Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC started to act strange after updating to latest java...


  • This topic is locked This topic is locked
4 replies to this topic

#1 bluedoggie2122

bluedoggie2122

  • Members
  • 106 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 20 November 2015 - 02:15 AM

Hi Bleeping Computer,

 

I don't know if this is a malware problem or not but after I updated to the latest java and restarted my computer I got a runtime error. It was something about Program C that was terminated in an unusual way. The weird thing was that my AV and malwarebytes was turned off and not running in task manager. So I tried restarting my computer but it kept not loading my AV and malwarebytes (I had to manually start them.) Then I tried a system restore and I picked the one where I installed Microsoft Visual C++ 2013 but it kept failing saying something was blocking the process from completing. Next I tried reinstalling the java update and it was successful but my taskmanager was showing thousands of instances of javaws.exe*32 and it was eating my cpu. I've read somewhere on bleeping computer that it is related to a keylogger or bank tracker. I don't want any of that on my computer. Please help me. I have posted my FRST and addition log below:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:19-11-2015
Ran by user (administrator) on USER-PC (19-11-2015 23:01:27)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7004376 2015-11-19] (AVAST Software)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKU\S-1-5-21-3532764290-1005100713-3378480098-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2015-10-23] (SUPERAntiSpyware)
HKU\S-1-5-21-3532764290-1005100713-3378480098-1000\...\MountPoints2: {333c98f5-b153-11e4-b0e7-806e6f6e6963} - D:\setup.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-11-19] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{614B99FA-DCDD-409B-AE40-EF924C7DA288}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-19] (AVAST Software)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-19] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-19] (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-19] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\apstk4cy.default-1436850714672
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-19] (Oracle Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Extension: NoScript - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\apstk4cy.default-1436850714672\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-11-06]
FF Extension: WOT - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\apstk4cy.default-1436850714672\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-11-11]
FF Extension: Ghostery - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\apstk4cy.default-1436850714672\Extensions\firefox@ghostery.com.xpi [2015-11-06]
FF Extension: Adblock Plus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\apstk4cy.default-1436850714672\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-10-01]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-11-19]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-11-19]

Chrome:
=======
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-10]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-10]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-10]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-10]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-10]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-19]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-03] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [174416 2015-11-19] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [5554152 2015-11-19] (Avast Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-11-19] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-11-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-11-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-11-19] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-19] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-19] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [154256 2015-11-19] (AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2015-02-14] (The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-11-19] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2013-07-17] (Qualcomm Atheros Co., Ltd.)
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-19] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [147088 2015-11-19] (AVAST Software)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-05-03] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [310904 2015-11-19] (Avast Software)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-19 22:58 - 2015-11-19 22:58 - 02020352 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2015-11-19 22:32 - 2015-11-19 22:32 - 00584288 _____ (Oracle Corporation) C:\Users\user\Downloads\jxpiinstall.exe
2015-11-19 22:26 - 2015-11-19 22:26 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-11-19 22:26 - 2015-11-19 22:26 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-11-13 00:09 - 2015-11-19 22:02 - 00000000 ____D C:\Users\user\Documents\PCSX2
2015-11-13 00:06 - 2015-11-19 22:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
2015-11-13 00:06 - 2015-11-19 22:14 - 00000000 ____D C:\Program Files (x86)\PCSX2 1.2.1
2015-11-13 00:06 - 2015-11-13 00:06 - 00001989 _____ C:\Users\Public\Desktop\PCSX2 1.2.1 (r5875).lnk
2015-11-13 00:03 - 2015-11-13 00:04 - 10658408 _____ C:\Users\user\Downloads\pcsx2-1.2.1-r5875-setup.exe
2015-11-08 13:32 - 2015-11-08 22:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-08 12:06 - 2015-11-08 12:06 - 04944608 _____ (Advanced Micro Devices, Inc.) C:\Users\user\Downloads\autodetectutility(1).exe
2015-11-08 12:05 - 2015-11-08 12:05 - 01811240 _____ (techPowerUp (www.techpowerup.com)) C:\Users\user\Desktop\GPU-Z.0.8.6.exe
2015-11-06 09:25 - 2015-11-06 09:25 - 00000000 ____D C:\Users\user\Documents\My Cheat Tables
2015-11-06 09:17 - 2015-11-06 09:17 - 04894189 _____ C:\Users\user\Desktop\DevilMayCry4SpecialEdition-IW-2.21.CT
2015-11-06 09:10 - 2015-11-06 09:10 - 00000000 ____D C:\Users\user\Desktop\cheatengine64_NoSetup
2015-11-05 21:22 - 2015-11-05 21:22 - 00000000 ____D C:\Users\user\AppData\Local\BigHugeEngine
2015-11-02 15:14 - 2015-11-05 17:22 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-02 15:14 - 2015-11-02 15:14 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-10-30 20:14 - 2015-10-30 20:14 - 00000000 ____D C:\Users\user\AppData\Local\MercurySteam

