Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with fake svchost, fake lsass, and keepbrowse.


  • This topic is locked This topic is locked
7 replies to this topic

#1 Kjolin

Kjolin

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 16 November 2015 - 03:54 PM

Right. So these have been with me for... Months now, but I've just been putting off dealing with it since I was able to suspend the fake svchost and lsass through the resource monitor, and keepbrowse seems to be gone but still appears on task manager's Services tab. In addition, something is reinstalling the svchost and lsass when I try and remove them with Malwarebytes, sooo now I'm here.

 

I also seem to recall hearing about an issue where Motioninjoy could/would cause problems when you uninstall it, and I ~think~ these problems started around the same time that I got rid of it, but that could all just be coincidence and entirely unrelated. Figured it wouldn't hurt to mention though.

 

***Quick Edit, forgot to attach Addition.txt

 

Here are my logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-11-2015
Ran by User (administrator) on USER-PC (16-11-2015 15:01:33)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(RaMMicHaeL) C:\Users\User\AppData\Roaming\7 Taskbar Tweaker\7+ Taskbar Tweaker.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
(NYKO Technologies, Inc.) C:\Program Files (x86)\NYKO\Gamepad Mapping Tools\ngpmap.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Belkin International, Inc.) C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Windows\Temp\svchost.exe
() C:\Windows\Temp\lsass.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.4568\Agent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.6337\Battle.net.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060320 2010-02-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe [620136 2011-01-18] ()
HKLM-x32\...\Run: [InstaLAN] => C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1770400 2011-02-24] (Affinegy, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKU\S-1-5-21-2145803270-435160569-1527060464-1000\...\Run: [Aim] => C:\Program Files (x86)\AIM\aim.exe [4331392 2012-05-30] (AOL Inc.)
HKU\S-1-5-21-2145803270-435160569-1527060464-1000\...\Run: [7 Taskbar Tweaker] => C:\Users\User\AppData\Roaming\7 Taskbar Tweaker\7+ Taskbar Tweaker.exe [296448 2013-07-18] (RaMMicHaeL)
HKU\S-1-5-21-2145803270-435160569-1527060464-1000\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-11-27] ()
HKU\S-1-5-21-2145803270-435160569-1527060464-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2012-02-14] (AMD)
HKU\S-1-5-21-2145803270-435160569-1527060464-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-2145803270-435160569-1527060464-1000\...\MountPoints2: {73108c0e-2308-11e1-8be2-e069958cb238} - K:\LaunchU3.exe -a
HKU\S-1-5-21-2145803270-435160569-1527060464-1000\...\MountPoints2: {b3d0c43b-8ae8-11e0-976a-806e6f6e6963} - D:\Setup.exe
HKU\S-1-5-21-2145803270-435160569-1527060464-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NYKO Gamepad Mapping Tools.lnk [2013-04-04]
ShortcutTarget: NYKO Gamepad Mapping Tools.lnk -> C:\Program Files (x86)\NYKO\Gamepad Mapping Tools\ngpmap.exe (NYKO Technologies, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{3DFD4FEF-E60F-4E02-B038-00E201584120}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{3EE7A805-51FD-47CE-BFB9-769B202ED918}: [DhcpNameServer] 7.254.254.254
Tcpip\..\Interfaces\{75EE3AA3-CD4B-4425-B39E-CC8F75A3906E}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=MAGW
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=MAGW
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com/?pc=MAGW
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com/?pc=MAGW
HKU\S-1-5-21-2145803270-435160569-1527060464-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com/?pc=MAGW
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2145803270-435160569-1527060464-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2145803270-435160569-1527060464-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-10-24] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-24] (Oracle Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-24] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-24] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2145803270-435160569-1527060464-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\afykcof3.default
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL:
FF NetworkProxy: "backup.ftp", "54.85.145.16"
FF NetworkProxy: "backup.ftp_port", 3128
FF NetworkProxy: "backup.socks", "54.85.145.16"
FF NetworkProxy: "backup.socks_port", 3128
FF NetworkProxy: "backup.ssl", "54.85.145.16"
FF NetworkProxy: "backup.ssl_port", 3128
FF NetworkProxy: "ftp", "216.189.161.18"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "216.189.161.18"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "216.189.161.18"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "216.189.161.18"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-24] ()
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-24] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-24] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2013-02-14] (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-11-27] (Pando Networks)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2013-03-21] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2145803270-435160569-1527060464-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-24] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2145803270-435160569-1527060464-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-11-27] (Pando Networks)
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\afykcof3.default\user.js [2012-06-14]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdnu.dll [2009-07-07] (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdnupdater2.dll [2009-07-07] (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\afykcof3.default\searchplugins\imdb.xml [2015-08-08]
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\afykcof3.default\searchplugins\youtube-video-search.xml [2015-08-29]
FF Extension: Classic Theme Restorer - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\afykcof3.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2015-10-28]
FF Extension: MEGA - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\afykcof3.default\Extensions\firefox@mega.co.nz.xpi [2014-10-31] [not signed]
FF Extension: ReChat for Twitch™ - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\afykcof3.default\Extensions\firefox@rechat.org.xpi [2015-07-16] [not signed]
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\afykcof3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-24]
FF Extension: Always on Top - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\afykcof3.default\Extensions\{E6C93316-271E-4b3d-8D7E-FE11B4350AEB}.xpi [2012-10-28] [not signed]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [566688 2011-02-24] (Affinegy, Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.) [File not signed]
R2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [181760 2010-02-17] () [File not signed]
R2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [55296 2010-02-09] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4204272 2012-08-27] (INCA Internet Co., Ltd.) [File not signed]
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [792016 2015-02-09] (Tunngle.net GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 869b9e4a; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\keepsbrowse\keepsbrowse.dll",serv

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2012-09-15] ()
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2012-09-15] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [121416 2013-06-15] (MotioninJoy) [File not signed]
S3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2013-12-14] (Duplex Secure Ltd.)
S2 STEC3; C:\Windows\SysWOW64\STEC3.sys [2368 2015-05-01] (AntiCracking) [File not signed]
R2 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [291352 2009-06-22] (silex technology, Inc.)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
U3 aceh4s93; C:\Windows\System32\Drivers\aceh4s93.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-09 04:05 - 2015-09-13 02:25 - 00000000 ____D C:\Users\User\Documents\Big Pharma v1.01.00
2015-11-06 17:44 - 2015-11-06 17:44 - 00102119 _____ C:\Users\User\Desktop\Overwatch OC.htm
2015-11-06 17:44 - 2015-11-06 17:44 - 00000016 _____ C:\Users\User\Desktop\Overwatch OC.txt
2015-10-25 08:33 - 2015-10-27 02:25 - 00000023 _____ C:\Users\User\jagexappletviewer.preferences
2015-10-25 08:33 - 2015-10-25 08:33 - 00000000 ____D C:\Windows\.jagex_cache_32
2015-10-25 08:32 - 2015-10-25 08:32 - 00002076 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OldSchool RuneScape.lnk
2015-10-25 08:32 - 2015-10-25 08:32 - 00002046 _____ C:\Users\User\Desktop\OldSchool RuneScape.lnk
2015-10-25 08:32 - 2015-10-25 08:32 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OldSchool RuneScape
2015-10-24 02:32 - 2015-10-24 02:32 - 00000000 _____ C:\Windows\SysWOW64\REN3E8F.tmp
2015-10-24 02:31 - 2015-10-24 02:44 - 00000000 ____D C:\Users\User\.oracle_jre_usage
2015-10-24 02:31 - 2015-10-24 02:31 - 00000000 ____D C:\Users\User\AppData\Roaming\Sun

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-16 15:01 - 2015-08-25 00:42 - 00019578 _____ C:\Users\User\Desktop\FRST.txt
2015-11-16 15:01 - 2015-08-25 00:42 - 00000000 ____D C:\FRST
2015-11-16 14:52 - 2014-08-20 22:45 - 00000000 ____D C:\Users\User\AppData\Local\Battle.net
2015-11-16 14:43 - 2009-07-13 23:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-16 14:43 - 2009-07-13 23:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-16 14:38 - 2015-08-25 00:38 - 02008576 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2015-11-16 14:30 - 2011-04-07 04:25 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-16 13:54 - 2013-12-14 04:23 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2015-11-16 13:49 - 2011-12-16 17:57 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-11-16 13:44 - 2015-07-04 19:41 - 00007595 _____ C:\Users\User\AppData\Local\Resmon.ResmonCfg
2015-11-16 13:35 - 2011-12-17 18:42 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
2015-11-16 13:02 - 2012-06-19 10:26 - 00000000 ____D C:\Users\User\AppData\Local\The Witcher
2015-11-16 11:18 - 2015-06-02 23:54 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2015-11-16 09:56 - 2009-07-13 23:51 - 00204775 _____ C:\Windows\setupact.log
2015-11-16 04:22 - 2011-05-30 13:19 - 01540174 _____ C:\Windows\WindowsUpdate.log
2015-11-14 15:43 - 2014-08-20 22:45 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-11-12 16:13 - 2013-08-01 17:10 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2015-11-10 14:02 - 2014-08-20 23:04 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2015-11-10 05:56 - 2012-06-02 08:05 - 00000000 ____D C:\Program Files (x86)\Diablo III
2015-11-10 01:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2015-11-09 04:06 - 2011-12-10 11:01 - 00000000 ____D C:\Users\User\Documents\My Games
2015-11-08 08:46 - 2012-11-27 12:18 - 00000000 ____D C:\Users\User\AppData\Local\PMB Files
2015-11-08 08:29 - 2015-06-23 16:22 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-08 08:28 - 2015-06-23 16:22 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-11-08 08:21 - 2009-07-14 00:13 - 00783336 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-08 08:15 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-04 19:40 - 2014-06-02 21:03 - 00000024 _____ C:\Users\User\random.dat
2015-11-04 08:17 - 2014-06-02 21:03 - 00000043 _____ C:\Users\User\jagex_cl_oldschool_LIVE.dat
2015-11-02 13:32 - 2012-03-22 16:42 - 00000000 ____D C:\Users\User\Documents\GBA
2015-11-01 03:09 - 2014-08-01 01:53 - 00000000 ___RD C:\Users\User\Desktop\!Subfolder Prime!
2015-10-25 08:32 - 2014-06-02 21:03 - 00000000 ____D C:\Users\User\jagexcache
2015-10-24 02:45 - 2015-06-23 16:17 - 00000000 ____D C:\ProgramData\Oracle
2015-10-24 02:44 - 2015-06-23 16:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-10-24 02:43 - 2012-08-22 21:50 - 00000000 ____D C:\Program Files (x86)\Java
2015-10-24 02:32 - 2015-06-23 16:17 - 00000000 ____D C:\Program Files\Java
2015-10-24 02:31 - 2015-06-23 16:18 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-10-24 02:31 - 2012-07-23 23:17 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-24 02:31 - 2011-12-09 21:45 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-24 02:31 - 2011-12-08 13:03 - 00000000 ____D C:\Users\User\AppData\Local\Adobe

