Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

found a darkcomet! could use some help


  • This topic is locked This topic is locked
30 replies to this topic

#1 Mach1awd

Mach1awd

  • Members
  • 16 posts
  • OFFLINE
  •  

Posted 10 January 2016 - 11:51 AM

So I have spent the last few days trying to tackle this PC issue. I have read so many different old post from here and other places I might have gotten rid of a lot of it so far but it still isn't right.

 

how I noticed; for some time I have noticed my pc lagging while doing a number of different tasks, really noticed watching YouTube and such. the pc would randomly kick on while in sleep mode. it also seemed for a while as if I wasn't getting windows updates. also MSE will not turn on and my clock wont go to the proper time. another thing I noticed was in creased fan speeds while at idle while showing nothing running. I'm sure there were other things but that should be enough reasons for now lol. OH I wasn't able to access msconifig then either.

 

I have almost every log you could ask for which I will attach. sorry I tried to handle this on my own, cause that seems to be the only way to learn anything, and I have learned a lot so far but to the point that I cant even think straight to get any further. I hope I haven't reached the point of no return yet by improperly doing things.

 

so far I have the pc running better and can get into CMD now but its still lagging and most of the problems stated above still exist. but I know I've done some good as my pc received a few MS updates last night. I think I got pretty damn close to removing it but left a few things behind cause I can notice it getting slower and things still not working like they should.

 

 



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,292 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:33 PM

Posted 10 January 2016 - 11:59 AM

:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


:step1: Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


:step4: MiniToolbox by Farbar

Disable your antivirus if it does not allow you to download the tool!
Please download MiniToolBox, save it to your desktop and run it.
Place a checkmark in Select all, then click Go and post the result (MTB.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Copy and paste the contents of that logfile in your next reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 Mach1awd

Mach1awd
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  

Posted 10 January 2016 - 11:59 AM

sorry but I don't see where to add reports



#4 Mach1awd

Mach1awd
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  

Posted 10 January 2016 - 12:05 PM

MiniToolBox by Farbar  Version: 02-11-2015
Ran by Badbleep (administrator) on 10-01-2016 at 06:55:48
Running from "C:\Users\Badbleep\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: To be filled by O.E.M. Manufacturer: To be filled by O.E.M.
Boot Mode: Minimal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Could not flush the DNS Resolver Cache: Function failed during execution.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
========================= IP Configuration: ================================

 

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Badbleep-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host google.com. Please check the name and try again.
Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.
Unable to contact IP driver. General failure.
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/09/2016 08:59:33 PM) (Source: Application Error) (User: )
Description: Faulting application name: aaHMSvc.exe, version: 0.1.0.18, time stamp: 0x00000000
Faulting module name: KERNELBASE.dll, version: 6.1.7601.19045, time stamp: 0x56258f05
Exception code: 0x0eedfade
Fault offset: 0x0000c42d
Faulting process id: 0xfac
Faulting application start time: 0xaaHMSvc.exe0
Faulting application path: aaHMSvc.exe1
Faulting module path: aaHMSvc.exe2
Report Id: aaHMSvc.exe3

Error: (01/09/2016 07:49:43 PM) (Source: Application Hang) (User: )
Description: The program Procmon64.exe version 3.20.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: fe0

Start Time: 01d14b580a65ac3e

Termination Time: 0

Application Path: C:\Users\Badbleep\AppData\Local\Temp\Procmon64.exe

Report Id: 270af1fc-b74d-11e5-9a81-ac220b50c290

Error: (01/09/2016 06:04:04 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/09/2016 06:04:04 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/09/2016 06:04:04 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/09/2016 06:04:04 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (01/09/2016 06:04:04 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/09/2016 06:04:04 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (01/09/2016 06:04:04 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/09/2016 06:04:04 PM) (Source: Windows Search Service) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

System errors:
=============
Error: (01/10/2016 06:53:07 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/10/2016 06:53:07 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/10/2016 06:53:07 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/10/2016 06:53:07 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/10/2016 06:53:07 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/10/2016 06:53:07 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/10/2016 06:53:06 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/10/2016 06:53:06 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/10/2016 06:53:06 AM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (01/10/2016 06:53:06 AM) (Source: DCOM) (User: )
Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89}

