July 2015 - 02:09 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by 17r at 2015-07-13 21:49:59
Running from C:\Users\17r\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W6T8642V
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

17r (S-1-5-21-2758016368-3510985515-234349725-1000 - Administrator - Enabled) => C:\Users\17r
Administrator (S-1-5-21-2758016368-3510985515-234349725-500 - Administrator - Disabled)
Guest (S-1-5-21-2758016368-3510985515-234349725-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2758016368-3510985515-234349725-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2758016368-3510985515-234349725-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{3FAEEEBE-48F4-84C1-2B49-96AE73E67E3E}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dungeon Keeper 2 (HKLM-x32\...\GOGPACKDUNGEONKEEPER2_is1) (Version: 2.0.0.32 - GOG.com)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.2.1.618 - Foxit Corporation)
GOG.com Dungeon Keeper 2 (HKLM\...\{b6462b67-caf5-4a74-99df-cc2811bd1957}.sdb) (Version:  - )
Google Drive (HKLM-x32\...\{CBC9F5FD-5CFA-4A33-81CD-369EAB77E3A6}) (Version: 1.22.9403.0223 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Heroes of Newerth (HKLM-x32\...\hon) (Version: 2.3.0 - S2 Games)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3234 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Word 2010 (HKLM\...\Office14.WORD) (Version: 14.0.4763.1000 - Microsoft Corporation)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
RegCure Pro (HKLM-x32\...\{C547F361-5750-4CD1-9FB6-BC93827CB6C1}) (Version: 3.2.16.0 - ParetoLogic, Inc.) <==== ATTENTION!
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 2.9.2834.0 - Hi-Rez Studios)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Sims 4 (HKLM-x32\...\VGhlU2ltczQ=_is1) (Version: 1 - )
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.732.20 - Electronic Arts Inc.)
WinRAR 5.20 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.1 - win.rar GmbH)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

12-07-2015 00:09:54 Scheduled Checkpoint
13-07-2015 21:30:26 RegCure Pro Backup
13-07-2015 21:33:52 RegCure Pro Backup

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 05:34 - 2015-01-07 22:25 - 00001497 _RASH C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
85.25.107.65 www.google-analytics.com.
85.25.107.65 google-analytics.com.
85.25.107.65 connect.facebook.net.
85.25.79.123 www.google-analytics.com.
85.25.79.123 google-analytics.com.
85.25.79.123 connect.facebook.net.
185.53.9.206 www.google-analytics.com.
185.53.9.206 google-analytics.com.
185.53.9.206 connect.facebook.net.

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {25C5D429-EDCB-4AAB-A57D-61146CBA65C3} - System32\Tasks\ParetoLogic Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns
Task: {2D2D9FCC-4E6E-4BCA-9E1A-46AFB5354752} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-24] (Google Inc.)
Task: {448C363C-72B5-4C40-AA4E-11B3D88DF6F1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-24] (Google Inc.)
Task: {697DD3A6-7E72-4B65-8E02-3053E37D1658} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {D4582E2E-66EA-4531-8AB1-99FDC234A29B} - System32\Tasks\NAPSTAT => C:\Users\17r\AppData\Roaming\Microsoft\Windows\IEUpdate\NAPSTAT.EXE [2014-08-24] (©Wyebugur)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ParetoLogic Registration3.job => C:\Windows\system32\rundll32.exeGC:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll

==================== Loaded Modules (Whitelisted) ==============

2015-06-29 22:16 - 2015-06-29 22:16 - 26065408 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5952\libcef.dll
2015-06-29 22:16 - 2015-06-29 22:16 - 00739840 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5952\libGLESv2.dll
2015-06-29 22:16 - 2015-06-29 22:16 - 00909312 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5952\platforms\qwindows.dll
2015-06-29 22:16 - 2015-06-29 22:16 - 00130048 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5952\libEGL.dll
2015-06-29 22:16 - 2015-06-29 22:16 - 00020992 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5952\imageformats\qgif.dll
2015-06-29 22:16 - 2015-06-29 22:16 - 00021504 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5952\imageformats\qico.dll
2015-06-29 22:16 - 2015-06-29 22:16 - 00205312 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5952\imageformats\qjpeg.dll
2015-06-29 22:16 - 2015-06-29 22:16 - 00225792 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5952\imageformats\qmng.dll
2015-06-29 22:16 - 2015-06-29 22:16 - 00015872 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5952\imageformats\qsvg.dll
2015-06-29 22:16 - 2015-06-29 22:16 - 00312832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5952\imageformats\qtiff.dll
2015-06-29 22:16 - 2015-06-29 22:16 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5952\qml\QtQuick.2\qtquick2plugin.dll
2015-06-29 22:16 - 2015-06-29 22:16 - 00054272 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5952\qml\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-29 22:16 - 2015-06-29 22:16 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5952\qml\QtQml\Models.2\modelsplugin.dll
2015-02-05 20:41 - 2015-02-05 20:41 - 16852144 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2758016368-3510985515-234349725-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\17r\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{1A01A17B-0446-403D-AE7F-9EFC1618A64D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{C6CF7450-CC43-4B1B-A84E-5E7C877108E6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{1BDC001C-AF4B-4758-999A-5BC9D8719235}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{F50A185F-CCEB-40AF-A4CD-94068CBBAA07}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{B9A98A0C-4EF8-45CA-BCA0-E11F7DABCFA7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FDED6526-AA25-45E1-A7FF-207D14400F21}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4D40AC0A-395D-49C2-A26E-0A89E1DCF5BF}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{14AA087C-856F-4B37-92E6-0358FD2BD484}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7CA99F57-6117-4EDD-A0A3-C6BEAF277666}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{DF1932CF-2C12-4528-9AA9-035A8EE47AB9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{F6353A35-B239-4B6F-89FE-F9D757D60561}] => (Allow) C:\Users\17r\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F89E9CD1-6B92-4492-8947-03400914AEC1}] => (Allow) C:\Users\17r\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0158DFD3-EAE6-477D-BC85-A8399D4AEAA0}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{09B0ACDD-44D4-41EE-B92C-BB778058965E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{CA3DCC99-3C89-4BAB-A929-C8AB3F6E2F04}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{04AF28FC-0685-4D66-A8A4-DF789C2A5ADD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{3606AAF6-CC93-4C9A-BA3B-2C608C30ED0E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [TCP Query User{B21C0D9C-7CA8-40FD-AD04-082F2BA91BDD}C:\users\17r\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\e1af4r6r\5[1].exe] => (Block) C:\users\17r\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\e1af4r6r\5[1].exe
FirewallRules: [UDP Query User{9566F608-CACC-4157-A906-15AEE2EF5460}C:\users\17r\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\e1af4r6r\5[1].exe] => (Block) C:\users\17r\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\e1af4r6r\5[1].exe
FirewallRules: [TCP Query User{8094F2C2-D387-4274-94E7-EC45FCECA051}C:\windows\syswow64\rundll32.exe] => (Allow) C:\windows\syswow64\rundll32.exe
FirewallRules: [UDP Query User{11911ED1-205F-4BA6-BF51-2FBE79922F59}C:\windows\syswow64\rundll32.exe] => (Allow) C:\windows\syswow64\rundll32.exe
FirewallRules: [TCP Query User{28C8077E-7EEC-4C95-9C29-DCB20047CADE}C:\windows\syswow64\rundll32.exe] => (Allow) C:\windows\syswow64\rundll32.exe
FirewallRules: [UDP Query User{B771003E-5C9D-4681-B425-F0517A31B2AD}C:\windows\syswow64\rundll32.exe] => (Allow) C:\windows\syswow64\rundll32.exe
FirewallRules: [TCP Query User{B1756A9F-C66B-43B9-969C-F99497C0C700}C:\programdata\battle.net\agent\agent.3322\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3322\agent.exe
FirewallRules: [UDP Query User{8DDD157D-7B97-41A9-B767-A5981018DFA2}C:\programdata\battle.net\agent\agent.3322\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3322\agent.exe
FirewallRules: [{DF57D65C-5497-4179-A17D-A48680D0AD5A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [{17268A3D-0F87-4D23-8877-83B6DCD8F023}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [{C2A0ED69-1BC9-4F11-8F9D-714B37496A2C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3332\Agent.exe
FirewallRules: [{9132812A-AF54-43B3-8B83-6C06653E82C2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3332\Agent.exe
FirewallRules: [{5D8CFE05-AD58-4D37-91EB-E62D8D6A094B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{D77EDF4D-7527-44CF-B0B3-71145090071A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [TCP Query User{B5B3C4AF-8FD0-4A28-A2B0-DD6A16D89D63}C:\programdata\battle.net\agent\agent.3372\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3372\agent.exe
FirewallRules: [UDP Query User{8FB2B212-E80E-4BAE-AA0D-E86A9E53CCD1}C:\programdata\battle.net\agent\agent.3372\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3372\agent.exe
FirewallRules: [TCP Query User{DD3387F9-CA2E-4F14-9B86-BBC1C5716A94}C:\programdata\battle.net\agent\agent.3427\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3427\agent.exe
