Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

i have the wander burst virus


  • Please log in to reply
15 replies to this topic

#1 highlander777

highlander777

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:17 AM

Posted 02 August 2015 - 11:55 PM

please help me i have run malware bytes several times and it finds it and i clean it up and the wander burst doesnt exist in any of my browsers extentions or add ons and every time i remove it it just comes back please i really need help

Attached Files


Edited by highlander777, 03 August 2015 - 12:06 AM.


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:17 PM

Posted 04 August 2015 - 02:13 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Please post the Malwarebytes logs


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 highlander777

highlander777
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:17 AM

Posted 04 August 2015 - 09:46 AM

MBAM LOG

 

 

<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2015/08/04 07:34:14 -0700</date>
<logfile>mbam-log-2015-08-04 (07-34-05).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.1.8.1057</version>
<malware-database>v2015.08.04.04</malware-database>
<rootkit-database>v2015.08.03.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 10</osversion>
<arch>x64</arch>
<username>Duncan</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>405065</objects>
<time>603</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>6</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<file><path>C:\Users\Duncan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_wanderburst-a.akamaihd.net_0.localstorage</path><vendor>PUP.Optional.WanderBurst.A</vendor><action>delete-on-reboot</action><hash>a33108fc1378b383c9f18b88aa594eb2</hash></file>
<file><path>C:\Users\Duncan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_wanderburst-a.akamaihd.net_0.localstorage-journal</path><vendor>PUP.Optional.WanderBurst.A</vendor><action>delete-on-reboot</action><hash>41931fe59eedfc3abdfdd63d0201936d</hash></file>
<file><path>C:\Users\Duncan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage</path><vendor>PUP.Optional.BoostSaves.A</vendor><action>delete-on-reboot</action><hash>9143ce3652393df95edb73b7ca3936ca</hash></file>
<file><path>C:\Users\Duncan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage-journal</path><vendor>PUP.Optional.BoostSaves.A</vendor><action>delete-on-reboot</action><hash>5084c63e5635c76fa8918aa0917229d7</hash></file>
<file><path>C:\Users\Duncan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage</path><vendor>PUP.Optional.Boost.A</vendor><action>delete-on-reboot</action><hash>795be321414a072fc77a43fda95ac33d</hash></file>
<file><path>C:\Users\Duncan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage-journal</path><vendor>PUP.Optional.Boost.A</vendor><action>delete-on-reboot</action><hash>1db7d62e8efd53e352ef43fdee15639d</hash></file>
</items>
</mbam-log>


#4 highlander777

highlander777
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:17 AM

Posted 06 August 2015 - 03:37 PM

Hello are you still there I still need help

#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:17 PM

Posted 07 August 2015 - 01:37 AM

Please rescan with FRST (create a new  addition.txt as well) and pos the logs.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#6 highlander777

highlander777
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:17 AM

Posted 07 August 2015 - 11:21 PM

ADDITION LOG

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:06-08-2015
Ran by Duncan (2015-08-07 21:17:00)
Running from C:\Users\Duncan\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2760418946-379915037-3885476287-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2760418946-379915037-3885476287-503 - Limited - Disabled)
Duncan (S-1-5-21-2760418946-379915037-3885476287-1000 - Administrator - Enabled) => C:\Users\Duncan
Guest (S-1-5-21-2760418946-379915037-3885476287-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2760418946-379915037-3885476287-1000\...\uTorrent) (Version: 3.4.2.32354 - BitTorrent Inc.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
ASRock eXtreme Tuner v0.1.375 (HKLM-x32\...\ASRock eXtreme Tuner_is1) (Version:  - )
ASRock XFast RAM v2.0.28 (HKLM\...\ASRock XFast RAM_is1) (Version:  - ASRock Inc.)
Batman™: Arkham Knight (HKLM-x32\...\Steam App 208650) (Version:  - Rocksteady Studios)
Batman™: Arkham Origins (HKLM-x32\...\Steam App 209000) (Version:  - WB Games Montreal)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)
CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Deluge 1.3.6 (HKLM-x32\...\Deluge) (Version:  - )
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.8.5 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.35 - Dropbox, Inc.) Hidden
EPubsoft EBook Converter 8.8.9 (HKLM-x32\...\{83F0BA2C-712D-4FBB-AB76-3629763412C0}) (Version: 8.8.9 - EPUBSOFT)
Eye-Fi Center 3.4 (HKLM-x32\...\{7764F7B0-7225-4145-82B6-2AB4540D33A6}) (Version: 3.4.26 - Eye-Fi, Inc)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Firefly Online Cortex (HKLM-x32\...\Steam App 343750) (Version:  - Spark Plug Games)
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - Subset Games)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Hammerwatch (HKLM-x32\...\Steam App 239070) (Version:  - )
Invisible, Inc. (HKLM-x32\...\Steam App 243970) (Version:  - Klei Entertainment)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Logitech Gaming Software 8.55 (HKLM\...\Logitech Gaming Software) (Version: 8.55.137 - Logitech Inc.)
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mass Effect (HKLM-x32\...\Steam App 17460) (Version:  - BioWare)
Mass Effect 2 (HKLM-x32\...\Steam App 24980) (Version:  - BioWare)
MASSIVE CHALICE (HKLM-x32\...\Steam App 246110) (Version:  - Double Fine Productions)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
MMSSTV version 1.13A (HKLM-x32\...\{F71E3066-5D8E-4E58-9B72-43D4365127D3}_is1) (Version: 1.13A - JE3HHT,  Makoto Mori)
Monster Loves You! (HKLM-x32\...\Steam App 226740) (Version:  - Radial Games Corp)
Mozilla Firefox 36.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MURDERED: SOUL SUSPECT™ (HKLM-x32\...\Steam App 233290) (Version:  - Airtight Games)
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.6.9575 - Barnesandnoble.com)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Papers, Please (HKLM-x32\...\Steam App 239030) (Version:  - 3909)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Prison Architect (HKLM-x32\...\Steam App 233450) (Version:  - Introversion Software)
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
Quassel (remove only) (HKLM-x32\...\Quassel) (Version: 0.10.0-1 - KDE)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
realMyst: Masterpiece Edition (HKLM-x32\...\Steam App 244430) (Version:  - Cyan)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Robocraft (HKLM-x32\...\Steam App 301520) (Version:  - Freejam)
Seduce Me the Otome (HKLM-x32\...\Steam App 367120) (Version:  - Michaela Laws)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version:  - Obsidian Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SteamWorld Dig (HKLM-x32\...\Steam App 252410) (Version:  - Image&amp;Form)
Sunless Sea (HKLM-x32\...\Steam App 304650) (Version:  - Failbetter Games)
Syberia (HKLM-x32\...\Steam App 46500) (Version:  - Anuman)
Syberia 2 (HKLM-x32\...\Steam App 46510) (Version:  - Anuman / Microids)
Tales from Space: Mutant Blobs Attack (HKLM-x32\...\Steam App 206370) (Version:  - DrinkBox Studios)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Mighty Quest For Epic Loot (HKLM-x32\...\Steam App 239220) (Version:  - Ubisoft Montreal)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version:  - )
The Walking Dead: Season Two (HKLM-x32\...\Steam App 261030) (Version:  - Telltale Games)
The Wolf Among Us (HKLM-x32\...\Steam App 250320) (Version:  - Telltale Games)
Transistor (HKLM-x32\...\Steam App 237930) (Version:  - Supergiant Games)
Unity Web Player (HKU\S-1-5-21-2760418946-379915037-3885476287-1000\...\UnityWebPlayer) (Version: 4.5.2f1 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Watch_Dogs (HKLM-x32\...\Steam App 243470) (Version:  - Ubisoft)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)
XFastUSB (HKLM-x32\...\XFastUSB) (Version: 3.02.38 - ASRock Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2760418946-379915037-3885476287-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2760418946-379915037-3885476287-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Duncan\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2760418946-379915037-3885476287-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Duncan\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2760418946-379915037-3885476287-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Duncan\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2760418946-379915037-3885476287-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Duncan\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2760418946-379915037-3885476287-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Duncan\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2760418946-379915037-3885476287-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Duncan\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2760418946-379915037-3885476287-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Duncan\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2760418946-379915037-3885476287-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Duncan\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2760418946-379915037-3885476287-1000_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2760418946-379915037-3885476287-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Duncan\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2760418946-379915037-3885476287-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Duncan\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points =========================
 
