Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojans found, still have slowdowns, long shutdowns & Task Manager issues.


  • Please log in to reply
12 replies to this topic

#1 ReclusiveShade

ReclusiveShade

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 26 December 2015 - 06:06 PM

OS: Windows 8

RAM: 8GB

 

My problem all started when I was playing a game on my computer.I was playing in fullscreen mode and my game suddenly minimized. A console application then showed up with the title "tsksch.exe" it then disappeared too quickly for me to read any of the other text in the application. Immediately after that another console application appeared but then disappeared too quickly for me to read. I found this strange so I did a full system scan with AVG. It came up with one "Malsign.Opencandy.7AF" and one "Malsign.Generic.5BB" it removed them without problem. A few hours later I decided to do another scan to make sure that everything was all clear. So I set AVG to do a full system scan and I also selected the Scan Archives and Thorough Scan options. This scan came up with 6 threats, there was one "Malsign.Generic.EE6" and six "Corrupted executable files" it removed all of them without problem.

 

I then noticed the next day that my computer was facing severe slowdowns (most common just after startup). I opened the task manager and noticed that "svchost.exe" was consuming a lot of memory and slowing down my computer. I had noticed that it would only do it periodically. Sometimes it would consume massive amounts of memory (I can't remember the exact amounts) and other times it would consume a normal amount. This meant that sometimes my computer would slow down for a few minutes but then would speed back up after a little while. Also, over the past couple of weeks I have noticed that my computer shuts down much slower than usual. Just today I had a shut down that took approximately three minutes to complete. I have also noticed that CTRL ALT DEL doesn't always work, and I have to press it multiple times to get the screen to show up, and even then I have to click on the "Open Task Manager" link at least twice to get it to open.

 

Just last night I had noticed while in my internet browser that another console app. had popped up before promptly closing. I can't remember it exactly but the title of this one was something like "Delldatalocalbackup.exe". So this morning I decided to get malwarebytes to ensure that my computer was still not infected(because I was still experiencing strange behavior). So I did a full system scan, it came up with four "Trojan.Agent.GNI". They were removed without issue.

 

My question is, am I still infected, and is the behavior that I have experienced normal or suspicious?

(If more details are needed, just let me know.)



BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:07 PM

Posted 26 December 2015 - 06:16 PM

Adware Cleaner Scan.

 

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

JRT Scan.

Please download Junkware Removal Tool and save it on your desktop.

 

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.
  •  

Adware Removal Tool Scan.

 

Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

 

 

LOr0Gd7.png

 

Hit Ok.

 

sYFsqHx.png

 

Hit next make sure to leave all items checked, for removal.

 

8NcZjGc.png

 

 

The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.

 

ZHP Scan.

Please download Zhp Cleaner  to your desktop.  Right Click the icon and select run as administrator.

 http://nicolascoolman.com/download/zhpcleaner

 

 

2. Once you have started the program, you will need to click the scanner button.

EgsT69u.png

The program will close all open browsers!

3. Once the scan is completed, the you will want to click the Repair button.

6QJjV50.png

At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 Zemana Scan

 

 

Run a full scan with Zemana AntiMalware!

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply.



#3 ReclusiveShade

ReclusiveShade
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 26 December 2015 - 07:00 PM

Here are the logs from my Adware Cleaner scan.

 

# AdwCleaner v5.026 - Logfile created 26/12/2015 at 16:39:50
# Updated 21/12/2015 by Xplode
# Database : 2015-12-23.1 [Server]
# Operating system : Windows 8  (x64)
# Username : Bailey - BAILEYS-PC
# Running from : C:\Users\Bailey\Desktop\adwcleaner_5.026.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****

[-] File Deleted : C:\END

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [952 bytes] ##########


Edited by ReclusiveShade, 26 December 2015 - 07:00 PM.


#4 ReclusiveShade

ReclusiveShade
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 26 December 2015 - 07:14 PM

Here are the logs from the Junkware Removal Tool.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 8 x64
Ran by Bailey (Administrator) on Sat 12/26/2015 at 17:07:11.16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 4

Successfully deleted: C:\Windows\system32\Tasks\PCDEventLauncherTask (Task)
Successfully deleted: C:\Windows\system32\Tasks\PCDoctorBackgroundMonitorTask-Retry (Task)
Successfully deleted: C:\Windows\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)
Successfully deleted: C:\Windows\prefetch\DRIVERINTERFACE.EXE-3D9DDD87.pf (File)



Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{615EBF79-2BAF-4FDC-88E4-2D6D05A00D75} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 12/26/2015 at 17:08:54.12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#5 ReclusiveShade

ReclusiveShade
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 26 December 2015 - 07:37 PM

Here are the scan logs for the Adware Removal Tool.