FirewallRules: [UDP Query User{86198BED-1508-4591-8916-47ECAFCD466D}C:\programdata\battle.net\agent\agent.3427\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3427\agent.exe
FirewallRules: [TCP Query User{C20A7F24-6AD7-426A-B14D-2D7D28C12150}C:\programdata\battle.net\agent\agent.3454\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3454\agent.exe
FirewallRules: [UDP Query User{CB152CE4-E4F2-4BAC-B50C-F0E7EDC82FA4}C:\programdata\battle.net\agent\agent.3454\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3454\agent.exe
FirewallRules: [{5E17CF7F-B4F3-4AFD-822D-1E30B75026F1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{4732B442-D5A5-437D-8D6F-A9277AC36561}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [TCP Query User{C805A2D4-AE06-4D74-A602-57A732F163CD}C:\program files (x86)\entropia universe\bin64\entropia.exe] => (Allow) C:\program files (x86)\entropia universe\bin64\entropia.exe
FirewallRules: [UDP Query User{AC0D5255-F9F2-4EC1-9BC0-786DCAB9F483}C:\program files (x86)\entropia universe\bin64\entropia.exe] => (Allow) C:\program files (x86)\entropia universe\bin64\entropia.exe
FirewallRules: [{E145472E-03C4-44D9-B024-46E46DB331B3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{961A9770-C696-4108-9030-658DC770F459}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{7671D552-6A4C-4898-BA77-F4577C4C037A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{C2C04363-2B76-410E-AC2C-23F84161EB4E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [TCP Query User{1AFD3AF7-7EF5-4E85-9227-286901D96820}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{43201CAA-BDFF-4BB3-916C-B9E37289F97F}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [{DF74F056-6DE3-4F28-94FF-22C650CE3E27}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{AA46945A-5FFF-4137-8236-3D379FD2ADE3}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{3F442C8D-A41B-47C5-BA16-865E47D0DFBF}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{2F2721E9-7ABC-4A4E-878A-25BC5BF47072}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{689BE1DB-C30B-4314-A192-A52F2018FB37}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{BF7ADFD2-0596-453D-922F-39CDBD7D9F51}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [{1FC626B4-EFEC-4642-8798-AE441B0C7703}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{8E8506CB-F0E1-46D8-A596-8FE286EC5943}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{0F56DBF3-FB13-4580-8BE5-6157102C6306}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{E39B0E00-8F42-403F-9C3A-473F2CA4EE5F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{8A2056DC-E859-441A-8F9C-FF4B4D911D40}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{E50F5323-8C63-42F3-AA3B-007C1CD5A27E}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{26DE85FB-1E63-4531-8E41-D3C08ECA7B97}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{95E85FBE-F3B9-4550-B7E9-2C01E69AB32A}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{F60B4438-1589-4BEA-B172-0B7B30ED1B68}C:\users\17r\downloads\carmageddon_reincarnation\bin\carmageddon_reincarnation.exe] => (Allow) C:\users\17r\downloads\carmageddon_reincarnation\bin\carmageddon_reincarnation.exe
FirewallRules: [UDP Query User{48F76D58-64BA-4F41-956B-5731403EF17C}C:\users\17r\downloads\carmageddon_reincarnation\bin\carmageddon_reincarnation.exe] => (Allow) C:\users\17r\downloads\carmageddon_reincarnation\bin\carmageddon_reincarnation.exe
FirewallRules: [TCP Query User{EA75AAB5-2D5A-461D-B1B2-417FC94C8959}C:\program files (x86)\nicolas games\afterfall reconquest episode 1\binaries\win32\pearlgame.exe] => (Allow) C:\program files (x86)\nicolas games\afterfall reconquest episode 1\binaries\win32\pearlgame.exe
FirewallRules: [UDP Query User{10E28854-728D-4B15-8017-362D2E7544AB}C:\program files (x86)\nicolas games\afterfall reconquest episode 1\binaries\win32\pearlgame.exe] => (Allow) C:\program files (x86)\nicolas games\afterfall reconquest episode 1\binaries\win32\pearlgame.exe
FirewallRules: [TCP Query User{629DFBE0-C8BC-457E-AD38-777E960AF0C2}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{878189F4-7AC8-4143-BD71-966C3AE73807}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{04952E52-7F71-4F04-9DA2-E0E3CFA166DA}C:\users\17r\appdata\roaming\microsoft\windows\ieupdate\napstat.exe] => (Allow) C:\users\17r\appdata\roaming\microsoft\windows\ieupdate\napstat.exe
FirewallRules: [UDP Query User{4456E6F8-EE0B-46C5-9410-7769857ED898}C:\users\17r\appdata\roaming\microsoft\windows\ieupdate\napstat.exe] => (Allow) C:\users\17r\appdata\roaming\microsoft\windows\ieupdate\napstat.exe
FirewallRules: [TCP Query User{304E65EF-EB24-4539-B83B-359947ACBA46}C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{C6172413-D485-4C72-B551-CD8C3F2B6C21}C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{07FC63B2-F9F6-4295-8EEA-57F9F7A75C92}C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{4C2C9E5E-B461-42C8-A26E-A9EF833840B5}C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{E721814A-42DE-4FED-93A6-C17B27289817}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{76AA59E6-0A7F-426C-82FE-2FE9D8414E01}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{1C7CFE74-8EFB-421F-B527-6A1159E34F4B}C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{CDC901EE-0927-4BCD-954C-C53E2DCD600E}C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe
FirewallRules: [{56A9E924-74C1-4595-BA99-EA33B3DB5E76}] => (Allow) C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{EFBE5FE5-A41C-44C9-9340-441618E4BA6A}] => (Allow) C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [TCP Query User{9661D94E-F685-46FE-8712-645049295C23}C:\users\17r\appdata\roaming\microsoft\windows\ieupdate\napstat.exe] => (Allow) C:\users\17r\appdata\roaming\microsoft\windows\ieupdate\napstat.exe
FirewallRules: [UDP Query User{51624BDD-1AD4-40A6-84F9-14191F423A60}C:\users\17r\appdata\roaming\microsoft\windows\ieupdate\napstat.exe] => (Allow) C:\users\17r\appdata\roaming\microsoft\windows\ieupdate\napstat.exe

