Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with extremely invasive adware (don't know name)


  • This topic is locked This topic is locked
8 replies to this topic

#1 Drambit

Drambit

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:24 AM

Posted 26 August 2015 - 05:38 PM

This case is annoying because I know exactly how and when I got it, and I have been down this road 4-5 times before, but this one has me beat so far. I downloaded some android software from a website called dev-host or something along those lines, turns out I clicked the wrong download button (there's 8,) got one of those installers that swaps all the "continue" and "cancel" buttons around to try and bait you into clicking continue, then if you do it installs a mountain of adware on your computer. I knew this was coming so I closed it with task manager deliberately avoiding buttons, doesn't matter, got infected anyway. Basically it just inserts ads absolutely everywhere, opening tabs that can't be closed, huge popups, inserts links into text, inserts its own google search results, really dirty stuff.

 

When I first got it, it installed a chrome extension, as well as a program. I deleted the extension, uninstalled the program, ran adwcleaner about 5 times, as well as JRT, CCleaner, MBAM, and Spybot, and although there is no visible software left, it keeps showing up every time I open up chrome. I am currently typing this on FireFox and it is nowhere to be found. The ads usually say "ad brought to you by antiadblocker, or super adblock, ninjabestprice, or a bunch of other names. Whatever this is dug itself in deep, and as someone who has plenty of experience removing viruses, this one crawled in deep, so I need some help.

 