Microsoft Office Sessions:
=========================
Error: (01/09/2016 08:59:33 PM) (Source: Application Error)(User: )
Description: aaHMSvc.exe0.1.0.1800000000KERNELBASE.dll6.1.7601.1904556258f050eedfade0000c42dfac01d14b639efce565C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exeC:\Windows\syswow64\KERNELBASE.dllefa62a30-b756-11e5-9a81-ac220b50c290

Error: (01/09/2016 07:49:43 PM) (Source: Application Hang)(User: )
Description: Procmon64.exe3.20.0.0fe001d14b580a65ac3e0C:\Users\Badbleep\AppData\Local\Temp\Procmon64.exe270af1fc-b74d-11e5-9a81-ac220b50c290

Error: (01/09/2016 06:04:04 PM) (Source: Windows Search Service)(User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/09/2016 06:04:04 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/09/2016 06:04:04 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/09/2016 06:04:04 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (01/09/2016 06:04:04 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (01/09/2016 06:04:04 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (01/09/2016 06:04:04 PM) (Source: Windows Search Service)(User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (01/09/2016 06:04:04 PM) (Source: Windows Search Service)(User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
4700

=========================== Installed Programs ============================

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.04.01 - ASUSTeK Computer Inc.)
AMD Catalyst Install Manager (HKLM\...\{F37078EA-4B6A-1D6F-6FED-3EDF2117B42C}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 2.0.8.0000 - Asmedia Technology)
ASUS Boot Setting (HKLM-x32\...\{7AAE9187-C24F-4073-A951-36C370E7A3A5}) (Version: 1.00.17 - ASUSTeK Computer Inc.)
Asus Drivers Download Utility 3.6.1 (HKLM\...\{3E7C8168-166F-33BC-D659-3B4CFF633E35}_is1) (Version: 3.6.1 - LionSea Software)
ASUS GPU Tweak (HKLM-x32\...\{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.7.9.0 - ASUSTek COMPUTER INC.) Hidden
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.7.9.0 - ASUSTek COMPUTER INC.)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
CPUID ASUS CPU-Z 1.65 (HKLM\...\CPUID ASUS CPU-Z_is1) (Version: 1.65 - CPUID, Inc.)
Crysis 3 (HKLM-x32\...\Q3J5c2lzMw==_is1) (Version: 1 - )
DVDFab 9.1.1.9 (18/12/2013) (HKLM-x32\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
Exact Audio Copy 1.0beta4 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta4 - Andre Wiethoff)
FNC 11 Installer (HKLM-x32\...\{0FE07808-87DF-45A7-AEF8-97F3A60F4E00}) (Version: 11.06.0000 - Acresso Software) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.29.1 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.7 - Google Inc.) Hidden
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Kodi (HKCU\...\Kodi) (Version:  - XBMC-Foundation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2 - Mozilla)
NewsLeecher v5.0 Beta 3 (HKLM-x32\...\NewsLeecher_is1) (Version:  - )
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.9 - Power Software Ltd)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7058 - Realtek Semiconductor Corp.)
Samsung Kies3 (HKLM-x32\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Wolfenstein: The New Order (HKLM-x32\...\V29sZmVuc3RlaW5UaGVOZXdPcmRlcg==_is1) (Version: 1 - )

========================= Devices: ================================

Name: USB Input Device
Description: USB Input Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: HidUsb
Device ID: USB\VID_046D&PID_C537&MI_00\6&4AE3A44&0&0000

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB\4&67395F2&0

Name: TCP/IP Registry Compatibility
Description: TCP/IP Registry Compatibility
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: tcpipreg
Device ID: ROOT\LEGACY_TCPIPREG\0000

Name: WAN Miniport (SSTP)
Description: WAN Miniport (SSTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasSstp
Device ID: ROOT\MS_SSTPMINIPORT\0000

Name: PEAUTH
Description: PEAUTH
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: PEAUTH
Device ID: ROOT\LEGACY_PEAUTH\0000

Name: LDDM Graphics Subsystem
Description: LDDM Graphics Subsystem
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: DXGKrnl
Device ID: ROOT\LEGACY_DXGKRNL\0000

Name: ATI I/O Communications Processor PCI Bus Controller
Description: ATI I/O Communications Processor PCI Bus Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: ATI
Service: pci
Device ID: PCI\VEN_1002&DEV_4384&SUBSYS_00000000&REV_40\3&267A616A&0&A4