==================== Faulty Device Manager Devices =============

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/13/2015 09:37:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/13/2015 09:36:11 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/13/2015 09:36:11 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4400}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/13/2015 09:36:11 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/13/2015 09:36:11 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/13/2015 09:36:11 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/13/2015 09:36:11 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (07/13/2015 09:36:10 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/13/2015 09:36:10 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index server cannot find a description of the content index in its database. Search will automatically attempt to recreate the content index description.  If this problem persists, stop and restart the search service and, if necessary, delete  and recreate the content index.  (HRESULT : 0x80041181) (0x80041181)

Error: (07/13/2015 07:56:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (07/13/2015 09:36:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/13/2015 09:36:11 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (07/13/2015 09:34:46 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (07/13/2015 07:53:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (07/13/2015 07:53:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Office Software Protection Platform service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/13/2015 07:53:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD External Events Utility service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/13/2015 07:53:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Skype Click to Call Updater service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/13/2015 07:53:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Skype Click to Call PNR Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/13/2015 07:53:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Hi-Rez Studios Authenticate and Update Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/13/2015 07:53:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Microsoft Office:
=========================
Error: (07/13/2015 09:37:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/13/2015 09:36:11 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (07/13/2015 09:36:11 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
4400

Error: (07/13/2015 09:36:11 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/13/2015 09:36:11 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/13/2015 09:36:11 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/13/2015 09:36:11 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (07/13/2015 09:36:10 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (07/13/2015 09:36:10 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index server cannot find a description of the content index in its database. Search will automatically attempt to recreate the content index description.  If this problem persists, stop and restart the search service and, if necessary, delete  and recreate the content index.  (HRESULT : 0x80041181) (0x80041181)

Error: (07/13/2015 07:56:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:
===================================
  Date: 2015-02-16 20:10:24.408
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-16 20:06:38.288
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-16 20:03:04.453
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-16 19:55:27.117
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-16 19:53:20.728
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 61%
Total physical RAM: 3984.36 MB
Available physical RAM: 1547.41 MB
Total Virtual: 7966.9 MB
Available Virtual: 5084.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:296.2 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: BB9EBC60)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of log ============================

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by 17r (administrator) on 17R-PC on 13-07-2015 21:49:15
Running from C:\Users\17r\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W6T8642V
Loaded Profiles: 17r (Available Profiles: 17r)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(©Wyebugur) C:\Users\17r\AppData\Roaming\Microsoft\Windows\IEUpdate\NAPSTAT.EXE
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.4150\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.5952\Battle.net.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Blizzard Entertainment) C:\Program Files (x86)\World of Warcraft\Wow-64.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2758016368-3510985515-234349725-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53282944 2015-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-2758016368-3510985515-234349725-1000\...\Run: [NAPSTAT] => C:\Users\17r\AppData\Roaming\Microsoft\Windows\IEUpdate\NAPSTAT.EXE [290304 2014-08-24] (©Wyebugur)
HKU\S-1-5-21-2758016368-3510985515-234349725-1000\...\Run: [uTorrent] => "C:\Users\17r\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
HKU\S-1-5-21-2758016368-3510985515-234349725-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [1967616 2014-04-17] (AMD)
HKU\S-1-5-21-2758016368-3510985515-234349725-1000\...\RunOnce: [NAPSTAT] => C:\Users\17r\AppData\Roaming\Microsoft\Windows\IEUpdate\NAPSTAT.EXE [290304 2014-08-24] (©Wyebugur)
HKU\S-1-5-21-2758016368-3510985515-234349725-1000\...\Policies\Explorer: []
HKU\S-1-5-21-2758016368-3510985515-234349725-1000\...\Policies\Explorer: [Run] "C:\Users\17r\AppData\Roaming\Microsoft\Windows\IEUpdate\NAPSTAT.EXE"
HKU\S-1-5-21-2758016368-3510985515-234349725-1000\...\Command Processor: C:\Users\17r\AppData\Roaming\Microsoft\Windows\IEUpdate\NAPSTAT.EXE [290304 2014-08-24] (©Wyebugur) <===== ATTENTION!
HKU\S-1-5-21-2758016368-3510985515-234349725-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Users\17r\AppData\Roaming\Microsoft\Windows\IEUpdate\NAPSTAT.EXE [290304 2014-08-24] (©Wyebugur)
Startup: C:\Users\17r\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAPSTAT.lnk [2015-03-17]
ShortcutTarget: NAPSTAT.lnk -> C:\Users\17r\AppData\Roaming\Microsoft\Windows\IEUpdate\NAPSTAT.EXE (©Wyebugur)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{8C813052-64B9-4A89-88D4-EA5226C7598C}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{C7BCE733-7B68-4C8D-BC2C-53FBA5681C83}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{CD0145AB-69FE-40A2-96D9-9381BB098040}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{CD0145AB-69FE-40A2-96D9-9381BB098040}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{F1F0A17F-3A66-4650-BE3C-61512CFCCCC5}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\17r\AppData\Roaming\Mozilla\Firefox\Profiles\my6xam95.default
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF SearchPlugin: C:\Users\17r\AppData\Roaming\Mozilla\Firefox\Profiles\my6xam95.default\searchplugins\firefox-add-ons.xml [2015-02-16]
FF SearchPlugin: C:\Users\17r\AppData\Roaming\Mozilla\Firefox\Profiles\my6xam95.default\searchplugins\google-default.xml [2015-02-16]
FF SearchPlugin: C:\Users\17r\AppData\Roaming\Mozilla\Firefox\Profiles\my6xam95.default\searchplugins\youtube.xml [2015-02-16]
FF Extension: Zoom It - C:\Users\17r\AppData\Roaming\Mozilla\Firefox\Profiles\my6xam95.default\Extensions\{061832f4-5679-216f-fdd0-2033092220d5} [2015-02-16]
FF Extension: Zoom It - C:\Users\17r\AppData\Roaming\Mozilla\Firefox\Profiles\my6xam95.default\Extensions\{08852a2f-0afd-cd97-7ef9-ffd5b984006e} [2015-05-26]
FF Extension: Zoom It - C:\Users\17r\AppData\Roaming\Mozilla\Firefox\Profiles\my6xam95.default\Extensions\{3d5b3dca-a433-fbbd-1b1b-ab58748cdabd} [2015-06-22]
FF Extension: Zoom It - C:\Users\17r\AppData\Roaming\Mozilla\Firefox\Profiles\my6xam95.default\Extensions\{41501e63-3282-4838-65f5-e124b1849ca8} [2015-02-16]
FF Extension: Zoom It - C:\Users\17r\AppData\Roaming\Mozilla\Firefox\Profiles\my6xam95.default\Extensions\{4763633b-1b9b-0d05-f500-ceb14df0ea91} [2015-06-22]
FF Extension: Zoom It - C:\Users\17r\AppData\Roaming\Mozilla\Firefox\Profiles\my6xam95.default\Extensions\{6a750d12-5db3-67f8-64b2-c61a321383bb} [2015-05-31]
FF Extension: Zoom It - C:\Users\17r\AppData\Roaming\Mozilla\Firefox\Profiles\my6xam95.default\Extensions\{99a53584-0ffd-0c2a-8042-7c89c7a34276} [2015-05-23]
FF Extension: Zoom It - C:\Users\17r\AppData\Roaming\Mozilla\Firefox\Profiles\my6xam95.default\Extensions\{ad00ed01-60f6-d20e-6c04-b00668abe886} [2015-06-04]
FF Extension: Zoom It - C:\Users\17r\AppData\Roaming\Mozilla\Firefox\Profiles\my6xam95.default\Extensions\{b792faef-033f-b660-0437-9d2a27023d70} [2015-05-19]
FF Extension: Zoom It - C:\Users\17r\AppData\Roaming\Mozilla\Firefox\Profiles\my6xam95.default\Extensions\{cb31dac6-7a87-da34-23bf-79d035648076} [2015-06-04]
FF Extension: Zoom It - C:\Users\17r\AppData\Roaming\Mozilla\Firefox\Profiles\my6xam95.default\Extensions\{e1d46b53-8b72-da44-0910-7da5143a28d8} [2015-06-13]
FF Extension: Zoom It - C:\Users\17r\AppData\Roaming\Mozilla\Firefox\Profiles\my6xam95.default\Extensions\{ea6f765a-2780-7691-8ab0-2c9fb7a412dc} [2015-05-16]
FF Extension: Zoom It - C:\Users\17r\AppData\Roaming\Mozilla\Firefox\Profiles\my6xam95.default\Extensions\{eb3f1767-23c9-5695-3909-40ea83f3a961} [2015-06-04]
FF Extension: Zoom It - C:\Users\17r\AppData\Roaming\Mozilla\Firefox\Profiles\my6xam95.default\Extensions\{f72f4ff6-66bf-d47e-7464-2dec7482b132} [2015-05-26]
FF Extension: Video DownloadHelper - C:\Users\17r\AppData\Roaming\Mozilla\Firefox\Profiles\my6xam95.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14]
FF Extension: No Name - C:\Users\17r\AppData\Roaming\Mozilla\Firefox\Profiles\my6xam95.default\extensions\veggy@veggyAddon.com [not found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]