==================== Files in the root of some directories =======

2015-07-04 19:41 - 2015-11-16 13:44 - 0007595 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg

Files to move or delete:
====================
C:\Users\User\AppData\Roaming\Origin\update.vbe


Some files in TEMP:
====================
C:\Users\User\AppData\Local\Temp\12-6_vista_win7_64_dd_ccc.exe
C:\Users\User\AppData\Local\Temp\AskSLib.dll
C:\Users\User\AppData\Local\Temp\AutoRun.exe
C:\Users\User\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\User\AppData\Local\Temp\bdfilters.dll
C:\Users\User\AppData\Local\Temp\BigPharmaFullVersion__11652_il54233.exe
C:\Users\User\AppData\Local\Temp\COMAP.EXE
C:\Users\User\AppData\Local\Temp\DC3Dx64.exe
C:\Users\User\AppData\Local\Temp\dotNetFx40_Full_x86_x64.exe
C:\Users\User\AppData\Local\Temp\drm_dyndata_7380006.dll
C:\Users\User\AppData\Local\Temp\dxwebsetup.exe
C:\Users\User\AppData\Local\Temp\EAInstall.dll
C:\Users\User\AppData\Local\Temp\eauninstall.exe
C:\Users\User\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
C:\Users\User\AppData\Local\Temp\GLB1A2B.EXE
C:\Users\User\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
C:\Users\User\AppData\Local\Temp\HiRezLauncherControls.dll
C:\Users\User\AppData\Local\Temp\ICReinstall_Firefox_Setup.exe
C:\Users\User\AppData\Local\Temp\Install.exe
C:\Users\User\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\NGMDll.dll
C:\Users\User\AppData\Local\Temp\NGMResource.dll
C:\Users\User\AppData\Local\Temp\oalinst.exe
C:\Users\User\AppData\Local\Temp\riftuninstall.exe
C:\Users\User\AppData\Local\Temp\sfamcc00001.dll
C:\Users\User\AppData\Local\Temp\sfextra.dll
C:\Users\User\AppData\Local\Temp\SIntf16.dll
C:\Users\User\AppData\Local\Temp\SIntf32.dll
C:\Users\User\AppData\Local\Temp\SIntfNT.dll
C:\Users\User\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\User\AppData\Local\Temp\The Battle for Middle-earth II_uninst.exe
C:\Users\User\AppData\Local\Temp\tmpA514.exe
C:\Users\User\AppData\Local\Temp\unicows.dll
C:\Users\User\AppData\Local\Temp\unins000.exe
C:\Users\User\AppData\Local\Temp\UNINST.exe
C:\Users\User\AppData\Local\Temp\Uninstall.exe
C:\Users\User\AppData\Local\Temp\UnityWebPlayer8793498118014006617.exe
C:\Users\User\AppData\Local\Temp\vcredist.exe
C:\Users\User\AppData\Local\Temp\_uninst.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-10 20:00

==================== End of FRST.txt ============================

Attached Files


Edited by Kjolin, 16 November 2015 - 03:55 PM.


BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:17 AM

Posted 16 November 2015 - 05:28 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Origin\update.vbe
    C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Origin\update.vbe
    c:\programdata\sunsoft\ccc.exe
    C:\Users\User\AppData\Roaming\Origin\update.vbe
    Task: {81206296-672A-4D35-BBA8-B024DD87B2A7} - System32\Tasks\catalyst => c:\programdata\sunsoft\ccc.exe
    Task: {95F6E497-99A2-4CC1-BE83-0EEE4C3F8C73} - \sunsoft -> No File 
    Task: {9AA347BD-B5B4-452B-BA0E-43024A086786} - System32\Tasks\Origin => C:\Users\User\AppData\Roaming\Origin\update.vbe [2015-05-04] () 
    Task: {EA4AC646-24D9-4D0F-8157-3B3BBCDDB6E0} - \Run_Bobby_Browser -> No File 
    EmptyTemp:
    SearchScopes: HKU\S-1-5-21-2145803270-435160569-1527060464-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2145803270-435160569-1527060464-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Toolbar: HKU\S-1-5-21-2145803270-435160569-1527060464-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
    S2 869b9e4a; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\keepsbrowse\keepsbrowse.dll",serv
    c:\Program Files (x86)\keepsbrowse\
    CHR HKLM\SOFTWARE\Policies\Google: Restriction
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.


Please uninstall "Download Updater".

Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
    Copy and paste the contents of that logfile in your next reply.
Step 3

v21logo.PNG

Scan with Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif

Step 4

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif

Edited by deeprybka, 16 November 2015 - 05:30 PM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 Kjolin

Kjolin
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 17 November 2015 - 06:27 AM

In advance, thank you for your assistance, it's very appreciated! The lsass and svchost went away after step 1 and didn't reappear after restarting, so that's a great start.

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:16-11-2015
Ran by User (2015-11-16 17:46:50) Run:1
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
C:\Windows\System32\config\systemprofile\AppData\Roaming\Origin\update.vbe
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Origin\update.vbe
c:\programdata\sunsoft\ccc.exe
C:\Users\User\AppData\Roaming\Origin\update.vbe
Task: {81206296-672A-4D35-BBA8-B024DD87B2A7} - System32\Tasks\catalyst => c:\programdata\sunsoft\ccc.exe
Task: {95F6E497-99A2-4CC1-BE83-0EEE4C3F8C73} - \sunsoft -> No File
Task: {9AA347BD-B5B4-452B-BA0E-43024A086786} - System32\Tasks\Origin => C:\Users\User\AppData\Roaming\Origin\update.vbe [2015-05-04] ()
Task: {EA4AC646-24D9-4D0F-8157-3B3BBCDDB6E0} - \Run_Bobby_Browser -> No File
EmptyTemp:
SearchScopes: HKU\S-1-5-21-2145803270-435160569-1527060464-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2145803270-435160569-1527060464-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-2145803270-435160569-1527060464-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
S2 869b9e4a; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\keepsbrowse\keepsbrowse.dll",serv
c:\Program Files (x86)\keepsbrowse\
CHR HKLM\SOFTWARE\Policies\Google: Restriction
*****************

Processes closed successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\Origin\update.vbe => moved successfully
"C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Origin\update.vbe" => not found.
"c:\programdata\sunsoft\ccc.exe" => not found.
C:\Users\User\AppData\Roaming\Origin\update.vbe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{81206296-672A-4D35-BBA8-B024DD87B2A7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81206296-672A-4D35-BBA8-B024DD87B2A7}" => key removed successfully
C:\Windows\System32\Tasks\catalyst => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\catalyst" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{95F6E497-99A2-4CC1-BE83-0EEE4C3F8C73}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95F6E497-99A2-4CC1-BE83-0EEE4C3F8C73}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\sunsoft" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9AA347BD-B5B4-452B-BA0E-43024A086786}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9AA347BD-B5B4-452B-BA0E-43024A086786}" => key removed successfully
C:\Windows\System32\Tasks\Origin => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Origin" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA4AC646-24D9-4D0F-8157-3B3BBCDDB6E0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA4AC646-24D9-4D0F-8157-3B3BBCDDB6E0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Run_Bobby_Browser" => key removed successfully
HKU\S-1-5-21-2145803270-435160569-1527060464-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-2145803270-435160569-1527060464-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-2145803270-435160569-1527060464-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
869b9e4a => service removed successfully
"c:\Program Files (x86)\keepsbrowse" => not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
EmptyTemp: => 6.4 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 17:50:20 ====

 

 

 

# AdwCleaner v5.021 - Logfile created 16/11/2015 at 18:01:30
# Updated 14/11/2015 by Xplode
# Database : 2015-11-13.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : User - USER-PC
# Running from : C:\Users\User\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\Trymedia
[-] Folder Deleted : C:\ProgramData\14336432290006832038
[-] Folder Deleted : C:\Users\User\AppData\Local\StartPoint
[-] Folder Deleted : C:\Users\User\AppData\Local\28050

***** [ Files ] *****

[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
[-] File Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\afykcof3.default\user.js

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\aa08e049-f707-8192-9baa-bafd6beefd12
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
[-] Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKLM\SOFTWARE\Trymedia Systems
[-] Key Deleted : HKLM\SOFTWARE\Clara
[-] Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
[-] Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1867 bytes] ##########

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/16/2015
Scan Time: 6:13 PM
Logfile: Malwarebytes Log.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.11.16.07
Rootkit Database: v2015.11.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: User

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 343063
Time Elapsed: 14 min, 51 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 3
Trojan.BitCoinMiner, C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\svchost[1].exe-k.mbam, Quarantined, [793e6c12800b3204f91d52d37b8905fb],
Trojan.BitCoinMiner, C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\svchost[1].exe-r.mbam, Quarantined, [f9be1f5f0784ca6ce82eb174c93b29d7],
Trojan.BitCoinMiner, C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\svchost[1].exe-u.mbam, Quarantined, [eccbbac42f5c81b58c8a51d44eb65fa1],

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=fb4b21b25c654b468f23d90d46e58d8c
# end=init
# utc_time=2015-11-16 11:36:10
# local_time=2015-11-16 06:36:10 (-0500, Eastern Standard Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 26755
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=fb4b21b25c654b468f23d90d46e58d8c
# end=updated
# utc_time=2015-11-16 11:42:18
# local_time=2015-11-16 06:42:18 (-0500, Eastern Standard Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=fb4b21b25c654b468f23d90d46e58d8c
# engine=26755
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-11-17 04:54:01
# local_time=2015-11-16 11:54:01 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 199279491 0 0
# scanned=719173
# found=4
# cleaned=0
# scan_time=18702
sh=4B694CFD6B2479A232CB6265B789D448C6F01BBF ft=0 fh=0000000000000000 vn="VBS/Kryptik.DC trojan" ac=I fn="C:\FRST\Quarantine\C\Users\User\AppData\Roaming\Origin\update.vbe.xBAD"
sh=4B694CFD6B2479A232CB6265B789D448C6F01BBF ft=0 fh=0000000000000000 vn="VBS/Kryptik.DC trojan" ac=I fn="C:\FRST\Quarantine\C\Windows\System32\config\systemprofile\AppData\Roaming\Origin\update.vbe.xBAD"
sh=5E6A03871B397414C36AF1E1359FE014C7761B74 ft=1 fh=ee8c5e224a6823f5 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Gateway Edition\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe"
sh=73F44BB4D9A666B71210B942CE90B70227B90B07 ft=1 fh=dbe59abedd1ce373 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Users\User\Documents\hwmonitor_1.20-setup.exe"
 



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:17 AM

Posted 17 November 2015 - 03:27 PM

:thumbup2:


lesestoff.png

Can you please tell me which problems still persist now?


Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 Kjolin

Kjolin
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 17 November 2015 - 06:15 PM

Well, as far as I can see everything looks good now. Haven't had any new issues, and the old ones seem to be history.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-11-2015
Ran by User (administrator) on USER-PC (17-11-2015 17:44:51)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(RaMMicHaeL) C:\Users\User\AppData\Roaming\7 Taskbar Tweaker\7+ Taskbar Tweaker.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
(NYKO Technologies, Inc.) C:\Program Files (x86)\NYKO\Gamepad Mapping Tools\ngpmap.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Belkin International, Inc.) C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.4568\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.6337\Battle.net.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060320 2010-02-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe [620136 2011-01-18] ()
HKLM-x32\...\Run: [InstaLAN] => C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1770400 2011-02-24] (Affinegy, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKU\S-1-5-21-2145803270-435160569-1527060464-1000\...\Run: [Aim] => C:\Program Files (x86)\AIM\aim.exe [4331392 2012-05-30] (AOL Inc.)
HKU\S-1-5-21-2145803270-435160569-1527060464-1000\...\Run: [7 Taskbar Tweaker] => C:\Users\User\AppData\Roaming\7 Taskbar Tweaker\7+ Taskbar Tweaker.exe [296448 2013-07-18] (RaMMicHaeL)
HKU\S-1-5-21-2145803270-435160569-1527060464-1000\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-11-27] ()
HKU\S-1-5-21-2145803270-435160569-1527060464-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2012-02-14] (AMD)
HKU\S-1-5-21-2145803270-435160569-1527060464-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-2145803270-435160569-1527060464-1000\...\MountPoints2: {73108c0e-2308-11e1-8be2-e069958cb238} - K:\LaunchU3.exe -a
HKU\S-1-5-21-2145803270-435160569-1527060464-1000\...\MountPoints2: {b3d0c43b-8ae8-11e0-976a-806e6f6e6963} - D:\Setup.exe
HKU\S-1-5-21-2145803270-435160569-1527060464-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NYKO Gamepad Mapping Tools.lnk [2013-04-04]
ShortcutTarget: NYKO Gamepad Mapping Tools.lnk -> C:\Program Files (x86)\NYKO\Gamepad Mapping Tools\ngpmap.exe (NYKO Technologies, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{3DFD4FEF-E60F-4E02-B038-00E201584120}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{3EE7A805-51FD-47CE-BFB9-769B202ED918}: [DhcpNameServer] 7.254.254.254
Tcpip\..\Interfaces\{75EE3AA3-CD4B-4425-B39E-CC8F75A3906E}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=MAGW
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=MAGW
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com/?pc=MAGW
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com/?pc=MAGW
HKU\S-1-5-21-2145803270-435160569-1527060464-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com/?pc=MAGW
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-10-24] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-24] (Oracle Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-24] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-24] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\afykcof3.default
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL:
FF NetworkProxy: "backup.ftp", "54.85.145.16"
FF NetworkProxy: "backup.ftp_port", 3128
FF NetworkProxy: "backup.socks", "54.85.145.16"
FF NetworkProxy: "backup.socks_port", 3128
FF NetworkProxy: "backup.ssl", "54.85.145.16"
FF NetworkProxy: "backup.ssl_port", 3128
FF NetworkProxy: "ftp", "216.189.161.18"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "216.189.161.18"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "216.189.161.18"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "216.189.161.18"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-24] ()
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-24] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-24] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2013-02-14] (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-11-27] (Pando Networks)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2013-03-21] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2145803270-435160569-1527060464-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-24] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2145803270-435160569-1527060464-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-11-27] (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\afykcof3.default\searchplugins\imdb.xml [2015-08-08]
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\afykcof3.default\searchplugins\youtube-video-search.xml [2015-08-29]
FF Extension: Classic Theme Restorer - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\afykcof3.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2015-10-28]
FF Extension: MEGA - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\afykcof3.default\Extensions\firefox@mega.co.nz.xpi [2014-10-31] [not signed]
FF Extension: ReChat for Twitch™ - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\afykcof3.default\Extensions\firefox@rechat.org.xpi [2015-07-16] [not signed]
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\afykcof3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-24]
FF Extension: Always on Top - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\afykcof3.default\Extensions\{E6C93316-271E-4b3d-8D7E-FE11B4350AEB}.xpi [2012-10-28] [not signed]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [566688 2011-02-24] (Affinegy, Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.) [File not signed]
R2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [181760 2010-02-17] () [File not signed]
R2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [55296 2010-02-09] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4204272 2012-08-27] (INCA Internet Co., Ltd.) [File not signed]
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [792016 2015-02-09] (Tunngle.net GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2012-09-15] ()
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2012-09-15] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [121416 2013-06-15] (MotioninJoy) [File not signed]
S3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2013-12-14] (Duplex Secure Ltd.)
S2 STEC3; C:\Windows\SysWOW64\STEC3.sys [2368 2015-05-01] (AntiCracking) [File not signed]
R2 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [291352 2009-06-22] (silex technology, Inc.)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
U3 ah2o7pz7; C:\Windows\System32\Drivers\ah2o7pz7.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-16 18:33 - 2015-11-16 18:33 - 00000000 ____D C:\Program Files (x86)\ESET
2015-11-16 18:32 - 2015-11-16 18:33 - 02870984 _____ (ESET) C:\Users\User\Desktop\esetsmartinstaller_enu.exe
2015-11-16 18:08 - 2015-11-16 18:08 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-16 17:58 - 2015-11-16 18:01 - 00000000 ____D C:\AdwCleaner
2015-11-16 17:56 - 2015-11-16 17:56 - 01732096 _____ C:\Users\User\Desktop\AdwCleaner.exe
2015-11-16 17:34 - 2015-11-16 17:37 - 243569724 _____ C:\Users\User\Documents\Big Pharma v1.01.00.7z
2015-11-16 15:01 - 2015-11-16 15:27 - 00076840 _____ C:\Users\User\Desktop\Addition.txt
2015-11-16 15:01 - 2015-11-16 15:02 - 00078848 _____ C:\Users\User\Desktop\Addition 3.txt
2015-11-16 14:58 - 2015-11-16 15:07 - 00028341 _____ C:\Users\User\Desktop\FRST 2.txt
2015-11-09 04:05 - 2015-09-13 02:25 - 00000000 ____D C:\Users\User\Documents\Big Pharma v1.01.00
2015-11-06 17:44 - 2015-11-06 17:44 - 00102119 _____ C:\Users\User\Desktop\Overwatch OC.htm
2015-11-06 17:44 - 2015-11-06 17:44 - 00000016 _____ C:\Users\User\Desktop\Overwatch OC.txt
2015-10-25 08:33 - 2015-10-27 02:25 - 00000023 _____ C:\Users\User\jagexappletviewer.preferences
2015-10-25 08:33 - 2015-10-25 08:33 - 00000000 ____D C:\Windows\.jagex_cache_32
2015-10-25 08:32 - 2015-10-25 08:32 - 00002076 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OldSchool RuneScape.lnk
2015-10-25 08:32 - 2015-10-25 08:32 - 00002046 _____ C:\Users\User\Desktop\OldSchool RuneScape.lnk
2015-10-25 08:32 - 2015-10-25 08:32 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OldSchool RuneScape
2015-10-24 02:32 - 2015-10-24 02:32 - 00000000 _____ C:\Windows\SysWOW64\REN3E8F.tmp
2015-10-24 02:31 - 2015-10-24 02:44 - 00000000 ____D C:\Users\User\.oracle_jre_usage
2015-10-24 02:31 - 2015-10-24 02:31 - 00000000 ____D C:\Users\User\AppData\Roaming\Sun

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-17 17:45 - 2015-08-25 00:42 - 00018537 _____ C:\Users\User\Desktop\FRST.txt
2015-11-17 17:45 - 2015-08-25 00:42 - 00000000 ____D C:\FRST
2015-11-17 17:43 - 2014-08-20 22:45 - 00000000 ____D C:\Users\User\AppData\Local\Battle.net
2015-11-17 17:37 - 2011-05-30 13:19 - 01564262 _____ C:\Windows\WindowsUpdate.log
2015-11-17 16:08 - 2015-06-02 23:54 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2015-11-17 12:12 - 2012-06-19 10:26 - 00000000 ____D C:\Users\User\AppData\Local\The Witcher
2015-11-17 11:32 - 2014-08-20 22:45 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-11-17 09:30 - 2009-07-13 23:51 - 00205335 _____ C:\Windows\setupact.log
2015-11-17 06:33 - 2015-07-04 19:41 - 00007595 _____ C:\Users\User\AppData\Local\Resmon.ResmonCfg
2015-11-16 19:02 - 2012-11-27 12:18 - 00000000 ____D C:\Users\User\AppData\Local\PMB Files
2015-11-16 18:38 - 2009-07-13 23:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-16 18:38 - 2009-07-13 23:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-16 18:37 - 2009-07-14 00:13 - 00783336 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-16 18:31 - 2011-04-07 04:25 - 00000000 ____D C:\Windows\oem
2015-11-16 18:31 - 2010-11-20 22:47 - 00538790 _____ C:\Windows\PFRO.log
2015-11-16 18:31 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-16 18:11 - 2014-11-06 10:38 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-16 18:08 - 2014-11-06 10:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-16 18:08 - 2014-11-06 10:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-16 17:46 - 2015-05-04 11:12 - 00000000 ___HD C:\Users\User\AppData\Roaming\Origin
2015-11-16 17:44 - 2012-07-10 15:17 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sierra
2015-11-16 17:44 - 2011-12-10 10:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQUARE ENIX
2015-11-16 17:44 - 2011-04-07 04:25 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-16 17:38 - 2011-12-16 17:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts
2015-11-16 17:37 - 2014-03-05 23:12 - 00000000 ____D C:\Users\User\AppData\Roaming\My Battle for Middle-earth Files
2015-11-16 17:35 - 2013-03-12 18:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-11-16 17:35 - 2013-03-12 18:15 - 00000000 ____D C:\GOG Games
2015-11-16 17:35 - 2011-12-10 11:01 - 00000000 ____D C:\Users\User\Documents\My Games
2015-11-16 17:35 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-11-16 17:34 - 2015-07-02 02:44 - 00000000 ____D C:\Program Files (x86)\Hand of Fate Wildcards
2015-11-16 17:16 - 2014-01-05 23:34 - 00000000 ____D C:\Users\User\AppData\Local\CoCEd
2015-11-16 14:38 - 2015-08-25 00:38 - 02008576 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2015-11-16 13:54 - 2013-12-14 04:23 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2015-11-16 13:49 - 2011-12-16 17:57 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-11-16 13:35 - 2011-12-17 18:42 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
2015-11-12 16:13 - 2013-08-01 17:10 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2015-11-10 14:02 - 2014-08-20 23:04 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2015-11-10 05:56 - 2012-06-02 08:05 - 00000000 ____D C:\Program Files (x86)\Diablo III
2015-11-10 01:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2015-11-08 08:29 - 2015-06-23 16:22 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-08 08:28 - 2015-06-23 16:22 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-11-04 19:40 - 2014-06-02 21:03 - 00000024 _____ C:\Users\User\random.dat
2015-11-04 08:17 - 2014-06-02 21:03 - 00000043 _____ C:\Users\User\jagex_cl_oldschool_LIVE.dat
2015-11-02 13:32 - 2012-03-22 16:42 - 00000000 ____D C:\Users\User\Documents\GBA
2015-11-01 03:09 - 2014-08-01 01:53 - 00000000 ___RD C:\Users\User\Desktop\!Subfolder Prime!
2015-10-25 08:32 - 2014-06-02 21:03 - 00000000 ____D C:\Users\User\jagexcache
2015-10-24 02:45 - 2015-06-23 16:17 - 00000000 ____D C:\ProgramData\Oracle
2015-10-24 02:44 - 2015-06-23 16:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-10-24 02:43 - 2012-08-22 21:50 - 00000000 ____D C:\Program Files (x86)\Java
2015-10-24 02:32 - 2015-06-23 16:17 - 00000000 ____D C:\Program Files\Java
2015-10-24 02:31 - 2015-06-23 16:18 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-10-24 02:31 - 2012-07-23 23:17 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-24 02:31 - 2011-12-09 21:45 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-24 02:31 - 2011-12-08 13:03 - 00000000 ____D C:\Users\User\AppData\Local\Adobe