02-08-2015 17:53:01 Windows Modules Installer
05-08-2015 20:58:56 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2014-06-21 18:53 - 00000864 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 validation.sls.microsoft.com
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00EEBA9C-F9EF-4272-B793-C830FBADD359} - System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup => C:\Windows\system32\dstokenclean.exe [2015-07-10] (Microsoft Corporation)
Task: {0243CE76-1E07-4D1E-B75D-537F0DD90B75} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {04D9EB26-4012-42F7-B2A1-DD65822AF9B6} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {06D400EA-5101-43A2-B8FA-09123A68166D} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {07459F2F-22E5-45E8-81F1-02CD197C3CA8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent No Task File <==== ATTENTION
Task: {0AB18FA5-F4F5-4D45-BA8B-EA76225BCDEB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d No Task File <==== ATTENTION
Task: {0CCA7916-2916-4F12-BD32-1E3BE31E1269} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join => C:\Windows\System32\dsregcmd.exe [2015-07-10] (Microsoft Corporation)
Task: {14D86984-47E8-4490-9BBC-5113287DCA20} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d No Task File <==== ATTENTION
Task: {1569D5A7-A976-4798-AC05-8A27EE51481A} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {1641F54C-1E57-4902-AB65-EE2B65E5629D} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan => C:\Windows\system32\usoclient.exe [2015-07-10] (Microsoft Corporation)
Task: {17F0CE13-3D04-496D-B97E-E83E105CFEB2} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {18A272EA-3CB9-482D-B6EC-8518CAD972FE} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-29] (Dropbox, Inc.)
Task: {19865544-CE08-40BE-8B8C-87C47681433D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sihboot => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {1D314B17-4576-459F-893D-FD66F37EB2E4} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {1D3D099E-EE1E-4907-8BA2-BA8F12D11AA6} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\Windows\System32\LocationNotificationWindows.exe [2015-07-10] (Microsoft Corporation)
Task: {264DBFCA-F7AF-46B2-8E84-409141314542} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {278F9CC0-AF3B-43D9-9A60-80D94983903C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d No Task File <==== ATTENTION
Task: {2B26AF9E-7451-48AB-A755-AD31505823B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-21] (Google Inc.)
Task: {2C97A00A-1C5C-4318-B5CC-8A1A126B77F9} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\KeyPreGenTask
Task: {2F9C0AC4-3693-47A8-BE2E-5EC30DC93AEA} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {3B2C82D3-D20A-4ED9-BAFE-B65275CD210E} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-29] (Dropbox, Inc.)
Task: {3BD0D7D6-715F-43F8-8FBB-90418814185B} - System32\Tasks\Microsoft\Windows\RetailDemo\CleanupOfflineContent
Task: {3EBAF810-7651-434F-A12C-7C8F8BC91B50} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe generaltel.dll,RunTelemetryW
Task: {3F95EC8E-BBDC-4386-B2E6-04B1086419B8} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd No Task File <==== ATTENTION
Task: {41160EA0-208B-4C3E-B4DB-805BBABC6B93} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient => C:\Windows\system32\dmclient.exe [2015-07-10] (Microsoft Corporation)
Task: {4454A8D0-2E4E-4A02-BF67-48DF6A7BFAB4} - System32\Tasks\Microsoft\Windows\Maps\MapsUpdateTask
Task: {44B3528F-AFA3-4C89-BFB3-8D4F8F6AA492} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {48F281F7-D360-468D-8E64-A1903716BD3C} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\WINDOWS\SYSTEM32\OOBE\SETUPSQM.EXE [2015-07-10] (Microsoft Corporation)
Task: {5E5515C1-7D87-4904-B9CE-FD29EB2ADB72} - System32\Tasks\Microsoft\Windows\Sysmain\ResPriStaticDbSync
Task: {5F0FE2E0-1039-48C0-8289-BD260BFF9085} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
Task: {611C823C-437B-46E7-9683-5312DFFCFD7B} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Policy Install => C:\Windows\system32\usoclient.exe [2015-07-10] (Microsoft Corporation)
Task: {711EE2F9-A611-4773-AF8E-D4B278A6718D} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\AikCertEnrollTask
Task: {73551810-E5F4-433E-9494-0D00B55C855E} - System32\Tasks\Microsoft\Windows\Maps\MapsToastTask
Task: {744C9FEA-08B7-43E1-A729-0F94647D655C} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Resume On Boot => C:\Windows\system32\usoclient.exe [2015-07-10] (Microsoft Corporation)
Task: {78B77FA3-9D97-441D-97B6-68CEA40B4F74} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe generaltel.dll,RunTelemetry -maintenance
Task: {7A003965-A297-4DC6-B15B-852D798391E0} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot => C:\WINDOWS\system32\MusNotification.exe [2015-07-15] (Microsoft Corporation)
Task: {7A0593DA-B45F-4256-8D19-98B5338F0A73} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {83183C32-04BF-494C-B770-87D93776FD29} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {848DCC36-520C-4946-BF68-C7EFFEFA2F84} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot => C:\windows\system32\MusNotification.exe [2015-07-15] (Microsoft Corporation)
Task: {8A9A69B1-8A0C-412C-9BF7-9F44E4ED08C3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-21] (Google Inc.)
Task: {8DF84CB3-D8E0-4307-A35B-CA74E21786DB} - System32\Tasks\Microsoft\Windows\Clip\License Validation => C:\Windows\system32\ClipUp.exe [2015-07-14] (Microsoft Corporation)
Task: {8F4C3A2F-D807-437E-BAA4-10DF9721ED47} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync No Task File <==== ATTENTION