Name: Standard OpenHCD USB Host Controller
Description: Standard OpenHCD USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbohci
Device ID: PCI\VEN_1002&DEV_4397&SUBSYS_43971002&REV_00\3&267A616A&0&B0

Name: AMD FX™-8350 Eight-Core Processor          
Description: AMD Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Advanced Micro Devices
Service: AmdPPM
Device ID: ACPI\AUTHENTICAMD_-_AMD64_FAMILY_21_MODEL_2_-_AMD_FX™-8350_EIGHT-CORE_PROCESSOR___________\_5

Name: Ideazon Merc Stealth MM USB Human Interface Device
Description: Ideazon Merc Stealth MM USB Human Interface Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Ideazon USB Human Interface Device
Service: HidUsb
Device ID: USB\VID_1038&PID_0510&MI_01\7&28F085AC&0&0001

Name: PCI standard PCI-to-PCI bridge
Description: PCI standard PCI-to-PCI bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci
Device ID: PCI\VEN_1002&DEV_5A16&SUBSYS_5A141002&REV_00\3&267A616A&0&10

Name: High Definition Audio Controller
Description: High Definition Audio Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus
Device ID: PCI\VEN_1002&DEV_AAB0&SUBSYS_AAB01043&REV_00\4&14E8F4CB&0&0110

Name: Direct memory access controller
Description: Direct memory access controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0200\4&1B5A7E87&0

Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Device ID: ROOT\*ISATAP\0000

Name: HID-compliant consumer control device
Description: HID-compliant consumer control device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Microsoft
Service:
Device ID: HID\VID_1038&PID_0510&MI_01&COL01\8&12A601A1&0&0000

Name: Windows Firewall Authorization Driver
Description: Windows Firewall Authorization Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mpsdrv
Device ID: ROOT\LEGACY_MPSDRV\0000

Name: Asmedia 106x SATA Controller
Description: Asmedia 106x SATA Controller
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: Asmedia Technology
Service: asahci64
Device ID: PCI\VEN_1B21&DEV_0612&SUBSYS_84B71043&REV_01\4&2799F330&0&0020

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB\4&CA1A60D&0

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
Device ID: STORAGE\VOLUME\{E8E114C1-AC00-11E4-BBB8-806E6F6E6963}#000000000E500000

Name: NetIO Legacy TDI Support Driver
Description: NetIO Legacy TDI Support Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: tdx
Device ID: ROOT\LEGACY_TDX\0000

Name: Terminal Server Keyboard Driver
Description: Terminal Server Keyboard Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: TermDD
Device ID: ROOT\RDP_KBD\0000

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Device ID: ROOT\*TEREDO\0000

Name: USB Input Device
Description: USB Input Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: HidUsb
Device ID: USB\VID_046D&PID_C537&MI_01\6&4AE3A44&0&0001

Name: Communications Port (COM1)
Description: Communications Port
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard port types)
Service: Serial
Device ID: ACPI\PNP0501\1

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB20\4&318406F3&0

Name: Terminal Server Mouse Driver
Description: Terminal Server Mouse Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: TermDD
Device ID: ROOT\RDP_MOU\0000

Name: ACPI x64-based PC
Description: ACPI x64-based PC
Class Guid: {4d36e966-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard computers)
Service: \Driver\ACPI_HAL
Device ID: ROOT\ACPI_HAL\0000

Name: HID-compliant mouse
Description: HID-compliant mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: mouhid
Device ID: HID\VID_046D&PID_C537&MI_00\7&22EB83C0&0&0000

Name: System speaker
Description: System speaker
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0800\4&1B5A7E87&0

Name: Plug and Play Software Device Enumerator
Description: Plug and Play Software Device Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: swenum
Device ID: ROOT\SYSTEM\0000

Name: AMD SMBus
Description: AMD SMBus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices, Inc
Service:
Device ID: PCI\VEN_1002&DEV_4385&SUBSYS_43851002&REV_42\3&267A616A&0&A0

Name: VgaSave
Description: VgaSave
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: VgaSave
Device ID: ROOT\LEGACY_VGASAVE\0000