 

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Adware Removal Tool v4.1
Time: 2015_12_26_17_18_39
OS: Windows 8 - x64 Bit
Account Name: Bailey
Adware Definition: Adware Definition: Dec-19-2015-1
Scan Status:- Automatic Done

\\\\\\\\\\\\\\\\\\\\\\\ Scan Logs \\\\\\\\\\\\\\\\\\\\\\

PCDr ->> Folder ->> C:\users\All Users

PCDr ->> Folder ->> C:\users\Bailey\AppData\Roaming

 

Here are the repair logs for the Adware Removal Tool.

 

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Adware Removal Tool v4.1
Time: 2015_12_26_17_18_39
OS: Windows 8 - x64 Bit
Account Name: Bailey
Adware Definition: Adware Definition: Dec-19-2015-1
Repair Status:- Automatic Done
\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\

Deleted ->> Folder ->> C:\users\All Users\PCDr

Deleted ->> Folder ->> C:\users\Bailey\AppData\Roaming\PCDr
 



#6 ReclusiveShade

ReclusiveShade
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 26 December 2015 - 07:55 PM

Here are the logs from ZHP Cleaner.

 

~ ZHPCleaner v2015.12.25.407 by Nicolas Coolman (2015/12/25)
~ Run by Bailey (Administrator)  (26/12/2015 17:48:36)
~ Site : http://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Bailey\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Bailey\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 8, 64-bit  (Build 9200)


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (0)
~ No malicious or unnecessary items found.


---\\  Hosts file (1)
~ The hosts file is legitimate (21)


---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\  Explorer ( File, Folder) (9)
MOVED folder: C:\Windows\Installer\MSI2D64.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI3FA5.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI5738.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI58E1.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI5941.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI62C4.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI64CB.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIC3C9.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSICC36.tmp-  =>Empty


---\\  Registry ( Key, Value, Data) (15)
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0034244A59FDC7E478CA38634986C82F [C:\ProgramData\Ableton\Live 9 Trial\Resources\Extensions\WebConnector\third_party\lib\distutils\util.pyc]  =>Adware.Sambreel
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0091AA74E0E916449B03A52BEAD3FB4C [C:\ProgramData\Ableton\Live 9 Trial\Resources\Extensions\WebConnector\third_party\lib\encodings\iso8859_5.pyc]  =>Adware.Sambreel
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\012C3DC030A124A4B9FDD80021E69458 [C:\ProgramData\Ableton\Live 9 Trial\Resources\Extensions\WebConnector\third_party\lib\encodings\cp875.pyc]  =>Adware.Sambreel
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\012EE8FA485268A4F8E892105CEDC8D4 [C:\ProgramData\Ableton\Live 9 Trial\Resources\Extensions\WebConnector\third_party\lib\logging\config.pyc]  =>Adware.Sambreel
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\015D77ED79EF5544496C46F50A131CFE [C:\ProgramData\Ableton\Live 9 Trial\Resources\Extensions\WebConnector\third_party\lib\encodings\cp1257.pyc]  =>Adware.Sambreel
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0287734AFB38DEE47949ED29E4B612EE [C:\ProgramData\Ableton\Live 9 Trial\Resources\Extensions\WebConnector\third_party\lib\encodings\palmos.pyc]  =>Adware.Sambreel
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0344D7104AC2DB247A7DC24738111E95 [C:\ProgramData\Ableton\Live 9 Trial\Resources\Extensions\WebConnector\third_party\lib\encodings\zlib_codec.pyc]  =>Adware.Sambreel
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\039C961E57E92404F9E6A7C0DE789089 [C:\ProgramData\Ableton\Live 9 Trial\Resources\Extensions\WebConnector\third_party\lib\encodings\undefined.pyc]  =>Adware.Sambreel
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03ABA72ACBFCDD148BFCD725C46293BE [C:\ProgramData\Ableton\Live 9 Trial\Resources\Extensions\WebConnector\third_party\site-packages\nose-1.1.2-py2.5.egg\nose\plugins\__init__.pyc]  =>Adware.Sambreel
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\048D63A1130E18D4181BD4EEF98CECDE [C:\ProgramData\Ableton\Live 9 Trial\Resources\Extensions\WebConnector\third_party\lib\encodings\cp1006.pyc]  =>Adware.Sambreel
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0495BE5A53065DC4BB8C5AD005731835 [C:\ProgramData\Ableton\Live 9 Trial\Resources\Extensions\WebConnector\third_party\lib\encodings\gb18030.pyc]  =>Adware.Sambreel
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\04A0E00FC9606D342BEC067C1D29FEA3 [C:\ProgramData\Ableton\Live 9 Trial\Resources\Extensions\WebConnector\third_party\lib\encodings\iso8859_15.pyc]  =>Adware.Sambreel
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\057D8841CAE983F4886B6FFBBC4EE7C8 [C:\ProgramData\Ableton\Live 9 Trial\Resources\Extensions\WebConnector\third_party\lib\encodings\cp864.pyc]  =>Adware.Sambreel
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0650C24726403B54C94D6AA603F6EBA6 [C:\ProgramData\Ableton\Live 9 Trial\Resources\Extensions\WebConnector\scripts\ableton_ping.pyc]  =>Adware.Sambreel
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0663DD8F99C03304B8162B791937FB6D [C:\ProgramData\Ableton\Live 9 Trial\Resources\Extensions\WebConnector\third_party\lib\distutils\dist.pyc]  =>Adware.Sambreel