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-19 23:01 - 2015-05-25 07:51 - 00010903 _____ C:\Users\user\Desktop\FRST.txt
2015-11-19 23:01 - 2015-04-05 12:56 - 00000000 ____D C:\FRST
2015-11-19 23:00 - 2015-02-10 10:48 - 01645302 _____ C:\Windows\WindowsUpdate.log
2015-11-19 22:58 - 2009-07-13 20:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-19 22:58 - 2009-07-13 20:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-19 22:53 - 2015-05-22 00:53 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-19 22:50 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-19 22:49 - 2015-04-08 13:13 - 00051876 _____ C:\Windows\setupact.log
2015-11-19 22:36 - 2015-02-15 06:59 - 00000000 ____D C:\ProgramData\Oracle
2015-11-19 22:34 - 2015-02-15 06:59 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-19 22:34 - 2015-02-14 18:53 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-11-19 22:34 - 2015-02-14 18:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-19 22:28 - 2015-05-02 19:53 - 00210548 _____ C:\Windows\PFRO.log
2015-11-19 22:27 - 2015-02-14 18:01 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-11-19 22:26 - 2015-07-21 16:12 - 00147088 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2015-11-19 22:26 - 2015-02-14 18:01 - 01059656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-11-19 22:26 - 2015-02-14 18:01 - 00449992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-11-19 22:26 - 2015-02-14 18:01 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-11-19 22:26 - 2015-02-14 18:01 - 00154256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-11-19 22:26 - 2015-02-14 18:01 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-11-19 22:26 - 2015-02-14 18:01 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-11-19 22:26 - 2015-02-14 18:01 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-11-19 22:26 - 2015-02-14 18:01 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-11-19 22:14 - 2015-06-23 11:44 - 00000000 ____D C:\Users\user\AppData\Local\CAPCOM
2015-11-19 22:14 - 2015-04-04 15:57 - 00000000 ___SD C:\Windows\system32\GWX
2015-11-19 22:14 - 2015-02-24 02:01 - 00000000 ____D C:\my stuff
2015-11-19 22:14 - 2015-02-20 22:49 - 00000000 ____D C:\Users\user\Documents\my games
2015-11-19 22:14 - 2015-02-15 06:45 - 00000000 ____D C:\Windows\SysWOW64\vbox
2015-11-19 22:14 - 2015-02-15 06:45 - 00000000 ____D C:\Windows\system32\vbox
2015-11-19 22:14 - 2015-02-14 19:03 - 00000000 ____D C:\Program Files (x86)\Steam
2015-11-19 22:14 - 2015-02-14 18:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-11-19 22:14 - 2015-02-10 10:57 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-19 22:14 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2015-11-19 22:02 - 2011-04-12 00:28 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-11-19 19:56 - 2015-08-27 16:13 - 00000000 ____D C:\Users\user\.oracle_jre_usage
2015-11-12 23:49 - 2015-02-14 18:56 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-10 16:49 - 2015-02-14 18:56 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-10 16:49 - 2015-02-14 18:56 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-10 16:49 - 2015-02-14 18:56 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-08 22:02 - 2015-02-14 17:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-08 11:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF
2015-11-05 21:21 - 2015-05-17 22:28 - 00076269 _____ C:\Windows\DirectX.log
2015-11-03 21:11 - 2015-04-17 22:41 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2015-11-03 16:41 - 2015-02-15 07:08 - 00000000 ____D C:\Users\user\AppData\Local\Adobe
2015-11-02 15:15 - 2015-02-14 20:50 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-11-02 15:14 - 2015-02-15 07:10 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-02 15:03 - 2009-07-13 21:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-30 17:24 - 2015-02-21 20:28 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-10-23 17:50 - 2015-02-15 06:53 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-10-21 13:11 - 2009-07-13 21:08 - 00032548 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-10-21 13:11 - 2009-07-13 21:08 - 00032548 _____ C:\Windows\Tasks\SCHEDLGU(23).TXT

==================== Files in the root of some directories =======

2015-03-02 20:20 - 2015-06-19 12:47 - 0157671 _____ () C:\Users\user\AppData\Local\ars.cache
2015-03-02 20:20 - 2015-06-19 12:47 - 0242303 _____ () C:\Users\user\AppData\Local\census.cache
2015-03-02 18:39 - 2015-03-02 18:39 - 0000036 _____ () C:\Users\user\AppData\Local\housecall.guid.cache
2015-03-02 18:47 - 2015-06-19 09:51 - 0000010 _____ () C:\Users\user\AppData\Local\sponge.last.runtime.cache

Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\amd-catalyst-15.7.1-without-dotnet45-win7-64bit.exe
C:\Users\user\AppData\Local\Temp\AutoDetectUtilApp.exe
C:\Users\user\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\user\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\user\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\user\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\user\AppData\Local\Temp\vcredist_2013_x86.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-11 11:04

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:19-11-2015
Ran by user (2015-11-19 23:01:53)
Running from C:\Users\user\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2015-02-10 18:48:31)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3532764290-1005100713-3378480098-500 - Administrator - Disabled)
Guest (S-1-5-21-3532764290-1005100713-3378480098-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3532764290-1005100713-3378480098-1003 - Limited - Enabled)
user (S-1-5-21-3532764290-1005100713-3378480098-1000 - Administrator - Enabled) => C:\Users\user

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.08 beta (x64) (HKLM\...\7-Zip) (Version: 15.08 - Igor Pavlov)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20077 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2241 - AVAST Software)
Avernum 4 (HKLM-x32\...\Steam App 206020) (Version:  - Spiderweb Software)
Beyond Good & Evil (HKLM-x32\...\Steam App 15130) (Version:  - Ubisoft)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Castlevania: Lords of Shadow - Ultimate Edition (HKLM-x32\...\Steam App 234080) (Version:  - MercurySteam - Climax Studios)
Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CPUID HWMonitor 1.21 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Darksiders (HKLM-x32\...\Steam App 50620) (Version:  - Vigil Games)
Darksiders II (HKLM-x32\...\Steam App 50650) (Version:  - Vigil Games)
DarksidersInstaller (HKLM-x32\...\{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}) (Version: 1.00.1000 - THQ)
Deus Ex: Human Revolution (HKLM-x32\...\Steam App 28050) (Version:  - Eidos Montreal)
Devil May Cry® 4 Special Edition (HKLM-x32\...\Steam App 329050) (Version:  - CAPCOM Co., Ltd.)
Dishonored (HKLM-x32\...\Steam App 205100) (Version:  - Arkane Studios)
Divine Divinity (HKLM-x32\...\Steam App 214170) (Version:  - Larian Studios)
DmC Devil May Cry (HKLM-x32\...\Steam App 220440) (Version:  - Ninja Theory)
Dust: An Elysian Tail (HKLM-x32\...\Steam App 236090) (Version:  - Humble Hearts LLC)
Endless Legend (HKLM-x32\...\Steam App 289130) (Version:  - AMPLITUDE Studios)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Freedom Planet (HKLM-x32\...\Steam App 248310) (Version:  - GalaxyTrail)
Geeks3D FurMark 1.11.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Kingdoms of Amalur: Reckoning™ (HKLM-x32\...\Steam App 102500) (Version:  - Big Huge Games)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Marc Eckō's Getting Up: Contents Under Pressure (HKLM-x32\...\Steam App 260190) (Version:  - The Collective)
METAL GEAR SOLID V: GROUND ZEROES (HKLM-x32\...\Steam App 311340) (Version:  - Kojima Productions)
Metro: Last Light (HKLM-x32\...\Steam App 43160) (Version:  - 4A Games)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Mitsurugi Kamui Hikae (HKLM-x32\...\Steam App 263620) (Version:  - Zenith Blue)
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
Noitu Love 2 Devolution (HKLM-x32\...\Steam App 207530) (Version:  - Joakim Sandberg)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - )
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
Onikira: Demon Killer (HKLM-x32\...\Steam App 310850) (Version:  - Digital Furnace Games)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version:  - )
Poker Night 2 (HKLM-x32\...\Steam App 234710) (Version:  - Telltale Games)
Poker Night at the Inventory (HKLM-x32\...\Steam App 31280) (Version:  - Telltale Games)
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Ralink RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.19.0 - Ralink)
Relic Hunters Zero (HKLM-x32\...\Steam App 382490) (Version:  - Rogue Snail)
Remember Me (HKLM-x32\...\Steam App 228300) (Version:  - DONTNOD Entertainment)
RPG Maker VX Ace (HKLM-x32\...\Steam App 220700) (Version:  - Enterbrain)
Shadow Warrior (HKLM-x32\...\Steam App 233130) (Version:  - Flying Wild Hog)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - Firaxis Games)
Skullgirls (HKLM-x32\...\Steam App 245170) (Version:  - Lab Zero Games)
Skullgirls ∞Endless Beta∞ (HKLM-x32\...\Steam App 208610) (Version:  - )
Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version:  - United Front Games)
Sonic Generations (HKLM-x32\...\Steam App 71340) (Version:  - Devil's Details)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Strider (HKLM-x32\...\Steam App 235210) (Version:  - Double Helix Games)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
The Legend of Korra™ (HKLM-x32\...\Steam App 281690) (Version:  - Platinum Games)
The Typing of The Dead: Overkill (HKLM-x32\...\Steam App 246580) (Version:  - Modern Dream)
The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version:  - CD PROJEKT RED)
Thief 2 (HKLM-x32\...\Steam App 211740) (Version:  - Looking Glass Studios)
Thief Gold (HKLM-x32\...\Steam App 211600) (Version:  - Looking Glass Studios)
Thief: Deadly Shadows (HKLM-x32\...\Steam App 6980) (Version:  - Ion Storm)
Tom Clancy's Ghost Recon Phantoms - NA (HKLM-x32\...\Steam App 243870) (Version:  - Ubisoft Singapore)
Tomb Raider: Anniversary (HKLM-x32\...\Steam App 8000) (Version:  - Crystal Dynamics)
Torchlight II (HKLM-x32\...\Steam App 200710) (Version:  - Runic Games)
Ultra Street Fighter IV (HKLM-x32\...\Steam App 45760) (Version:  - Capcom)
Valdis Story: Abyssal City (HKLM-x32\...\Steam App 252030) (Version:  - )
Valkyria Chronicles™ (HKLM-x32\...\Steam App 294860) (Version:  - SEGA)
X-Blades (HKLM-x32\...\Steam App 7510) (Version:  - Topware Interactive)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