Chrome:
=======
CHR Profile: C:\Users\17r\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\17r\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-24]
CHR Extension: (Google Docs) - C:\Users\17r\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-24]
CHR Extension: (Google Drive) - C:\Users\17r\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-24]
CHR Extension: (YouTube) - C:\Users\17r\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-24]
CHR Extension: (Token signing) - C:\Users\17r\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckjefchnfjhjfedoccjbhjpbncimppeg [2015-04-28]
CHR Extension: (Google Search) - C:\Users\17r\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-24]
CHR Extension: (Google Sheets) - C:\Users\17r\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\17r\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (Google Wallet) - C:\Users\17r\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-24]
CHR Extension: (Gmail) - C:\Users\17r\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2015-03-13] (Hi-Rez Studios) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.)
S3 atrfiltr; C:\Windows\System32\DRIVERS\atrfiltr.sys [16224 2014-09-11] (Windows ® Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-19] (Disc Soft Ltd)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-09-05] (Synaptics Incorporated)
S3 getbus; \??\C:\Users\17r\AppData\Local\Temp\getbus.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-13 21:48 - 2015-07-13 21:49 - 00000000 ____D C:\FRST
2015-07-13 21:35 - 2015-07-13 21:35 - 02032622 _____ C:\Windows\PFRO.log
2015-07-13 21:35 - 2015-07-13 21:35 - 00000056 _____ C:\Windows\setupact.log
2015-07-13 21:35 - 2015-07-13 21:35 - 00000000 _____ C:\Windows\setuperr.log
2015-07-13 21:30 - 2015-07-13 21:30 - 06842744 ____R C:\Users\17r\Downloads\ParetoLogic RegCure Pro 3.1.0.0 With Crack Free [DownSoftsFree]{h33t}.rar
2015-07-13 21:16 - 2015-07-13 21:35 - 00000464 _____ C:\Windows\Tasks\ParetoLogic Registration3.job
2015-07-13 21:16 - 2015-07-13 21:16 - 00003124 _____ C:\Windows\System32\Tasks\ParetoLogic Registration3
2015-07-13 21:16 - 2015-07-13 21:16 - 00000000 ____D C:\Users\17r\AppData\Roaming\ParetoLogic
2015-07-13 21:16 - 2015-07-13 21:16 - 00000000 ____D C:\Users\17r\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
2015-07-13 21:16 - 2015-07-13 21:16 - 00000000 ____D C:\ProgramData\ParetoLogic
2015-07-13 21:16 - 2015-07-13 21:16 - 00000000 ____D C:\Program Files (x86)\ParetoLogic
2015-07-13 07:18 - 2015-07-13 08:23 - 00000000 ____D C:\Users\17r\Downloads\True.Detective.S02E04.720p.HDTV.x264-0SEC[rarbg]
2015-07-12 22:16 - 2015-07-12 22:17 - 00000000 ____D C:\Users\17r\Downloads\The.Face.of.an.Angel.2014.HDRip.XViD-ETRG
2015-07-12 21:21 - 2015-07-12 21:32 - 00000000 ____D C:\Users\17r\Downloads\Burying the Ex (2014)
2015-07-12 21:21 - 2015-07-12 21:30 - 00000000 ____D C:\Users\17r\Downloads\American Heist (2014)
2015-07-12 04:36 - 2015-07-12 04:36 - 00000000 ____D C:\Users\17r\AppData\Local\minergate-cli
2015-07-12 04:35 - 2015-07-12 04:35 - 00000000 ____D C:\Users\17r\AppData\Roaming\Zo72k
2015-07-06 20:50 - 2015-07-06 21:42 - 00000000 ____D C:\Users\17r\Downloads\A Deadly Adoption {2015} HDTV X264 AC3-MRG
2015-07-06 20:46 - 2015-07-06 21:54 - 00000000 ____D C:\Users\17r\Downloads\The Longest Ride (2015)
2015-06-30 12:13 - 2015-06-30 12:50 - 205898157 ____R C:\Users\17r\Downloads\VICE.S03E10.HDTV.x264-BATV.mp4
2015-06-30 11:51 - 2015-06-30 12:28 - 262069881 ____R C:\Users\17r\Downloads\VICE.S03E11.HDTV.x264-BATV.mp4
2015-06-30 11:50 - 2015-06-30 12:23 - 240648557 ____R C:\Users\17r\Downloads\VICE.S03E12.HDTV.x264-BATV.mp4
2015-06-30 11:49 - 2015-06-30 12:13 - 00000000 ____D C:\Users\17r\Downloads\VICE.S03E13.HDTV.x264-BATV[rarbg]
2015-06-30 11:48 - 2015-06-30 12:47 - 1108542219 ____R C:\Users\17r\Downloads\VICE.S03E14.720p.HDTV.x264-BATV.mkv
2015-06-28 13:18 - 2014-10-19 15:54 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2015-06-28 13:16 - 2015-06-28 13:16 - 00001191 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 4.lnk
2015-06-28 13:16 - 2015-06-28 13:16 - 00001179 _____ C:\Users\Public\Desktop\The Sims 4.lnk