==================== Files in the root of some directories =======

2015-07-04 19:41 - 2015-11-17 06:33 - 0007595 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\User\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-10 20:00

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:16-11-2015
Ran by User (2015-11-17 17:45:48)
Running from C:\Users\User\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-12-08 18:02:56)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2145803270-435160569-1527060464-500 - Administrator - Disabled)
Guest (S-1-5-21-2145803270-435160569-1527060464-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2145803270-435160569-1527060464-1010 - Limited - Enabled)
User (S-1-5-21-2145803270-435160569-1527060464-1000 - Administrator - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7+ Taskbar Tweaker v4.2.7 (HKU\S-1-5-21-2145803270-435160569-1527060464-1000\...\7 Taskbar Tweaker) (Version: 4.2.7 - RaMMicHaeL)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20077 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Agatha Christie - 4:50 from Paddington (x32 Version: 2.2.0.95 - WildTangent) Hidden
AIM 7 (HKLM-x32\...\AIM_7) (Version:  - )
AMD Catalyst Install Manager (HKLM\...\{C8807716-1F6F-5C43-3C32-7295A45CF060}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
ASUS VGA Driver (x32 Version: 3.0.0.1) Hidden
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - )
Banished v1.0.0 64-bit (HKLM\...\{72C32B02-0B78-45F8-8528-2C93F62A7B47}) (Version: 1.0.0 - Shining Rock Software LLC)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Belkin Setup and Router Monitor (HKLM-x32\...\Belkin Setup and Router Monitor_is1) (Version:  - )
Belkin USB Print and Storage Center (HKLM\...\Belkin USB Print and Storage Center) (Version: 1.1.2 - Belkin International, Inc.)
blueMSX (HKLM-x32\...\{05C02EE9-9F0A-4052-A4DA-8621F729B1F5}) (Version: 2.8.2 - Team blueMSX)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Command & Conquer Red Alert 2 (HKLM-x32\...\Red Alert 2) (Version:  - )
Command && Conquer Red Alert 2 - Yuri's Revenge (HKLM-x32\...\Yuri's Revenge) (Version:  - )
CPUID HWMonitor 1.20 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2531.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
EAX™ Unified (SHELL) (HKLM-x32\...\EAX™ Unified (SHELL)) (Version:  - )
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
FINAL FANTASY VIII (HKLM-x32\...\FINAL FANTASY VIII) (Version:  - )
FINAL FANTASY XIV - A Realm Reborn (Beta Version) (HKLM-x32\...\{9C1BB613-F398-49B7-B346-5DEBA8ABBF38}) (Version: 0.9.1000 - SQUARE ENIX CO., LTD.)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
FINAL FANTASY XIV (HKLM-x32\...\{F2C4E6E0-EB78-4824-A212-6DF6AF0E8E82}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Foxit Reader (HKLM-x32\...\Foxit Reader) (Version:  - )
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Game Dev Tycoon version 1.4.0 (HKLM-x32\...\{5BBB8682-1335-410F-A79F-8E5611A54BD0}_is1) (Version: 1.4.0 - Greenheart Games Pty. Ltd.)
GameRanger (HKU\S-1-5-21-2145803270-435160569-1527060464-1000\...\GameRanger) (Version:  - GameRanger Technologies)
Gateway Games (HKLM-x32\...\WildTangent gateway Master Uninstall) (Version: 1.0.2.4 - WildTangent)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Gateway Incorporated)
Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.03.3003 - Gateway Incorporated)
Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.1.0225.2011 - Gateway Incorporated)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3014 - Gateway Incorporated)
HydraVision (x32 Version: 4.2.230.0 - Advanced Micro Devices, Inc.) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3006 - Gateway Incorporated)
Java 8 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Jewel Quest Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Livestream Procaster (HKLM-x32\...\{DEAD48E5-E36C-431E-B83C-E61CE71AA13F}) (Version: 20.2.69 - Procaster)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Medieval - Total War ™ (HKLM-x32\...\Medieval Total War) (Version: 1.1 - )
Medieval - Total War ™ (x32 Version: 1.1 - Activision) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version:  - )
Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}) (Version: 3.0.19.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.1.237 - Barnesandnoble.com)
NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
NYKO Gamepad Mapping Tools 2.0.0 (HKLM-x32\...\NYKO Gamepad Mapping Tools_is1) (Version:  - NYKO Technologies, Inc.)
OldSchool RuneScape Launcher 1.2.7 (HKLM-x32\...\{FEDDCE73-34B8-4980-90B8-8619A78C902C}) (Version: 1.2.7 - Jagex Ltd)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Ralink RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.19.0 - Ralink)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6045 - Realtek Semiconductor Corp.)
RGSS-RTP Standard (HKLM-x32\...\{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}) (Version: 1.0.0 - Enterbrain)
RPG MAKER VX Ace (HKLM-x32\...\RPGVXAce_E_is1) (Version: 1.01a - Enterbrain)
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
RPG Maker VX RTP (HKLM-x32\...\RPG Maker VX RTP_is1) (Version: 1.02 - Enterbrain)
RPGXP (HKLM-x32\...\{9B34CAC6-738F-4A20-B428-A115C3E3474C}) (Version: 1.0.0 - Enterbrain)
Shattered Galaxy (HKLM-x32\...\Shattered Galaxy) (Version: 1.85 - KRU Interactive)
Sid Meier's Pirates! (HKLM-x32\...\InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}) (Version: 2.00.0000 - Firaxis Games)
Sid Meier's Pirates! (x32 Version: 2.00.0000 - Firaxis Games) Hidden
Skype™ 6.5 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.5.158 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Stronghold HD (HKLM-x32\...\GOGPACKSTRONGHOLDHD_is1) (Version: 2.0.0.3 - GOG.com)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.6 - TeamSpeak Systems GmbH)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.12541 - TeamViewer)
The Witcher (HKLM-x32\...\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}) (Version: 1.00.0000 - CD Projekt Red)
Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)
Times Reader (x32 Version: 2.055 - The New York Times Company) Hidden
Torchlight (x32 Version: 2.2.0.95 - WildTangent) Hidden
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.2 - Tunngle.net GmbH)
Unity Web Player (HKU\S-1-5-21-2145803270-435160569-1527060464-1000\...\UnityWebPlayer) (Version: 4.5.4f1 - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Video Mover (HKLM-x32\...\Video Mover_is1) (Version:  - )
Vindictus (HKLM-x32\...\Vindictus) (Version:  - )
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.02.3102 - Gateway Incorporated)
Westwood Shared Internet Components (HKLM-x32\...\WOLAPI) (Version:  - )
WildTangent Games App (x32 Version: 4.0.10.15 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
XCOM: Enemy Unknown (HKLM-x32\...\XCOM: Enemy Unknown_is1) (Version:  - )
Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

11-11-2015 04:22:23 Windows Update
16-11-2015 17:37:53 Removed Star Wars Galactic Battlegrounds: Clone Campaigns
16-11-2015 17:38:24 Removed Star Wars Galactic Battlegrounds: Clone Campaigns
16-11-2015 17:40:17 Removed Star Warsョ: Knights of the Old Republic ™
16-11-2015 17:42:06 Removed SWAT 4
16-11-2015 17:43:40 Removed SWAT 4 - The Stetchkov Syndicate
17-11-2015 04:23:56 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-06-11 13:01 - 2013-06-11 13:01 - 00000889 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 bir3yk.net
127.0.0.1 dsiege2.available.gamespy.com

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {14C69CFB-E561-46A4-AFD7-9617E0F824BA} - System32\Tasks\{731AAD71-A9E7-413D-BAFC-A00C20B95939} => pcalua.exe -a C:\Users\User\Documents\GameRangerSetup.exe -d C:\Users\User\Documents
Task: {B1CAE3A1-578A-4C79-8D06-EDDD7E1A18AE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {B90071C7-9627-4609-9A29-C8230673F91D} - System32\Tasks\{C60A332E-4CBF-4F0C-969B-584F753B24F6} => pcalua.exe -a "C:\Users\User\Documents\vca34889545\RPG Maker\RPG Maker VX Ace Full\English Install.exe" -d "C:\Users\User\Documents\vca34889545\RPG Maker\RPG Maker VX Ace Full"
Task: {B9C96745-49C4-4767-BD2F-013F440A2903} - System32\Tasks\{167E7A91-EE96-49FC-8EC6-D61A77462ED2} => C:\Users\User\Documents\Gw2.exe [2014-06-07] (ArenaNet)
Task: {E1C54BD0-DC8C-44CB-BE01-738912588FD4} - System32\Tasks\{66C7B519-747C-4CD2-93FD-84647DC9F177} => C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe [2012-01-19] (TeamViewer GmbH)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (Whitelisted) ==============

