Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Steam and facebook recently hacked as well as weird google results...


  • This topic is locked This topic is locked
3 replies to this topic

#1 AndyMan315

AndyMan315

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Syracuse, NY
  • Local time:05:19 PM

Posted 22 July 2015 - 04:50 PM

FRST results

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by LLAMA-2 (administrator) on LLAMA-2-PC on 22-07-2015 17:45:18
Running from C:\Users\LLAMA-2\Downloads
Loaded Profiles: LLAMA-2 (Available Profiles: LLAMA-2 & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Valve Corporation) F:\Program Files\Steam\Steam.exe
(Valve Corporation) F:\Program Files\Steam\bin\steamwebhelper.exe
(Valve Corporation) F:\Program Files\Steam\bin\steamwebhelper.exe
(Valve Corporation) F:\Program Files\Steam\bin\steamwebhelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12303728 2015-07-13] (Zemana Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [337432 2013-04-15] (Power Software Ltd)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5579624 2015-07-14] (LogMeIn Inc.)
HKU\S-1-5-21-2524426540-2345268860-229473545-1000\...\Run: [Steam] => F:\Program Files\Steam\steam.exe [2895552 2015-07-21] (Valve Corporation)
HKU\S-1-5-21-2524426540-2345268860-229473545-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3632112 2015-07-03] (Electronic Arts)
HKU\S-1-5-21-2524426540-2345268860-229473545-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKU\S-1-5-21-2524426540-2345268860-229473545-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53282944 2015-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-2524426540-2345268860-229473545-1000\...\Run: [uTorrent] => C:\Users\LLAMA-2\AppData\Roaming\uTorrent\uTorrent.exe [802136 2015-05-30] (BitTorrent Inc.)
HKU\S-1-5-21-2524426540-2345268860-229473545-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7800088 2015-07-08] (SUPERAntiSpyware)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2524426540-2345268860-229473545-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2524426540-2345268860-229473545-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-03] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-03] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2013-03-02] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2013-03-02] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2013-03-02] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2013-03-02] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{838F7DB4-F6F8-4AD5-B4F1-F897B64F49A2}: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\LLAMA-2\AppData\Roaming\Mozilla\Firefox\Profiles\t4dcj65s.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.google.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-25] ()
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll [2012-07-09] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-25] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-03] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-09-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-09-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011-12-09] (Nullsoft, Inc.)
FF Extension: Battlefield Play4Free - C:\Users\LLAMA-2\AppData\Roaming\Mozilla\Firefox\Profiles\t4dcj65s.default\Extensions\battlefieldplay4free@ea.com [2015-05-25]
FF Extension: Yahoo! Mail Notifier - C:\Users\LLAMA-2\AppData\Roaming\Mozilla\Firefox\Profiles\t4dcj65s.default\Extensions\{89f8dde0-010a-11da-8cd6-0800200c9a66}.xpi [2012-04-24]
FF Extension: Adblock Plus - C:\Users\LLAMA-2\AppData\Roaming\Mozilla\Firefox\Profiles\t4dcj65s.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-02]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-06-08]