Task: {902574F9-CF03-4753-8158-960564A2DDD3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent No Task File <==== ATTENTION
Task: {91554007-1026-48FE-9928-63C81FF40964} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {948B705C-6333-4BD7-9006-407220B681E8} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B No Task File <==== ATTENTION
Task: {96079389-87B2-4469-BC7B-6BF004A02B11} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {9FC51682-C29B-4573-BD05-9058B3BBD17A} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {A2324D4F-8070-45B7-849C-9CEFA5736C58} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {A364E297-00AD-490D-900E-22AC34598C71} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install => C:\Windows\system32\usoclient.exe [2015-07-10] (Microsoft Corporation)
Task: {A5B6CD85-1B57-49B9-BA80-5D5D65F02826} - System32\Tasks\Microsoft\Windows\AppID\EDP Policy Manager
Task: {A6D9514B-038D-4EEB-AB0D-F35E66CBC389} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d No Task File <==== ATTENTION
Task: {AC29E64E-3271-47BA-B8F1-914523CF379B} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Automatic App Update
Task: {AC603FCC-B3FA-4BD1-9734-E41EB48931B8} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {AF796398-7414-4617-B511-41172C3485A0} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {B72646A9-402F-4332-B529-0D486716C658} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {B854F60E-48B8-49D3-B847-6BB59EFDBBD9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig No Task File <==== ATTENTION
Task: {B9B36D41-C776-424E-9A13-5387E17A2CEB} - System32\Tasks\Microsoft\Windows\WCM\WiFiTask => C:\Windows\System32\WiFiTask.exe [2015-07-10] (Microsoft Corporation)
Task: {C2162702-FFEB-48C0-AA5F-2DA3A8887D61} - System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller\Installation
Task: {C56AFFD3-06B8-4A16-AF7E-F7A6EB3FAE9E} - System32\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr
Task: {C56F255B-E375-4583-8A77-BE7AD674AA3F} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {C5EE2EA2-5312-4D1F-B9D0-41B18DF31B78} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sih => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {C7A236B2-12E1-46DC-9501-3B1B0209CC09} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog => C:\Windows\System32\WindowsActionDialog.exe [2015-07-10] (Microsoft Corporation)
Task: {CB8030EA-6E7B-4C11-996F-C8577642255A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess No Task File <==== ATTENTION
Task: {D2401052-A382-42DE-9C79-D1CF3563F654} - System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller\Uninstallation
Task: {D68BE8A5-AB44-43D6-B1F8-E2C4522E83CC} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {DAF2BAE3-1C5B-4CB5-9F62-0911C031A15A} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics => C:\Windows\system32\disksnapshot.exe [2015-07-10] (Microsoft Corporation)
Task: {DBB87714-206C-41EE-ACCB-B846E9997F5A} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {DCD744AD-289F-4E89-9CCF-5727E5A744C2} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => C:\WINDOWS\system32\MusNotification.exe [2015-07-15] (Microsoft Corporation)
Task: {DFBDBF4A-62B2-459D-9ADA-9BC4006FB33C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {E2CAC517-65AE-4FB8-BDCD-80010248DE7A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d No Task File <==== ATTENTION
Task: {EA3F661E-B31C-44A9-B40C-E3D5D56149D4} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display => C:\windows\system32\MusNotification.exe [2015-07-15] (Microsoft Corporation)
Task: {EA51AC54-6195-428D-B0BE-4921A7F3C655} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {F9C5DCAC-86E6-4CDE-9542-97469888E8F2} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {FC43B3C2-9A2A-41F1-81EE-BA5BBCE6FC74} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => 0x000A0100E110AD8E715BA8458208952FB444FA454600D400000000003C000A00200000000014730F000000000513040020200401000000000000000000000000000000000000180043003A005C00570049004E0044004F00570053005C006500780070006C006F007200650072002E0065007800650000000C002F004E004F0055004100430043004800450043004B000000000018004500780070006C006F007200650072005300680065006C006C0055006E0065006C00650076006100740065006400000000000000080003130400000000000000
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-08-02 20:18 - 2015-07-14 19:04 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2014-11-20 22:23 - 2014-11-20 22:23 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2015-08-02 20:18 - 2015-07-10 18:22 - 00403968 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-08-02 20:18 - 2015-07-17 22:19 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-02 20:18 - 2015-07-17 22:19 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-07-10 04:00 - 2015-07-10 06:14 - 02028544 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesService.dll
2015-07-10 04:00 - 2015-07-10 06:14 - 00471040 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-02 20:18 - 2015-07-10 17:57 - 00619008 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SignalsManager.dll
2015-07-10 04:00 - 2015-07-10 06:14 - 00928768 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesBackgroundTasks.dll
2015-08-02 20:18 - 2015-07-23 19:23 - 01806848 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2014-07-28 11:29 - 2014-07-28 11:29 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-07-28 11:32 - 2014-07-28 11:32 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-07-28 11:29 - 2014-07-28 11:29 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-07-28 11:31 - 2014-07-28 11:31 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2012-01-10 14:41 - 2015-03-29 18:54 - 00568392 _____ () E:\puush.exe