2015-06-28 13:03 - 2015-06-28 13:16 - 00000000 ____D C:\Program Files (x86)\The Sims 4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-13 21:49 - 2015-03-17 23:47 - 00003608 _____ C:\Windows\System32\Tasks\NAPSTAT
2015-07-13 21:48 - 2014-08-13 11:07 - 00000000 ____D C:\Users\17r\AppData\Local\Battle.net
2015-07-13 21:47 - 2014-08-19 07:52 - 00000000 ____D C:\Users\17r\AppData\Roaming\Skype
2015-07-13 21:42 - 2009-07-14 07:45 - 00025872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-13 21:42 - 2009-07-14 07:45 - 00025872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-13 21:39 - 2014-06-02 04:49 - 00667052 _____ C:\Windows\WindowsUpdate.log
2015-07-13 21:35 - 2014-09-24 18:05 - 00000944 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-13 21:35 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-13 21:34 - 2015-05-04 22:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak
2015-07-13 21:34 - 2015-03-22 10:25 - 00000000 ____D C:\Windows\SysWOW64\`R
2015-07-13 21:34 - 2015-02-22 12:11 - 00000000 ____D C:\Users\17r\Documents\Carmageddon Reincarnation Dumps
2015-07-13 21:34 - 2014-08-18 19:55 - 00000000 ____D C:\Users\17r\AppData\Roaming\uTorrent
2015-07-13 21:34 - 2014-08-16 15:33 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-13 21:34 - 2014-08-13 11:08 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2015-07-13 21:34 - 2014-06-02 15:46 - 00000000 ____D C:\Windows\Panther
2015-07-13 21:33 - 2014-10-21 15:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of Newerth
2015-07-13 21:15 - 2014-09-24 18:05 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-13 21:05 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-13 21:04 - 2014-08-13 11:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-13 21:02 - 2014-08-24 22:25 - 00000000 ____D C:\Users\17r\AppData\Roaming\vlc
2015-07-13 19:53 - 2015-02-17 23:06 - 00000000 ____D C:\AdwCleaner
2015-07-13 19:53 - 2014-10-26 10:48 - 00001232 _____ C:\Users\17r\Desktop\Launcher - Shortcut.lnk
2015-07-13 19:46 - 2015-01-19 20:40 - 00000000 ____D C:\Users\17r\Downloads\The Official UK TOP 40 Singles Chart (18 Jan 2015) ~AryaN_L33T~[GloDLS]
2015-07-13 19:19 - 2009-07-14 08:13 - 00779724 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-12 17:17 - 2014-08-19 07:52 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-12 17:17 - 2014-08-19 07:52 - 00000000 ____D C:\ProgramData\Skype
2015-07-12 17:12 - 2015-03-17 23:48 - 00000000 ____D C:\Users\17r\AppData\Roaming\9jy8D
2015-07-12 17:11 - 2014-11-10 13:29 - 00000000 ___RD C:\Users\17r\Google Drive
2015-07-12 04:35 - 2015-03-17 23:48 - 00000000 ____D C:\tmp
2015-07-08 21:54 - 2015-06-04 19:48 - 00000000 ____D C:\Users\17r\Desktop\Heroes of Newerth
2015-07-08 21:20 - 2015-06-02 21:14 - 00000000 ____D C:\Users\17r\AppData\Roaming\TS3Client
2015-07-04 21:00 - 2009-07-14 07:45 - 00299304 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-01 17:47 - 2015-03-30 09:18 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2015-06-30 11:47 - 2014-06-02 06:00 - 00063552 _____ C:\Users\17r\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-30 11:44 - 2014-08-13 11:06 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-06-28 13:18 - 2009-07-14 08:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-06-28 13:17 - 2014-08-14 14:53 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-28 12:58 - 2014-08-19 20:24 - 00000000 ____D C:\ProgramData\Autodesk
2015-06-28 12:25 - 2014-08-19 20:28 - 00000000 ____D C:\Program Files\Autodesk
2015-06-28 12:25 - 2014-08-19 20:24 - 00000000 ____D C:\Users\17r\AppData\Roaming\Autodesk
2015-06-28 12:20 - 2015-02-04 22:11 - 00000000 ____D C:\Program Files (x86)\Estonian ID Card
2015-06-28 12:15 - 2014-09-24 18:05 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-28 12:14 - 2014-08-14 15:00 - 00000000 ____D C:\Program Files (x86)\Raptr
2015-06-28 12:13 - 2015-06-12 21:57 - 00000000 ____D C:\Windows\Minidump
2015-06-23 18:29 - 2014-08-24 22:06 - 00000000 __SHD C:\Users\17r\AppData\Local\EmieUserList
2015-06-23 14:49 - 2014-06-02 04:58 - 00000000 ____D C:\Users\17r
2015-06-22 18:42 - 2014-08-24 22:06 - 00000000 __SHD C:\Users\17r\AppData\Local\EmieSiteList