Chrome:
=======
CHR Profile: C:\Users\LLAMA-2\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\LLAMA-2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\LLAMA-2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-01]
CHR Extension: (Google Wallet) - C:\Users\LLAMA-2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-19]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-07-14] (LogMeIn, Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [121144 2013-03-25] (Motorola Mobility LLC)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-07-03] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-03-12] ()
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12303728 2015-07-13] (Zemana Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2014-07-13] (DT Soft Ltd)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [109432 2015-07-15] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [109432 2015-07-15] (Zemana Ltd.)
R3 ALSysIO; \??\C:\Users\LLAMA-2\AppData\Local\Temp\ALSysIO64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-22 17:45 - 2015-07-22 17:45 - 00017156 _____ C:\Users\LLAMA-2\Downloads\FRST.txt
2015-07-22 17:45 - 2015-07-22 17:45 - 00000000 ____D C:\FRST
2015-07-22 17:44 - 2015-07-22 17:44 - 02135552 _____ (Farbar) C:\Users\LLAMA-2\Downloads\FRST64.exe
2015-07-22 14:43 - 2015-07-22 14:43 - 00001941 _____ C:\Users\LLAMA-2\Desktop\JRT.txt
2015-07-22 14:34 - 2015-07-22 14:34 - 01798288 _____ (Malwarebytes Corporation) C:\Users\LLAMA-2\Downloads\JRT(1).exe
2015-07-22 14:24 - 2015-07-22 14:25 - 00002418 _____ C:\Users\LLAMA-2\Desktop\Rkill.txt
2015-07-22 14:24 - 2015-07-22 14:24 - 01798288 _____ (Malwarebytes Corporation) C:\Users\LLAMA-2\Downloads\JRT.exe
2015-07-22 14:23 - 2015-07-22 14:23 - 02248704 _____ C:\Users\LLAMA-2\Downloads\AdwCleaner(1).exe
2015-07-22 14:23 - 2015-07-22 14:23 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\LLAMA-2\Downloads\rkill.exe
2015-07-21 20:47 - 2015-07-21 20:47 - 00000000 ____D C:\Users\LLAMA-2\AppData\Local\CEF
2015-07-15 17:23 - 2015-07-15 17:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2015-07-15 17:23 - 2015-07-15 17:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-07-15 17:23 - 2015-07-15 17:23 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2015-07-08 18:19 - 2015-07-22 14:29 - 00000000 ____D C:\AdwCleaner
2015-07-08 18:19 - 2015-07-08 18:19 - 02244096 _____ C:\Users\LLAMA-2\Downloads\AdwCleaner.exe
2015-07-03 08:58 - 2015-07-22 14:30 - 00000224 _____ C:\Windows\setupact.log
2015-07-03 08:58 - 2015-07-15 17:21 - 00000960 _____ C:\Windows\PFRO.log
2015-07-03 08:58 - 2015-07-03 08:58 - 00000000 _____ C:\Windows\setuperr.log
2015-07-03 08:16 - 2015-07-22 14:30 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2015-07-03 08:16 - 2015-07-15 17:23 - 00109432 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2015-07-03 08:16 - 2015-07-15 17:23 - 00109432 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2015-07-03 08:16 - 2015-07-15 17:23 - 00001076 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2015-07-03 08:16 - 2015-07-03 08:16 - 00000000 ____D C:\Users\LLAMA-2\AppData\Local\Zemana
2015-07-03 08:15 - 2015-07-03 08:15 - 05013792 _____ ( ) C:\Users\LLAMA-2\Downloads\Zemana.AntiMalware.Setup.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-22 16:57 - 2012-06-15 18:00 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-22 14:40 - 2014-12-05 17:57 - 01977344 _____ C:\Windows\WindowsUpdate.log
2015-07-22 14:38 - 2013-08-13 18:36 - 00000000 ____D C:\Temp
2015-07-22 14:38 - 2009-07-14 00:45 - 00025952 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-22 14:38 - 2009-07-14 00:45 - 00025952 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-22 14:32 - 2012-10-25 19:27 - 00000000 ____D C:\ProgramData\Origin
2015-07-22 14:32 - 2012-04-24 19:22 - 00000000 ____D C:\Users\LLAMA-2\AppData\Roaming\Skype
2015-07-22 14:32 - 2012-04-24 18:47 - 00000000 ____D C:\Users\LLAMA-2\AppData\Local\LogMeIn Hamachi
2015-07-22 14:31 - 2012-07-28 12:08 - 00000000 ____D C:\Users\LLAMA-2\AppData\Roaming\uTorrent
2015-07-22 14:30 - 2014-04-23 20:23 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-22 14:30 - 2012-06-15 18:00 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-22 14:30 - 2012-04-24 18:40 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-22 14:30 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-19 17:53 - 2012-08-07 21:11 - 00000000 ____D C:\Users\LLAMA-2\AppData\Roaming\vlc
2015-07-19 17:43 - 2013-04-08 18:21 - 00000000 ____D C:\ProgramData\PMS
2015-07-17 21:25 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-15 23:52 - 2012-06-15 18:00 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-15 23:52 - 2012-06-15 18:00 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-15 17:21 - 2012-04-24 18:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-15 17:18 - 2015-06-08 17:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-14 11:44 - 2012-07-06 17:36 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2015-07-08 18:21 - 2012-11-20 20:15 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-07-03 09:04 - 2009-07-14 01:13 - 00794718 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-03 09:03 - 2012-06-22 16:30 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-03 09:03 - 2012-06-22 16:30 - 00000000 ____D C:\ProgramData\Skype
2015-07-03 09:01 - 2012-10-25 19:27 - 00000000 ____D C:\Program Files (x86)\Origin
2015-07-03 08:57 - 2015-04-21 18:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2015-07-03 08:10 - 2013-02-24 12:29 - 00000000 ____D C:\Users\LLAMA-2\Downloads\FORGE
2015-07-02 22:59 - 2015-04-21 18:50 - 00000000 ____D C:\Program Files\KMSpico
2015-06-26 00:39 - 2012-04-28 22:07 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-06-26 00:38 - 2015-04-01 18:57 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-06-26 00:38 - 2015-04-01 18:57 - 00000959 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-06-25 17:45 - 2012-07-04 21:56 - 00000000 ____D C:\Users\LLAMA-2\AppData\Local\Adobe
2015-06-25 17:45 - 2012-04-25 16:57 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-25 17:45 - 2012-04-25 16:57 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-25 17:38 - 2014-10-13 21:04 - 00000866 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-06-25 17:38 - 2012-11-28 19:01 - 00002255 _____ C:\Users\LLAMA-2\Desktop\Google Chrome.lnk
2015-06-25 17:38 - 2012-11-20 20:15 - 00001852 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-06-25 17:37 - 2014-04-23 20:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-25 17:31 - 2014-04-23 20:22 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-23 18:17 - 2014-05-30 17:36 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-23 18:17 - 2014-04-23 20:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

==================== Files in the root of some directories =======

2013-02-20 19:28 - 2013-02-24 13:41 - 0000600 _____ () C:\Users\LLAMA-2\AppData\Local\PUTTY.RND
2013-12-22 18:17 - 2013-12-22 18:17 - 0000017 _____ () C:\Users\LLAMA-2\AppData\Local\resmon.resmoncfg
2008-02-05 16:28 - 2008-02-05 16:28 - 0000051 _____ () C:\Users\LLAMA-2\AppData\Local\setup.txt
2012-10-27 09:54 - 2013-05-05 16:10 - 0000040 ___SH () C:\ProgramData\.zreglib
2014-04-07 15:55 - 2014-04-07 15:55 - 8673792 _____ () C:\ProgramData\atscie.msi
2012-06-14 19:17 - 2012-06-14 19:21 - 0000819 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\LLAMA-2\AppData\Local\Temp\jna4241502976700845080.dll
C:\Users\LLAMA-2\AppData\Local\Temp\Quarantine.exe
C:\Users\LLAMA-2\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-13 00:32