---\\  Summary of the elements found (1)



---\\  Other deletions. (33)
~ Registry Keys Tracing deleted (33)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Google Chrome)
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 895
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 24


~ End of clean in 00h00mn25s
===================
ZHPCleaner-[R]-26122015-17_49_01.txt
ZHPCleaner-[S]-26122015-17_47_45.txt
 



#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:07 PM

Posted 27 December 2015 - 03:54 PM

Hi ReclusiveShade :)

My name is Aura and I'll be assisting you with your issue in replacement of Inedequate (reason being that since he just got accepted in the Study Hall, he cannot assist in AII threads until he reaches a certain level of the training).

Follow the instructions below please.

3Al62Pm.pngMiniToolBox
  • Download MiniToolBox and move the file to your Desktop;
  • Right-click on MiniToolBox.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options:
    • Flush DNS;
    • Report IE Proxy Settings;
    • Reset IE Proxy Settings;
    • Report FF Proxy Settings;
    • Reset FF Proxy Settings;
    • List content of Hosts;
    • List IP Configuration;
    • List Winsock Entries;
    • List Last 10 Event Viewer Errors;
    • List Installed Programs;
    • List Devices - Only Problems;
    • List Users, Partitions and Memory size;
      OQmAcqS.png
  • Once this is done, click on Go and wait for the scan to complete;
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 ReclusiveShade

ReclusiveShade
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 27 December 2015 - 05:58 PM

NOTES:

The internet explorer setting that it flagged as being suspicious was the homepage that was set when I first got my computer so I set it to exclude it.

The adwcleaner_5.026.exe that it flagged was from this site so I knew that was safe.

The two "Mouse Injector (P2 Only).exe" that it flagged was a program that I used to use quite often. So I set it to exclude so I could further examine it later. I ended up scanning the whole folder with two different AV's and it came up clean both times. If you think that I should remove the files anyway just let me know.

There were also some files that I cancelled. For some reason when scanning them, the software would scan them almost to completion and then start scanning them all over again. It did this multiple times until I cancelled them. I then decided to try again today and for some reason,they failed (besides the failed files, the second scan came up clean)(I also made sure that my AV was disabled so that there were no conflicts). So I just decided to post the log from yesterday that had caught the four files that I had mentioned above.

 

Here's the logs from the Zemana Scan.

 

Zemana AntiMalware 2.19.2.737 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2015/12/26
Operating System       : Windows 8 64-bit
Processor              : 4X Intel® Core™ i5-4430 CPU @ 3.00GHz
BIOS Mode              : UEFI
CUID                   : 002946A26764A64A55DFF1
Scan Type              : Deep Scan
Duration               : 48m 7s
Scanned Objects        : 806238
Detected Objects       : 4
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Yes
Include All Extensions : No
Scan Documents         : No
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Internet Explorer Homepage
Status             : Scanned
Object             : http://www.alienwarearena.com/welcome-ca-e
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Exclude
Traces             :
                Browser Setting - Internet Explorer Homepage

adwcleaner_5.026.exe
Status             : Scanned
Object             : %userprofile%\desktop\adwcleaner_5.026.exe
MD5                : 76F7569DB01B4D65431B0E6BBBDD261D
Publisher          : -
Size               : 1743360
Version            : 5.0.2.6
Detection          : Heur.Malicious!Pa
Cleaning Action    : Report as safe
Traces             :
                File - %userprofile%\desktop\adwcleaner_5.026.exe

Mouse Injector (P2 Only).exe
Status             : Scanned
Object             : %userprofile%\desktop\1964 ge-pd edition (60fps)\1964\ge-mp\mouse injector (p2 only).exe
MD5                : C31CC8B5620BFBBB7F929BAB6DADD5E5
Publisher          : -
Size               : 36352
Version            : -
Detection          : Malware:Win32/Cardunia.A!Aeee
Cleaning Action    : Exclude
Traces             :
                File - %userprofile%\desktop\1964 ge-pd edition (60fps)\1964\ge-mp\mouse injector (p2 only).exe