2013-03-28 21:30 - 2013-03-28 21:30 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2012-09-03 16:10 - 2010-02-17 17:25 - 00181760 ____N () C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
2012-09-03 16:10 - 2010-02-09 14:55 - 00055296 ____N () C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
2012-09-03 16:10 - 2010-02-17 17:25 - 00149504 ____N () C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkLocalBackup.dll
2013-03-28 21:30 - 2013-03-28 21:30 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-09-03 16:09 - 2011-02-24 20:08 - 00022944 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll
2012-09-03 16:09 - 2011-02-15 12:15 - 00325632 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll
2012-09-03 16:09 - 2011-02-15 12:15 - 01954304 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll
2012-09-03 16:09 - 2011-02-15 12:16 - 07187456 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll
2012-09-03 16:09 - 2011-02-15 12:15 - 00847360 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll
2012-09-03 16:09 - 2011-02-15 11:25 - 00119808 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
2012-09-03 16:09 - 2011-02-24 19:39 - 00658432 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
2015-11-10 16:20 - 2015-11-10 16:20 - 26065408 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6337\libcef.dll
2015-11-10 16:20 - 2015-11-10 16:20 - 00739840 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6337\libGLESv2.dll
2015-11-10 16:20 - 2015-11-10 16:20 - 00293040 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6337\ortp.dll
2015-11-10 16:20 - 2015-11-10 16:20 - 00909312 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6337\platforms\qwindows.dll
2015-11-10 16:20 - 2015-11-10 16:20 - 00130048 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6337\libEGL.dll
2015-11-10 16:20 - 2015-11-10 16:20 - 00020992 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6337\imageformats\qgif.dll
2015-11-10 16:20 - 2015-11-10 16:20 - 00021504 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6337\imageformats\qico.dll
2015-11-10 16:20 - 2015-11-10 16:20 - 00205312 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6337\imageformats\qjpeg.dll
2015-11-10 16:20 - 2015-11-10 16:20 - 00225792 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6337\imageformats\qmng.dll
2015-11-10 16:20 - 2015-11-10 16:20 - 00015872 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6337\imageformats\qsvg.dll
2015-11-10 16:20 - 2015-11-10 16:20 - 00312832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6337\imageformats\qtiff.dll
2015-11-10 16:20 - 2015-11-10 16:20 - 00038400 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6337\audio\qtaudio_windows.dll
2015-11-10 16:20 - 2015-11-10 16:20 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6337\qml\QtQuick.2\qtquick2plugin.dll
2015-11-10 16:20 - 2015-11-10 16:20 - 00054272 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6337\qml\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-11-10 16:20 - 2015-11-10 16:20 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6337\qml\QtQml\Models.2\modelsplugin.dll
2015-10-24 02:31 - 2015-10-24 02:31 - 17599688 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2145803270-435160569-1527060464-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{95282C2F-CE30-4885-9018-DB9F5440E987}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{B78B557A-5898-4845-B4A5-59BD74E15AB2}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{0B6A0B9C-34BD-4E6E-9E4D-2004C95CD8A9}] => (Allow) LPort=2869
FirewallRules: [{D8144AE1-E902-4B94-A1A7-BB6526410EA3}] => (Allow) LPort=1900
FirewallRules: [{F96D3C2A-A550-400F-9306-EA4682A217FE}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{8DDB2CD0-48D7-4B52-B77D-202E8413BFFD}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{E2A9FA5B-6460-4889-9EE6-520E68B98700}] => (Allow) C:\Program Files (x86)\AIM\aim.exe
FirewallRules: [{2EE0517C-1333-4E7D-9EFF-D42B823B496E}] => (Allow) C:\Program Files (x86)\AIM\aim.exe
FirewallRules: [{2F36B2DE-0193-452A-A176-F0A6880325F1}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV\ffxivboot.exe
FirewallRules: [{DF81BB78-F4CD-4BD4-846D-7CAECA490F2B}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV\ffxivboot.exe
FirewallRules: [TCP Query User{EF30E62B-7906-4B52-B0AA-C3DB6FC1AAAF}C:\program files (x86)\aim\aim.exe] => (Allow) C:\program files (x86)\aim\aim.exe
FirewallRules: [UDP Query User{3549BE2B-A4BE-4D8A-B655-9B15BC7EBD5E}C:\program files (x86)\aim\aim.exe] => (Allow) C:\program files (x86)\aim\aim.exe
FirewallRules: [TCP Query User{6A44F276-EF10-4077-9D46-ADD45329DD3E}C:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe] => (Allow) C:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe
FirewallRules: [UDP Query User{609D62BB-F6D5-4D2D-9BCF-972604E05DE4}C:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe] => (Allow) C:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe
FirewallRules: [{367602DF-4548-4873-8580-723A723DCFDD}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{53902EB4-A4AD-445F-A391-88F59907BA20}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{FF37E9DE-B5D3-4346-8CDF-9AEBACADC891}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{62771A63-3FB3-4EE3-BFFA-1632AD00C6A4}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{B2272F3C-3554-4996-A437-16B139FE2F56}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{E40F01EE-0348-4DAF-80A0-7503797FCC38}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [TCP Query User{FF0FD65A-7BF3-4A5F-BD4D-5F95402C9159}C:\program files (x86)\teamviewer\version7\teamviewer.exe] => (Allow) C:\program files (x86)\teamviewer\version7\teamviewer.exe
FirewallRules: [UDP Query User{3FB2C3D8-3225-41A7-B97A-708732C59E60}C:\program files (x86)\teamviewer\version7\teamviewer.exe] => (Allow) C:\program files (x86)\teamviewer\version7\teamviewer.exe
FirewallRules: [TCP Query User{CCDC2C83-0771-49D8-A6F6-42D5BD9DA9E0}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{2936E132-7B25-4D27-A74A-EF7D89260318}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{B29491A6-81C3-4FC0-9665-73CCC70E527A}C:\users\user\documents\gw2.exe] => (Allow) C:\users\user\documents\gw2.exe
FirewallRules: [UDP Query User{15FBD699-9138-45EB-9BA6-6CED0D94DB33}C:\users\user\documents\gw2.exe] => (Allow) C:\users\user\documents\gw2.exe
FirewallRules: [TCP Query User{1FA6DFD8-6F6F-463E-9BAA-69D7AD2FA19C}C:\users\user\documents\astral\astral\astral.exe] => (Allow) C:\users\user\documents\astral\astral\astral.exe
FirewallRules: [UDP Query User{7DEBC327-A616-48DD-AF55-1369B048B186}C:\users\user\documents\astral\astral\astral.exe] => (Allow) C:\users\user\documents\astral\astral\astral.exe
FirewallRules: [TCP Query User{D8FF837A-F00B-4D30-8DE9-26991CF78F6C}C:\users\user\documents\astral\astral.exe] => (Allow) C:\users\user\documents\astral\astral.exe
FirewallRules: [UDP Query User{18B2CA31-BF76-4118-98E8-6CB418D72880}C:\users\user\documents\astral\astral.exe] => (Allow) C:\users\user\documents\astral\astral.exe
FirewallRules: [{2A59DA5F-F5B1-465E-8BBE-BAA5DBBA237E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe
FirewallRules: [{3B48B58D-FF1F-46F0-B061-D7EFA31F0B4D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe
FirewallRules: [{EA9C819F-3927-4C93-809B-7F577EDD2737}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.976\Agent.exe
FirewallRules: [{11629694-193B-400D-A0D5-63E005F4ED1C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.976\Agent.exe
FirewallRules: [{B82FD9A3-4C6C-46A4-93CB-DAB2538212D1}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{0FF29DE3-80DF-4F09-A638-C1EC8C35C0F1}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{2A2FE38B-6AFC-4E92-8BE9-341C9D93C1B5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.998\Agent.exe
FirewallRules: [{1FA87C51-8016-4B19-A311-B233E02C43A2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.998\Agent.exe
FirewallRules: [TCP Query User{79A4D354-55B7-4524-8094-3DB82012E9D6}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.icd] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.icd
FirewallRules: [UDP Query User{9586F95D-C9F8-4B00-942C-D5931BE8D8AB}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.icd] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.icd
FirewallRules: [TCP Query User{CFA7FDEB-D6F7-43EA-99B0-6C109F1651E7}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{0EAC7CB2-BB82-4FD9-96CA-E67B01E3018E}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{3953EA61-0573-4CEF-8E8E-1DD247D02A1A}C:\users\user\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\user\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [UDP Query User{83FE0F28-68F8-4129-AA46-D4BA5999D632}C:\users\user\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\user\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [{5B8975B9-6F14-4B6D-BE60-F78116B88C56}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe
FirewallRules: [{4E06D67E-81E2-4B08-987F-9A7CBBBC752B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe
FirewallRules: [{1758C8BF-706B-4058-A388-FEF3223B1848}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe
FirewallRules: [{94D96514-2DF7-46C5-8EA8-6965A8D1848D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe
FirewallRules: [{DD6B8FFD-F219-4DBC-9707-05BDFA31718B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1199\Agent.exe
FirewallRules: [{443072D1-4AC4-478B-A22E-838D2F422CA9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1199\Agent.exe
FirewallRules: [{2A3F4BBF-31AC-4F9D-A9AD-45848EF6A624}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1225\Agent.exe
FirewallRules: [{51A525BE-A463-4691-9824-AB709C113E16}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1225\Agent.exe
FirewallRules: [{3E06B69F-EF06-481A-9C3C-F77F4C8434FB}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{D4AFDA7B-4676-45F1-B083-E4547FD1FB29}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{1CABF318-C027-4051-81A4-D3068F99AB7D}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{6DD80591-FB16-4397-AC9F-086B2D03FDFC}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{BF6AD11F-7A3E-4986-9A0B-003841A53304}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{FAE8F80F-439D-4D73-AEF1-F39C1EC73F37}] => (Allow) C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe
FirewallRules: [{2025D3FE-1FBB-4B8D-A09E-83A08B45115D}] => (Allow) LPort=19540
FirewallRules: [{27EE0961-97D5-4AC7-8823-07576A8F1FA2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{F835B5C3-BC73-4B70-AA34-FC05996C61C0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [TCP Query User{8AEE54A0-37B2-449E-ACCB-7A11520890BF}C:\program files (x86)\lucasarts\star wars galactic battlegrounds saga\game\battlegrounds_x1.exe] => (Allow) C:\program files (x86)\lucasarts\star wars galactic battlegrounds saga\game\battlegrounds_x1.exe
FirewallRules: [UDP Query User{1E14A960-6F59-40AC-BD78-D4E52086103B}C:\program files (x86)\lucasarts\star wars galactic battlegrounds saga\game\battlegrounds_x1.exe] => (Allow) C:\program files (x86)\lucasarts\star wars galactic battlegrounds saga\game\battlegrounds_x1.exe
FirewallRules: [{6C5E5CF9-E49A-46C8-9C76-A10C5E55B09E}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{83CB4A9F-3567-4945-90AD-BE8652E4B81E}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{956B87B1-9F03-454D-8275-BE87BB0BB82A}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{BACAEE63-416E-4991-8C61-3F99A986ED3E}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{37D2A3E8-941A-4EDC-BCB8-E2AEAD1B8ECD}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{22B2EBDF-D0A8-49C7-A8A4-8202B69933B0}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{754A94DE-4629-4A0F-A45C-37BFD6F82233}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{947C577F-F83C-44F4-8FFA-D8105D4CDD15}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{5840D089-E4DB-468B-BCFA-78B484E9DDF3}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{9251707A-59F7-4636-AF29-38E281F366B3}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{5032EEE9-CA4A-4CE5-A344-730CF39E306A}] => (Allow) C:\Nexon\Vindictus\en-US\NMService.exe
FirewallRules: [{185F79C3-9DE6-4038-B874-3D2A908D4520}] => (Allow) C:\Nexon\Vindictus\en-US\NMService.exe
FirewallRules: [{4E56CD8E-AD08-4ADF-AC89-BFBAE90C90AE}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{96A2B7CF-8A76-46EF-A504-F4179535B93E}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{735A6705-88A4-4728-AFE4-5989DBEBCB86}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{E7D218F2-DBCF-4DCD-9B76-113DB182A328}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{EC920B77-1F93-4933-AB48-3394052FFE68}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [TCP Query User{86FAF19C-DDDD-463D-8843-865F3EBF9308}C:\users\user\documents\mamenewnew\kaillera\kaillerasrv.exe] => (Allow) C:\users\user\documents\mamenewnew\kaillera\kaillerasrv.exe
FirewallRules: [UDP Query User{9E3A52F1-B9F3-482E-B0FD-A2F3311DF675}C:\users\user\documents\mamenewnew\kaillera\kaillerasrv.exe] => (Allow) C:\users\user\documents\mamenewnew\kaillera\kaillerasrv.exe