==================== End of log ============================

 

 

 

Addition log results

 

\Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by LLAMA-2 at 2015-07-22 17:45:50
Running from C:\Users\LLAMA-2\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2524426540-2345268860-229473545-500 - Administrator - Disabled)
Guest (S-1-5-21-2524426540-2345268860-229473545-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2524426540-2345268860-229473545-1003 - Limited - Enabled)
LLAMA-2 (S-1-5-21-2524426540-2345268860-229473545-1000 - Administrator - Enabled) => C:\Users\LLAMA-2
UpdatusUser (S-1-5-21-2524426540-2345268860-229473545-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.3.0.29544 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-2524426540-2345268860-229473545-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.2.202.233 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
AIM for Windows (HKU\S-1-5-21-2524426540-2345268860-229473545-1000\...\AIM) (Version:  - AOL Inc.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ARMA 2 (HKLM-x32\...\Steam App 33900) (Version:  - Bohemia Interactive)
ARMA 2 Dedicated Server (HKLM-x32\...\Steam App 33905) (Version:  - Bohemia Interactive)
ARMA 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version:  - Bohemia Interactive)
ARMA 2: Operation Arrowhead Beta (HKLM-x32\...\Steam App 219540) (Version:  - )
Battlefield Play4Free (HKLM-x32\...\{87686C21-8A15-4b4d-A3F1-11141D9BE094}) (Version:  - EA Digital illusions)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Core Temp 1.0 RC3 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Counter-Strike: Global Offensive Beta (HKLM-x32\...\Steam App 730) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd)
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 2.02 - NCH Software)
Diablo II (HKLM-x32\...\Diablo II) (Version:  - Blizzard Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve )
Dota 2 Test (HKLM-x32\...\Steam App 205790) (Version:  - )
Elf Bowling 6 Air Biscuits 1.0 (remove only) (HKLM-x32\...\Elf Bowling 6 Air Biscuits 1.0) (Version:  - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
Full Flush Poker 8.2 (HKLM-x32\...\Full Flush Poker 8.2) (Version: 8.2.12.201408200900 - Full Flush Poker)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.89 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Hero Editor V1.04 (HKLM-x32\...\ST6UNST #1) (Version:  - )
HLSW v1.4.0.2 (HKLM-x32\...\HLSW_is1) (Version:  - Stripf Software)
HP Photosmart D110 All-In-One Driver 14.0 Rel. 7 (HKLM\...\{14BC6853-A74E-4874-B50D-679889D1544D}) (Version: 14.0 - HP)
Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)
Intel® Network Connections 17.0.200.2 (HKLM\...\PROSetDX) (Version: 17.0.200.2 - Intel)
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
KMSpico v9.3.1 (HKLM\...\KMSpico_is1) (Version: 9.3.1 - )
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.377 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.377 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MechWarrior 4 Mercenaries (HKLM-x32\...\MechWarrior Mercenaries) (Version:  - )
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Flight Simulator X: Steam Edition (HKLM-x32\...\Steam App 314160) (Version:  - Microsoft Game Studios)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.3.9 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.02.1402 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.0.0 (Version: 6.0.0 - Motorola Inc.) Hidden
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Mumble 1.2.3 (HKLM-x32\...\{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}) (Version: 1.2.3 - Thorvald Natvig)
Network64 (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.8 - )
NVIDIA 3D Vision Controller Driver 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 306.97 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.0.13.2142 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.6 - )
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.6 - Power Software Ltd)
PS_AIO_07_D110_SW_Min (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
PS3 Media Server (HKLM-x32\...\PS3 Media Server) (Version: 1.90.1 - PS3 Media Server)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
Ravaged (HKLM-x32\...\Steam App 96300) (Version:  - )
Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
Rosetta Stone TOTALe (HKLM-x32\...\{6B6BC189-D606-4BC7-9758-E6C364F76A55}) (Version: 4.5.5.0 - Rosetta Stone, Ltd)
Scan (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Sniper Elite 3 (HKLM-x32\...\Steam App 238090) (Version:  - Rebellion)
Sniper Ghost Warrior 2 (HKLM-x32\...\Steam App 34870) (Version:  - )
SoulSeek 157 NS 13e (HKLM-x32\...\Soulseek2) (Version:  - )
SoulseekQt (HKLM-x32\...\SoulseekQt) (Version:  - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stranded Deep (HKLM-x32\...\Steam App 313120) (Version:  - Beam Team Games)
Stranded II 1.0.0.1 (HKLM-x32\...\{CE0900ED-C76A-40C0-8DB4-0F68D825B283}_is1) (Version:  - Unreal Software)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1194 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43879 - TeamViewer)
Toolbox (x32 Version: 140.0.424.000 - Hewlett-Packard) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{9514471f-b41e-41f7-af03-7da1d05b279e}) (Version: 1.0.8.0 - Epic Games, Inc.)
UE4 Prerequisites (x64) (Version: 1.0.8.0 - Epic Games, Inc.) Hidden
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.623  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-2524426540-2345268860-229473545-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.16.633 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

07-07-2015 00:00:03 Scheduled Checkpoint
15-07-2015 00:00:02 Scheduled Checkpoint
22-07-2015 14:37:58 JRT Pre-Junkware Removal
22-07-2015 14:38:18 JRT Pre-Junkware Removal