Mouse Injector (P2 Only).exe
Status             : Scanned
Object             : %userprofile%\downloads\1964 ge-pd edition (60fps)\1964\ge-mp\mouse injector (p2 only).exe
MD5                : C31CC8B5620BFBBB7F929BAB6DADD5E5
Publisher          : -
Size               : 36352
Version            : -
Detection          : Malware:Win32/Cardunia.A!Aeee
Cleaning Action    : Exclude
Traces             :
                File - %userprofile%\downloads\1964 ge-pd edition (60fps)\1964\ge-mp\mouse injector (p2 only).exe

runwaysetupeditor.exe
Status             : Cancelled
Object             : %programfiles%\geedit2\runwaysetupeditor.exe
MD5                : AE88366C73E30482DCFB2AF0E37C61A7
Publisher          : -
Size               : 14529024
Version            : 2.5.4.0
Detection          :
Cleaning Action    : Quarantine
Traces             :
                File - %programfiles%\geedit2\runwaysetupeditor.exe
                Reference - C:\Users\Bailey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Goldeneye Setup Editor 2.0\Perfect Gold.lnk
                Reference - C:\Users\Bailey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Goldeneye Setup Editor 2.0\Perfect Editor.lnk
                Reference - C:\Users\Bailey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Goldeneye Setup Editor 2.0\Goldeneye Setup Editor V2.lnk
                Reference - C:\Users\Bailey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Goldeneye Setup Editor 2.0\Beta Editor.lnk

wwfF85D.tmp
Status             : Cancelled
Object             : %temp%\wwff85d.tmp
MD5                : B81A7D0752E3D4B4406F7ECB21173CAB
Publisher          : -
Size               : 6351360
Version            : 2.4.3.756
Detection          :
Cleaning Action    : Quarantine
Traces             :
                File - %temp%\wwff85d.tmp

wwfF7E6.tmp
Status             : Cancelled
Object             : %temp%\wwff7e6.tmp
MD5                : 6158C61480194D0A852134C258D5D2DD
Publisher          : -
Size               : 6351360
Version            : 2.4.3.756
Detection          :
Cleaning Action    : Quarantine
Traces             :
                File - %temp%\wwff7e6.tmp

wwfD27B.tmp
Status             : Cancelled
Object             : %temp%\wwfd27b.tmp
MD5                : 52324E7EB22C90D98D0EC214C5C43FF3
Publisher          : -
Size               : 6351360
Version            : 2.4.3.756
Detection          :
Cleaning Action    : Quarantine
Traces             :
                File - %temp%\wwfd27b.tmp

wwfB6B4.tmp
Status             : Cancelled
Object             : %temp%\wwfb6b4.tmp
MD5                : E65AFCBFBE7E8AAD9AFAE99A7ED65C6E
Publisher          : -
Size               : 6351360
Version            : 2.4.3.756
Detection          :
Cleaning Action    : Quarantine
Traces             :
                File - %temp%\wwfb6b4.tmp

wwfD90B.tmp
Status             : Cancelled
Object             : %temp%\wwfd90b.tmp
MD5                : 4FCCAB23D5B05450830B2A72EF4A7169
Publisher          : -
Size               : 6351360
Version            : 2.4.3.756
Detection          :
Cleaning Action    : Quarantine
Traces             :
                File - %temp%\wwfd90b.tmp

wwfD39.tmp
Status             : Cancelled
Object             : %temp%\wwfd39.tmp
MD5                : 4B5F0D2F9567B4D4633DA64E9B4B8381
Publisher          : -
Size               : 6351360
Version            : 2.4.3.756
Detection          :
Cleaning Action    : Quarantine
Traces             :
                File - %temp%\wwfd39.tmp

wwfD3E7.tmp
Status             : Cancelled
Object             : %temp%\wwfd3e7.tmp
MD5                : 6242D1C13BA1A88D0CDA189BE0D37F55
Publisher          : -
Size               : 6351360
Version            : 2.4.3.756
Detection          :
Cleaning Action    : Quarantine
Traces             :
                File - %temp%\wwfd3e7.tmp

wwfA54D.tmp
Status             : Cancelled
Object             : %temp%\wwfa54d.tmp
MD5                : 5DB125B4E82747B298F30F8EA73D1541
Publisher          : -
Size               : 6351360
Version            : 2.4.3.756
Detection          :
Cleaning Action    : Quarantine
Traces             :
                File - %temp%\wwfa54d.tmp