==================== Files in the root of some directories =======

2015-07-13 21:16 - 2015-07-13 21:37 - 0000115 _____ () C:\Users\17r\AppData\Roaming\LogFile.txt
2014-08-19 20:31 - 2014-08-19 20:31 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

Files to move or delete:
====================
C:\Users\17r\AppData\Roaming\Microsoft\Windows\IEUpdate\NAPSTAT.EXE

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-05 18:14

==================== End of log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:12 PM

Posted 15 July 2015 - 08:44 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
Remove this program in bold using the Add/Remove program list.
RegCure Pro (HKLM-x32\...\{C547F361-5750-4CD1-9FB6-BC93827CB6C1}) (Version: 3.2.16.0 - ParetoLogic, Inc.) <==== ATTENTION!

===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(©Wyebugur) C:\Users\17r\AppData\Roaming\Microsoft\Windows\IEUpdate\NAPSTAT.EXE
HKU\S-1-5-21-2758016368-3510985515-234349725-1000\...\Run: [NAPSTAT] => C:\Users\17r\AppData\Roaming\Microsoft\Windows\IEUpdate\NAPSTAT.EXE [290304 2014-08-24] (©Wyebugur)
HKU\S-1-5-21-2758016368-3510985515-234349725-1000\...\RunOnce: [NAPSTAT] => C:\Users\17r\AppData\Roaming\Microsoft\Windows\IEUpdate\NAPSTAT.EXE [290304 2014-08-24] (©Wyebugur)
HKU\S-1-5-21-2758016368-3510985515-234349725-1000\...\Policies\Explorer: []
HKU\S-1-5-21-2758016368-3510985515-234349725-1000\...\Policies\Explorer: [Run] "C:\Users\17r\AppData\Roaming\Microsoft\Windows\IEUpdate\NAPSTAT.EXE"
HKU\S-1-5-21-2758016368-3510985515-234349725-1000\...\Command Processor: C:\Users\17r\AppData\Roaming\Microsoft\Windows\IEUpdate\NAPSTAT.EXE [290304 2014-08-24] (©Wyebugur) <===== ATTENTION!
HKU\S-1-5-21-2758016368-3510985515-234349725-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Users\17r\AppData\Roaming\Microsoft\Windows\IEUpdate\NAPSTAT.EXE [290304 2014-08-24] (©Wyebugur)
Startup: C:\Users\17r\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAPSTAT.lnk [2015-03-17]
ShortcutTarget: NAPSTAT.lnk -> C:\Users\17r\AppData\Roaming\Microsoft\Windows\IEUpdate\NAPSTAT.EXE (©Wyebugur)
FF Extension: Zoom It - C:\Users\17r\AppData\Roaming\Mozilla\Firefox\Profiles\my6xam95.default\Extensions\{061832f4-5679-216f-fdd0-2033092220d5} [2015-02-16]
FF Extension: Zoom It - C:\Users\17r\AppData\Roaming\Mozilla\Firefox\Profiles\my6xam95.default\Extensions\{08852a2f-0afd-cd97-7ef9-ffd5b984006e} [2015-05-26]
FF Extension: Zoom It - C:\Users\17r\AppData\Roaming\Mozilla\Firefox\Profiles\my6xam95.default\Extensions\{3d5b3dca-a433-fbbd-1b1b-ab58748cdabd} [2015-06-22]
FF Extension: Zoom It - C:\Users\17r\AppData\Roaming\Mozilla\Firefox\Profiles\my6xam95.default\Extensions\{41501e63-3282-4838-65f5-e124b1849ca8} [2015-02-16]
FF Extension: Zoom It - C:\Users\17r\AppData\Roaming\Mozilla\Firefox\Profiles\my6xam95.default\Extensions\{4763633b-1b9b-0d05-f500-ceb14df0ea91} [2015-06-22]
FF Extension: Zoom It - C:\Users\17r\AppData\Roaming\Mozilla\Firefox\Profiles\my6xam95.default\Extensions\{6a750d12-5db3-67f8-64b2-c61a321383bb} [2015-05-31]
FF Extension: Zoom It - C:\Users\17r\AppData\Roaming\Mozilla\Firefox\Profiles\my6xam95.default\Extensions\{99a53584-0ffd-0c2a-8042-7c89c7a34276} [2015-05-23]
FF Extension: Zoom It - C:\Users\17r\AppData\Roaming\Mozilla\Firefox\Profiles\my6xam95.default\Extensions\{ad00ed01-60f6-d20e-6c04-b00668abe886} [2015-06-04]
FF Extension: Zoom It - C:\Users\17r\AppData\Roaming\Mozilla\Firefox\Profiles\my6xam95.default\Extensions\{b792faef-033f-b660-0437-9d2a27023d70} [2015-05-19]