23-10-2015 18:36:26 Scheduled Checkpoint
30-10-2015 19:43:42 Scheduled Checkpoint
05-11-2015 21:19:48 Installed DirectX
13-11-2015 00:06:35 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
19-11-2015 21:59:10 Restore Operation
19-11-2015 22:05:22 avast! antivirus system restore point
19-11-2015 22:11:09 Restore Operation

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {12BB8694-404B-4B91-B6F7-E497F78E83B3} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {6160D383-7C84-4D56-9F63-1B9AD23D98E9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-11-19] (AVAST Software)
Task: {67FFC893-39C5-4355-8F18-75B979A0706F} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {925C0AF7-F91F-44D2-A042-17A48333A3BD} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {97CF86D7-D733-46FF-AFAA-66DFA8267CFE} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {A8E44800-FD63-4561-9437-2D8A7A203C48} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {B8C331E0-8761-4763-98CB-5855D58C1B39} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {CE2BD2AE-440D-4DB0-B237-B6B37692F72A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-10] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2015-08-03 23:25 - 2015-08-03 23:25 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2015-08-03 23:25 - 2015-08-03 23:25 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-11-19 22:26 - 2015-11-19 22:26 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-11-19 22:26 - 2015-11-19 22:26 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-11-19 22:24 - 2015-11-19 22:24 - 02991104 _____ () C:\Program Files\AVAST Software\Avast\defs\15111901\algo.dll
2015-11-19 22:26 - 2015-11-19 22:26 - 00466448 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-11-19 22:26 - 2015-11-19 22:26 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3532764290-1005100713-3378480098-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F15A29D8-E29A-4789-A19F-E8D42B2DD81F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{493D5B32-0CE5-4896-9FA3-6CCD193FB7CE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0BD735E4-B4E1-4810-AE58-EC5C913F1298}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{FA772BF7-EF6F-4A16-96AB-92D59435710C}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{722B5279-78CF-4B86-977E-4F10C1A82569}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A1105A63-C23C-4B19-A88A-9CDAD0F4850D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DF3484CE-B9D3-489B-8645-F458E11FE453}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B2FC776E-3B8C-4CE8-83CC-22F2CF96CCB3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2A39A81A-CF94-458E-9B39-6058300E0F5C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divinity - Original Sin\Shipping\EoCApp.exe
FirewallRules: [{92F2724E-94D3-4997-8755-DD07DFA2A003}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divinity - Original Sin\Shipping\EoCApp.exe
FirewallRules: [{0BB90612-D769-4E6C-8F50-2F4352D453E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SleepingDogs\HKShip.exe
FirewallRules: [{EE918D48-1233-4B01-B2D1-CE9287FE5BBF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SleepingDogs\HKShip.exe
FirewallRules: [{53324435-AA22-4CF7-8E46-AAA65E342D37}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skullgirls\SkullGirls.exe
FirewallRules: [{8AA5F7EE-44E8-466C-BB24-8E1A8FE9F6EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skullgirls\SkullGirls.exe
FirewallRules: [{938393CC-EFD2-4500-B519-C7D24B92BCF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{AA87B284-DF21-4E31-A780-A74C52D15391}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{3D14206A-3FE1-4053-A248-58E67BA86FA9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\X-Blades\launcher.exe
FirewallRules: [{EE8A6D1F-7FA3-43BD-9B43-17D592BBF3CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\X-Blades\launcher.exe
FirewallRules: [{161164C1-F02F-43C0-9ACD-40F55D81B639}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\thief_gold\THIEF.EXE
FirewallRules: [{6ADC89C9-1FF4-4A68-91AE-05B99F073A18}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\thief_gold\THIEF.EXE
FirewallRules: [{074AB8DC-788B-4902-A9C9-E543E814225E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\thief_2\thief2.exe
FirewallRules: [{577BCBB2-3009-40C8-AF77-0C92C5BD46B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\thief_2\thief2.exe
FirewallRules: [{4D2DC8F2-A20D-4990-918F-B91DBB5D3E91}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{5CA87EDC-3E23-4CF7-940F-305D9D63B2E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{243ED73A-0850-4F32-A139-8F01E5433279}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dust An Elysian Tail\DustAET.exe