2015-07-15 21:38 - 2015-07-15 21:38 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-08-02 20:18 - 2015-07-23 19:25 - 06576640 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-08-02 20:18 - 2015-07-10 18:03 - 00883200 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2015-08-02 20:18 - 2015-07-23 19:23 - 02274816 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-12-21 23:59 - 2011-12-21 23:59 - 00133120 _____ () C:\Program Files (x86)\Eye-Fi\Helper\libexif.dll
2011-12-21 23:56 - 2011-12-21 23:56 - 00209408 _____ () C:\Program Files (x86)\Eye-Fi\Helper\libopenraw.dll
2015-08-05 03:55 - 2015-07-30 23:19 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\libglesv2.dll
2015-08-05 03:55 - 2015-07-30 23:19 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\libegl.dll
2015-08-07 21:12 - 2015-08-07 21:12 - 00071168 _____ () c:\users\duncan\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgirkc8.dll
2015-07-29 02:18 - 2015-07-16 17:31 - 00012800 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll
2015-07-29 02:18 - 2015-07-16 17:31 - 00779776 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-29 02:18 - 2015-07-16 17:31 - 00056320 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-07-29 02:18 - 2015-07-16 17:31 - 00012288 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll
2015-08-05 03:55 - 2015-07-30 23:19 - 16308040 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2760418946-379915037-3885476287-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: iTunesHelper => "E:\programs\iTunesHelper.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{5B4CAF2D-FB57-44D8-85F6-4F26F2A44F85}] => (Allow) E:\programs\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{CDA57DBF-0D94-4C83-8ADE-B2AE7392DB47}] => (Allow) E:\programs\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{BC84963C-5E8B-4DE8-907A-A593757270E4}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{A41384CC-1039-4997-9C2C-7C4DBA8FA13C}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{0C7D4825-32A0-41C3-9B76-9FD5E039061A}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{C64317E5-864B-4EC3-A89F-E845DB4F58EB}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{0871CAEC-CA7C-45A5-B82A-9914591EA378}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{0CA4826C-EAA8-46EC-9E15-6AD6D33B8942}] => (Allow) E:\programs\Battle.net\Battle.net.exe
FirewallRules: [{F069B289-3568-4ECC-83EE-94E891135C8E}] => (Allow) E:\programs\Battle.net\Battle.net.exe
FirewallRules: [{5AE409C6-A26F-413F-9FF7-6A892888C52B}] => (Allow) E:\programs\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{E177D403-0ACF-4015-BE4E-F5FA86DD864B}] => (Allow) E:\programs\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{13C85055-8FFF-4A12-90B1-3F01452EB068}] => (Allow) E:\programs\Steam\steamapps\common\Batman Arkham Knight\Binaries\Win64\BatmanAK.exe
FirewallRules: [{709A4949-DBC3-467A-A07B-4B8E99DA44E9}] => (Allow) E:\programs\Steam\steamapps\common\Batman Arkham Knight\Binaries\Win64\BatmanAK.exe
FirewallRules: [{A3C1289A-0275-4A52-987D-E22E9973B7DD}] => (Allow) E:\programs\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{96BA28E6-8DE9-432F-A171-7106B98BA9C5}] => (Allow) E:\programs\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{4E771627-04DA-40D2-A6BB-BE1D05FA9ED9}] => (Allow) E:\programs\Steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [{E259CD7D-B157-4486-A0AC-E9B600ADCAE3}] => (Allow) E:\programs\Steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [{2FD9AD0E-7F1D-4139-A91C-233EAC0747A6}] => (Allow) E:\programs\Steam\steamapps\common\Seduce Me the Otome\Seduce Me Official.exe
FirewallRules: [{9E1B8DC4-524D-42D0-8D02-C64B90305F0A}] => (Allow) E:\programs\Steam\steamapps\common\Seduce Me the Otome\Seduce Me Official.exe
FirewallRules: [{ABC4BC62-B28F-4E0E-83CA-AFF3AFA804FA}] => (Allow) E:\programs\Steam\steamapps\common\Viscera Cleanup Detail Santa's Rampage\Binaries\Win64\UDK.exe
FirewallRules: [{0EF7FC7A-79EE-4140-A479-D05433CCAC98}] => (Allow) E:\programs\Steam\steamapps\common\Viscera Cleanup Detail Santa's Rampage\Binaries\Win64\UDK.exe
FirewallRules: [{DAD0EBBA-F258-4D0B-905A-709E4F757BE8}] => (Allow) E:\programs\Steam\steamapps\common\Viscera Cleanup Detail Santa's Rampage\Binaries\Win32\UDK.exe
FirewallRules: [{C943DC0C-7E1A-4DC6-9705-5A7E37087E4D}] => (Allow) E:\programs\Steam\steamapps\common\Viscera Cleanup Detail Santa's Rampage\Binaries\Win32\UDK.exe
FirewallRules: [{C24FC78E-490E-4BE9-B006-AFF82141F129}] => (Allow) E:\programs\Steam\steamapps\common\Robocraft\Robocraft.exe
FirewallRules: [{A41EDB3F-3672-482E-9EC7-9D3661CADC87}] => (Allow) E:\programs\Steam\steamapps\common\Robocraft\Robocraft.exe
FirewallRules: [{7B6914BD-474E-4EC9-9310-35E83E0CE93E}] => (Allow) E:\programs\Steam\steamapps\common\InvisibleInc\invisibleinc.exe
FirewallRules: [{C10748A4-C797-4A1C-90A6-474F6DD63C3A}] => (Allow) E:\programs\Steam\steamapps\common\InvisibleInc\invisibleinc.exe
FirewallRules: [UDP Query User{A2E641A9-0FBD-4686-B120-AE37F58CDABB}E:\deluge\deluge.exe] => (Block) E:\deluge\deluge.exe
FirewallRules: [TCP Query User{48389CC7-1E95-4246-8289-9CE0ECA626F8}E:\deluge\deluge.exe] => (Block) E:\deluge\deluge.exe
FirewallRules: [{48EF539B-69A9-4099-9790-1970264811C4}] => (Allow) E:\programs\Steam\steamapps\common\Hammerwatch\editor\HammerEditor.exe
FirewallRules: [{1084B2DD-983F-46B3-B6F9-41C9B40A2921}] => (Allow) E:\programs\Steam\steamapps\common\Hammerwatch\editor\HammerEditor.exe
FirewallRules: [{39A1709F-6642-4E22-9464-4BC9D12CE315}] => (Allow) E:\programs\Steam\steamapps\common\To the Moon\Minisode_2\Sigmund Holiday Special 2\SigCorp Minisode 2.exe