here is the FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:26-08-2015
Ran by Connor (administrator) on CONNOR-PC (26-08-2015 17:27:51)
Running from C:\Users\Connor\Downloads
Loaded Profiles: Connor (Available Profiles: Connor)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Mr. John aka japamd) C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\ASUS\USB-N13 WLAN Card Utilities\RtlService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\USB-N13 WLAN Card Utilities\RtWLan.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [495616 2014-05-12] (Greenshot)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1824474994-749105023-3462722719-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2899136 2015-08-19] (Valve Corporation)
HKU\S-1-5-21-1824474994-749105023-3462722719-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1824474994-749105023-3462722719-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1824474994-749105023-3462722719-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ca/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{E19D4673-D95E-40C7-9B71-0D89C3F993D8}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{F05542C2-8A3E-41C3-9B55-4E337D34EF43}: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Connor\AppData\Roaming\Mozilla\Firefox\Profiles\x9oiggp3.default
FF DefaultSearchEngine: Google
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-01-06] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-07-10] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-14] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-01-06] (LastPass)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1824474994-749105023-3462722719-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Connor\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-01-06]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [116224 2014-11-20] (Advanced Micro Devices) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-12-03] (Ellora Assets Corp.) [File not signed]
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [324568 2014-06-24] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 RadeonPro Support Service; C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [20608 2013-11-04] (Mr. John aka japamd) [File not signed]
R2 Realtek11nCU; C:\Program Files (x86)\ASUS\USB-N13 WLAN Card Utilities\RtlService.exe [36864 2013-09-11] (Realtek Semiconductor Corp.) [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174600 2014-10-14] (Sandboxie Holdings, LLC)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [294600 2014-11-20] (Advanced Micro Devices)
S3 CMUSBDAC; C:\Windows\System32\DRIVERS\CMUSBDAC.sys [594944 2014-09-19] (C-MEDIA)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [489752 2014-07-28] (Intel Corporation)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] ()
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 PCASp50; C:\Windows\System32\Drivers\PCASp50.sys [45752 2009-10-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PCASp50; C:\Windows\SysWOW64\Drivers\PCASp50.sys [45752 2009-10-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2976472 2013-09-11] (Realtek Semiconductor Corporation                           )
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-10-14] (Sandboxie Holdings, LLC)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
S3 ASNDIS4; \??\C:\Windows\system32\ASNDIS4.SYS [X]
S3 NPF; system32\drivers\NPF.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-26 17:27 - 2015-08-26 17:27 - 00013453 _____ C:\Users\Connor\Downloads\FRST.txt
2015-08-26 17:27 - 2015-08-26 17:27 - 00000000 ____D C:\FRST
2015-08-26 16:34 - 2015-08-26 16:34 - 02186752 _____ (Farbar) C:\Users\Connor\Downloads\FRST64.exe
2015-08-26 00:35 - 2015-08-26 00:35 - 01605632 _____ C:\Users\Connor\Desktop\adwcleaner_5.003.exe
2015-08-26 00:32 - 2015-08-26 00:32 - 00001507 _____ C:\Users\Connor\Desktop\JRT.txt
2015-08-26 00:32 - 2015-08-26 00:32 - 00000024 _____ C:\Users\Connor\AppData\Roaming\appdataFr25.bin
2015-08-26 00:24 - 2015-08-26 00:24 - 01798576 _____ (Malwarebytes Corporation) C:\Users\Connor\Downloads\JRT.exe
2015-08-26 00:18 - 2015-08-26 00:18 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-24 18:41 - 2015-08-24 18:41 - 00006049 _____ C:\Users\Connor\Desktop\CM-jNMmUYAA7gz0.jpg-thumb