Name: Standard OpenHCD USB Host Controller
Description: Standard OpenHCD USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbohci
Device ID: PCI\VEN_1002&DEV_4399&SUBSYS_43991002&REV_00\3&267A616A&0&A5

Name: PCI standard PCI-to-PCI bridge
Description: PCI standard PCI-to-PCI bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci
Device ID: PCI\VEN_1002&DEV_5A18&SUBSYS_5A141002&REV_00\3&267A616A&0&20

Name: File as Volume Driver
Description: File as Volume Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: blbdrive
Device ID: ROOT\BLBDRIVE\0000

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB20\4&37566865&0

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: PCI\VEN_1022&DEV_1600&SUBSYS_00000000&REV_00\3&267A616A&0&C0

Name: PROCMON23
Description: PROCMON23
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: PROCMON23
Device ID: ROOT\LEGACY_PROCMON23\0000

Name: Asmedia 106x SATA Controller
Description: Asmedia 106x SATA Controller
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: Asmedia Technology
Service: asahci64
Device ID: PCI\VEN_1B21&DEV_0612&SUBSYS_84B71043&REV_01\4&312AFB2E&0&0028

Name: PCI bus
Description: PCI bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci
Device ID: ACPI\PNP0A03\0

Name: UMBus Root Bus Enumerator
Description: UMBus Root Bus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: umbus
Device ID: ROOT\UMBUS\0000

Name: Dynamic Volume Manager
Description: Dynamic Volume Manager
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: volmgrx
Device ID: ROOT\LEGACY_VOLMGRX\0000

Name: Composite Bus Enumerator
Description: Composite Bus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: CompositeBus
Device ID: ROOT\COMPOSITEBUS\0000

Name: HID Keyboard Device
Description: HID Keyboard Device
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: kbdhid
Device ID: HID\VID_046D&PID_C537&MI_01&COL01\7&361B9FFE&0&0000

Name: Microsoft Virtual Drive Enumerator Driver
Description: Microsoft Virtual Drive Enumerator Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: vdrvroot
Device ID: ROOT\VDRVROOT\0000

Name: AMD FX™-8350 Eight-Core Processor          
Description: AMD Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Advanced Micro Devices
Service: AmdPPM
Device ID: ACPI\AUTHENTICAMD_-_AMD64_FAMILY_21_MODEL_2_-_AMD_FX™-8350_EIGHT-CORE_PROCESSOR___________\_6

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB20\4&3892A9E2&0

Name: QoS Packet Scheduler
Description: QoS Packet Scheduler
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Psched
Device ID: ROOT\LEGACY_PSCHED\0000

Name: AMD FX™-8350 Eight-Core Processor          
Description: AMD Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Advanced Micro Devices
Service: AmdPPM
Device ID: ACPI\AUTHENTICAMD_-_AMD64_FAMILY_21_MODEL_2_-_AMD_FX™-8350_EIGHT-CORE_PROCESSOR___________\_1

Name: HID-compliant device
Description: HID-compliant device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service:
Device ID: HID\VID_1038&PID_0510&MI_01&COL02\8&12A601A1&0&0001

Name: Ancillary Function Driver for Winsock
Description: Ancillary Function Driver for Winsock
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AFD
Device ID: ROOT\LEGACY_AFD\0000

Name: Storage volumes
Description: Storage volumes
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: volsnap
Device ID: ROOT\LEGACY_VOLSNAP\0000

Name: msahci
Description: msahci
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: msahci
Device ID: ROOT\LEGACY_MSAHCI\0000

Name: Volume Manager
Description: Volume Manager
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: volmgr
Device ID: ROOT\VOLMGR\0000

Name: AMD SATA Controller
Description: AMD SATA Controller
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: AMD
Service: amd_sata
Device ID: PCI\VEN_1002&DEV_4391&SUBSYS_84DD1043&REV_40\3&267A616A&0&88

Name: System CMOS/real time clock
Description: System CMOS/real time clock
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0B00\4&1B5A7E87&0

Name: PCI standard ISA bridge
Description: PCI standard ISA bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: msisadrv
Device ID: PCI\VEN_1002&DEV_439D&SUBSYS_439D1002&REV_40\3&267A616A&0&A3