FirewallRules: [{DFBC9F0E-071F-4E56-B410-59AC1F2914BF}] => (Allow) E:\programs\Steam\steamapps\common\To the Moon\Minisode_2\Sigmund Holiday Special 2\SigCorp Minisode 2.exe
FirewallRules: [{AB782B0A-C670-4FDB-B47D-6EFCE931A740}] => (Allow) E:\programs\Steam\steamapps\common\To the Moon\Minisode_1\Sigmund Holiday Special 1\Siggy - Holiday Special.exe
FirewallRules: [{4299A72E-F8C5-46D4-9A12-BB23D1EC8CD3}] => (Allow) E:\programs\Steam\steamapps\common\To the Moon\Minisode_1\Sigmund Holiday Special 1\Siggy - Holiday Special.exe
FirewallRules: [{C5AEC1FE-A65F-476E-9529-BA604D1C0AA7}] => (Allow) E:\programs\Steam\steamapps\common\To the Moon\To the Moon\To the Moon.exe
FirewallRules: [{CB2C8349-C32B-4B9C-B08F-76FEDFE68FB3}] => (Allow) E:\programs\Steam\steamapps\common\To the Moon\To the Moon\To the Moon.exe
FirewallRules: [UDP Query User{BA1719CC-3CDB-49E2-BE96-A229D2602118}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{5DC78596-F793-44FA-9C25-09E35D41DFAF}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{3DB8519C-9EC7-4126-AFB0-8AF2106F382E}C:\program files (x86)\eye-fi\helper\eyefihelper.exe] => (Block) C:\program files (x86)\eye-fi\helper\eyefihelper.exe
FirewallRules: [TCP Query User{4615DC39-D5EA-4E98-AB7C-81A9F21523C4}C:\program files (x86)\eye-fi\helper\eyefihelper.exe] => (Block) C:\program files (x86)\eye-fi\helper\eyefihelper.exe
FirewallRules: [{BDCAB5F6-CB20-40C2-8C9B-31BFCBC993C2}] => (Allow) E:\programs\Steam\steamapps\common\SunlessSea\Sunless Sea.exe
FirewallRules: [{963CDB81-83B7-45D0-96B1-87F5D1D7BD94}] => (Allow) E:\programs\Steam\steamapps\common\SunlessSea\Sunless Sea.exe
FirewallRules: [{C73D3E26-C8C6-4FC6-A53D-7780C1A0D890}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{BF5141CD-D6FE-4E7E-B162-560517FDBA32}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{D284040A-F8BB-4D84-A9F4-7C610B530354}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{9E13FD00-432D-488B-AE83-C8C7604DCD13}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{9AA8C62C-66EE-494D-BE1E-4E3A94555045}] => (Allow) E:\programs\Steam\steamapps\common\FireflyOnlineCortex\FireflyCortex.exe
FirewallRules: [{F7EFD2A6-A1FE-4A80-9E5F-59320B5D5347}] => (Allow) E:\programs\Steam\steamapps\common\FireflyOnlineCortex\FireflyCortex.exe
FirewallRules: [{325396B8-8281-4AA7-8AE5-4119E8D03E39}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AB551BC2-9731-4B2E-AAF0-122C80BE8BAC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AE5E237A-D6EC-4B37-8A5D-13FB270CDC66}] => (Allow) E:\programs\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{8ECC3C43-99CC-4034-A064-CA3C052BB9EA}] => (Allow) E:\programs\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [UDP Query User{1F8633D2-584F-4DD9-B991-13767D3B1B24}E:\deluge\deluge.exe] => (Allow) E:\deluge\deluge.exe
FirewallRules: [TCP Query User{F85D8ECC-4A9D-40CC-A0A4-B068F4562013}E:\deluge\deluge.exe] => (Allow) E:\deluge\deluge.exe
FirewallRules: [UDP Query User{85F38878-C34C-4C06-A8B3-1A990A1F306C}C:\program files (x86)\eye-fi\helper\eyefihelper.exe] => (Allow) C:\program files (x86)\eye-fi\helper\eyefihelper.exe
FirewallRules: [TCP Query User{F18EADA2-4452-48F8-BCCA-5C987238AC6C}C:\program files (x86)\eye-fi\helper\eyefihelper.exe] => (Allow) C:\program files (x86)\eye-fi\helper\eyefihelper.exe
FirewallRules: [{2B15F4BD-8436-4C63-9FD4-38B57CD03340}] => (Allow) E:\programs\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{B58A9DF0-A9CE-4859-B3F2-154340FEC5A8}] => (Allow) E:\programs\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{54559871-A2A5-4829-9D65-4764E1666626}] => (Allow) E:\programs\Steam\steamapps\common\Massive Chalice\MC.exe
FirewallRules: [{7867F399-9217-4281-B0BC-5A4286020800}] => (Allow) E:\programs\Steam\steamapps\common\Massive Chalice\MC.exe
FirewallRules: [{073B5376-9489-476C-B999-26E0F2FF7874}] => (Allow) E:\programs\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{07D267E6-A261-4805-AB92-4CD1E3B790C2}] => (Allow) E:\programs\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [UDP Query User{2025CD51-7221-452C-8D0B-DBB3AA551AA0}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{40377912-C08C-4479-A1DA-7F4DD0303B9D}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [{777C59C8-E933-450D-BE98-565522B6A371}] => (Allow) E:\programs\Steam\steamapps\common\Evolve\Bin64_SteamRetail\StaticLauncher64.exe
FirewallRules: [{7149974F-658C-4551-9E18-E0F906911FD9}] => (Allow) E:\programs\Steam\steamapps\common\Evolve\Bin64_SteamRetail\StaticLauncher64.exe
FirewallRules: [UDP Query User{2B0C7F91-24D0-4B03-8079-C0DD8ED7CBBF}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{A61D59ED-E381-4919-BE6D-665B4B6E4AA6}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{24E0C95A-E1D3-424F-9153-C06C5A1E8D55}C:\users\duncan\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\duncan\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{369A8893-8B06-4DFC-8A33-037E7FFE3ADA}C:\users\duncan\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\duncan\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{5EA3CDAC-3885-4F11-BC74-DE8855305EEF}C:\windows\system32\java.exe] => (Allow) C:\windows\system32\java.exe
FirewallRules: [TCP Query User{64E2EA3E-D45A-4735-B08D-78F2B4BB068E}C:\windows\system32\java.exe] => (Allow) C:\windows\system32\java.exe
FirewallRules: [{E85AEBAD-5701-4221-8805-7BA521F5FF25}] => (Allow) E:\programs\Steam\steamapps\common\Hammerwatch\Hammerwatch.exe
FirewallRules: [{E93C079B-9991-4739-80F8-B8DCD861AFEB}] => (Allow) E:\programs\Steam\steamapps\common\Hammerwatch\Hammerwatch.exe
FirewallRules: [{CF700BFF-D925-4C78-A0BC-6B4338E82ABC}] => (Allow) E:\programs\Steam\steamapps\common\SteamWorld Dig\SteamWorldDig.exe