FirewallRules: [{08DED4C9-0428-44AB-8773-672AD93A5BA4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dust An Elysian Tail\DustAET.exe
FirewallRules: [{365D5093-63DE-4338-B91C-AD5D7CCFF51A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skullgirls Beta\SkullGirls.exe
FirewallRules: [{B744F9E8-1333-4DA8-AC55-2834E374A213}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skullgirls Beta\SkullGirls.exe
FirewallRules: [{F1441E0F-33C1-40AF-8327-B1D3ADF8ECC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Street Fighter IV - Arcade Edition\SSFIV.exe
FirewallRules: [{199D9192-ABEB-40F6-BB42-E03CFC9D72B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Street Fighter IV - Arcade Edition\SSFIV.exe
FirewallRules: [{B061E154-4F43-4B1C-BF56-550EC1F66500}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{14423F54-7134-48F3-9A64-A68527BC1F6A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{DB00898F-1121-49C1-B2B9-96D1FEE49B7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ValdisStoryAbyssalCity\Valdis_Story_AC.exe
FirewallRules: [{F78F65AB-992F-4A9E-A6E6-CCD44AA6781A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ValdisStoryAbyssalCity\Valdis_Story_AC.exe
FirewallRules: [{1401B88F-42DA-4735-9FE0-B33D20953273}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Avernum 4\Avernum 4.exe
FirewallRules: [{33C21CE6-E6BF-453C-811E-D7579388C404}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Avernum 4\Avernum 4.exe
FirewallRules: [{8A979495-2ECD-4D2A-88C8-3FBB5A1731DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Valkyria Chronicles\Launcher.exe
FirewallRules: [{0C975DCE-F54C-4A66-B96D-D4A368DBF633}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Valkyria Chronicles\Launcher.exe
FirewallRules: [{BA561CD2-08F4-48E9-BC35-97EFA36EADF8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{331E217B-588A-4FE2-ADA4-CA6F642976EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{0E0F331B-81D3-429C-93A1-E9A6B5F44BC0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sonic Generations\SonicGenerations.exe
FirewallRules: [{8210505A-E89D-4459-B385-A02545398834}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sonic Generations\SonicGenerations.exe
FirewallRules: [{01E05359-08FA-49C5-90B2-EB998CFFF200}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sonic Generations\ConfigurationTool.exe
FirewallRules: [{E36583E0-6C32-4141-8D07-CD6B6F431E85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sonic Generations\ConfigurationTool.exe
FirewallRules: [TCP Query User{195F5F1B-DA11-47A2-89A0-0A6899B557C6}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{D26D79A8-FEBB-4360-96B5-0676661EBB4A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{B2911643-ED14-4A90-89FF-48F84D0ACFDC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{21B43A8A-981E-466B-818F-D7FF80E91AE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{C1840502-4DDB-4018-A22C-E1E77F191CA1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{CFE3D7CC-A9F1-4B45-A5FE-50746F5542D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{1C8461DE-DC28-4435-AF92-DA49AC2CFFB6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{AB096988-5B0A-4B04-A509-2D17D6D5214D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{DDBF0687-7BB8-48E0-B773-3B26025DFB8A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Thief Deadly Shadows\System\runme.exe
FirewallRules: [{7BCD17B9-B750-485E-9700-C48EEDCAB34B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Thief Deadly Shadows\System\runme.exe
FirewallRules: [{BBEF1627-BA75-41E3-862A-E3A89E28BF6D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divinity - Original Sin\Shipping\EoCApp.exe
FirewallRules: [{0CFE693B-89E3-44BC-ADF6-4F5294A0DB14}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divinity - Original Sin\Shipping\EoCApp.exe
FirewallRules: [{8091ECA7-40A7-4518-9B4A-7AA450DE26C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Typing of the Dead Overkill\HOTD_NG.exe
FirewallRules: [{CAAF1016-3BBD-479A-9E77-2E3FF4B083EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Typing of the Dead Overkill\HOTD_NG.exe
FirewallRules: [{19EE486F-A3F9-486A-B639-426B6D6E44A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Onikira-DemonKiller\Onikira.exe
FirewallRules: [{4F45C7E1-7126-4C62-AB4E-E746DD49903D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Onikira-DemonKiller\Onikira.exe
FirewallRules: [{41A01F36-C377-4B2D-A3EE-A7152399D687}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Ghost Recon Phantoms NA\Launcher.exe
FirewallRules: [{866CB13F-8214-44D2-B9C7-EEA4DC494244}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Ghost Recon Phantoms NA\Launcher.exe