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2014-12-05 15:21 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {036CB631-5EA6-454F-84CE-BD1AB4D03468} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {0F46005C-00B5-4A8E-BBA4-E978B4840F79} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-03-25] ()
Task: {19C6EBFC-9435-4C5F-AAEA-EE7A2C25428F} - System32\Tasks\{92A0385D-EF9D-434A-97C3-BA6889888063} => pcalua.exe -a G:\setup.exe -d G:\
Task: {2EEF7602-C69F-488C-BD28-FB8E5441311D} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {361ADCE9-4AE4-4877-95F6-D0DA2EED6157} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {4D434D50-AEEA-471D-BAA5-804A540980AC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {4F905C30-D2DB-41C4-B14A-7EA5575152A6} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {88A5F334-72B9-492B-BCE5-909F40CA81FD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {971D25CC-A995-4437-B3F6-45940CE73787} - System32\Tasks\{E5936E92-38B0-4B56-BAEF-CA51CFA46C4D} => C:\Users\LLAMA-2\Downloads\minecraft_server.1.8.3(1).exe [2015-04-01] ()
Task: {A3E3362E-91D6-4470-9D35-FE72F52E8AC0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-15] (Google Inc.)
Task: {A92827D1-2C43-4610-8368-34CB65CE3A30} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {B2FBB3DB-56D9-4FC6-A3C9-EF3BE8F569FD} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-03-25] ()
Task: {C3B4505B-42A7-4CE1-9C1D-4EF9B9F934CF} - System32\Tasks\Core Temp Autostart LLAMA-2 => C:\Program Files\Core Temp\Core Temp.exe [2012-01-25] ()
Task: {C439A51D-D8A0-4BE1-821B-2B6598EA6786} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-15] (Google Inc.)
Task: {DB24B032-D6DD-48E4-8202-22A21F0A1B74} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-03-25] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2012-10-01 20:36 - 2012-10-01 20:36 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-01-02 10:42 - 2010-01-02 10:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-05-26 09:25 - 2012-02-17 23:55 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2011-07-18 17:04 - 2011-07-18 17:04 - 00301568 _____ () C:\Program Files (x86)\Notepad++\NppShell_04.dll
2015-07-03 08:16 - 2015-07-15 17:23 - 00118640 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2013-03-25 15:44 - 2013-03-25 15:44 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2014-07-13 13:10 - 2014-07-12 10:15 - 00107520 ____R () C:\Program Files (x86)\DAEMON Tools Pro\BRD.dll
2013-03-12 17:10 - 2015-07-03 12:12 - 00778240 _____ () F:\Program Files\Steam\SDL2.dll
2015-01-30 19:11 - 2015-07-03 12:12 - 04962816 _____ () F:\Program Files\Steam\v8.dll
2015-01-30 19:11 - 2015-07-03 12:12 - 01556992 _____ () F:\Program Files\Steam\icui18n.dll
2015-01-30 19:11 - 2015-07-03 12:12 - 01187840 _____ () F:\Program Files\Steam\icuuc.dll
2014-06-05 20:19 - 2015-07-21 15:32 - 02410176 _____ () F:\Program Files\Steam\video.dll
2014-09-14 17:05 - 2014-12-01 17:31 - 02396672 _____ () F:\Program Files\Steam\libavcodec-56.dll
2014-09-14 17:05 - 2014-12-01 17:31 - 00442880 _____ () F:\Program Files\Steam\libavutil-54.dll
2014-09-14 17:05 - 2014-12-01 17:31 - 00479744 _____ () F:\Program Files\Steam\libavformat-56.dll
2014-09-14 17:05 - 2014-12-01 17:31 - 00332800 _____ () F:\Program Files\Steam\libavresample-2.dll
2014-09-14 17:05 - 2014-12-01 17:31 - 00485888 _____ () F:\Program Files\Steam\libswscale-3.dll
2011-07-18 17:46 - 2015-07-21 15:32 - 00703168 _____ () F:\Program Files\Steam\bin\chromehtml.DLL
2015-07-21 20:46 - 2015-07-07 16:41 - 00169984 _____ () F:\Program Files\Steam\bin\openvr_api.dll
2010-04-27 00:27 - 2015-07-03 12:12 - 39553928 _____ () F:\Program Files\Steam\bin\libcef.dll
2012-10-01 20:37 - 2012-10-01 20:37 - 06522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2524426540-2345268860-229473545-1000\...\mandtbank.com -> hxxps://onlinebanking.mandtbank.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2524426540-2345268860-229473545-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\LLAMA-2\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{FBAA0048-87A0-4938-98D9-4828C91C91CE}] => (Allow) F:\Program Files\Steam\Steam.exe
FirewallRules: [{E2FB2322-3119-4769-8722-43A40FFD50ED}] => (Allow) F:\Program Files\Steam\Steam.exe
FirewallRules: [{BCA1766C-86D0-4C8A-9293-78BD7A90E767}] => (Allow) F:\Program Files\Steam\Steam.exe
FirewallRules: [{456430C3-E01C-4CB5-A6A9-86D9B4F05157}] => (Allow) F:\Program Files\Steam\Steam.exe
FirewallRules: [TCP Query User{A2EA72A3-7076-49A0-B52E-FC68494DC284}F:\program files\skype\phone\skype.exe] => (Allow) F:\program files\skype\phone\skype.exe
FirewallRules: [UDP Query User{F873DFD5-7C3C-4BBF-AA15-C14DFD9614AE}F:\program files\skype\phone\skype.exe] => (Allow) F:\program files\skype\phone\skype.exe
FirewallRules: [{385301DF-1840-440F-B880-C8427C59C774}] => (Block) F:\program files\skype\phone\skype.exe
FirewallRules: [{D117DA9F-D5E3-479F-8659-A2D0B3BF0393}] => (Block) F:\program files\skype\phone\skype.exe
FirewallRules: [TCP Query User{A788DA53-46C6-49E0-94C7-20468E1F8C0C}F:\program files\steam\steamapps\an56d\counter-strike source\hl2.exe] => (Allow) F:\program files\steam\steamapps\an56d\counter-strike source\hl2.exe
FirewallRules: [UDP Query User{C237D55A-4787-4401-8755-75DEC6017411}F:\program files\steam\steamapps\an56d\counter-strike source\hl2.exe] => (Allow) F:\program files\steam\steamapps\an56d\counter-strike source\hl2.exe
FirewallRules: [{DAC065CB-CDB5-4F16-92B8-3E51BA775ACF}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{4448F7DE-0D2C-4426-B324-5EB0B47BBC87}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{738FC006-F843-4C35-A3CB-C2C12ECF94AA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{811A4E11-DFE7-4503-8235-6E9CAF5C445E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B73D3DDA-C5F1-4FA5-82CC-2B044BAE69A3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{99CD927E-6659-4476-BC20-A9EFFA7512EB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{D7D00934-D6C3-4489-90AE-26B72AA08826}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{1CAB5A4D-0F7E-4433-B8ED-ACE6DA582CF5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{CE7F4E52-B1D0-4AB3-B221-60D3A0772F29}] => (Allow) F:\Program Files\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA.exe