FirewallRules: [{6091E52A-9E2C-48C6-A899-0034256FC852}] => (Allow) E:\programs\Steam\steamapps\common\SteamWorld Dig\SteamWorldDig.exe
FirewallRules: [{9B52517A-677D-4D5B-866D-F1660D63BF47}] => (Allow) E:\programs\Steam\steamapps\common\The Walking Dead\WalkingDead101.exe
FirewallRules: [{A653CA33-EB22-42B8-B36D-C8F8A2BB734F}] => (Allow) E:\programs\Steam\steamapps\common\The Walking Dead\WalkingDead101.exe
FirewallRules: [{F8F2BC72-ABA4-4290-A0FF-4E857D78EC5A}] => (Allow) E:\programs\Steam\steamapps\common\mark_of_the_ninja\bin\game.exe
FirewallRules: [{8330CF1A-B343-4075-A4F7-711E9BAD7FEF}] => (Allow) E:\programs\Steam\steamapps\common\mark_of_the_ninja\bin\game.exe
FirewallRules: [{A6422DD5-E533-4295-A3B0-F89553EFCC4F}] => (Allow) E:\programs\Steam\bin\steamwebhelper.exe
FirewallRules: [{4B8B9564-7F3C-414F-A411-FD1F3C6F7477}] => (Allow) E:\programs\Steam\bin\steamwebhelper.exe
FirewallRules: [{7C24C025-55A5-438B-AC3B-B3D89DDEBEA9}] => (Allow) E:\programs\iTunes.exe
FirewallRules: [{50F5DC17-9532-4895-BE34-5F2B0D157A36}] => (Allow) E:\programs\Steam\steamapps\common\PapersPlease\PapersPlease.exe
FirewallRules: [{5A483EF1-54D3-4F6D-AFFE-C1F27318642C}] => (Allow) E:\programs\Steam\steamapps\common\PapersPlease\PapersPlease.exe
FirewallRules: [{15EF0E14-0E5F-43CC-84E7-B77456DF3015}] => (Allow) E:\programs\Steam\steamapps\common\Natural Selection 2\NS2.exe
FirewallRules: [{F5A6A417-CD78-4506-B614-94B20D874BDE}] => (Allow) E:\programs\Steam\steamapps\common\Natural Selection 2\NS2.exe
FirewallRules: [{684CB9BA-BA65-456D-9572-070C95DCEA90}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{9C41840B-48BD-44FA-8747-8297B07E2A0B}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{FF7EE58C-5FD7-4512-B406-F6565A4B9B35}] => (Allow) C:\Users\Duncan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E30AEECA-B5FC-41C1-A1A7-EB62FA0D6401}] => (Allow) C:\Users\Duncan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [UDP Query User{EA2E8C17-1675-41BC-87E2-23A2E59E1A2E}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{B724CA16-B5FA-45DC-A283-D8708E934A39}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{118D1412-4A9C-43EE-96D3-E6DAB5C4B517}] => (Allow) E:\programs\Steam\steamapps\common\tbs\win32\The Banner Saga.exe
FirewallRules: [{FF100E12-48B4-4CE8-A9D0-91D2DE001990}] => (Allow) E:\programs\Steam\steamapps\common\tbs\win32\The Banner Saga.exe
FirewallRules: [{08B262CE-7987-49F6-BFB0-DFFA16F1703C}] => (Allow) E:\programs\Steam\steamapps\common\DayZ\DayZ.exe
FirewallRules: [{545AB644-41AF-4A22-BF8B-A64B8F7DBB38}] => (Allow) E:\programs\Steam\steamapps\common\DayZ\DayZ.exe
FirewallRules: [{88FE9F28-DBB3-44CB-863F-75FC4E5EFC2B}] => (Allow) E:\programs\Steam\steamapps\common\Monaco\MONACO.exe
FirewallRules: [{37080275-7CDF-4F3A-BA14-B08348873DC1}] => (Allow) E:\programs\Steam\steamapps\common\Monaco\MONACO.exe
FirewallRules: [{6F758D2C-D8EF-4333-872B-C5B24072DFA9}] => (Allow) E:\programs\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{D35D7C19-20E4-4AC1-91A4-B72633610EEE}] => (Allow) E:\programs\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{6C5935F6-DB75-41A2-A683-613BDC73D5CF}] => (Allow) E:\programs\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{62337D33-2A4F-488E-B228-E824C6A01911}] => (Allow) E:\programs\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{E4B336EB-986A-497E-BE41-91591A4106E6}] => (Allow) E:\programs\Steam\steamapps\common\Mass Effect\Binaries\MassEffect.exe
FirewallRules: [{015E654E-0AC1-44B7-821A-EA280236E484}] => (Allow) E:\programs\Steam\steamapps\common\Mass Effect\Binaries\MassEffect.exe
FirewallRules: [{32FF2A9F-7DD7-454D-AD11-B74A08147879}] => (Allow) E:\programs\Steam\steamapps\common\Mass Effect 2\MassEffect2Launcher.exe
FirewallRules: [{B4E618AB-28A0-45D7-8281-F8B205A25517}] => (Allow) E:\programs\Steam\steamapps\common\Mass Effect 2\MassEffect2Launcher.exe
FirewallRules: [{C020CE19-F9CB-4EF5-8BDA-E42C0E60FB5B}] => (Allow) E:\programs\Steam\steamapps\common\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [{72D2755A-83A3-47F9-93E6-453882494126}] => (Allow) E:\programs\Steam\steamapps\common\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [{DF7D1B76-B136-4C3D-9733-B5AA536640DE}] => (Allow) E:\programs\Steam\steamapps\common\Tales from Space Mutant Blobs Attack\Game.exe
FirewallRules: [{9B2BEB22-ECEE-4753-9EA9-101DE3D703A0}] => (Allow) E:\programs\Steam\steamapps\common\Tales from Space Mutant Blobs Attack\Game.exe
FirewallRules: [{D25AC381-413D-451A-9952-85E1D5CAEE25}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{6A058465-7213-46D5-B0A5-0448EF32991F}] => (Allow) E:\programs\Steam\steamapps\common\Murdered Soul Suspect\Binaries\Win64\Murdered.exe
FirewallRules: [{3978B714-26BD-4625-8C06-25F6D7F7C9C7}] => (Allow) E:\programs\Steam\steamapps\common\Murdered Soul Suspect\Binaries\Win64\Murdered.exe
FirewallRules: [{1FEF9F3C-E4F7-4DEB-99A6-A37CF6F123B9}] => (Allow) E:\programs\Steam\steamapps\common\realMyst Masterpiece Edition\realMyst.exe
FirewallRules: [{29D43303-7D46-4F47-BD7F-5D1FCA782F89}] => (Allow) E:\programs\Steam\steamapps\common\realMyst Masterpiece Edition\realMyst.exe
FirewallRules: [{31A836B6-F2D5-4EDD-99E7-DB2981B67818}] => (Allow) E:\programs\Steam\steamapps\common\The Mighty Quest For Epic Loot\Launcher\MQELDiagnostics.exe
FirewallRules: [{8AD91FFE-8BCD-4F47-9B41-E93A9C5935CF}] => (Allow) E:\programs\Steam\steamapps\common\The Mighty Quest For Epic Loot\Launcher\MQELDiagnostics.exe
FirewallRules: [{4050F356-CB16-4204-AA1D-D79D80CEAF3C}] => (Allow) E:\programs\Steam\steamapps\common\The Mighty Quest For Epic Loot\Launcher\PublicLauncher.exe
FirewallRules: [{D2D2B793-913E-4032-82E7-EAF3E06553A5}] => (Allow) E:\programs\Steam\steamapps\common\The Mighty Quest For Epic Loot\Launcher\PublicLauncher.exe