2015-08-23 23:51 - 2015-08-23 23:51 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-08-23 23:51 - 2015-08-23 23:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-23 18:23 - 2015-08-23 18:23 - 00827816 _____ (Akeo Consulting (http://akeo.ie)) C:\Program Files (x86)\rufus-2.2.exe
2015-08-19 22:32 - 2015-08-19 22:32 - 01585664 _____ C:\Program Files (x86)\AdwCleaner.exe
2015-08-13 21:23 - 2015-08-16 20:57 - 00000000 ____D C:\Users\Connor\Documents\Arduino
2015-08-13 21:23 - 2015-08-13 21:23 - 00000000 ____D C:\Users\Connor\AppData\Roaming\Arduino15
2015-08-13 21:23 - 2015-08-13 21:23 - 00000000 ____D C:\Users\Connor\.jssc
2015-08-13 20:28 - 2015-08-13 20:28 - 00009690 _____ C:\Windows\DPINST.LOG
2015-08-13 20:28 - 2015-08-13 20:28 - 00001003 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arduino.lnk
2015-08-13 20:28 - 2015-08-13 20:28 - 00000000 ____D C:\Program Files (x86)\Arduino
2015-08-12 15:59 - 2015-08-12 15:59 - 00000022 _____ C:\Users\Connor\Documents\orthodentist appointment.txt
2015-08-12 01:24 - 2015-08-26 03:43 - 00000000 ____D C:\AdwCleaner
2015-08-12 01:20 - 2015-08-12 01:20 - 00000000 ____D C:\Program Files (x86)\Twitcher  Twitter Account Switcher
2015-08-11 23:03 - 2015-08-26 17:03 - 00000356 _____ C:\Windows\Tasks\BrotherHopper.job
2015-08-11 23:03 - 2015-08-11 23:03 - 00003270 _____ C:\Windows\System32\Tasks\BrotherHopper
2015-08-11 17:01 - 2015-08-11 17:01 - 00000000 ____D C:\Users\Connor\Documents\Monitor
2015-08-11 16:13 - 2015-08-11 16:13 - 00000000 ____D C:\Users\Connor\Downloads\Poweramp Music Player (Full) v2.0.10-build-565
2015-08-11 13:23 - 2015-08-26 03:43 - 00001576 _____ C:\Windows\PFRO.log
2015-08-11 13:21 - 2015-08-26 16:33 - 00000356 _____ C:\Windows\Tasks\MoneyAid.job
2015-08-11 13:21 - 2015-08-11 13:21 - 00003270 _____ C:\Windows\System32\Tasks\MoneyAid
2015-08-10 21:58 - 2015-08-10 22:18 - 00000000 ____D C:\Users\Connor\Downloads\Monty.Pythons.Life.of.Brian.1979.1080p.BluRay.H264.AAC-RARBG
2015-08-09 00:28 - 2015-08-09 00:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-09 00:26 - 2015-08-09 00:26 - 00931408 _____ (Google Inc.) C:\Users\Connor\Downloads\ChromeSetup.exe
2015-08-08 13:52 - 2015-08-08 13:54 - 00000000 ____D C:\Users\Connor\AppData\Local\Radiant
2015-08-08 13:52 - 2015-08-08 13:52 - 00000384 _____ C:\Windows\DirectX.log
2015-08-08 13:52 - 2015-08-08 13:52 - 00000000 ____D C:\ProgramData\Radiant
2015-08-08 13:52 - 2015-08-08 13:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Radiant
2015-08-08 13:52 - 2015-08-08 13:52 - 00000000 ____D C:\Program Files (x86)\Radiant
2015-08-08 13:51 - 2015-08-08 13:51 - 65834536 _____ (Radiant) C:\Users\Connor\Downloads\SetupRisingThunder.exe
2015-08-08 13:51 - 2015-08-08 13:51 - 00000000 ____D C:\Users\Connor\AppData\Local\Downloaded Installations
2015-08-08 13:31 - 2015-08-08 13:31 - 00000000 ____D C:\Program Files\Common Files\AV
2015-08-08 13:22 - 2015-08-08 23:54 - 00000272 _____ C:\Users\Connor\Downloads\debug.log
2015-08-08 13:21 - 2015-08-12 01:11 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-08-08 13:21 - 2015-08-08 13:31 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-08-08 13:21 - 2015-08-08 13:21 - 00001391 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-08-08 13:21 - 2015-08-08 13:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-08-08 13:21 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-08-08 13:19 - 2015-08-08 13:20 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Connor\Downloads\spybot-2.4.exe
2015-08-07 18:37 - 2015-08-07 18:37 - 00000000 ____D C:\Users\Connor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Android SDK Tools
2015-08-07 18:36 - 2015-08-07 19:01 - 00000000 ____D C:\Program Files (x86)\android-sdk
2015-08-07 18:33 - 2015-08-07 18:45 - 00000000 ____D C:\Users\Connor\.android
2015-08-07 17:11 - 2015-08-07 18:34 - 00000000 ____D C:\Users\Connor\AppData\Local\Android
2015-08-07 17:03 - 2015-08-26 17:03 - 00000344 _____ C:\Windows\Tasks\SmoothTravels.job
2015-08-07 17:03 - 2015-08-26 00:26 - 00000000 ____D C:\Users\Connor\AppData\Roaming\Foolish Advice
2015-08-07 17:03 - 2015-08-07 17:03 - 00003258 _____ C:\Windows\System32\Tasks\SmoothTravels
2015-08-07 16:21 - 2015-08-07 16:21 - 00000000 ____D C:\Program Files (x86)\ClockworkMod
2015-08-07 13:40 - 2015-08-07 13:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bulk Rename Utility
2015-08-07 13:40 - 2015-08-07 13:40 - 00000000 ____D C:\Program Files\Bulk Rename Utility