FirewallRules: [{DAAF3257-D1EC-4293-8B6C-7CC99EB5791A}] => (Allow) F:\Program Files\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA.exe
FirewallRules: [{3A94A6BF-5427-411F-B9EF-50EB74ED60C8}] => (Allow) F:\Program Files\Steam\steamapps\common\arma 2 operation arrowhead\BEsetup\Setup_BattlEyeARMA2OA.exe
FirewallRules: [{7E529431-C8B6-4B23-B3A1-6ECBCC216EE0}] => (Allow) F:\Program Files\Steam\steamapps\common\arma 2 operation arrowhead\BEsetup\Setup_BattlEyeARMA2OA.exe
FirewallRules: [{C4C6D0CC-9753-482D-ADD2-357D0D87ABBA}] => (Allow) F:\Program Files\Steam\steamapps\common\Arma 2\ArmA2Server.exe
FirewallRules: [{536AF8CF-8F5A-4C07-9687-A6AFB9061EAB}] => (Allow) F:\Program Files\Steam\steamapps\common\Arma 2\ArmA2Server.exe
FirewallRules: [{833EB539-AEB8-4589-A416-3F968B7DC0FA}] => (Allow) F:\Program Files\Steam\steamapps\common\Arma 2\arma2.exe
FirewallRules: [{84E39664-E257-47FF-95A3-9BA534288AB1}] => (Allow) F:\Program Files\Steam\steamapps\common\Arma 2\arma2.exe
FirewallRules: [{86992782-C245-4FB5-96C7-D0D5F1F2DD70}] => (Allow) F:\Program Files\Steam\steamapps\common\sniper ghost warrior\Sniper_x86.exe
FirewallRules: [{4169617D-6D71-4163-B507-70F39ADF3B68}] => (Allow) F:\Program Files\Steam\steamapps\common\sniper ghost warrior\Sniper_x86.exe
FirewallRules: [{8D62A0A1-DDE9-48E8-886B-5675251FC60B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{3F5DEAD8-056D-4FC9-BD82-752C06CA1BB2}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{7EF2DB99-F2D7-49A2-B9E2-E3E36BF6152D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{B0560373-139C-4F5F-963B-CCEECF2FAA9B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{033370FB-D012-4E9D-B23E-4E1AB5EB7D14}] => (Allow) F:\Program Files\Steam\steamapps\an56d\counter-strike source\hl2.exe
FirewallRules: [{90FD111F-BEF6-4BFE-8CBE-A7757504E9F8}] => (Allow) F:\Program Files\Steam\steamapps\an56d\counter-strike source\hl2.exe
FirewallRules: [{10484AEE-13B4-47EE-8E6B-532EC4248EEE}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{753B39DB-1E4A-4EBB-8671-3BA0901601B5}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{4229EED2-029F-4559-ACAC-5F92B1D51CAB}] => (Allow) LPort=2869
FirewallRules: [{E7B33A72-8252-4682-8F50-E60971387511}] => (Allow) LPort=1900
FirewallRules: [{2F85338B-66E4-41D7-88EA-0F19AEFC3160}] => (Allow) F:\Program Files\Steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\Arma2OA.exe
FirewallRules: [{E612418C-C61F-4922-B8B5-838B72CBE770}] => (Allow) F:\Program Files\Steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\Arma2OA.exe
FirewallRules: [{3B39C440-3191-44B4-84FA-BBD394D2F781}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{6FF35F1D-F5A3-428A-9E31-40C815530AC9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{33A804A6-146B-4E49-BB39-D515AB45601E}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{B1F9FDF6-73D9-4E2E-9A34-4FFA4D1BCAC8}] => (Allow) F:\Program Files\Steam\steamapps\common\portal 2\portal2.exe
FirewallRules: [{89C88920-CFF5-430A-BD8D-225EF062C01B}] => (Allow) F:\Program Files\Steam\steamapps\common\portal 2\portal2.exe
FirewallRules: [{323B018D-D67B-4241-8EB9-C43E4663E63B}] => (Allow) F:\Program Files\Steam\steamapps\an56d\counter-strike\hl.exe
FirewallRules: [{DFD2FE01-9584-48AC-8612-1ABDD828A7AB}] => (Allow) F:\Program Files\Steam\steamapps\an56d\counter-strike\hl.exe
FirewallRules: [{9314A852-7B1C-42A9-A9B5-22086F20C61D}] => (Allow) F:\Program Files\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{68581098-FE7C-4897-9526-7E00F7D65139}] => (Allow) F:\Program Files\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{EC82C501-9B8B-4C0C-A75A-CA336FAF5ED7}] => (Allow) F:\Program Files\Steam\steamapps\common\SniperGhostWarrior2\Bin32\SniperGhostWarrior2.exe
FirewallRules: [{82BD664B-7F32-4A09-81DF-B8CA3D397D7F}] => (Allow) F:\Program Files\Steam\steamapps\common\SniperGhostWarrior2\Bin32\SniperGhostWarrior2.exe
FirewallRules: [{2C251EC0-D3B3-41E2-AFFE-B78189E6B10F}] => (Allow) F:\Program Files\Steam\steamapps\common\Ravaged\Binaries\Win32\RavagedGame.exe
FirewallRules: [{833DAC4C-51F9-4D94-9050-E3C1BB161C33}] => (Allow) F:\Program Files\Steam\steamapps\common\Ravaged\Binaries\Win32\RavagedGame.exe
FirewallRules: [{410536A7-1B98-4F26-B4A7-0CC08A7CE270}] => (Allow) F:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{9105487B-CF1B-4CC4-867F-73DFE0C90814}] => (Allow) F:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{C6A7AF68-F351-4942-B7E5-B6FA161A05AE}] => (Allow) F:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{86F1641D-F78A-49C8-A493-1887D83AB806}] => (Allow) F:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{A53CAC08-9AB2-4146-ACB4-51345DA62005}] => (Allow) F:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{4805B478-A8D6-45B5-A175-08A8CB8F5229}] => (Allow) F:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{9D26B07E-C259-4CEC-97F5-7D2CECCCB01F}] => (Allow) F:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{1D74642F-B352-4FBE-828A-7A4CF519576B}] => (Allow) F:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{B859F902-3BEB-45B9-B214-8A9A80FF0B43}] => (Allow) F:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{D8676D98-1073-40E2-AF95-83F46F1128D3}] => (Allow) F:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{27D9D3CB-3280-4E51-8149-82A2D6601397}] => (Allow) F:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{F21AF82B-17C8-45A7-A276-485105FD67B7}] => (Allow) F:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{E6A3C56B-F6B3-4F2B-B02E-A8699FA9907F}] => (Allow) F:\Program Files\Steam\steamapps\common\dota 2 test\dota.exe
FirewallRules: [{C5117DF7-3B0B-42C9-9FB9-B338984CDE64}] => (Allow) F:\Program Files\Steam\steamapps\common\dota 2 test\dota.exe
FirewallRules: [{3D63B8BB-1B64-4466-B624-92DFCA897FEA}] => (Allow) LPort=67
FirewallRules: [{AE93E583-806D-4D36-943E-913AE696697A}] => (Allow) C:\Users\LLAMA-2\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{03A96511-B19E-4B88-9F93-99F0C52138DA}] => (Allow) C:\Users\LLAMA-2\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A367A228-1222-4616-B712-974BB5B53207}] => (Allow) F:\Program Files\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA_BE.exe
FirewallRules: [{A843B76C-08BB-4E88-B3FD-A9B752520944}] => (Allow) F:\Program Files\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA_BE.exe