FirewallRules: [{DE0C88C9-254D-43D9-8EAC-0E78FB7F556E}] => (Allow) E:\programs\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{BD635020-7D79-444B-81F4-63C2A22967E3}] => (Allow) E:\programs\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{4CAD0CE9-BD82-4476-82A0-50CCAB6B38FF}] => (Allow) E:\programs\Steam\steamapps\common\Syberia 2\Game.exe
FirewallRules: [{868A563B-E325-4950-AAD3-686AEF6418FE}] => (Allow) E:\programs\Steam\steamapps\common\Syberia 2\Game.exe
FirewallRules: [{B1BD1A2A-FB92-4E2E-8A4F-BEF50FCF7E3F}] => (Allow) E:\programs\Steam\steamapps\common\Syberia\Game.exe
FirewallRules: [{8DA444E0-C05E-4B64-BF01-8C9FBF12C368}] => (Allow) E:\programs\Steam\steamapps\common\Syberia\Game.exe
FirewallRules: [{ED3B1D1F-B8F8-4A27-99D8-99BBD83D6C70}] => (Allow) E:\programs\Steam\steamapps\common\The Walking Dead Season Two\TheWalkingDead2.exe
FirewallRules: [{AFED7D7C-6C93-4563-8F47-3DB109589239}] => (Allow) E:\programs\Steam\steamapps\common\The Walking Dead Season Two\TheWalkingDead2.exe
FirewallRules: [{3640EEDB-05B0-4AE1-89D1-0BD52FBFC121}] => (Allow) E:\programs\Steam\steamapps\common\The Wolf Among Us\TheWolfAmongUs.exe
FirewallRules: [{1F72C017-7B14-4524-8F21-0EFB7215EF45}] => (Allow) E:\programs\Steam\steamapps\common\The Wolf Among Us\TheWolfAmongUs.exe
FirewallRules: [{8768BC95-4893-4B37-8DA4-1465C79FB398}] => (Allow) E:\programs\Steam\steamapps\common\Watch_Dogs\bin\watch_dogs.exe
FirewallRules: [{A20FB88B-B6E4-4F98-B4C9-F223C13A545D}] => (Allow) E:\programs\Steam\steamapps\common\Watch_Dogs\bin\watch_dogs.exe
FirewallRules: [{D98886D3-C5AD-48BC-8B59-EAB716B51419}] => (Allow) E:\programs\Steam\steamapps\common\Batman Arkham Origins\Online\Binaries\Win32\BatmanOriginsOnline.exe
FirewallRules: [{26507B84-D552-4B35-8B59-F47C06330241}] => (Allow) E:\programs\Steam\steamapps\common\Batman Arkham Origins\Online\Binaries\Win32\BatmanOriginsOnline.exe
FirewallRules: [{271E4DB1-D348-4F42-ADEF-C592B6C79AA2}] => (Allow) E:\programs\Steam\steamapps\common\Batman Arkham Origins\SinglePlayer\Binaries\Win32\BatmanOrigins.exe
FirewallRules: [{718387EE-C64C-45F1-8483-531DE81AEB5F}] => (Allow) E:\programs\Steam\steamapps\common\Batman Arkham Origins\SinglePlayer\Binaries\Win32\BatmanOrigins.exe
FirewallRules: [{200487DD-7253-4717-9288-F9CA2116D295}] => (Allow) E:\programs\Steam\steamapps\common\Gunpoint\Gunpoint.exe
FirewallRules: [{98F0D9DB-BCF8-4E1A-8707-79BDFEB673B2}] => (Allow) E:\programs\Steam\steamapps\common\Gunpoint\Gunpoint.exe
FirewallRules: [{C5CB4E4F-28DF-4396-A8F9-596C9716D4A5}] => (Allow) E:\programs\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{2B344E9C-9554-4F2C-9589-A1B2316137F2}] => (Allow) E:\programs\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{98C4402B-3F1F-43F1-825C-F693C65B8ED0}] => (Allow) E:\programs\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{1009CF07-B8E9-4E82-9BD0-79F305741339}] => (Allow) E:\programs\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{8B4EF0C1-C262-49E4-900E-F3FD822845E7}] => (Allow) E:\programs\Steam\steamapps\common\Monster Loves You!\MonsterLovesYou.exe
FirewallRules: [{BAECEA54-0276-4659-9C6D-E4F4087F344A}] => (Allow) E:\programs\Steam\steamapps\common\Monster Loves You!\MonsterLovesYou.exe
FirewallRules: [{77640304-393A-438B-9EFE-DE30AF826B04}] => (Allow) E:\programs\Steam\steamapps\common\Transistor\x64\Transistor.exe
FirewallRules: [{92349B05-EFC0-4E52-8C7D-DA49D63993C6}] => (Allow) E:\programs\Steam\steamapps\common\Transistor\x64\Transistor.exe
FirewallRules: [{B988F46F-4FC9-4306-952B-4646FF4D62D2}] => (Allow) E:\programs\Steam\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{B353309A-2765-45D0-BD23-481A311725EE}] => (Allow) E:\programs\Steam\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{4013A01E-29F2-403C-B5F3-8E7043DC63C3}] => (Allow) E:\programs\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{F67FE971-1FC9-4564-B40A-3B5C529130B7}] => (Allow) E:\programs\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{D64CC103-99C0-473C-B70D-B33C38C6B7F2}] => (Allow) E:\programs\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{E38EA7F6-0441-4E05-86BC-BDB366C741F2}] => (Allow) E:\programs\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{2B8E1845-909E-4988-973C-8508E0A949D3}] => (Allow) E:\programs\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{85B3D9EF-F428-461D-94A8-F844EABA2A02}] => (Allow) E:\programs\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{2E6CFEE2-4E9F-4C32-B831-8EC26904D2CD}] => (Allow) E:\programs\Steam\Steam.exe
FirewallRules: [{F0694FE3-5F0E-498D-9C9F-221E47248F85}] => (Allow) E:\programs\Steam\Steam.exe
FirewallRules: [{B5B218BF-61E4-4455-A549-09C9A303B808}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2929EDC8-6561-44D1-AFF1-BFC5A31CBC00}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{F7B87B8C-7A78-4727-869E-186F51FD9D84}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{D3D3B907-F9E2-4E85-976F-D95400A8C925}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{4D1E7C66-3CB7-436A-87AB-A850D120FBE4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/06/2015 10:24:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.10240.16401, time stamp: 0x55b1a665
Faulting module name: twinapi.appcore.dll, version: 10.0.10240.16397, time stamp: 0x55af1390
Exception code: 0xc000027b
Fault offset: 0x000000000006687f
Faulting process id: 0x12e4
Faulting application start time: 0xSearchUI.exe0
Faulting application path: SearchUI.exe1
Faulting module path: SearchUI.exe2
Report Id: SearchUI.exe3
Faulting package full name: SearchUI.exe4
Faulting package-relative application ID: SearchUI.exe5
 