347.52-desktop-win8-win7-winvista-64bit-international-whql-g.exe
Status             : Cancelled
Object             : %allusersprofile%\nvidia corporation\netservice\cf0559c7-1264-43e1-950d-d1072d91d293\347.52-desktop-win8-win7-winvista-64bit-international-whql-g.exe
MD5                : 4CDCBDB04C88A836EB005FF83AAD608C
Publisher          : -
Size               : 3156741
Version            : 1.0.4.0
Detection          :
Cleaning Action    : Quarantine
Traces             :
                File - %allusersprofile%\nvidia corporation\netservice\cf0559c7-1264-43e1-950d-d1072d91d293\347.52-desktop-win8-win7-winvista-64bit-international-whql-g.exe

Assembly-UnityScript-firstpass.dll
Status             : Cancelled
Object             : %programfiles%\steam\steamapps\common\hail to the king deathbat\deathbat_data\managed\assembly-unityscript-firstpass.dll
MD5                : 1A6B8FACECAE0DEBD4AE0C6434A839B9
Publisher          : -
Size               : 132096
Version            : -
Detection          :
Cleaning Action    : Quarantine
Traces             :
                File - %programfiles%\steam\steamapps\common\hail to the king deathbat\deathbat_data\managed\assembly-unityscript-firstpass.dll

Assembly-UnityScript.dll
Status             : Cancelled
Object             : %programfiles%\steam\steamapps\common\hail to the king deathbat\deathbat_data\managed\assembly-unityscript.dll
MD5                : 8A975C977A3468CBB89298472518F394
Publisher          : -
Size               : 24064
Version            : -
Detection          :
Cleaning Action    : Quarantine
Traces             :
                File - %programfiles%\steam\steamapps\common\hail to the king deathbat\deathbat_data\managed\assembly-unityscript.dll


Cleaning Result
-------------------------------------------------------
Cleaned               : 3
Reported as safe      : 1
Failed                : 0
 



#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:07 PM

Posted 27 December 2015 - 11:10 PM

Reclusive, is it possible to follow the instructions I posted in Post #7 please? :)

http://www.bleepingcomputer.com/forums/t/600509/trojans-found-still-have-slowdowns-long-shutdowns-task-manager-issues/#entry3895380

Thank you!

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 ReclusiveShade

ReclusiveShade
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 28 December 2015 - 01:15 AM

Sorry, haha. Just didn't know if you wanted me to finish the previous intructions or not. But here's the logs.

 

 

 

MiniToolBox by Farbar  Version: 02-11-2015
Ran by Bailey (administrator) on 27-12-2015 at 16:02:48
Running from "C:\Users\Bailey\Desktop"
Microsoft Windows 8  (X64)
Model: Alienware X51 R2 Manufacturer: Alienware
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Ethernet (Connected)
Dell Wireless 1506 802.11b/g/n (2.4GHz) = Wi-Fi (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 9" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 13" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Baileys-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 1E-84-DC-84-B9-C8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Dell Wireless 1506 802.11b/g/n (2.4GHz)
   Physical Address. . . . . . . . . : 0C-84-DC-84-B9-C8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 78-45-C4-FD-D4-95
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::19fb:a705:f27c:f8b0%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.105(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Saturday, December 26, 2015 4:42:45 PM
   Lease Expires . . . . . . . . . . : Sunday, January 3, 2016 2:43:10 PM
   Default Gateway . . . . . . . . . : fe80::1e7e:e5ff:fe49:adb%12
                                       192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 12:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{F85215E3-0353-4DD8-9618-100CC2BD8ED2}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.0.1

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.

Pinging google.com [173.194.43.72] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 173.194.43.72:
    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.0.1

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 14...1e 84 dc 84 b9 c8 ......Microsoft Wi-Fi Direct Virtual Adapter
 13...0c 84 dc 84 b9 c8 ......Dell Wireless 1506 802.11b/g/n (2.4GHz)
 12...78 45 c4 fd d4 95 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 16...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 18...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.105     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link     192.168.0.105    276
    192.168.0.105  255.255.255.255         On-link     192.168.0.105    276
    192.168.0.255  255.255.255.255         On-link     192.168.0.105    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.0.105    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.0.105    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 12    276 ::/0                     fe80::1e7e:e5ff:fe49:adb
  1    306 ::1/128                  On-link
 12    276 fe80::/64                On-link
 12    276 fe80::19fb:a705:f27c:f8b0/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [55296] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [66560] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [72192] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [53760] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/26/2015 06:53:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31218

Error: (12/26/2015 06:53:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 31218

Error: (12/26/2015 06:53:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/26/2015 06:53:14 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15609

Error: (12/26/2015 06:53:14 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15609

Error: (12/26/2015 06:53:14 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/26/2015 04:55:50 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31219

Error: (12/26/2015 04:55:50 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 31219

Error: (12/26/2015 04:55:50 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/26/2015 04:55:34 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15594


System errors:
=============
Error: (12/27/2015 03:27:13 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Boot Delay Start Service service failed to start due to the following error:
%%1053

Error: (12/27/2015 03:27:13 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Boot Delay Start Service service to connect.