FirewallRules: [TCP Query User{C387C4BE-938D-499D-AC72-BDBB5423A1E9}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms na\game\ncsa-live\ghostreconphantoms.exe] => (Block) C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms na\game\ncsa-live\ghostreconphantoms.exe
FirewallRules: [UDP Query User{A43553CD-E10D-4307-BF7D-C4CCE5046BBD}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms na\game\ncsa-live\ghostreconphantoms.exe] => (Block) C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms na\game\ncsa-live\ghostreconphantoms.exe
FirewallRules: [{58198A5E-4D0B-426E-BCCC-DCFD0E64D32B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Endless Legend\EndlessLegend.exe
FirewallRules: [{6E819720-9857-4CE9-A323-D91E9CE84375}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Endless Legend\EndlessLegend.exe
FirewallRules: [{08D84FBF-5FFD-4477-9223-6090E6A79BAF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Darksiders 2\Darksiders2.exe
FirewallRules: [{EE233798-21D2-41AC-ADFE-98F18ED5E0CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Darksiders 2\Darksiders2.exe
FirewallRules: [{C487CFFB-DD03-4C3E-8649-55AAAA9D6158}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metal Gear Solid Ground Zeroes\MgsGroundZeroes.exe
FirewallRules: [{50AECD33-42CF-4E29-93FC-9C38C994F1C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metal Gear Solid Ground Zeroes\MgsGroundZeroes.exe
FirewallRules: [{9B58E5BA-C95C-4F8B-9E08-81B6699A5C19}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KOAReckoning\Reckoning.exe
FirewallRules: [{8C53D56C-9A25-475E-BC94-627C3315D6BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KOAReckoning\Reckoning.exe
FirewallRules: [{31DCABA2-9B9C-480A-B23B-3B152A1C9F54}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Legend of Korra\LoK.exe
FirewallRules: [{6975238F-6C8C-4D99-9D52-2664ED086A1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Legend of Korra\LoK.exe
FirewallRules: [{4BBF1F3E-F1B1-4AC7-A87C-EB7536E99A00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marc Ecko's Getting Up 2\_Bin\launcher.exe
FirewallRules: [{8D98C30D-8B50-4241-93F4-9B78AF3A7887}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marc Ecko's Getting Up 2\_Bin\launcher.exe
FirewallRules: [{9DD8B2DE-750E-4402-8EDF-98FCB2151DA4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Remember Me\Binaries\Win32\RememberMe.exe
FirewallRules: [{E2DC0C48-4E19-4FA8-88A0-1366C1EF79DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Remember Me\Binaries\Win32\RememberMe.exe
FirewallRules: [{8F35E74E-DDE4-4F73-89E3-007CAC985482}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DmC Devil May Cry\Binaries\Win32\DMC-DevilMayCry.exe
FirewallRules: [{C3D18C48-AF28-48E5-84E5-8228F5928203}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DmC Devil May Cry\Binaries\Win32\DMC-DevilMayCry.exe
FirewallRules: [{593E97E8-6305-4CBB-916B-6EA9F913B3D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RPGVXAce\RPGVXAce.exe
FirewallRules: [{58B06862-5AA6-48CB-AF7A-C8C1BAA12DFF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RPGVXAce\RPGVXAce.exe
FirewallRules: [{5A79BD8E-5D8E-4282-A8AD-F2F5F26BEED4}] => (Block) %ProgramFiles% (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{85E7A1AD-F86C-43CD-A0EF-435D6EC552CF}] => (Block) %ProgramFiles% (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{0D8AE40E-983E-455A-9343-CE4AC8AC1A19}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{2E1DFCA8-A23E-42B9-BAA6-FA9C516D14EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{AECE592A-194D-45CE-8B63-823614AF2723}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{6661E56A-52A7-43FB-8DF8-82B9917296BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{F75682C0-ACD9-4C5D-8C94-8AE26F8D3D09}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Poker Night at the Inventory\CelebrityPoker.exe
FirewallRules: [{5B125ECE-4821-4369-A1D4-00D5BA78ADEF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Poker Night at the Inventory\CelebrityPoker.exe
FirewallRules: [{B2BA261C-67F0-44D0-A95F-119E1C80536B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Poker Night 2\PokerNight2.exe
FirewallRules: [{4E0D90CA-2CD3-4C8C-B49A-9FE1D8E30625}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Poker Night 2\PokerNight2.exe
FirewallRules: [{BD8336D4-8357-4998-9391-A773D31AF0AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadow Warrior\dx11\launcher.exe
FirewallRules: [{1FAFF56C-36F0-4F9D-B5F8-89804C53D296}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadow Warrior\dx11\launcher.exe
FirewallRules: [{CDF71AE6-FC4F-4FBE-A229-86CA957FF679}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadow Warrior\sw.exe
FirewallRules: [{9E44D28C-9DC2-4C92-BAB5-33DDA8C5E757}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadow Warrior\sw.exe