FirewallRules: [{43E9BA42-357A-4D03-990E-C4790865B169}] => (Block) %ProgramFiles% (x86)\Rosetta Stone\Rosetta Stone TOTALe\Rosetta Stone TOTALe.exe
FirewallRules: [{5E43DFFE-5EA2-4F74-B3C7-CAF2D33BF98D}] => (Block) %ProgramFiles% (x86)\Rosetta Stone\Rosetta Stone TOTALe\RosettaStoneTOTALe.exe
FirewallRules: [{9122D296-72D9-4D53-A28E-25A2AEF4AF3E}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [{A83CC092-3EBA-49E2-99E8-D2E1AC35D86B}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [{1B0D0A86-5850-47A5-9C80-CDB193852E49}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [{4A533F2B-E72C-4C0A-9EA4-9DFF5A0BF5D0}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [{D2FA083F-5FB0-463F-9613-B18ACD312372}] => (Allow) F:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{862451EA-73AD-411B-91E7-79A6F02CBC0B}] => (Allow) F:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{CCCAA70B-9B74-406C-B258-967E5B03E5D7}] => (Allow) F:\Program Files\Steam\steamapps\common\just cause 2\JustCause2.exe
FirewallRules: [{C28C12FA-D065-4A20-ADFA-9FCD9FEA8211}] => (Allow) F:\Program Files\Steam\steamapps\common\just cause 2\JustCause2.exe
FirewallRules: [{67C15C02-10AE-4875-BCD5-5B60EDED133A}] => (Allow) F:\Program Files\Steam\steamapps\common\ava\NWZLauncher.exe
FirewallRules: [{464B4DDD-780A-472D-99F9-421FAD00F1DC}] => (Allow) F:\Program Files\Steam\steamapps\common\ava\NWZLauncher.exe
FirewallRules: [{B1A103B1-3391-4490-B4CB-140634B110FC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B691B88F-DA64-4A3B-BD40-B6ABF426672C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FB11EE77-4959-4F22-83F6-074288FF9937}] => (Allow) F:\Program Files\Steam\steamapps\common\Source SDK Base\hl2.exe
FirewallRules: [{5902D94E-519A-4E19-A093-662B01F01F0A}] => (Allow) F:\Program Files\Steam\steamapps\common\Source SDK Base\hl2.exe
FirewallRules: [{C09FDAA5-4808-4FA2-BAF1-AA1D6B4C210B}] => (Allow) F:\Program Files\Steam\steamapps\common\Sniper Elite 3\Launcher\Sniper3Launcher.exe
FirewallRules: [{0AED2B36-A404-4779-A55F-588B6BC48003}] => (Allow) F:\Program Files\Steam\steamapps\common\Sniper Elite 3\Launcher\Sniper3Launcher.exe
FirewallRules: [{550323CA-9771-4068-9182-E67377CFF7DD}] => (Allow) F:\Program Files\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{AD365B74-6E76-4855-A81B-156EAF43FAD5}] => (Allow) F:\Program Files\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{2B58D20B-E5DA-41F2-92AF-024FB72E95BC}] => (Allow) F:\Program Files\Steam\steamapps\common\FSX\fsx.exe
FirewallRules: [{B248C029-478A-4D63-9C56-5E9F502BF256}] => (Allow) F:\Program Files\Steam\steamapps\common\FSX\fsx.exe
FirewallRules: [{87B43E86-60B9-4126-9AB8-9A61B62F616C}] => (Allow) LPort=25565
FirewallRules: [{8A1AA2FC-0B8F-4AC0-BE37-75F986559E8E}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{1D4E09B0-8192-464A-9ADF-FCB75E3CA485}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{82DAEAF5-5E00-446E-BD01-AC38860D123D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{FEA9AFE2-F1E9-4CC8-92A1-252D69C5AEF1}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{BE8D9D07-AA07-4000-9CC3-58DC9319A2F5}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{0E1FBD4A-0997-43DC-B282-ABA76EFD6FFA}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{085D73B9-7CD5-44E6-8C85-F8A04D097752}] => (Allow) F:\Program Files\Steam\steamapps\common\Stranded Deep\Stranded_Deep_x64.exe
FirewallRules: [{AC9CF8A1-294F-4288-B9B2-F6320B7D3C2D}] => (Allow) F:\Program Files\Steam\steamapps\common\Stranded Deep\Stranded_Deep_x64.exe
FirewallRules: [{3FA3D1E1-5B24-4B06-A3FC-38C45E1F1A36}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{DC260AFD-3382-411B-9C80-9164524BE719}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{E7420BA0-35C4-4321-8859-9C5B09CDCE9E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3A5C7A91-D182-4A60-920F-A30B518B19C7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F1C17818-FD8E-4396-B886-415720807068}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C540E89E-22A5-4862-AD23-E08592765E20}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{951937EB-1E91-409A-A33E-3E4661349715}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{BF744D27-141C-4A3C-8231-C2BFBB1834B8}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{FF9DABE1-7E07-4D9F-B670-BCAE356480BE}] => (Allow) C:\Users\LLAMA-2\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F62906AA-1CD6-48B4-AB13-B3C1154014D1}] => (Allow) C:\Users\LLAMA-2\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D3326F9A-CADE-4BA5-8BD0-4CDA3EE8BBD8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Serial Port
Description: PCI Serial Port
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/22/2015 12:35:23 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.FlightSimulator.SimConnect,processorArchitecture="x86",publicKeyToken="1ed9da73c880e429",type="win32",version="10.0.62613.0"1".
Dependent Assembly Microsoft.FlightSimulator.SimConnect,processorArchitecture="x86",publicKeyToken="1ed9da73c880e429",type="win32",version="10.0.62613.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/22/2015 12:35:16 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.FlightSimulator.SimConnect,processorArchitecture="x86",publicKeyToken="1ed9da73c880e429",type="win32",version="10.0.62613.0"1".
Dependent Assembly Microsoft.FlightSimulator.SimConnect,processorArchitecture="x86",publicKeyToken="1ed9da73c880e429",type="win32",version="10.0.62613.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/22/2015 12:34:14 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (07/21/2015 04:50:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 39.0.0.5659, time stamp: 0x55934d06
Faulting module name: mozalloc.dll, version: 39.0.0.5659, time stamp: 0x55933a83
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x18e8
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (07/19/2015 05:53:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vlc.exe, version: 2.0.3.0, time stamp: 0x5007ce85
Faulting module name: vlc.exe, version: 2.0.3.0, time stamp: 0x5007ce85
Exception code: 0xc0000005
Fault offset: 0x00001805
Faulting process id: 0x13d4
Faulting application start time: 0xvlc.exe0
Faulting application path: vlc.exe1
Faulting module path: vlc.exe2
Report Id: vlc.exe3