Error: (12/27/2015 03:27:13 PM) (Source: Service Control Manager) (User: )
Description: The Interactive Services Detection service terminated with the following error:
%%1

Error: (12/27/2015 03:26:02 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (12/27/2015 03:24:06 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Boot Delay Start Service service failed to start due to the following error:
%%1053

Error: (12/27/2015 03:24:06 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Boot Delay Start Service service to connect.

Error: (12/27/2015 03:21:35 PM) (Source: DCOM) (User: Baileys-PC)
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (12/27/2015 02:44:54 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (12/26/2015 06:53:28 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgsvc service.

Error: (12/26/2015 05:07:27 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (12/26/2015 06:53:30 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31218

Error: (12/26/2015 06:53:30 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 31218

Error: (12/26/2015 06:53:30 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/26/2015 06:53:14 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15609

Error: (12/26/2015 06:53:14 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15609

Error: (12/26/2015 06:53:14 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/26/2015 04:55:50 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31219

Error: (12/26/2015 04:55:50 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 31219

Error: (12/26/2015 04:55:50 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/26/2015 04:55:34 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15594


CodeIntegrity Errors:
===================================
  Date: 2015-01-26 20:46:36.750
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-26 20:45:21.136
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-26 20:42:04.090
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-26 20:38:27.565
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-26 20:37:41.986
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-26 20:37:41.129
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-26 20:37:29.509
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-26 20:37:29.462
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-05 23:08:25.580
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-05 22:50:50.751
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