FF Extension: Zoom It - C:\Users\17r\AppData\Roaming\Mozilla\Firefox\Profiles\my6xam95.default\Extensions\{cb31dac6-7a87-da34-23bf-79d035648076} [2015-06-04]
FF Extension: Zoom It - C:\Users\17r\AppData\Roaming\Mozilla\Firefox\Profiles\my6xam95.default\Extensions\{e1d46b53-8b72-da44-0910-7da5143a28d8} [2015-06-13]
FF Extension: Zoom It - C:\Users\17r\AppData\Roaming\Mozilla\Firefox\Profiles\my6xam95.default\Extensions\{ea6f765a-2780-7691-8ab0-2c9fb7a412dc} [2015-05-16]
FF Extension: Zoom It - C:\Users\17r\AppData\Roaming\Mozilla\Firefox\Profiles\my6xam95.default\Extensions\{eb3f1767-23c9-5695-3909-40ea83f3a961} [2015-06-04]
FF Extension: Zoom It - C:\Users\17r\AppData\Roaming\Mozilla\Firefox\Profiles\my6xam95.default\Extensions\{f72f4ff6-66bf-d47e-7464-2dec7482b132} [2015-05-26]
FF Extension: No Name - C:\Users\17r\AppData\Roaming\Mozilla\Firefox\Profiles\my6xam95.default\extensions\veggy@veggyAddon.com [not found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
S3 getbus; \??\C:\Users\17r\AppData\Local\Temp\getbus.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
C:\Users\17r\AppData\Roaming\Microsoft\Windows\IEUpdate\NAPSTAT.EXE
C:\Users\17r\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAPSTAT.lnk
C:\Users\17r\AppData\Roaming\Mozilla\Firefox\Profiles\my6xam95.default\Extensions\{061832f4-5679-216f-fdd0-2033092220d5} [2015-02-16]
C:\Users\17r\AppData\Roaming\Mozilla\Firefox\Profiles\my6xam95.default\Extensions\{08852a2f-0afd-cd97-7ef9-ffd5b984006e} [2015-05-26]
C:\Users\17r\AppData\Roaming\Mozilla\Firefox\Profiles\my6xam95.default\Extensions\{3d5b3dca-a433-fbbd-1b1b-ab58748cdabd} [2015-06-22]
C:\Users\17r\AppData\Roaming\Mozilla\Firefox\Profiles\my6xam95.default\Extensions\{41501e63-3282-4838-65f5-e124b1849ca8} [2015-02-16]
C:\Users\17r\AppData\Roaming\Mozilla\Firefox\Profiles\my6xam95.default\Extensions\{4763633b-1b9b-0d05-f500-ceb14df0ea91} [2015-06-22]
C:\Users\17r\AppData\Roaming\Mozilla\Firefox\Profiles\my6xam95.default\Extensions\{6a750d12-5db3-67f8-64b2-c61a321383bb} [2015-05-31]
C:\Users\17r\AppData\Roaming\Mozilla\Firefox\Profiles\my6xam95.default\Extensions\{99a53584-0ffd-0c2a-8042-7c89c7a34276} [2015-05-23]
C:\Users\17r\AppData\Roaming\Mozilla\Firefox\Profiles\my6xam95.default\Extensions\{ad00ed01-60f6-d20e-6c04-b00668abe886} [2015-06-04]
C:\Users\17r\AppData\Roaming\Mozilla\Firefox\Profiles\my6xam95.default\Extensions\{b792faef-033f-b660-0437-9d2a27023d70} [2015-05-19]
C:\Users\17r\AppData\Roaming\Mozilla\Firefox\Profiles\my6xam95.default\Extensions\{cb31dac6-7a87-da34-23bf-79d035648076} [2015-06-04]
C:\Users\17r\AppData\Roaming\Mozilla\Firefox\Profiles\my6xam95.default\Extensions\{e1d46b53-8b72-da44-0910-7da5143a28d8} [2015-06-13]
C:\Users\17r\AppData\Roaming\Mozilla\Firefox\Profiles\my6xam95.default\Extensions\{ea6f765a-2780-7691-8ab0-2c9fb7a412dc} [2015-05-16]
C:\Users\17r\AppData\Roaming\Mozilla\Firefox\Profiles\my6xam95.default\Extensions\{eb3f1767-23c9-5695-3909-40ea83f3a961} [2015-06-04]
C:\Users\17r\AppData\Roaming\Mozilla\Firefox\Profiles\my6xam95.default\Extensions\{f72f4ff6-66bf-d47e-7464-2dec7482b132} [2015-05-26]


End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Make sure you have the latest copy of AdwCleaner,

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:12 PM

Posted 21 July 2015 - 08:05 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users