FirewallRules: [{D5D67E51-FD23-4DFA-843D-64A0EA5921C3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1637\Agent.exe
FirewallRules: [{F8A37041-84B9-4EB0-84B9-1401EAD9B53D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1637\Agent.exe
FirewallRules: [{4C9E7ACC-975B-4558-839F-F0FF0494A82D}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn (Beta Version)\boot\ffxivboot.exe
FirewallRules: [{8C795609-F311-4F0D-9AF6-2E4E82CFBE97}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn (Beta Version)\boot\ffxivboot.exe
FirewallRules: [{47189C84-41DE-4537-BAF7-A6B35EB8DB90}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn (Beta Version)\boot\ffxivlauncher.exe
FirewallRules: [{24D39529-1EF6-4A42-9243-2C2E54978F7A}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn (Beta Version)\boot\ffxivlauncher.exe
FirewallRules: [TCP Query User{2EB65457-A4E2-499F-84A4-949B4A00B445}C:\program files (x86)\squareenix\final fantasy xiv - a realm reborn (beta version)\game\ffxiv.exe] => (Allow) C:\program files (x86)\squareenix\final fantasy xiv - a realm reborn (beta version)\game\ffxiv.exe
FirewallRules: [UDP Query User{CF88DFA3-3437-450F-BE89-B4EE4B08E1CD}C:\program files (x86)\squareenix\final fantasy xiv - a realm reborn (beta version)\game\ffxiv.exe] => (Allow) C:\program files (x86)\squareenix\final fantasy xiv - a realm reborn (beta version)\game\ffxiv.exe
FirewallRules: [TCP Query User{93A1B83C-0F47-4173-8440-6785BA0C17E7}C:\program files (x86)\xcom enemy unknown\binaries\win32\xcomgame.exe] => (Allow) C:\program files (x86)\xcom enemy unknown\binaries\win32\xcomgame.exe
FirewallRules: [UDP Query User{72155491-C4ED-4287-B0C0-9DE23D99F0B2}C:\program files (x86)\xcom enemy unknown\binaries\win32\xcomgame.exe] => (Allow) C:\program files (x86)\xcom enemy unknown\binaries\win32\xcomgame.exe
FirewallRules: [TCP Query User{0812492E-433D-4C71-A7DF-C87AF0E0FAF6}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{7592E38B-2BEF-4F32-88A8-C4BA5EB52B99}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{D7139857-E66A-4726-9DED-A292BD582D1E}C:\users\user\documents\nes\rocknesx.exe] => (Allow) C:\users\user\documents\nes\rocknesx.exe
FirewallRules: [UDP Query User{E7B66826-203F-431E-B3AF-AABFA712A9AB}C:\users\user\documents\nes\rocknesx.exe] => (Allow) C:\users\user\documents\nes\rocknesx.exe
FirewallRules: [TCP Query User{6540A747-B2A4-44D3-B7C6-AB0D86A82210}C:\windows\syswow64\dpnsvr.exe] => (Allow) C:\windows\syswow64\dpnsvr.exe
FirewallRules: [UDP Query User{BFB71113-2325-457C-A30B-F7189EE0240D}C:\windows\syswow64\dpnsvr.exe] => (Allow) C:\windows\syswow64\dpnsvr.exe
FirewallRules: [TCP Query User{82506CE6-DB08-4637-B4E7-68A69AACA9A5}C:\users\user\documents\new folder\new folder (5)s\shipgate.exe] => (Block) C:\users\user\documents\new folder\new folder (5)s\shipgate.exe
FirewallRules: [UDP Query User{397CC6BC-48E2-499B-854B-0D9F78A2FE44}C:\users\user\documents\new folder\new folder (5)s\shipgate.exe] => (Block) C:\users\user\documents\new folder\new folder (5)s\shipgate.exe
FirewallRules: [{DE847584-1BE7-4418-8ACF-FEE493CA0451}] => (Allow) C:\Users\User\Documents\Minecraft\FTB_Launcher.exe
FirewallRules: [{2B3BC12C-B90E-4DDC-A00F-2266134D4F7D}] => (Allow) C:\Users\User\Documents\Minecraft\FTB_Launcher.exe
FirewallRules: [{5ABD1233-9FD5-4A5F-9824-66AD491114C5}] => (Allow) C:\Users\User\Documents\Minecraft\FTB_Launcher.exe
FirewallRules: [{6E4E4EE1-BE09-4BDB-93D9-A1F1799BA11C}] => (Allow) C:\Users\User\Documents\Minecraft\FTB_Launcher.exe
FirewallRules: [TCP Query User{FC35B771-B24B-424B-B313-F47081E33BBE}C:\program files (x86)\xcom enemy unknown\binaries\win32\xcomgame.exe] => (Allow) C:\program files (x86)\xcom enemy unknown\binaries\win32\xcomgame.exe
FirewallRules: [UDP Query User{9F2ABE90-E703-45DE-8206-EC47DFA86F8C}C:\program files (x86)\xcom enemy unknown\binaries\win32\xcomgame.exe] => (Allow) C:\program files (x86)\xcom enemy unknown\binaries\win32\xcomgame.exe
FirewallRules: [TCP Query User{DAB85D1D-1F9C-4760-8F2B-51C27D06DBC3}C:\games\dragon age origins\bin_ship\daorigins.exe] => (Allow) C:\games\dragon age origins\bin_ship\daorigins.exe
FirewallRules: [UDP Query User{7347E373-D84B-41D7-BFD2-3894A5F90351}C:\games\dragon age origins\bin_ship\daorigins.exe] => (Allow) C:\games\dragon age origins\bin_ship\daorigins.exe
FirewallRules: [{81245AAA-35C9-47C3-982B-E5E4341CA3D0}] => (Block) C:\games\dragon age origins\bin_ship\daorigins.exe
FirewallRules: [{00D5ABCB-2126-4E24-9E7D-C10616D9ACEC}] => (Block) C:\games\dragon age origins\bin_ship\daorigins.exe
FirewallRules: [TCP Query User{790B5508-5887-4610-8493-178E3E98BC2C}C:\users\user\desktop\neverwinter_nw.1.20130416a.6.exe] => (Allow) C:\users\user\desktop\neverwinter_nw.1.20130416a.6.exe
FirewallRules: [UDP Query User{B928B91C-8775-4D5F-9A11-9E40A51034A3}C:\users\user\desktop\neverwinter_nw.1.20130416a.6.exe] => (Allow) C:\users\user\desktop\neverwinter_nw.1.20130416a.6.exe
FirewallRules: [TCP Query User{B28F23A6-4B02-48EA-A116-250EF2E926DB}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe] => (Allow) C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe
FirewallRules: [UDP Query User{499E858C-9E72-458C-867D-B3C7775749C4}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe] => (Allow) C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe
FirewallRules: [{E1016264-95A0-4E3E-94B4-560F33FB13A8}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{D034EC02-AD45-411C-9060-B24643365F16}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{8B838E40-F7B1-4674-960B-0C8D03A705DD}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{524DFB2D-6798-48B3-A293-618304E88C15}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [TCP Query User{190700CD-6E64-413A-85C9-3DF7125B44DE}C:\games\left4dead\left4dead.exe] => (Allow) C:\games\left4dead\left4dead.exe
FirewallRules: [UDP Query User{9BE1FC27-5F3B-4F75-8854-72C7EEEC2374}C:\games\left4dead\left4dead.exe] => (Allow) C:\games\left4dead\left4dead.exe
FirewallRules: [TCP Query User{76993FA2-56E9-4FD5-B960-E9383A045E70}C:\games\left4dead2\left4dead 2\left4dead2.exe] => (Allow) C:\games\left4dead2\left4dead 2\left4dead2.exe
FirewallRules: [UDP Query User{A3467AFE-412B-4740-9826-F35C01C26EDD}C:\games\left4dead2\left4dead 2\left4dead2.exe] => (Allow) C:\games\left4dead2\left4dead 2\left4dead2.exe
FirewallRules: [TCP Query User{58976FC2-201C-49C9-A458-DA45FA6C5896}C:\Program Files (x86)\Borderlands 2\binaries\win32\borderlands2.exe] => (Allow) C:\Program Files (x86)\Borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [UDP Query User{720940A2-7F71-40F0-A2B2-0300F9A5B0B8}C:\Program Files (x86)\Borderlands 2\binaries\win32\borderlands2.exe] => (Allow) C:\Program Files (x86)\Borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [TCP Query User{583D14E9-B595-4D9C-932E-CACF1704E957}C:\program files (x86)\borderlands 2\binaries\win32\borderlands2.exe] => (Allow) C:\program files (x86)\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [UDP Query User{6AAA45AE-0498-446A-ABFB-53D004DC4123}C:\program files (x86)\borderlands 2\binaries\win32\borderlands2.exe] => (Allow) C:\program files (x86)\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [TCP Query User{6DC9922D-A221-4EEE-BD16-9E48725004F8}C:\users\user\documents\hammerwatch\hammerwatch.exe] => (Allow) C:\users\user\documents\hammerwatch\hammerwatch.exe
FirewallRules: [UDP Query User{B2B977F4-1855-4DFC-ADFC-A1058D327A47}C:\users\user\documents\hammerwatch\hammerwatch.exe] => (Allow) C:\users\user\documents\hammerwatch\hammerwatch.exe
FirewallRules: [TCP Query User{D130FA04-692F-4B4E-9C33-74906739F48B}C:\users\user\documents\terraria\terrariaserver.exe] => (Allow) C:\users\user\documents\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{BFD4F8BA-4517-4917-803B-91A966D90EE5}C:\users\user\documents\terraria\terrariaserver.exe] => (Allow) C:\users\user\documents\terraria\terrariaserver.exe
FirewallRules: [TCP Query User{450FFD7E-2B76-479C-8660-84F5C5FACE3F}C:\program files (x86)\frozenbyte\trine 2 - complete story\trine2_32bit.exe] => (Allow) C:\program files (x86)\frozenbyte\trine 2 - complete story\trine2_32bit.exe
FirewallRules: [UDP Query User{92E9CB14-ED84-42C0-B6C5-52BD0C651FCE}C:\program files (x86)\frozenbyte\trine 2 - complete story\trine2_32bit.exe] => (Allow) C:\program files (x86)\frozenbyte\trine 2 - complete story\trine2_32bit.exe
FirewallRules: [{19057BA5-6BE7-4029-9950-3A636A2AC151}] => (Block) C:\program files (x86)\frozenbyte\trine 2 - complete story\trine2_32bit.exe
FirewallRules: [{99180896-0459-407A-8BF9-61A38023D3E5}] => (Block) C:\program files (x86)\frozenbyte\trine 2 - complete story\trine2_32bit.exe
FirewallRules: [{01D0530F-B9FF-4C8C-A073-897A20A015FC}] => (Allow) C:\Windows\SysWOW64\dpnsvr.exe
FirewallRules: [{F35D902D-F688-41BF-8955-DE3DDD39DBCA}] => (Allow) C:\Windows\SysWOW64\dpnsvr.exe
FirewallRules: [{47D438BD-7552-474F-8583-980359F96BCF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{ABD855BB-88CA-449B-9728-19BC933699BA}C:\users\user\documents\cube world\server.exe] => (Allow) C:\users\user\documents\cube world\server.exe
FirewallRules: [UDP Query User{5CE208D6-4512-4376-8A74-6BBB2BEB48ED}C:\users\user\documents\cube world\server.exe] => (Allow) C:\users\user\documents\cube world\server.exe
FirewallRules: [{A7D91FAB-97EA-46F8-8DC4-8BCD5532346F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{0CCA8820-77FC-474C-89F7-0B398AB22CD9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{3A2B2165-603B-4B02-994B-8D9B45AF65A5}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{3AE82583-83F5-47C9-B30B-0C751DEF9EED}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{77524868-5312-438E-8BB8-3398B68D2C2A}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{B5986EAC-AFB1-4809-A293-8DFA8FDE7D8D}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{E3C7DF66-499E-44CE-A1AF-7D41E8A1420E}] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [{0EE706E9-96BD-4443-83AA-9039DCBB7149}] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [{CFE36FEB-AF5B-45A0-AD35-E14C18D8823B}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires II\age2_x1\age2_x2.exe
FirewallRules: [{B8B1E1C2-718D-46DC-B062-FB516C8F59F1}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires II\age2_x1\age2_x2.exe
FirewallRules: [TCP Query User{F96C75FD-3F96-4A67-A5BC-B9CCD59EA281}C:\program files (x86)\westwood\ra2\patchgetmd.dat] => (Allow) C:\program files (x86)\westwood\ra2\patchgetmd.dat
FirewallRules: [UDP Query User{87C18B96-5ECF-4D9B-BD61-9B4194A2E57A}C:\program files (x86)\westwood\ra2\patchgetmd.dat] => (Allow) C:\program files (x86)\westwood\ra2\patchgetmd.dat
FirewallRules: [{C0BAE4A7-BF6F-48A9-945D-905B6C974DE2}] => (Block) C:\program files (x86)\westwood\ra2\patchgetmd.dat
FirewallRules: [{5C74BDDA-0881-48FC-B39D-43DA60E8462C}] => (Block) C:\program files (x86)\westwood\ra2\patchgetmd.dat
FirewallRules: [TCP Query User{C86F458D-B840-4704-9AC8-FCF39CC89134}C:\program files (x86)\robot entertainment\orcs must die!\build\release\orcsmustdie.exe] => (Allow) C:\program files (x86)\robot entertainment\orcs must die!\build\release\orcsmustdie.exe
FirewallRules: [UDP Query User{6EA23B42-F1FA-4A0C-92AD-F4D278CB1C2C}C:\program files (x86)\robot entertainment\orcs must die!\build\release\orcsmustdie.exe] => (Allow) C:\program files (x86)\robot entertainment\orcs must die!\build\release\orcsmustdie.exe
FirewallRules: [{D6880313-9CA8-471B-83BC-5163B40B5F10}] => (Block) C:\program files (x86)\robot entertainment\orcs must die!\build\release\orcsmustdie.exe
FirewallRules: [{D23CAE42-995F-458A-A32C-39E0C9B8BF0B}] => (Block) C:\program files (x86)\robot entertainment\orcs must die!\build\release\orcsmustdie.exe
FirewallRules: [{F23DBAF8-E8E7-429C-94EB-A07F8D784892}] => (Allow) C:\Nexon\Vindictus\en-US\NMService.exe
FirewallRules: [{074F728B-F344-4D15-8C4E-A95F63BB1FEC}] => (Allow) C:\Nexon\Vindictus\en-US\NMService.exe
FirewallRules: [{FF9EF153-9EB0-41D9-BBD6-5411FB8FB55B}] => (Allow) C:\Program Files (x86)\The Battle for Middle-earth ™\game.dat
FirewallRules: [{67CBFE4E-9DD5-4CDC-A44C-D2E49AD7A6BD}] => (Allow) C:\Program Files (x86)\The Battle for Middle-earth ™\game.dat
FirewallRules: [{3579BCD1-DDFD-4C59-AC1F-27E4584F307B}] => (Allow) C:\Program Files (x86)\EA GAMES\The Battle for Middle-earth ™\game.dat
FirewallRules: [{896CC946-CC90-4BCC-BE62-3B986E1A45E2}] => (Allow) C:\Program Files (x86)\EA GAMES\The Battle for Middle-earth ™\game.dat
FirewallRules: [{58F90F7D-806D-4BEB-99CF-B8294C322C35}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{9F6DC68E-48E0-45E9-8830-D292BAC55BDF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{E5FB8A31-3EF4-4B2A-981A-4FC892254F8D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{54E8A07A-6BF6-49DF-AE6F-FB2781C7559B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [TCP Query User{78BE299B-BD6F-455B-A9B3-E066B3111D4B}C:\program files (x86)\sony\content manager assistant\cma.exe] => (Allow) C:\program files (x86)\sony\content manager assistant\cma.exe
FirewallRules: [UDP Query User{7D7F9855-49C7-4F85-AFA9-27D0105F07E6}C:\program files (x86)\sony\content manager assistant\cma.exe] => (Allow) C:\program files (x86)\sony\content manager assistant\cma.exe