Name: PCI standard PCI-to-PCI bridge
Description: PCI standard PCI-to-PCI bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci
Device ID: PCI\VEN_1002&DEV_5A19&SUBSYS_5A141002&REV_00\3&267A616A&0&28

Name: Generic USB Hub
Description: Generic USB Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Generic USB Hub)
Service: usbhub
Device ID: USB\VID_0409&PID_005A\5&34472DFD&0&2

Name: QWAVE driver
Description: QWAVE driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: QWAVEdrv
Device ID: ROOT\LEGACY_QWAVEDRV\0000

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: PCI\VEN_1022&DEV_1601&SUBSYS_00000000&REV_00\3&267A616A&0&C1

Name: aksdf
Description: aksdf
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aksdf
Device ID: ROOT\LEGACY_AKSDF\0000

Name: ASMedia XHCI Controller
Description: ASMedia XHCI Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: ASMedia Technology Inc
Service: asmtxhci
Device ID: PCI\VEN_1B21&DEV_1042&SUBSYS_84881043&REV_00\4&1741AB47&0&0048

Name: Remote Access IPv6 ARP Driver
Description: Remote Access IPv6 ARP Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Wanarpv6
Device ID: ROOT\LEGACY_WANARPV6\0000

Name: HID-compliant consumer control device
Description: HID-compliant consumer control device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Microsoft
Service:
Device ID: HID\VID_046D&PID_C537&MI_01&COL02\7&361B9FFE&0&0001

Name: System board
Description: System board
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C01\1

Name: aksfridge
Description: aksfridge
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aksfridge
Device ID: ROOT\LEGACY_AKSFRIDGE\0000

Name: msisadrv
Description: msisadrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: msisadrv
Device ID: ROOT\LEGACY_MSISADRV\0000

Name: System board
Description: System board
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C01\C8

Name: Kernel Mode Driver Frameworks service
Description: Kernel Mode Driver Frameworks service
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Wdf01000
Device ID: ROOT\LEGACY_WDF01000\0000

Name: RDPCDD
Description: RDPCDD
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RDPCDD
Device ID: ROOT\LEGACY_RDPCDD\0000

Name: Standard Enhanced PCI to USB Host Controller
Description: Standard Enhanced PCI to USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbehci
Device ID: PCI\VEN_1002&DEV_4396&SUBSYS_43961002&REV_00\3&267A616A&0&92

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C02\10

Name: PCI standard PCI-to-PCI bridge
Description: PCI standard PCI-to-PCI bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci
Device ID: PCI\VEN_1002&DEV_43A0&SUBSYS_00001002&REV_00\3&267A616A&0&A8

Name: Bitlocker Drive Encryption Filter Driver
Description: Bitlocker Drive Encryption Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: fvevol
Device ID: ROOT\LEGACY_FVEVOL\0000

Name: PCI standard PCI-to-PCI bridge
Description: PCI standard PCI-to-PCI bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci
Device ID: PCI\VEN_1002&DEV_5A1C&SUBSYS_5A141002&REV_00\3&267A616A&0&48

Name: amdkmdag
Description: amdkmdag
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: amdkmdag
Device ID: ROOT\LEGACY_AMDKMDAG\0000

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: PCI\VEN_1022&DEV_1602&SUBSYS_00000000&REV_00\3&267A616A&0&C2

Name: AMD FX™-8350 Eight-Core Processor          
Description: AMD Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Advanced Micro Devices
Service: AmdPPM
Device ID: ACPI\AUTHENTICAMD_-_AMD64_FAMILY_21_MODEL_2_-_AMD_FX™-8350_EIGHT-CORE_PROCESSOR___________\_7

Name: WFP Lightweight Filter
Description: WFP Lightweight Filter
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: WfpLwf
Device ID: ROOT\LEGACY_WFPLWF\0000

Name: HID-compliant device
Description: HID-compliant device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service:
Device ID: HID\VID_046D&PID_C537&MI_01&COL03\7&361B9FFE&0&0002

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C02\14

Name: ASMedia XHCI Controller
Description: ASMedia XHCI Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: ASMedia Technology Inc
Service: asmtxhci
Device ID: PCI\VEN_1B21&DEV_1042&SUBSYS_84881043&REV_00\4&1F27578A&0&00AA