Error: (07/19/2015 05:53:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vlc.exe, version: 2.0.3.0, time stamp: 0x5007ce85
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000374
Fault offset: 0x000ce6c3
Faulting process id: 0x1490
Faulting application start time: 0xvlc.exe0
Faulting application path: vlc.exe1
Faulting module path: vlc.exe2
Report Id: vlc.exe3

Error: (07/16/2015 12:34:28 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.FlightSimulator.SimConnect,processorArchitecture="x86",publicKeyToken="1ed9da73c880e429",type="win32",version="10.0.62613.0"1".
Dependent Assembly Microsoft.FlightSimulator.SimConnect,processorArchitecture="x86",publicKeyToken="1ed9da73c880e429",type="win32",version="10.0.62613.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/16/2015 12:34:21 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.FlightSimulator.SimConnect,processorArchitecture="x86",publicKeyToken="1ed9da73c880e429",type="win32",version="10.0.62613.0"1".
Dependent Assembly Microsoft.FlightSimulator.SimConnect,processorArchitecture="x86",publicKeyToken="1ed9da73c880e429",type="win32",version="10.0.62613.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/16/2015 12:33:21 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (07/15/2015 12:35:05 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.FlightSimulator.SimConnect,processorArchitecture="x86",publicKeyToken="1ed9da73c880e429",type="win32",version="10.0.62613.0"1".
Dependent Assembly Microsoft.FlightSimulator.SimConnect,processorArchitecture="x86",publicKeyToken="1ed9da73c880e429",type="win32",version="10.0.62613.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (07/22/2015 02:38:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (07/22/2015 02:38:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/22/2015 02:38:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/22/2015 02:38:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/22/2015 02:38:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The PST Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 6000 milliseconds: Restart the service.