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-26 16:48 - 2014-12-14 00:12 - 01781809 _____ C:\Windows\WindowsUpdate.log
2015-08-26 16:33 - 2014-12-14 00:58 - 00000000 ____D C:\Program Files (x86)\Steam
2015-08-26 12:52 - 2015-06-18 13:13 - 00025197 _____ C:\Windows\setupact.log
2015-08-26 11:30 - 2009-07-14 00:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-26 11:30 - 2009-07-13 23:45 - 00028320 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-26 11:30 - 2009-07-13 23:45 - 00028320 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-26 03:43 - 2014-12-22 21:17 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2015-08-26 03:43 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-26 00:26 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\DigitalLocker
2015-08-26 00:22 - 2014-12-15 23:10 - 00000000 ____D C:\Users\Connor\AppData\Local\Battle.net
2015-08-26 00:19 - 2014-12-14 02:00 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-26 00:18 - 2014-12-14 00:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-26 00:18 - 2014-12-14 00:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-25 11:47 - 2015-04-15 15:44 - 00000153 _____ C:\Users\Connor\AppData\Roaming\Ping Monitor_#5_LogFileName.ini
2015-08-25 11:47 - 2015-04-15 15:44 - 00000153 _____ C:\Users\Connor\AppData\Roaming\Ping Monitor_#4_LogFileName.ini
2015-08-25 11:47 - 2015-04-15 15:44 - 00000153 _____ C:\Users\Connor\AppData\Roaming\Ping Monitor_#3_LogFileName.ini
2015-08-25 11:47 - 2015-04-15 15:44 - 00000153 _____ C:\Users\Connor\AppData\Roaming\Ping Monitor_#2_LogFileName.ini
2015-08-25 11:47 - 2015-04-15 15:44 - 00000153 _____ C:\Users\Connor\AppData\Roaming\Ping Monitor_#1_LogFileName.ini
2015-08-25 11:47 - 2014-12-16 00:55 - 00000773 _____ C:\Users\Connor\AppData\Roaming\Ping Monitor_Settings.ini
2015-08-24 01:19 - 2014-12-14 02:28 - 00000000 ____D C:\Users\Connor\AppData\Roaming\Skype
2015-08-23 23:51 - 2014-12-14 00:58 - 00000000 ____D C:\ProgramData\Skype
2015-08-23 18:27 - 2015-06-10 13:37 - 00000000 ____D C:\Users\Connor\Downloads\New folder
2015-08-19 02:35 - 2014-12-22 23:56 - 00000000 ____D C:\Users\Connor\AppData\Roaming\vlc
2015-08-13 21:23 - 2014-12-14 00:11 - 00000000 ____D C:\Users\Connor
2015-08-12 02:05 - 2015-06-05 21:40 - 00000000 ____D C:\Users\Connor\AppData\Roaming\Mp3tag
2015-08-12 01:25 - 2015-02-07 00:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-11 16:42 - 2015-03-04 19:20 - 00000000 ____D C:\Users\Connor\Documents\Resume
2015-08-11 13:23 - 2014-12-14 00:58 - 00000000 ____D C:\Users\Connor\AppData\Local\Greenshot
2015-08-10 21:55 - 2015-04-24 22:08 - 00000000 ____D C:\Users\Connor\AppData\Local\Popcorn-Time
2015-08-09 00:28 - 2014-12-14 00:57 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-08 13:22 - 2014-12-14 00:57 - 00000000 ____D C:\Users\Connor\AppData\Local\Google
2015-08-03 13:02 - 2014-12-30 02:47 - 00000132 _____ C:\Users\Connor\AppData\Roaming\Adobe PNG Format CS5 Prefs

==================== Files in the root of some directories =======

2015-08-19 22:32 - 2015-08-19 22:32 - 1585664 _____ () C:\Program Files (x86)\AdwCleaner.exe
2015-08-23 18:23 - 2015-08-23 18:23 - 0827816 _____ (Akeo Consulting (http://akeo.ie)) C:\Program Files (x86)\rufus-2.2.exe
2015-01-06 07:32 - 2015-01-06 07:32 - 14147584 _____ () C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-12-30 02:47 - 2015-08-03 13:02 - 0000132 _____ () C:\Users\Connor\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-08-26 00:32 - 2015-08-26 00:32 - 0000024 _____ () C:\Users\Connor\AppData\Roaming\appdataFr25.bin
2015-04-15 15:44 - 2015-08-25 11:47 - 0000153 _____ () C:\Users\Connor\AppData\Roaming\Ping Monitor_#1_LogFileName.ini
2015-04-15 15:44 - 2015-08-25 11:47 - 0000153 _____ () C:\Users\Connor\AppData\Roaming\Ping Monitor_#2_LogFileName.ini
2015-04-15 15:44 - 2015-08-25 11:47 - 0000153 _____ () C:\Users\Connor\AppData\Roaming\Ping Monitor_#3_LogFileName.ini
2015-04-15 15:44 - 2015-08-25 11:47 - 0000153 _____ () C:\Users\Connor\AppData\Roaming\Ping Monitor_#4_LogFileName.ini
2015-04-15 15:44 - 2015-08-25 11:47 - 0000153 _____ () C:\Users\Connor\AppData\Roaming\Ping Monitor_#5_LogFileName.ini
2014-12-16 00:55 - 2014-12-16 00:56 - 0000422 _____ () C:\Users\Connor\AppData\Roaming\Ping Monitor_Servers1.ini
2014-12-16 00:57 - 2014-12-16 00:57 - 0000428 _____ () C:\Users\Connor\AppData\Roaming\Ping Monitor_Servers2.ini
2014-12-16 00:55 - 2015-08-25 11:47 - 0000773 _____ () C:\Users\Connor\AppData\Roaming\Ping Monitor_Settings.ini
2014-12-18 06:50 - 2014-12-18 06:50 - 0007605 _____ () C:\Users\Connor\AppData\Local\Resmon.ResmonCfg
2014-12-14 01:53 - 2014-12-14 01:53 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Connor\AppData\Local\Temp\Quarantine.exe
C:\Users\Connor\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-22 12:43

==================== End of FRST.txt ============================



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:24 PM

Posted 28 August 2015 - 08:45 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1824474994-749105023-3462722719-1000\...\Run: [AdobeBridge] => [X]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 ASNDIS4; \??\C:\Windows\system32\ASNDIS4.SYS [X]
S3 NPF; system32\drivers\NPF.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

CHR dev: Chrome dev build detected! <======= ATTENTION

Your copy of Chrome has been compromised

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants.

Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

===

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/

Re-install Chrome and the Bookmarks.
<<<>>>

Please post the Addition.txt file that was created when you ran the Farbar tool for my review.

How is the computer running now?

#3 Drambit

Drambit
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:24 AM

Posted 28 August 2015 - 02:38 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:26-08-2015
Ran by Connor (2015-08-28 14:33:03) Run:1
Running from C:\Users\Connor\Downloads
Loaded Profiles: Connor (Available Profiles: Connor)
Boot Mode: Normal
==============================================

fixlist content:
*****************

start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1824474994-749105023-3462722719-1000\...\Run: [AdobeBridge] => [X]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 ASNDIS4; \??\C:\Windows\system32\ASNDIS4.SYS [X]
S3 NPF; system32\drivers\NPF.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]

End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
HKU\S-1-5-21-1824474994-749105023-3462722719-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\hdokiejnpimakedhajhdlcegeplioahd" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hdokiejnpimakedhajhdlcegeplioahd" => key removed successfully
gupdate => service removed successfully
gupdatem => service removed successfully
ASNDIS4 => service removed successfully
NPF => service removed successfully
nvlddmkm => service removed successfully
nvvad_WaveExtensible => service removed successfully
EmptyTemp: => 744.1 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 14:33:15 ====



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:24 PM

Posted 29 August 2015 - 06:54 AM

Please post the Addition.txt file that was created when you ran the Farbar tool for my review.

How is the computer running now?

#5 Drambit

Drambit
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:24 AM

Posted 29 August 2015 - 12:48 PM

Please post the Addition.txt file that was created when you ran the Farbar tool for my review.

How is the computer running now?

What do you mean? I posted the addition text from the first scan, do you just want to me scan again and repost it?

 

Also, I checked my chrome and everything seems to be good so far, still using firefox in the mean time though.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:24 PM

Posted 30 August 2015 - 07:00 AM

I posted the addition text from the first scan, do you just want to me scan again and repost it?


I do not see the Addition.txt file in your topic.

Just copy the content and post it for my review.

Try Chrome and let me know of any issues.

#7 Drambit

Drambit
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:24 AM

Posted 30 August 2015 - 01:03 PM

Been using chrome since yesterday, everything seems to be perfect.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:26-08-2015
Ran by Connor (2015-08-26 17:28:01)
Running from C:\Users\Connor\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1824474994-749105023-3462722719-500 - Administrator - Disabled)
Connor (S-1-5-21-1824474994-749105023-3462722719-1000 - Administrator - Enabled) => C:\Users\Connor
Guest (S-1-5-21-1824474994-749105023-3462722719-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ACP Application (Version: 2.15.10.0003 - Advanced Micro Devices, Inc.) Hidden
Active@ KillDisk 9.1 (HKLM\...\{81B939C1-0219-42B6-A352-D5E43F2BDFAE}_is1) (Version: 9.1 - LSoft Technologies Inc)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arduino (HKLM-x32\...\Arduino) (Version: 1.6.5-r2 - Arduino LLC)
ASUS USB-N13 WLAN Card Utilities & Driver (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D12314F45EB}) (Version: 1.0.0.8 - ASUS)
ASUS WLAN Card Utilities/Driver (HKLM-x32\...\{8F722FA9-B994-4C9B-B292-FD32D6206EDF}) (Version: 4.3.1.0 - ASUS)
Avidemux 2.6 - 64bits (HKLM-x32\...\Avidemux 2.6 - 64bits (64-bit)) (Version: 2.6.8.9046 - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Blur Busters Strobe Util (HKLM-x32\...\{57BDAE81-2BE7-4ABA-8B03-1520FBF41AF9}) (Version: 1.0.0 - Blur Busters)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bulk Rename Utility 2.7.1.3 (HKLM\...\Bulk Rename Utility_is1) (Version:  - TGRMN Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Counter-Strike: Condition Zero (HKLM-x32\...\Steam App 80) (Version:  - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
CPUID CPU-Z 1.71.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CPUID HWMonitor 1.26 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Creative System Information (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Disk Savvy 6.8.14 (HKLM-x32\...\Disk Savvy) (Version: 6.8.14 - Flexense Computing Systems Ltd.)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Fistful of Frags (HKLM-x32\...\Steam App 265630) (Version:  - Fistful of Frags Team)
foobar2000 v1.3.8 (HKLM-x32\...\foobar2000) (Version: 1.3.8 - Peter Pawlowski)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Freemake Audio Converter version 1.1.0 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.0 - Ellora Assets Corporation)
Freemake Video Converter version 4.1.5 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.1 - Ellora Assets Corporation)
GCFScape 1.8.5 (HKLM\...\GCFScape_is1) (Version:  - Ryan Gregg)
Geeks3D FurMark 1.15.1.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Greenshot 1.1.9.13 (HKLM\...\Greenshot_is1) (Version: 1.1.9.13 - Greenshot)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Intel® Chipset Device Software (x32 Version: 10.0.20 - Intel® Corporation) Hidden
Intel® Network Connections 19.3.141.0 (HKLM\...\PROSetDX) (Version: 19.3.141.0 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3650 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche Studios)
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version:  - Avalanche Studios)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Minecraft (by Team Extreme) (HKLM-x32\...\Minecraft (by Team Extreme)) (Version:  - )
mIRC (HKLM-x32\...\mIRC) (Version: 7.38 - mIRC Co. Ltd.)
mkv2vob (HKLM-x32\...\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}) (Version: 2.4.9 - 3r1c)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.3.0 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 en-US)) (Version: 31.7.0 - Mozilla)
Mp3tag v2.70 (HKLM-x32\...\Mp3tag) (Version: v2.70 - Florian Heidenreich)
MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.53.7 - Black Tree Gaming)
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version:  - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.239 - Google, Inc.)
Popcorn Time (HKU\S-1-5-21-1824474994-749105023-3462722719-1000\...\Popcorn Time) (Version:  - Popcorn Official)
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Python 2.7.9 (HKLM-x32\...\{79F081BF-7454-43DB-BD8F-9EE596813232}) (Version: 2.7.9150 - Python Software Foundation)
qBittorrent 3.1.11 (HKLM-x32\...\qBittorrent) (Version: 3.1.11 - The qBittorrent project)
Quake Live (HKLM-x32\...\Steam App 282440) (Version:  - id Software)
RadeonPro 1.0 (Build 1.1.1.0) (HKLM-x32\...\RadeonPro_is1) (Version:  - )
Rapture3D 2.4.8 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7293 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Rising Thunder (HKLM-x32\...\{058B8624-E23B-4AD5-AF38-F9E70D6225EE}) (Version: 1.00.0000 - Radiant)
RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
Sandboxie 4.14 (64-bit) (HKLM\...\Sandboxie) (Version: 4.14 - Sandboxie Holdings, LLC)
Sid Meier's Civilization: Beyond Earth (HKLM-x32\...\Steam App 65980) (Version:  - Firaxis Games)
SketchUp 2015 (HKLM\...\{350488A4-1540-4103-8F01-B27503891EB0}) (Version: 15.3.331 - Trimble Navigation Limited)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stronghold Crusader Extreme HD (HKLM-x32\...\Steam App 16700) (Version:  - Firefly Studios)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Ultra Street Fighter IV (HKLM-x32\...\Steam App 45760) (Version:  - Capcom)
Unity Web Player (HKU\S-1-5-21-1824474994-749105023-3462722719-1000\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Virtual Audio Cable 4.13 (HKLM\...\Virtual Audio Cable 4.13) (Version:  - )
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VisiPics V1.31 (HKLM-x32\...\VisiPics_is1) (Version:  - Ozone)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
War Thunder Launcher 1.0.1.530 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - Gaijin Entertainment)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1824474994-749105023-3462722719-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
 