FirewallRules: [{02B3CD66-A9CA-4AF4-BB6E-939BAA20188B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{94018799-DC26-434E-BE3E-FDCA2751CD10}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{08AAB862-3C0E-40FE-A41A-B5D18EDC704C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{B4CA8BC8-3D0C-4AA9-B9F0-3929D53E6A09}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{1F162959-D44B-42B9-B13E-E2B8C8A5E097}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Special Edition\DevilMayCry4SpecialEdition.exe
FirewallRules: [{57575456-2F20-4C59-BBDF-689EEB890B01}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Special Edition\DevilMayCry4SpecialEdition.exe
FirewallRules: [{DB5E8DB3-E617-4D61-B0E2-63B15BE0B769}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Freedom Planet\FP.exe
FirewallRules: [{99FA3665-C2CC-41C8-9026-77203FB06C9E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Freedom Planet\FP.exe
FirewallRules: [{E2CABD61-9FBE-4A18-A716-9C662BC668B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mitsurugi Kamui Hikae\mitsurugi.exe
FirewallRules: [{03D25F3D-02A1-4B37-A11B-C97B6F811A9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mitsurugi Kamui Hikae\mitsurugi.exe
FirewallRules: [{66829317-3B89-420C-A337-C975DA4C4479}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{199E9704-93A2-4A29-93D8-39ADCF759435}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{A8BFAE73-770B-4126-914E-8B7DD12F44E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Relic Hunters Zero\RelicHuntersZero.exe
FirewallRules: [{8836E220-B32A-4B69-B6B9-F732F9A8C1EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Relic Hunters Zero\RelicHuntersZero.exe
FirewallRules: [{D69BE2DE-5FC5-42AF-AE65-295B80659549}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Darksiders\DarksidersPC.exe
FirewallRules: [{4FE3F4DA-A0B3-42E1-B581-2849A98D18F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Darksiders\DarksidersPC.exe
FirewallRules: [{305342F2-FDD6-4A55-90AA-F3F91CD981C7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Strider\Strider.exe
FirewallRules: [{B7CB9241-B4E3-4827-9E2E-B783188C0476}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Strider\Strider.exe
FirewallRules: [{F9834AAD-FBDC-4CBF-8D88-6718A2553B70}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex - Human Revolution\dxhr.exe
FirewallRules: [{33439DD5-1F66-43B7-9F47-765C8DFED62B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex - Human Revolution\dxhr.exe
FirewallRules: [{8C6691B6-EF4A-40F7-9577-1EA3EFE3F511}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Noitu Love 2 Devolution\nl2.exe
FirewallRules: [{4679DFB6-EEB1-46D3-8B41-138063D1B511}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Noitu Love 2 Devolution\nl2.exe
FirewallRules: [{55852C34-C5BC-49E7-93A5-CABB5193BABD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Noitu Love 2 Devolution\config.exe
FirewallRules: [{14E7162F-9335-49E8-AC23-7268C9FE5EC4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Noitu Love 2 Devolution\config.exe
FirewallRules: [{E7FF0148-2683-4129-8862-179BA85967F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Beyond Good and Evil\CheckApplication.exe
FirewallRules: [{F1A22359-2A73-430F-B508-6E8E198452FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Beyond Good and Evil\CheckApplication.exe
FirewallRules: [{34C3F226-1320-4194-A735-17D1CE61D3F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\divine_divinity\div.exe
FirewallRules: [{1C33D835-E087-4488-91C7-9A72CC79E964}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\divine_divinity\div.exe
FirewallRules: [{17AB0854-ECCA-4F3B-A81B-D3F5665F5D00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\divine_divinity\configtool.exe
FirewallRules: [{7D66E812-FF69-4BC0-B21C-BF6E43F1A93D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\divine_divinity\configtool.exe
FirewallRules: [{1258BFA9-0083-4F2C-A800-02F1F58276D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastlevaniaLoS\bin\CastlevaniaLoSUE.exe
FirewallRules: [{F6D6218E-1A27-45D7-9A78-266EA07C8067}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastlevaniaLoS\bin\CastlevaniaLoSUE.exe
FirewallRules: [{296E04DA-6F37-47B0-988C-5CADC8B4B993}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{27972ABF-01B0-405E-B747-B93AAE16A60C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{9B74FC5F-9F0E-4A2F-9DB3-BB9551D5CF80}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7129A778-3420-49E6-AF61-1B74F7686E9D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D5F547A4-30AD-4A57-BFB8-5D94E300A137}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tomb Raider Anniversary\tra.exe
FirewallRules: [{B88D35D4-33E7-4D73-ABEA-9858D884002E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tomb Raider Anniversary\tra.exe