Ableton Live 9 Trial (HKLM-x32\...\{934D1F32-C76F-4570-8B1C-0FC8B72F24F9}) (Version: 9.0.0.0 - Ableton)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
AlienRespawn - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Alienware)
AlienRespawn (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Alienware)
Alienware Command Center (HKLM\...\{EE0AF3EC-E4C8-4B0C-9ED6-2C51B27DD0A0}) (Version: 3.0.26.0 - Alienware Corp.) Hidden
Alienware Command Center (HKLM-x32\...\InstallShield_{EE0AF3EC-E4C8-4B0C-9ED6-2C51B27DD0A0}) (Version: 3.0.26.0 - Alienware Corp.)
Alienware Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
Amazing Slow Downer (remove only) (HKLM-x32\...\Amazing Slow Downer) (Version:  - )
ANT Drivers Installer x64 (HKLM\...\{21F4950F-A1A6-4C72-8E50-BFEB9FB567A8}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AVG (HKLM\...\{A597ED27-4945-4E0B-8E37-DCD93DD85AD0}) (Version: 16.12.7303 - AVG Technologies) Hidden
AVG (HKLM\...\AvgZen) (Version: 1.22.1.40089 - AVG Technologies)
AVG 2016 (HKLM\...\{2272D5BF-6158-4042-9E55-5D0E0793D32E}) (Version: 16.0.4489 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.12.7303 - AVG Technologies)
AVG Zen (HKLM\...\{4BB3F53A-125D-4CD0-8448-620E9898CF96}) (Version: 1.22.1 - AVG Technologies) Hidden
Avid Effects (HKLM\...\{0faad20d-ad8d-4249-ad93-7f006f2aa54b}) (Version: 11.3.0 - Avid Technology, Inc.)
Avid Mbox Driver 1.1.10 (x64) (HKLM\...\{35BAD2B7-E2EF-4A06-80A2-C6C2F23B8F3E}) (Version: 1.1.10 - Avid)
Avid Pro Tools Express (HKLM-x32\...\{4C77F4F5-DFFC-4A18-A5A5-913350B70865}) (Version: 0.0.0 - Avid Technology, Inc.)
Avid Virtual Instruments Express (HKLM-x32\...\{6444D9E1-244C-465B-A990-F6AB116FC48A}) (Version: 10.2.0 - Avid Technology, Inc.)
Blacklight: Retribution (HKLM-x32\...\Steam App 209870) (Version:  - Zombie, Inc.)
Blender (HKLM\...\Blender) (Version: 2.68a - Blender Foundation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty: Advanced Warfare - Multiplayer (HKLM-x32\...\Steam App 209660) (Version:  - Sledgehammer Games)
Call of Duty: Advanced Warfare (HKLM-x32\...\Steam App 209650) (Version:  - Sledgehammer Games)
Call of Duty: Black Ops - Multiplayer (HKLM-x32\...\Steam App 42710) (Version:  - Treyarch)
Call of Duty: Black Ops (HKLM-x32\...\Steam App 42700) (Version:  - Treyarch)
Call of Duty: Modern Warfare 3 - Dedicated Server (HKLM-x32\...\Steam App 42750) (Version:  - Infinity Ward - Sledgehammer Games)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 3 (HKLM-x32\...\Steam App 42680) (Version:  - Infinity Ward)
Call of Duty: World at War (HKLM-x32\...\Steam App 10090) (Version:  - Treyarch)
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
Clickteam Fusion 2.5 Free Edition (HKLM-x32\...\Clickteam Fusion 2.5 Free Edition) (Version:  - Clickteam)
Crafty 1.0.2 (HKLM-x32\...\Crafty_is1) (Version:  - Ryan Gregg)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Data Vault (HKLM\...\{2E55EEFD-2162-4A7D-9158-EDB0305603A6}) (Version: 4.3.5.1 - Dell Inc.) Hidden
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.93 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.1.14 - Dell)
Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 10.0 - Dell)
DScaler 4.1.15 (HKLM-x32\...\DScaler 4.1.15_is1) (Version:  - )
Elevated Installer (HKLM-x32\...\{9F75D001-751D-4655-A02D-79BAF5251919}) (Version: 4.1.12.0 - Garmin Ltd or its subsidiaries) Hidden
Five Nights at Freddy's (HKLM-x32\...\Steam App 319510) (Version:  - Scott Cawthon)
Five Nights at Freddy's 2 (HKLM-x32\...\Steam App 332800) (Version:  - Scott Cawthon)
FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version:  - Image-Line)
FMW 1 (HKLM\...\{BCA7CC8C-745B-4340-B3A8-BC79A8498107}) (Version: 1.32.2 - AVG Technologies) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free Dailymotion Download version 1.0.23.514 (HKLM-x32\...\Free Dailymotion Download_is1) (Version: 1.0.23.514 - DVDVideoSoft Ltd.)
Free Studio version 2014 (HKLM-x32\...\Free Studio_is1) (Version: 6.3.6.716 - DVDVideoSoft Ltd.)
Free Video to MP3 Converter version 5.0.43.605 (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version: 5.0.43.605 - DVDVideoSoft Ltd.)
Garmin Express (HKLM-x32\...\{32FFC3D1-2F8B-4FD4-A842-E325AEF401E5}) (Version: 4.1.12.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{a5fbfb2e-b61d-462d-bca3-72a0e7ff7294}) (Version: 4.1.12.0 - Garmin Ltd or its subsidiaries)
Garmin Express Tray (HKLM-x32\...\{D9FCDEF1-CF94-49D9-86A1-367E514010E8}) (Version: 4.1.12.0 - Garmin Ltd or its subsidiaries) Hidden
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GetGo Download Manager (HKLM-x32\...\GetGoSoft_GetGoDM) (Version: 4.9.0.1982 - GetGo Software Ltd.)
GetGo YouTube Downloader (HKLM-x32\...\GetGoSoft_GetGoYD) (Version: 1.8.0.1577 - GetGo Software Ltd.)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
GIMP LqR Plug-In (HKLM-x32\...\GimpLqRPlugIn) (Version: PlugIn: 0.7.1 - Lib: 0.4.1 - Carlo Baldassi)
Go PlayAlong (HKLM-x32\...\{E8AD89F3-C2D9-80E0-94A7-8461F8967E93}) (Version: 2.93 - UNKNOWN) Hidden
Go PlayAlong (HKLM-x32\...\com.goplayalong.41DF8ADAAE31CA841C48A6C358D6E3DCCEC38798.1) (Version: 2.93 - UNKNOWN)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.29.1 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GPU Temp version 1.0 (HKLM-x32\...\{8C8711FD-0FC8-4801-B33E-ED19BB0350B1}_is1) (Version: 1.0 - gputemp.com)
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)
Grand Theft Auto: San Andreas (HKLM-x32\...\Steam App 12120) (Version:  - Rockstar Games)
Hail to the King: Deathbat (HKLM-x32\...\Steam App 327440) (Version:  - Subscience Studios)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
Intel® Driver Update Utility 2.0 (HKLM-x32\...\{59DB38EB-F864-4E10-841D-38CFBCF864B0}) (Version: 2.0.0.29 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3055 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
iTunes (HKLM\...\{A535111D-95C8-487F-869E-CE4C239972D2}) (Version: 11.1.1.11 - Apple Inc.)
Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025FF}) (Version: 7.0.250 - Oracle)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
License Support (HKLM\...\{3165EA9B-36CC-499B-96FF-36FC30E10EF4}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.) Hidden
License Support (HKLM-x32\...\InstallShield_{3165EA9B-36CC-499B-96FF-36FC30E10EF4}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee AntiVirus Plus (HKLM-x32\...\MSC) (Version: 14.0.5120 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.200 - McAfee, Inc.)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Modio (HKLM-x32\...\{3DA224A5-666B-4941-8998-2F19C6D126A5}_is1) (Version:  - GameTuts)
Movie Maker (HKLM-x32\...\{45898170-E68C-4F02-AA35-C2186BF347A3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
MSI ODD Monitor (HKLM-x32\...\{B7D9BAAA-F068-4BF8-B929-462C3A8AB677}) (Version: 1.0.0.6 - Micro-Star Int'l Co., Ltd.) Hidden
MSI ODD Monitor (HKLM-x32\...\InstallShield_{B7D9BAAA-F068-4BF8-B929-462C3A8AB677}) (Version: 1.0.0.6 - Micro-Star Int'l Co., Ltd.)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.54.10 - Black Tree Gaming)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.30 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.14.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.14.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.30 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
PACE License Support Win64 (HKLM\...\{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.4.3.0756 - PACE Anti-Piracy, Inc.) Hidden
PACE License Support Win64 (HKLM-x32\...\InstallShield_{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.4.3.0756 - PACE Anti-Piracy, Inc.)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 5.3.25.0 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6844 - Realtek Semiconductor Corp.)
Resource Tuner 2.01 (HKLM-x32\...\Resource Tuner_is1) (Version: 2.01 - Heaventools Software)
rgcAudio z3ta Plus v1.40 (HKLM-x32\...\rgcAudio z3ta Plus v1.40) (Version:  - )
Rocksmith 2014 (HKLM-x32\...\Steam App 221680) (Version:  - Ubisoft - San Francisco)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.5 - Rockstar Games)
Roxio Game Capture HD PRO (HKLM-x32\...\{2DD84AB2-8BF4-49FA-9D62-E3F93D4F56FB}) (Version: 2.0 - Roxio)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version:  - Deep Silver Volition)
Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version:  - Volition)
San Andreas Mod Installer (HKLM-x32\...\San Andreas Mod Installer1.1) (Version: 1.1 - cpmusick)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.5.14.5 - NVIDIA Corporation) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
System Requirements Lab Detection (HKLM-x32\...\{23A77926-8D45-42E0-93F3-04AA3A2B13CC}) (Version: 2.2.4.0 - Husdawg, LLC)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
UltraUXThemePatcher (HKLM-x32\...\UltraUXThemePatcher) (Version: 2.5.11.0 - Manuel Hoefs (Zottel))
Unreal Development Kit: 2014-08 (HKLM\...\UDK-2ee2cf31-110f-4289-b59f-bd3e02a440f5) (Version:  - Epic Games, Inc.)
Uplay (HKLM-x32\...\Uplay) (Version: 3.2 - Ubisoft)
Visual C++ 64-bit Redistributables (HKLM-x32\...\InstallShield_{FB03650C-B373-4B20-ACA5-B7BA1A8EEE33}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.)
Visual C++ Redistributables (HKLM-x32\...\InstallShield_{F03117FA-9270-46B0-9666-0B4BC2CDEBF5}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
XSplit Gamecaster (HKLM-x32\...\{C09012DC-4716-4D78-B8EE-3C2E343C8FE1}) (Version: 1.9.1407.2116 - SplitmediaLabs)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.19.737 - Zemana Ltd.)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 27%
Total physical RAM: 8083.76 MB
Available physical RAM: 5842.21 MB
Total Virtual: 9619.76 MB
Available Virtual: 6627.2 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:921.39 GB) (Free:128.88 GB) NTFS