Name: AMD FX™-8350 Eight-Core Processor          
Description: AMD Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Advanced Micro Devices
Service: AmdPPM
Device ID: ACPI\AUTHENTICAMD_-_AMD64_FAMILY_21_MODEL_2_-_AMD_FX™-8350_EIGHT-CORE_PROCESSOR___________\_2

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: asmthub3
Device ID: USB\VID_040E&PID_0100&ASMEDIAUSBD_HUB\5&18B5FF43&0&0

Name: RDP Encoder Mirror Driver
Description: RDP Encoder Mirror Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RDPENCDD
Device ID: ROOT\LEGACY_RDPENCDD\0000

Name: hardlock
Description: hardlock
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: hardlock
Device ID: ROOT\LEGACY_HARDLOCK\0000

Name: NDIS System Driver
Description: NDIS System Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NDIS
Device ID: ROOT\LEGACY_NDIS\0000

Name: AODDriver4.3
Description: AODDriver4.3
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AODDriver4.3
Device ID: ROOT\LEGACY_AODDRIVER4.3\0000

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C02\15

Name: Reflector Display Driver used to gain access to graphics data
Description: Reflector Display Driver used to gain access to graphics data
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RDPREFMP
Device ID: ROOT\LEGACY_RDPREFMP\0000

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C02\2E

Name: WinpkFilter LightWeight Filter
Description: WinpkFilter LightWeight Filter
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ndisrd
Device ID: ROOT\LEGACY_NDISRD\0000

Name: HTTP
Description: HTTP
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: HTTP
Device ID: ROOT\LEGACY_HTTP\0000

Name: Standard Enhanced PCI to USB Host Controller
Description: Standard Enhanced PCI to USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbehci
Device ID: PCI\VEN_1002&DEV_4396&SUBSYS_43961002&REV_00\3&267A616A&0&9A

Name: PCI standard PCI-to-PCI bridge
Description: PCI standard PCI-to-PCI bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci
Device ID: PCI\VEN_1002&DEV_43A1&SUBSYS_00001002&REV_00\3&267A616A&0&A9

Name: User Mode Driver Frameworks Platform Driver
Description: User Mode Driver Frameworks Platform Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: WudfPf
Device ID: ROOT\LEGACY_WUDFPF\0000

Name: AsIO
Description: AsIO
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AsIO
Device ID: ROOT\LEGACY_ASIO\0000

Name: PCI standard PCI-to-PCI bridge
Description: PCI standard PCI-to-PCI bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci
Device ID: PCI\VEN_1002&DEV_5A1D&SUBSYS_5A141002&REV_00\3&267A616A&0&50

Name: HID-compliant device
Description: HID-compliant device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service:
Device ID: HID\VID_046D&PID_C537&MI_01&COL04\7&361B9FFE&0&0003

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C02\700

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: PCI\VEN_1022&DEV_1603&SUBSYS_00000000&REV_00\3&267A616A&0&C3

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: asmthub3
Device ID: USB\VID_040E&PID_0100&ASMEDIAUSBD_HUB\5&1BBD1AF2&0&0

Name: Link-Layer Topology Discovery Responder
Description: Link-Layer Topology Discovery Responder
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: rspndr
Device ID: ROOT\LEGACY_RSPNDR\0000

Name: NDProxy
Description: NDProxy
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NDProxy
Device ID: ROOT\LEGACY_NDPROXY\0000

Name: Hardware Policy Driver
Description: Hardware Policy Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: hwpolicy
Device ID: ROOT\LEGACY_HWPOLICY\0000

Name: ASMedia XHCI Controller
Description: ASMedia XHCI Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: ASMedia Technology Inc
Service: asmtxhci
Device ID: PCI\VEN_1B21&DEV_1042&SUBSYS_84881043&REV_00\4&9B80F17&0&00AB

Name: AsUpIO
Description: AsUpIO
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AsUpIO
Device ID: ROOT\LEGACY_ASUPIO\0000

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C02\99

Name: Microsoft System Management BIOS Driver
Description: Microsoft System Management BIOS Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: mssmbios
Device ID: ROOT\MSSMBIOS\0000

Name: OCZ-VERTEX4 ATA Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Device ID: IDE\DISKOCZ-VERTEX4_____________________________1.5_____\6&2121FB36&0&0.0.0