==================== Restore Points =========================
 
17-08-2015 23:48:05 Windows Update
21-08-2015 11:17:02 Windows Update
24-08-2015 12:20:44 Windows Update
26-08-2015 00:31:02 JRT Pre-Junkware Removal
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {170225C9-36D0-4B0B-A7B1-864E8ADD5581} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {53E5B640-5418-44DE-9F91-C0D5F4FB2317} - System32\Tasks\SmoothTravels => c:\programdata\{09e29eb9-3671-bce0-09e2-29eb93677ae4}\androidsdkslim.exe <==== ATTENTION
Task: {54239B0B-FE4A-47B5-9ABB-3FCD47A9140C} - System32\Tasks\MoneyAid => c:\programdata\{b5f523df-b446-6e37-b5f5-523dfb448f7e}\4247838325721585389b.exe <==== ATTENTION
Task: {5F501DE1-72FB-413F-9F4D-B646CB1C8AF8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {87D075E0-4960-44A0-AEB9-6694ABE45490} - System32\Tasks\BrotherHopper => c:\programdata\{8fa085f7-c6e0-9c91-8fa0-085f7c6e17df}\2967678035166610310b.exe <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\BrotherHopper.job => c:\programdata\{8fa085f7-c6e0-9c91-8fa0-085f7c6e17df}\2967678035166610310b.exe <==== ATTENTION
Task: C:\Windows\Tasks\MoneyAid.job => c:\programdata\{b5f523df-b446-6e37-b5f5-523dfb448f7e}\4247838325721585389b.exe <==== ATTENTION
Task: C:\Windows\Tasks\SmoothTravels.job => c:\programdata\{09e29eb9-3671-bce0-09e2-29eb93677ae4}\androidsdkslim.exe <==== ATTENTION
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-01-30 03:40 - 2010-01-30 03:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 22:38 - 2010-03-24 22:38 - 08794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00306984 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2015-08-08 13:21 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-08-08 13:21 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-08-08 13:21 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-08-08 13:21 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-08-08 13:21 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-12-14 01:39 - 2015-07-03 11:12 - 00778240 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-19 16:11 - 2015-07-03 11:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-19 16:11 - 2015-07-03 11:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-19 16:11 - 2015-07-03 11:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-12-14 01:39 - 2015-08-19 15:39 - 02413248 _____ () C:\Program Files (x86)\Steam\video.dll
2014-12-14 01:39 - 2014-12-01 16:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-12-14 01:39 - 2014-12-01 16:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-12-14 01:39 - 2014-12-01 16:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-12-14 01:39 - 2014-12-01 16:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-12-14 01:39 - 2014-12-01 16:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2014-12-14 01:39 - 2015-08-19 15:39 - 00704192 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-07-22 01:24 - 2015-07-26 20:13 - 00171008 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2014-12-14 01:39 - 2015-07-03 11:12 - 39553928 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-03-17 12:44 - 2013-09-11 10:27 - 00114688 _____ () C:\Program Files (x86)\ASUS\USB-N13 WLAN Card Utilities\EnumDevLib.dll
2015-02-07 00:22 - 2015-02-07 00:22 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2010-01-30 03:41 - 2010-01-30 03:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 22:17 - 2010-03-24 22:17 - 08794464 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1824474994-749105023-3462722719-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Connor\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install LastPass FF RunOnce.lnk => C:\Windows\pss\Install LastPass FF RunOnce.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install LastPass IE RunOnce.lnk => C:\Windows\pss\Install LastPass IE RunOnce.lnk.CommonStartup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Control Center => C:\Program Files (x86)\ASUS\WLAN Card Utilities\CenterAgent.exe
MSCONFIG\startupreg: GoogleChromeAutoLaunch_CCDB8FD1E8F45E73D3BAD8AE404EACB5 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Launch LCore => C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: P17RunE => RunDll32 P17RunE.dll,RunDLLEntry
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{B449DFDC-D3E9-48F4-A227-1CFE006A7C4F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{128F23CE-88E0-4A8B-B28F-B68B4B1F35DF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{45F25852-70E1-4BFA-92CB-C6B3664A5793}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{599A4ECF-C04C-4B8F-A2F1-25BF153EC9DA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{8C40A8A1-7B30-4F2A-9D47-3E0E73B577E3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{12848926-F7D7-4F40-808D-430A36E50D19}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{DE198368-FE25-4F73-A2DC-BEC01FC4D848}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{F72CA5F1-CB18-4414-AF47-7F1FCC29D44F}] => (Allow) D:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{68CBF916-2ADD-4E83-AB76-F11D71166354}] => (Allow) D:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{B928926C-90EF-4551-B6B0-3A6B6C35A9EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{78800FEA-62F2-4E55-8E1D-7490F71DF751}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{CAD9AA4F-BF1A-4C5C-B5D7-4644B8DF6CD3}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{99EF401C-349E-40AE-951E-7C51BD99FFDC}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{8FCAD5A5-38A3-429A-9F86-373176FE1105}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\Portal\hl2.exe
FirewallRules: [{8E191E28-9DB9-4262-ADBF-002946EC4ACE}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\Portal\hl2.exe
FirewallRules: [{ADAF086C-7B7E-4E29-A9DF-368A7A81462C}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{EEB615DA-BA43-4619-B8E9-DF19306410ED}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{22583EF3-DB30-42EA-8B72-E26B0F976D85}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{BF5474BD-6094-4CAA-ACC5-4612B2AF3A2C}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{0C2FCC8B-EEE2-463D-A3C2-603855987949}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_DX11.exe
FirewallRules: [{B1B28AC7-5E4C-4A28-9A78-A8E6778DDDD8}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_DX11.exe
FirewallRules: [{4D29FD88-71D2-4561-9119-BA6FD113213A}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_Mantle.exe
FirewallRules: [{6A408EDC-6E71-4447-B46A-65124F1B32E5}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_Mantle.exe
FirewallRules: [{322B5410-A96F-4331-BA41-AB17158C7DDC}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\Just Cause 2\JustCause2.exe
FirewallRules: [{7A2A7AFD-78E1-4B66-A537-8F83605BE68C}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\Just Cause 2\JustCause2.exe
FirewallRules: [{202A6763-1D18-40A2-BC9E-998A3AFC3AA2}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\Just Cause 2 - Multiplayer Mod\JcmpLauncher.exe
FirewallRules: [{FE77534D-DF7A-4527-A6E9-C70CF4C5AC61}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\Just Cause 2 - Multiplayer Mod\JcmpLauncher.exe
FirewallRules: [TCP Query User{3DB7B545-6671-4BEE-B3BD-0F5E0BB17948}C:\program files (x86)\java\jre1.8.0_25\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\jp2launcher.exe
FirewallRules: [UDP Query User{0F98B198-937C-4F3E-8ED4-6ECB1E825B6C}C:\program files (x86)\java\jre1.8.0_25\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\jp2launcher.exe