========================= Users: ========================================

User accounts for \\BAILEYS-PC

501E54A026584898A9AF     7F32D16540FC490194D2     Administrator            
ASPNET                   Bailey                   Guest                    


**** End of log ****
 



#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:07 PM

Posted 28 December 2015 - 11:18 AM

I think I found your issue. You currently have two Antivirus installed on your system.

AVG 2016 (HKLM\...\{2272D5BF-6158-4042-9E55-5D0E0793D32E}) (Version: 16.0.4489 - AVG Technologies) Hidden
McAfee AntiVirus Plus (HKLM-x32\...\MSC) (Version: 14.0.5120 - McAfee, Inc.)

Having more than one Antivirus installed at the time can cause random issues, even system conflict and instability, hence why it's always recommended to have only one Antivirus installed on a system. This being said, I suggest you to uninstall one (if possible, the one you do not pay for, if both of them are free, decide which one you want to keep) and see if the performance improve after. On a side note, if you decide to keep McAfee, I would reinstall it since it seems to have a damaged installation from what I can see in the Event Viewer. If you want to read more about the dangers of running two Antivirus, I suggest you to read the IMPORTANT NOTE at the bottom of quietman's article in the link below.

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 ReclusiveShade

ReclusiveShade
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 28 December 2015 - 05:21 PM

Ok I'll uninstall one of them and let you know if i'm still having problems. Thanks for your help! :)



#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:07 PM

Posted 28 December 2015 - 05:31 PM

No problem Shade, let me know how it goes :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users