Name: SCDEmu
Description: SCDEmu
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SCDEmu
Device ID: ROOT\LEGACY_SCDEMU\0000

Name: IOMap
Description: IOMap
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: IOMap
Device ID: ROOT\LEGACY_IOMAP\0000

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C02\E11

Name: AMD FX™-8350 Eight-Core Processor          
Description: AMD Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Advanced Micro Devices
Service: AmdPPM
Device ID: ACPI\AUTHENTICAMD_-_AMD64_FAMILY_21_MODEL_2_-_AMD_FX™-8350_EIGHT-CORE_PROCESSOR___________\_8

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
Device ID: STORAGE\VOLUME\{D7B01D37-AD62-11E4-8E2A-AC220B50C290}#0000000000100000

Name: WAN Miniport (IKEv2)
Description: WAN Miniport (IKEv2)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasAgileVpn
Device ID: ROOT\MS_AGILEVPNMINIPORT\0000

Name: IDE Channel
Description: IDE Channel
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: atapi
Device ID: ROOT\LEGACY_ATAPI\0000

Name: AMD FX™-8350 Eight-Core Processor          
Description: AMD Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Advanced Micro Devices
Service: AmdPPM
Device ID: ACPI\AUTHENTICAMD_-_AMD64_FAMILY_21_MODEL_2_-_AMD_FX™-8350_EIGHT-CORE_PROCESSOR___________\_3

Name: HID-compliant device
Description: HID-compliant device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service:
Device ID: HID\VID_046D&PID_C537&MI_01&COL05\7&361B9FFE&0&0004

Name: AMD High Definition Audio Device
Description: AMD High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices
Service: AtiHDAudioService
Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1003\5&20D90D91&0&0001

Name: Standard Enhanced PCI to USB Host Controller
Description: Standard Enhanced PCI to USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbehci
Device ID: PCI\VEN_1002&DEV_4396&SUBSYS_43961002&REV_00\3&267A616A&0&B2

Name: PCI standard PCI-to-PCI bridge
Description: PCI standard PCI-to-PCI bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci
Device ID: PCI\VEN_1002&DEV_43A2&SUBSYS_00001002&REV_00\3&267A616A&0&AA

Name: Numeric data processor
Description: Numeric data processor
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C04\4&1B5A7E87&0

Name: Security Driver
Description: Security Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: secdrv
Device ID: ROOT\LEGACY_SECDRV\0000

Name: PCI standard PCI-to-PCI bridge
Description: PCI standard PCI-to-PCI bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci
Device ID: PCI\VEN_1002&DEV_5A1E&SUBSYS_5A141002&REV_00\3&267A616A&0&68

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: asmthub3
Device ID: USB\VID_040E&PID_0100&ASMEDIAUSBD_HUB\5&BB9E5C8&0&0

Name: KSecDD
Description: KSecDD
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: KSecDD
Device ID: ROOT\LEGACY_KSECDD\0000

Name: NETBT
Description: NETBT
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NetBT
Device ID: ROOT\LEGACY_NETBT\0000

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: PCI\VEN_1022&DEV_1604&SUBSYS_00000000&REV_00\3&267A616A&0&C4

Name: Beep
Description: Beep
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Beep
Device ID: ROOT\LEGACY_BEEP\0000

Name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: Rasl2tp
Device ID: ROOT\MS_L2TPMINIPORT\0000

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Device ID: ROOT\LEGACY_SPLDR\0000
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft ACPI-Compliant Embedded Controller
Description: Microsoft ACPI-Compliant Embedded Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C09\4&1B5A7E87&0

Name: KSecPkg
Description: KSecPkg
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: KSecPkg
Device ID: ROOT\LEGACY_KSECPKG\0000

Name: Microsoft Network Inspection System
Description: Microsoft Network Inspection System
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NisDrv
Device ID: ROOT\LEGACY_NISDRV\0000

Name: WAN Miniport (Network Monitor)
Description: WAN Miniport (Network Monitor)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Device ID: ROOT\MS_NDISWANBH\0000

Name: WDC WD2002FAEX-00MJRA0 ATA Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Device ID: IDE\DISKWDC_WD2002FAEX-00MJRA0__________________01.01L01\6&33DBABDB&0&1.0.0