FirewallRules: [TCP Query User{84DC2187-ABE1-43EF-A5C2-2E7E45A7CEBD}C:\program files (x86)\payday 2\payday2_win32_release.exe] => (Allow) C:\program files (x86)\payday 2\payday2_win32_release.exe
FirewallRules: [UDP Query User{598FE7CE-610D-442D-B884-D004AC583644}C:\program files (x86)\payday 2\payday2_win32_release.exe] => (Allow) C:\program files (x86)\payday 2\payday2_win32_release.exe
FirewallRules: [{F0192D0E-B74A-4A56-937E-2A3F890C73DF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{82621C9D-5BFC-4363-9E2B-3D01BE895ACF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{72E8F4DB-019B-445F-9814-7D6A2AD2A96B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{71684353-D8A1-4688-965B-F213C9DF6666}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{47F4ED54-6E15-4573-AE47-5FF836F2FA06}] => (Allow) C:\Program Files (x86)\The Battle for Middle-earth ™ II\game.dat
FirewallRules: [{171E0227-AB17-4462-9119-3CCA45E90E1F}] => (Allow) C:\Program Files (x86)\The Battle for Middle-earth ™ II\game.dat
FirewallRules: [{7C1B32FD-2BC3-49DF-B794-7830FA156D47}] => (Allow) C:\Program Files (x86)\The Lord of the Rings, The Rise of the Witch-king\game.dat
FirewallRules: [{AC332A4A-E9CD-44E1-BD81-510202461B3E}] => (Allow) C:\Program Files (x86)\The Lord of the Rings, The Rise of the Witch-king\game.dat
FirewallRules: [{BE50C38D-8EFB-44C8-8A1F-3AFD4A4EB0EE}] => (Allow) C:\Program Files (x86)\The Lord of the Rings, The Rise of the Witch-king\game.dat
FirewallRules: [{8B452E66-429E-49EF-9290-F99ECAE5A03C}] => (Allow) C:\Program Files (x86)\The Lord of the Rings, The Rise of the Witch-king\game.dat
FirewallRules: [{7104A9C3-AB4F-4A90-8CE8-FA746513C040}] => (Allow) C:\Program Files (x86)\EA GAMES\The Battle for Middle-earth ™\game.dat
FirewallRules: [{0CF8F367-AAC8-4B21-A80E-1CAA12CFD969}] => (Allow) C:\Program Files (x86)\EA GAMES\The Battle for Middle-earth ™\game.dat
FirewallRules: [{15DC1755-1911-47A0-A979-C3C973271220}] => (Allow) C:\Program Files (x86)\The Battle for Middle-earth ™ II\game.dat
FirewallRules: [{3CF56CE6-870B-4F44-BBD4-EB535A5E8408}] => (Allow) C:\Program Files (x86)\The Battle for Middle-earth ™ II\game.dat
FirewallRules: [TCP Query User{C919CCE7-6AD6-4700-AEAE-7777ADC2E123}C:\program files (x86)\team17\worms world party\wwp.exe] => (Allow) C:\program files (x86)\team17\worms world party\wwp.exe
FirewallRules: [UDP Query User{8B8F380C-D42C-4933-B652-B7B27866653E}C:\program files (x86)\team17\worms world party\wwp.exe] => (Allow) C:\program files (x86)\team17\worms world party\wwp.exe
FirewallRules: [{F569C8F1-3DBC-4A98-9CE5-9DAD0DB7480E}] => (Block) C:\program files (x86)\team17\worms world party\wwp.exe
FirewallRules: [{5A7F62D1-06A3-4ED1-8A7E-5ED40069BAEB}] => (Block) C:\program files (x86)\team17\worms world party\wwp.exe
FirewallRules: [TCP Query User{8CEC5ECD-3FCD-4E0E-8636-D1B697D2B087}C:\team17\worms world party\wwp.exe] => (Allow) C:\team17\worms world party\wwp.exe
FirewallRules: [UDP Query User{95F513BD-4543-4921-B20A-D9A3421BCF60}C:\team17\worms world party\wwp.exe] => (Allow) C:\team17\worms world party\wwp.exe
FirewallRules: [{A6FAC0EA-5A3E-4AF5-9AA7-0246896DC7ED}] => (Block) C:\team17\worms world party\wwp.exe
FirewallRules: [{90F0F6CB-C3DF-4FD3-8C4F-C90D6EEF598B}] => (Block) C:\team17\worms world party\wwp.exe
FirewallRules: [{1746D775-39C5-48C9-87CB-C01A0E45E146}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{5D433E2D-2E47-45CC-99FE-12D4338C82F1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{679FE30C-8600-4A2B-A84A-04E739E1EE2E}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{CA723C6B-8E2E-4379-B728-9D0BEA53D4EA}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{E8E2B9AD-7928-46CB-9693-D1E8CB8AF507}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{A4426D66-4212-47E4-8406-E4AF48C6FA4F}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{F62973AA-5C4C-4845-B851-89EDCA2F79B2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{6F3CB771-5206-4A53-89CC-3FD22FE8DFBF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{2C730881-02A0-4D25-88D9-CDB21CB42C9D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{867493F0-BB53-4579-A418-3A57220C38FC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{FA0F1BFA-C62E-4B3F-8F19-1A298A153E22}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
FirewallRules: [{66C2FEEA-B70C-4E53-BC90-566E527855B6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
FirewallRules: [{497A0C29-ED83-44EF-B1C4-FEB4397A9E3C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [{11DF6CA7-92FD-440C-A60A-9E64A4AE661F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [{44C0643A-CE68-45CB-AA75-2C2DB053E4B1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{BE272F87-7771-4884-84AC-F10399570C17}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{9278E75C-0FB4-44A5-BF4C-37663A74386E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{D0404523-3AF0-4E2F-9970-CF448568D0F8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{AD130675-0D32-445C-BE4E-CA8626518A71}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{640C4474-294C-4499-8ACC-39F9E9B6D6BF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{67E6A810-F06A-4921-853D-204EC5D4A24B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{F8D01F38-9489-4DD3-A048-7833A50FBFB6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{67227467-3358-4FBD-A85A-97C881202948}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{06472407-BD09-4EA8-A61D-7987F7201285}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{42B5221E-86A0-40A9-A234-93CCA298D3EB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{B5DEB3E5-200A-4CF6-9E1D-7132F14ADEC7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{819E7C1B-9BBB-4AED-AA76-CFFF6C3475FD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{F0EEE6BC-2A52-4592-8BFE-0D0821EC6343}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [TCP Query User{592A1EBD-8786-4FCA-AB63-2546677152AC}C:\program files (x86)\divinity original sin\shipping\eocapp.exe] => (Allow) C:\program files (x86)\divinity original sin\shipping\eocapp.exe
FirewallRules: [UDP Query User{37FF296A-DFE9-4F73-BD8F-D42FD8C70BE2}C:\program files (x86)\divinity original sin\shipping\eocapp.exe] => (Allow) C:\program files (x86)\divinity original sin\shipping\eocapp.exe
FirewallRules: [{D897B729-D5E5-4CA1-85D8-326F27552363}] => (Block) C:\program files (x86)\divinity original sin\shipping\eocapp.exe
FirewallRules: [{3460FFE2-9631-4FC7-9174-CDF2B74F6D87}] => (Block) C:\program files (x86)\divinity original sin\shipping\eocapp.exe
FirewallRules: [{7ADB9DD3-18C2-47CB-B469-AC1AB16CD790}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{58C30ECF-1776-4B9A-A6D0-97F2B446E984}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [TCP Query User{827CA3EA-390B-4FCB-B6D7-8CDD2D568A60}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{02983ACE-0B74-4A74-9C97-DE5C868F6E1C}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{F2596F58-3EEB-4C5B-A64E-CBDA45411E3F}C:\programdata\battle.net\agent\agent.3526\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3526\agent.exe
FirewallRules: [UDP Query User{9A700065-3DAE-47FC-AD50-00CE70EB8D22}C:\programdata\battle.net\agent\agent.3526\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3526\agent.exe
FirewallRules: [{38793280-361A-469B-A2C7-FB947008841A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{AEC04285-82B4-4B43-B3DF-9EF1047E2010}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{AA754BFA-F67D-4AE0-B401-3F7552ED4A93}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{0514130F-CDA9-4620-B091-7FF1EEA7F1AC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{AF9D230C-233D-45D5-BD8E-4101D046C72B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3668\Agent.exe
FirewallRules: [{B426B581-9DD1-4445-AA1B-2DEBDB6156A0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3668\Agent.exe
FirewallRules: [{B965E175-A284-42F4-87E7-490A001311E8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{B636DC5A-3AD3-46CD-BC76-BA7D61E89480}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [TCP Query User{222C5945-C041-465B-AECD-C84B2E193C34}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{6D5AD090-CDAB-4570-A1A4-631A3F18FF47}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [{E9A746B7-91C7-4C7A-A4DF-941D4FBB6E37}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{59605654-E322-411E-8AE4-E94C01B19CA5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{7F31D576-A709-4941-B00A-CEBD213611F5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{DF3BF919-87D0-4704-A129-FFEC268D42CE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [TCP Query User{2E824BFC-83AF-48B6-8066-B1E7E96E2A56}C:\program files (x86)\r.g. gamblers\divinity - original sin\shipping\eocapp.exe] => (Allow) C:\program files (x86)\r.g. gamblers\divinity - original sin\shipping\eocapp.exe
FirewallRules: [UDP Query User{D0A2952D-49E8-4D62-91B9-D060F9317537}C:\program files (x86)\r.g. gamblers\divinity - original sin\shipping\eocapp.exe] => (Allow) C:\program files (x86)\r.g. gamblers\divinity - original sin\shipping\eocapp.exe
FirewallRules: [{62D39470-1360-45DD-8F9F-D8D8DCAFC727}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{ACF199DD-0CE6-4AB4-A936-BD48AEC81CC4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [TCP Query User{CFD5776E-CCFA-41DD-A892-ADE5C66C0CD8}C:\windows\syswow64\ftp.exe] => (Block) C:\windows\syswow64\ftp.exe
FirewallRules: [UDP Query User{37AFE191-5825-4DAE-9EB5-6B2CED8D8672}C:\windows\syswow64\ftp.exe] => (Block) C:\windows\syswow64\ftp.exe
FirewallRules: [{8230E3AA-FF96-49C8-ABD0-5A2A500BE3EE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{368D53A4-3D93-4223-82F8-55A418C03CFD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{8D708FEF-E0A6-4A41-92E9-69E952D64D96}C:\users\user\documents\gamecube\dolphin-x64\dolphin.exe] => (Allow) C:\users\user\documents\gamecube\dolphin-x64\dolphin.exe
FirewallRules: [UDP Query User{4FA86B40-1FE6-4898-8737-6534B03C335F}C:\users\user\documents\gamecube\dolphin-x64\dolphin.exe] => (Allow) C:\users\user\documents\gamecube\dolphin-x64\dolphin.exe
FirewallRules: [{F8391B6D-C39C-4387-9513-6FADF6419195}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{44951644-1055-4E0B-B691-5EC2067778F8}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{B2B7C60E-8058-47C2-A464-033F7F5ACC40}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{20ACFA4E-9571-4BAA-80BB-B3A1982DC982}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [TCP Query User{B912572D-5FD8-47E8-B919-46BA324BA9CE}C:\program files (x86)\heroes of the storm public test\versions\base34880\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm public test\versions\base34880\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{8814BCB5-5D6E-47D6-9735-AAA4542F53C5}C:\program files (x86)\heroes of the storm public test\versions\base34880\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm public test\versions\base34880\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{72317421-D8C3-4487-915D-05A2315B0EF1}C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{13EE3B4E-FC2D-49C1-B3DF-79D89F1DF277}C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [{C884B5FE-F862-4C96-8257-F0DC5BA9079F}] => (Allow) C:\Users\User\AppData\Local\Temp\nsj8FFD.tmp\Installer-75676781.exe
FirewallRules: [{CF6CD25F-5958-43FD-864A-EDD255674E7F}] => (Allow) C:\Users\User\AppData\Local\Temp\nsj8FFD.tmp\Installer-75676781.exe
FirewallRules: [TCP Query User{13A74AFB-D042-46FC-91A9-EA91A0DDC16A}C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{AED5BEAB-AD4C-46DA-A26D-75CB57E0CB82}C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{8272E027-482C-47F9-927A-7A40B00E5932}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{CE0D3558-5DB6-4E88-9214-CC1DEA2D068E}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{FF0C19F3-5CBB-4B4D-8B7A-44E14FAC10F1}] => (Allow) C:\Program Files (x86)\Heroes of the Storm\Versions\Base38793\HeroesOfTheStorm_x64.exe
FirewallRules: [{D1CDE25A-7145-4AFC-9658-562BEDDEEBDA}] => (Allow) C:\Program Files (x86)\Heroes of the Storm\Versions\Base38793\HeroesOfTheStorm_x64.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/17/2015 06:11:50 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/17/2015 00:30:56 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/16/2015 06:33:23 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/16/2015 06:33:23 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/16/2015 06:33:05 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/16/2015 06:33:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2015 06:04:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2015 05:53:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2015 01:33:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: witcher.EXE, version: 1.5.0.1304, time stamp: 0x4910475c
Faulting module name: witcher.EXE, version: 1.5.0.1304, time stamp: 0x4910475c
Exception code: 0xc0000005
Fault offset: 0x006656cc
Faulting process id: 0x1714
Faulting application start time: 0xwitcher.EXE0
Faulting application path: witcher.EXE1
Faulting module path: witcher.EXE2
Report Id: witcher.EXE3