FirewallRules: [TCP Query User{68110437-1823-4D7D-AA4F-6880A26DD33C}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [UDP Query User{FDEF3AF0-E4D6-4F5F-A04D-DD59DA475D41}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [TCP Query User{97AEBF29-9527-434C-903C-37206745C523}C:\program files (x86)\java\jre1.8.0_25\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\jp2launcher.exe
FirewallRules: [UDP Query User{64CDAD08-7983-4933-9E96-28D923856597}C:\program files (x86)\java\jre1.8.0_25\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\jp2launcher.exe
FirewallRules: [{586C620D-7EE8-4F62-810B-274500249A9C}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{DB406C61-00A1-4F81-8A26-F9356332D436}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{B87CAEEE-E26B-4CC2-8F01-D72524FDDE45}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8E5B7A8D-9128-465E-A32C-5E4783CB9090}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8DEA23D5-5F57-4FDB-8D19-4A9513FB9787}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4F50177A-45FD-40D3-AD56-FEB881B1BA2A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2CFDA8DF-5BD7-4F48-B27C-3AA8E4978CF0}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{EB3B384F-5121-470A-9D6E-AD7B4E0CF6D8}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{1348F67E-F874-4492-A2AB-25BE3EA87E57}] => (Block) %SystemDrive%\Fraps\fraps.exe
FirewallRules: [{0F97DDAE-E2F8-4BE5-BE83-CDF809A51673}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{F7719B40-CF6B-4BF4-9F07-F5CF6478F531}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{BEE29E8B-A78B-4DFC-AC5B-EDBB6C11B8AE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{92073A18-F446-44D6-9209-2E927098ED81}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A8FA6358-E513-4DF3-8A2C-4408F5687ECB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D4AA1823-EFD9-4AD6-8D49-CCE8F005D2C3}] => (Allow) LPort=2869
FirewallRules: [{8BBA5797-44FE-457C-A57D-2886E52693E3}] => (Allow) LPort=1900
FirewallRules: [{8E727A4A-3BD8-45A6-973E-B9B4A371CF52}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{9E4488B3-6A3B-4027-8F1C-4AD4E0EC4DE8}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{3D3539A7-C155-406F-9560-E11F559C7B2C}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\Quake Live\quakelive_steam.exe
FirewallRules: [{D3132294-1819-44CB-8217-85B41B0F6554}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\Quake Live\quakelive_steam.exe
FirewallRules: [{1F3A60EB-7A1F-4940-9FBA-15DB4A72288A}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\Fistful of Frags\sdk\hl2.exe
FirewallRules: [{BBEC15B8-974B-4254-B990-6EE0C5219177}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\Fistful of Frags\sdk\hl2.exe
FirewallRules: [TCP Query User{5166EA66-DA6A-4DD8-B7CF-9644D8D82460}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{51370042-7C24-495A-AF04-3D585B58472F}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [{26839EAD-46FB-493B-BDA4-8D48E6027B56}] => (Allow) C:\Program Files (x86)\ASUS\USB-N13 WLAN Card Utilities\RtWLan.exe
FirewallRules: [{951D5FDD-AD18-4509-AFA2-DDA7DAF3E63A}] => (Allow) C:\Program Files (x86)\ASUS\USB-N13 WLAN Card Utilities\RtWLan.exe
FirewallRules: [{86BAFD04-D370-4D6B-B9DC-0D3C6BCDCA03}] => (Allow) LPort=1542
FirewallRules: [{7ACD390A-2255-441D-939E-7A5819F22692}] => (Allow) LPort=1542
FirewallRules: [{C0CA2290-D827-46F3-BD3B-0D41C17DD1BD}] => (Allow) LPort=53
FirewallRules: [{EC769BA2-DC46-4C60-B200-0D5190852E1B}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\Half-Life\hl.exe
FirewallRules: [{B63CA037-8ECA-41B8-9DD8-2A52D1079444}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\Half-Life\hl.exe
FirewallRules: [TCP Query User{B71D04CB-FCFC-4F88-980E-6AB5D4B9D316}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{64FEF3C3-BAFE-4680-8DCF-0C4FBCBD0729}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{A083DB47-901C-4B82-BF50-383BD22629A6}D:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{78EE9AAF-C406-4DF4-8EEE-1F8D6B340EE9}D:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [{5D752388-90C2-4521-BA9E-198E7F549349}] => (Allow) D:\Program Files (x86)\Battle.net\Hearthstone\Hearthstone.exe
FirewallRules: [{885ED565-3D3B-4DF6-B5C9-B5B9E172D1CC}] => (Allow) D:\Program Files (x86)\Battle.net\Hearthstone\Hearthstone.exe
FirewallRules: [TCP Query User{FF163F1D-7CD4-4034-A70D-E595384D3453}C:\users\connor\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\connor\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [UDP Query User{FA271AD2-2848-4477-BAE6-BAC1F8B3BFFE}C:\users\connor\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\connor\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [{CA7D2A3A-7A62-4886-AA49-C32574E436BC}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\Super Street Fighter IV - Arcade Edition\SSFIV.exe
FirewallRules: [{5FC9AA0D-08B1-4519-A59F-51B80AFF920B}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\Super Street Fighter IV - Arcade Edition\SSFIV.exe
FirewallRules: [{6C8B0079-57C4-488B-8E50-58B5C8E6C7F9}] => (Allow) D:\Program Files (x86)\WarThunder\launcher.exe
FirewallRules: [{470290EB-3234-46C4-8189-188E90CD3491}] => (Allow) D:\Program Files (x86)\WarThunder\launcher.exe
FirewallRules: [{18B4024C-5BED-4C0E-BFA8-B39F13F98DB8}] => (Allow) D:\Program Files (x86)\WarThunder\bpreport.exe
FirewallRules: [{41CE4468-4D41-453C-B780-72C1D9EBE373}] => (Allow) D:\Program Files (x86)\WarThunder\bpreport.exe
FirewallRules: [TCP Query User{1963B26B-552A-4117-893D-D9F14D155104}D:\program files (x86)\warthunder\aces.exe] => (Allow) D:\program files (x86)\warthunder\aces.exe
FirewallRules: [UDP Query User{FD4FCAD9-45A0-4545-B114-00449ECD5C62}D:\program files (x86)\warthunder\aces.exe] => (Allow) D:\program files (x86)\warthunder\aces.exe
FirewallRules: [{43367F03-1AAF-4655-96DD-FEA6E2A4B092}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{6C09ED6D-CC27-4A58-A4BD-2E1D33DDBF82}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{F1EC340E-1B2C-4BF5-A72F-3E0DB842402B}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{6330DFBA-9CA6-4527-8B8A-D48CBFAD06A9}] => (Block) %ProgramFiles% (x86)\Final Fantasy VII\ff7_launcher.exe
FirewallRules: [{1CFF2439-CD82-49E6-9E84-3ADC3D0A077D}] => (Block) %ProgramFiles% (x86)\Final Fantasy VII\ff7_en.exe
FirewallRules: [{7AF96E92-D894-4E94-A541-731C6B5D8CAE}] => (Block) %ProgramFiles% (x86)\Final Fantasy VII\unins000.exe
FirewallRules: [{98B59694-097E-495F-A8EB-1346384E9FE3}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [{07E90A75-4D80-43BE-BC73-C405912AA3F7}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [{3FDCACB8-2E8B-4780-AEEF-BBA565D51A8C}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{2690DDC4-F88E-4DC7-87EA-C741EE2E3B30}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{8D9A215B-5226-486F-85C5-042239FB3C1C}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\Stronghold Crusader Extreme\Stronghold_Crusader_Extreme.exe
FirewallRules: [{22F68C58-C211-41FF-9B7D-9E019089C239}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\Stronghold Crusader Extreme\Stronghold_Crusader_Extreme.exe
FirewallRules: [{34A17A05-9AEF-487B-BD85-1FF1E544576B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{53153BAA-BE82-49EE-A3A8-01364D2EA8E4}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [UDP Query User{7B12C598-9B07-4E9D-8648-2602B96E7812}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Faulty Device Manager Devices =============
 
Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: NetGroup Packet Filter Driver
Description: NetGroup Packet Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: npf
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/26/2015 04:33:24 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: amdacpusrsvc[EVENT]: SERVICE_CONTROL_POWEREVENT: RESUME: FAILED.
 
Error: (08/26/2015 04:33:24 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: amdacpusrsvcacpusrsvc: GraphicsMemory API Wrapper: Dummy Packet Submission FAILED
 
Error: (08/26/2015 03:48:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2012
 
Error: (08/26/2015 03:48:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2012
 
Error: (08/26/2015 03:48:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/26/2015 03:48:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 998
 
Error: (08/26/2015 03:48:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 998
 
Error: (08/26/2015 03:48:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/26/2015 03:43:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: igfxCUIService.exe, version: 6.15.10.3650, time stamp: 0x539f21a7
Faulting module name: igfxCUIService.exe, version: 6.15.10.3650, time stamp: 0x539f21a7
Exception code: 0xc0000005
Fault offset: 0x0000000000012678
Faulting process id: 0x4ac
Faulting application start time: 0xigfxCUIService.exe0
Faulting application path: igfxCUIService.exe1
Faulting module path: igfxCUIService.exe2
Report Id: igfxCUIService.exe3
 
Error: (08/26/2015 03:43:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (08/26/2015 03:45:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (08/26/2015 03:43:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error: 
%%2
 
Error: (08/26/2015 03:43:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error: 
%%2
 
Error: (08/26/2015 03:43:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error: 
%%2
 
Error: (08/26/2015 03:43:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error: 
%%2
 
Error: (08/26/2015 03:43:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error: 
%%2
 
Error: (08/26/2015 03:43:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error: 
%%2
 
Error: (08/26/2015 03:43:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error: 
%%2
 
Error: (08/26/2015 03:43:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error: 
%%2
 
Error: (08/26/2015 03:43:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error: 
%%2
 
 
Microsoft Office:
=========================
Error: (08/26/2015 04:33:24 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: amdacpusrsvc[EVENT]: SERVICE_CONTROL_POWEREVENT: RESUME: FAILED.
 
Error: (08/26/2015 04:33:24 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: amdacpusrsvcacpusrsvc: GraphicsMemory API Wrapper: Dummy Packet Submission FAILED
 
Error: (08/26/2015 03:48:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2012
 
Error: (08/26/2015 03:48:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2012
 
Error: (08/26/2015 03:48:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/26/2015 03:48:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 998
 
Error: (08/26/2015 03:48:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 998
 
Error: (08/26/2015 03:48:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/26/2015 03:43:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: igfxCUIService.exe6.15.10.3650539f21a7igfxCUIService.exe6.15.10.3650539f21a7c000000500000000000126784ac01d0dfdb4dce168fC:\Windows\system32\igfxCUIService.exeC:\Windows\system32\igfxCUIService.exe8cb57b1f-4bce-11e5-b525-448a5b9a7927
 
Error: (08/26/2015 03:43:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4690K CPU @ 3.50GHz
Percentage of memory in use: 22%
Total physical RAM: 8135.86 MB
Available physical RAM: 6345.12 MB
Total Virtual: 16269.93 MB
Available Virtual: 13670.86 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.69 GB) (Free:32.09 GB) NTFS
Drive d: () (Fixed) (Total:465.76 GB) (Free:112.06 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 6D9DFB73)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 51D0DD2E)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:24 PM

Posted 31 August 2015 - 07:18 AM




Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Task: {53E5B640-5418-44DE-9F91-C0D5F4FB2317} - System32\Tasks\SmoothTravels => c:\programdata\{09e29eb9-3671-bce0-09e2-29eb93677ae4}\androidsdkslim.exe <==== ATTENTION
Task: {54239B0B-FE4A-47B5-9ABB-3FCD47A9140C} - System32\Tasks\MoneyAid => c:\programdata\{b5f523df-b446-6e37-b5f5-523dfb448f7e}\4247838325721585389b.exe <==== ATTENTION
Task: {87D075E0-4960-44A0-AEB9-6694ABE45490} - System32\Tasks\BrotherHopper => c:\programdata\{8fa085f7-c6e0-9c91-8fa0-085f7c6e17df}\2967678035166610310b.exe <==== ATTENTION
Task: C:\Windows\Tasks\BrotherHopper.job => c:\programdata\{8fa085f7-c6e0-9c91-8fa0-085f7c6e17df}\2967678035166610310b.exe <==== ATTENTION
Task: C:\Windows\Tasks\MoneyAid.job => c:\programdata\{b5f523df-b446-6e37-b5f5-523dfb448f7e}\4247838325721585389b.exe <==== ATTENTION
Task: C:\Windows\Tasks\SmoothTravels.job => c:\programdata\{09e29eb9-3671-bce0-09e2-29eb93677ae4}\androidsdkslim.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
c:\programdata\{09e29eb9-3671-bce0-09e2-29eb93677ae4}
c:\programdata\{b5f523df-b446-6e37-b5f5-523dfb448f7e}
c:\programdata\{8fa085f7-c6e0-9c91-8fa0-085f7c6e17df}

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===


If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:24 PM

Posted 06 September 2015 - 10:02 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users