==================== Faulty Device Manager Devices =============

Name: 802.11n USB Wireless LAN Card
Description: 802.11n USB Wireless LAN Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Ralink Technology, Corp.
Service: netr28ux
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: AODDriver4.2.0
Description: AODDriver4.2.0
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AODDriver4.2.0
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/19/2015 10:50:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2015 10:29:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2015 10:22:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2015 10:17:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2015 10:17:14 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005). Additional information: 0xc0000022.

Error: (11/19/2015 10:05:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2015 10:04:59 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005). Additional information: 0xc0000022.

Error: (11/19/2015 09:53:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2015 09:40:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: XBoxStat.exe, version: 1.20.146.0, time stamp: 0x4ac3f515
Faulting module name: XBoxStat.exe, version: 1.20.146.0, time stamp: 0x4ac3f515
Exception code: 0x40000015
Fault offset: 0x000000000002385e
Faulting process id: 0x430
Faulting application start time: 0xXBoxStat.exe0
Faulting application path: XBoxStat.exe1
Faulting module path: XBoxStat.exe2
Report Id: XBoxStat.exe3

Error: (11/19/2015 09:29:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (11/19/2015 10:50:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error:
%%3

Error: (11/19/2015 10:28:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error:
%%3

Error: (11/19/2015 10:21:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error:
%%3

Error: (11/19/2015 10:16:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error:
%%3

Error: (11/19/2015 10:04:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error:
%%3

Error: (11/19/2015 09:53:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error:
%%3

Error: (11/19/2015 09:51:47 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Diagnostics Tracking Service service did not shut down properly after receiving a preshutdown control.

Error: (11/19/2015 09:51:15 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The AMD FUEL Service service did not shut down properly after receiving a preshutdown control.

Error: (11/19/2015 09:50:42 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Group Policy Client service did not shut down properly after receiving a preshutdown control.

Error: (11/19/2015 09:46:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error:
%%3


CodeIntegrity:
===================================
  Date: 2015-07-31 22:31:02.414
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-07-31 22:31:02.398
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-07-31 22:31:02.398
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-07-31 22:31:02.132
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-07-31 22:31:02.132
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-07-31 22:31:02.117
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-07-31 22:31:01.929
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-07-31 22:31:01.929
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-07-31 22:31:01.914
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-07-31 22:31:01.601
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.


==================== Memory info ===========================

Processor: AMD FX™-6300 Six-Core Processor
Percentage of memory in use: 30%
Total physical RAM: 8175.18 MB
Available physical RAM: 5691.31 MB
Total Virtual: 16348.56 MB
Available Virtual: 13212.99 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:549.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 84C28092)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,626 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:08 PM

Posted 25 November 2015 - 02:20 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/596946 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 bluedoggie2122

bluedoggie2122
  • Topic Starter

  • Members
  • 106 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 25 November 2015 - 10:21 PM

Hi Bleeping Computer,

 

Nevermind, I'll monitor my computer a few days and see how it is. I think it's just how my computer runs the programs. I'll get back to you guys if I need help.



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:08 AM

Posted 27 November 2015 - 03:43 PM

Sorry for the delay and thanks for letting us know.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:08 AM

Posted 27 November 2015 - 03:43 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users