Error: (11/08/2015 08:16:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (11/16/2015 06:42:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (11/16/2015 06:42:16 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\User\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (11/16/2015 06:42:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (11/16/2015 06:42:15 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\User\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (11/16/2015 06:42:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (11/16/2015 06:42:15 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\User\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (11/16/2015 06:36:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (11/16/2015 06:36:39 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\User\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (11/16/2015 06:36:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (11/16/2015 06:36:39 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\User\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


CodeIntegrity:
===================================
  Date: 2013-04-21 01:57:22.724
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\User\AppData\Local\Temp\mc2E588.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-04-21 01:57:22.703
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\User\AppData\Local\Temp\mc2E588.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-10-10 17:20:09.243
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\User\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-10-10 17:20:09.224
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\User\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-10-10 17:20:09.190
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\User\Documents\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-10-10 17:20:09.171
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\User\Documents\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-06-24 10:15:16.037
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\netr28x.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-06-24 10:15:16.017
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\netr28x.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD Phenom™ II X6 1065T Processor
Percentage of memory in use: 37%
Total physical RAM: 6143.21 MB
Available physical RAM: 3833.06 MB
Total Virtual: 12284.62 MB
Available Virtual: 8528.03 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:1382.17 GB) (Free:689.93 GB) NTFS
Drive d: (LOTRBFME1) (CDROM) (Total:0.66 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 1BB72543)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1382.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:17 AM

Posted 17 November 2015 - 06:29 PM

warning.gif No resident protection warning

Always have one (and no more than one!) Antivirus program, as the resident protection is absolutely a must-have on any Windows!

Each paid-for Anti-Virus comes with a free trial if you wish to try the software before purchasing. Alternatively, you may wish to use the trial, and revert to a free anti-virus afterwards.
For a paid solution, my choice of anti-virus is ESET NOD32. For a free solution, my choice of anti-virus is avast!.

 

Are you running proxy settings on Firefox on purpose? If not, please delete the entries.

______________________________________


cleandeeprybka.gif


That's it! abklatsch.gif
Your logs look clean to me at the moment. :thumbup2:
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody, however...
If I have helped you fix your PC, then please consider donating to continue the fight against malware: btn_donate_SM.gif
Thank you!


Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated:

 

Internet Explorer Version 9
Mozilla Firefox 38.0.5
Adobe Flash Player 12 ActiveX



Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 Kjolin

Kjolin
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 17 November 2015 - 06:50 PM

The proxies were intentional, but long since used. Deleted them anyways. Following the cleanup & updating process now. Thank you for your help!



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:17 AM

Posted 18 November 2015 - 04:01 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users