Error: (07/22/2015 02:38:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PnkBstrA service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/22/2015 02:38:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Motorola Device Manager Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (07/22/2015 02:38:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® PROSet Monitoring Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/22/2015 02:38:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/22/2015 02:38:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office:
=========================
Error: (07/22/2015 12:35:23 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.FlightSimulator.SimConnect,processorArchitecture="x86",publicKeyToken="1ed9da73c880e429",type="win32",version="10.0.62613.0"f:\program files\Steam\steamapps\common\FSX\Unsigned\Kiosk.exe

Error: (07/22/2015 12:35:16 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.FlightSimulator.SimConnect,processorArchitecture="x86",publicKeyToken="1ed9da73c880e429",type="win32",version="10.0.62613.0"f:\program files\Steam\steamapps\common\FSX\Kiosk.exe

Error: (07/22/2015 12:34:14 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (07/21/2015 04:50:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe39.0.0.565955934d06mozalloc.dll39.0.0.565955933a838000000300001aa118e801d0c3f6cba41bc4C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll23470b7e-2fea-11e5-8f0a-00270e096fd0

Error: (07/19/2015 05:53:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.0.3.05007ce85vlc.exe2.0.3.05007ce85c00000050000180513d401d0c26d643176fcC:\Program Files (x86)\VideoLAN\VLC\vlc.exeC:\Program Files (x86)\VideoLAN\VLC\vlc.exea2215c25-2e60-11e5-8f0a-00270e096fd0

Error: (07/19/2015 05:53:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.0.3.05007ce85ntdll.dll6.1.7601.177254ec49b8fc0000374000ce6c3149001d0c26d5283b39dC:\Program Files (x86)\VideoLAN\VLC\vlc.exeC:\Windows\SysWOW64\ntdll.dll947dd6b2-2e60-11e5-8f0a-00270e096fd0

Error: (07/16/2015 12:34:28 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.FlightSimulator.SimConnect,processorArchitecture="x86",publicKeyToken="1ed9da73c880e429",type="win32",version="10.0.62613.0"f:\program files\Steam\steamapps\common\FSX\Unsigned\Kiosk.exe

Error: (07/16/2015 12:34:21 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.FlightSimulator.SimConnect,processorArchitecture="x86",publicKeyToken="1ed9da73c880e429",type="win32",version="10.0.62613.0"f:\program files\Steam\steamapps\common\FSX\Kiosk.exe

Error: (07/16/2015 12:33:21 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (07/15/2015 12:35:05 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.FlightSimulator.SimConnect,processorArchitecture="x86",publicKeyToken="1ed9da73c880e429",type="win32",version="10.0.62613.0"f:\program files\Steam\steamapps\common\FSX\Unsigned\Kiosk.exe


CodeIntegrity Errors:
===================================
  Date: 2015-06-07 17:34:30.830
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-06-07 17:34:30.824
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-12-05 14:21:08.072
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-12-05 14:21:08.041
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-01-15 17:59:57.068
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-15 17:59:57.005
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-15 17:59:56.943
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-15 17:59:54.119
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-15 17:59:54.057
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-15 17:59:53.979
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5 CPU 750 @ 2.67GHz
Percentage of memory in use: 27%
Total physical RAM: 8125.38 MB
Available physical RAM: 5880.85 MB
Total Virtual: 16248.93 MB
Available Virtual: 13915.4 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.95 GB) (Free:31.57 GB) NTFS
Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: () (Fixed) (Total:931.41 GB) (Free:177.23 GB) NTFS
Drive h: (15.0.4420.1017) (CDROM) (Total:0.75 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: E2E08BC7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: BBA5CCEA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of log ============================

 



BC AdBot (Login to Remove)

 


m

#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,535 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:19 PM

Posted 24 July 2015 - 01:04 PM

Greetings AndyMan315 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Unfortunately there is evidence of pirated software on your computer. I am going to ask you to remove Microsoft Office Professional Plus 2013 before we begin. If you are willing to do that let me know when it has been uninstalled and I will post our first steps. If you prefer to not do that let me know that you would like me to just close the Topic.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,535 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:19 PM

Posted 27 July 2015 - 09:40 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,535 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:19 PM

Posted 29 July 2015 - 09:28 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users