Error: (08/06/2015 04:54:34 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DUNCAN-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/06/2015 04:54:34 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DUNCAN-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/05/2015 08:58:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (08/03/2015 05:27:04 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll8
 
Error: (08/03/2015 05:27:04 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: C:\Windows\System32\winspool.drvSpooler8
 
Error: (08/03/2015 05:27:04 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 
 
Error: (08/03/2015 05:27:04 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (08/03/2015 05:27:04 AM) (Source: Perflib) (EventID: 1017) (User: )
Description: ASP.NET_2.0.50727
 
Error: (08/03/2015 05:27:04 AM) (Source: Perflib) (EventID: 1021) (User: )
Description: ASP.NET_2.0.507278
 
 
System errors:
=============
Error: (08/06/2015 11:07:23 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5
 
Error: (08/06/2015 11:07:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session2 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/06/2015 11:07:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session2 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/06/2015 11:07:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session2 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/06/2015 11:07:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session2 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/06/2015 08:06:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
Error: (08/06/2015 08:06:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (08/06/2015 04:54:47 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5
 
Error: (08/06/2015 04:54:41 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_Session1 service to connect.
 
Error: (08/06/2015 04:54:41 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_Session1 service to connect.
 
 
Microsoft Office:
=========================
 
CodeIntegrity:
===================================
  Date: 2015-08-05 21:08:02.324
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2015-08-05 21:08:02.282
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2015-08-05 21:08:02.240
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2015-08-05 21:08:02.176
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2015-08-05 21:08:02.152
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2015-08-05 21:08:02.120
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2015-08-05 21:08:01.252
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2015-08-05 21:08:01.149
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2015-08-05 21:04:26.956
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2015-08-05 21:04:26.914
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD FX™-8350 Eight-Core Processor 
Percentage of memory in use: 23%
Total physical RAM: 12245.69 MB
Available physical RAM: 9340.09 MB
Total Virtual: 24533.69 MB
Available Virtual: 20905.63 MB
 
==================== Drives ================================
 
Drive c: (24hr mexican drive-thru) (Fixed) (Total:223.03 GB) (Free:155.69 GB) NTFS
Drive d: (Pancho 1993) (Fixed) (Total:55.89 GB) (Free:55.79 GB) NTFS
Drive e: (Drive Juan) (Fixed) (Total:931.51 GB) (Free:285.27 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 1549F232)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 374BE5BB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 55.9 GB) (Disk ID: 4B254D56)
Partition 1: (Not Active) - (Size=55.9 GB) - (Type=05)
 
==================== End of log ============================


#7 highlander777

highlander777
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:17 AM

Posted 07 August 2015 - 11:26 PM

sorry i had to link this file it would not let my copy and paste

Attached Files

  • Attached File  FRST.txt   801.34KB   2 downloads


#8 highlander777

highlander777
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:17 AM

Posted 09 August 2015 - 09:16 PM

Are you there because I still really need help

#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:17 PM

Posted 11 August 2015 - 08:07 AM

I´m sorry, I have serious problems regarding your log due to forum issues.

 

 

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also

 

 

 

Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 highlander777

highlander777
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:17 AM

Posted 11 August 2015 - 11:09 PM

# AdwCleaner v4.208 - Logfile created 11/08/2015 at 21:06:44
# Updated 09/07/2015 by Xplode
# Database : 2015-08-11.1 [Server]
# Operating system : Windows 10 Pro  (x64)
# Username : Duncan - DUNCAN-PC
# Running from : E:\DOWNLOADS\adwcleaner_4.208.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.10240.16384
 
 
-\\ Mozilla Firefox v36.0.4 (x86 en-US)
 
 
-\\ Google Chrome v44.0.2403.130
 
 
*************************
 
AdwCleaner[R0].txt - [1033 bytes] - [11/08/2015 21:05:33]
AdwCleaner[S0].txt - [958 bytes] - [11/08/2015 21:06:44]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1016  bytes] ##########


#11 highlander777

highlander777
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:17 AM

Posted 11 August 2015 - 11:13 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.6 (08.10.2015:1)
OS: Windows 10 Pro x64
Ran by Duncan on Tue 08/11/2015 at 21:09:58.06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Users\Duncan\AppData\Roaming\3909
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\Duncan\Appdata\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped
 
[C:\Users\Duncan\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Duncan\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
ajopnjidmegmdimjlfnijceegpefgped
 
[C:\Users\Duncan\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Duncan\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
  ajopnjidmegmdimjlfnijceegpefgped
]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 08/11/2015 at 21:12:38.42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#12 highlander777

highlander777
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:17 AM

Posted 18 August 2015 - 12:28 AM

can i please get some more help i had been 5 days!!!!!!!!!!!!!



#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:17 PM

Posted 18 August 2015 - 12:35 AM

Are you still facing the issue?
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 highlander777

highlander777
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:17 AM

Posted 18 August 2015 - 10:44 PM

yes pc feels like it is still running very slow wich happened right after i got this virus



#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:17 PM

Posted 19 August 2015 - 01:02 PM

Did the wanderburst issue appear again?
I have to consult additional team colleagues on this - please try to describe the problems you still have as detailed as possible.

Also, please stay patient. It may take some more time to get further suggestions but we'll stay with you and try to find a solution.

Edited by TB-Psychotic, 19 August 2015 - 01:05 PM.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users