Name: HID-compliant device
Description: HID-compliant device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service:
Device ID: HID\VID_046D&PID_C537&MI_01&COL06\7&361B9FFE&0&0005

Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR
Device ID: USB\VID_152E&PID_2507\P01070215003712

Name: sptd
Description: sptd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: sptd
Device ID: ROOT\LEGACY_SPTD\0000

Name: ATA Channel 0
Description: IDE Channel
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi
Device ID: PCIIDE\IDECHANNEL\5&1181CD07&0&0

Name: ACPI Power Button
Description: ACPI Power Button
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C0C\AA

Name: USB Composite Device
Description: USB Composite Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbccgp
Device ID: USB\VID_1038&PID_0510\6&4A1241D&0&3

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
Device ID: STORAGE\VOLUME\{E8E114C1-AC00-11E4-BBB8-806E6F6E6963}#0000000000100000

Name: Link-Layer Topology Discovery Mapper I/O Driver
Description: Link-Layer Topology Discovery Mapper I/O Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: lltdio
Device ID: ROOT\LEGACY_LLTDIO\0000

Name: Standard OpenHCD USB Host Controller
Description: Standard OpenHCD USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbohci
Device ID: PCI\VEN_1002&DEV_4397&SUBSYS_43971002&REV_00\3&267A616A&0&90

Name: PCI standard PCI-to-PCI bridge
Description: PCI standard PCI-to-PCI bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci
Device ID: PCI\VEN_1002&DEV_43A3&SUBSYS_00001002&REV_00\3&267A616A&0&AB

Name: PCI standard PCI-to-PCI bridge
Description: PCI standard PCI-to-PCI bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci
Device ID: PCI\VEN_1002&DEV_5A1F&SUBSYS_5A141002&REV_00\3&267A616A&0&58

Name: WAN Miniport (IP)
Description: WAN Miniport (IP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Device ID: ROOT\MS_NDISWANIP\0000

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: PCI\VEN_1022&DEV_1605&SUBSYS_00000000&REV_00\3&267A616A&0&C5

Name: Microsoft Windows Management Interface for ACPI
Description: Microsoft Windows Management Interface for ACPI
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: WmiAcpi
Device ID: ACPI\PNP0C14\ASUSWMI

Name: Realtek High Definition Audio
Description: Realtek High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: IntcAzAudAddService
Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0892&SUBSYS_10438436&REV_1003\4&1DC8007C&0&0001

Name: ACPI Fixed Feature Button
Description: ACPI Fixed Feature Button
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\FIXEDBUTTON\2&DABA3FF&1

Name: NSI proxy service driver.
Description: NSI proxy service driver.
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: nsiproxy
Device ID: ROOT\LEGACY_NSIPROXY\0000

Name: Common Log (CLFS)
Description: Common Log (CLFS)
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: CLFS
Device ID: ROOT\LEGACY_CLFS\0000

Name: ATA Channel 1
Description: IDE Channel
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi
Device ID: PCIIDE\IDECHANNEL\5&1181CD07&0&1

Name: AMD FX™-8350 Eight-Core Processor          
Description: AMD Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Advanced Micro Devices
Service: AmdPPM
Device ID: ACPI\AUTHENTICAMD_-_AMD64_FAMILY_21_MODEL_2_-_AMD_FX™-8350_EIGHT-CORE_PROCESSOR___________\_4

Name: Ideazon Merc Stealth USB Human Interface Device
Description: Ideazon Merc Stealth USB Human Interface Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Ideazon USB Human Interface Device
Service: HidUsb
Device ID: USB\VID_1038&PID_0510&MI_00\7&28F085AC&0&0000

Name: USB Input Device
Description: USB Input Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: HidUsb
Device ID: USB\VID_046D&PID_C069\6&4A1241D&0&1

Name: WAN Miniport (IPv6)
Description: WAN Miniport (IPv6)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Device ID: ROOT\MS_NDISWANIPV6\0000

Name: Microsoft Windows Management Interface for ACPI
Description: Microsoft Windows Management Interface for ACPI
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: WmiAcpi
Device ID: ACPI\PNP0C14\MXM2

Name: HID Keyboard Device
Description: HID Keyboard Device
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: kbdhid
Device ID: HID\VID_1038&PID_0510&MI_00\8&367D3F63&0&0000

Name: Mount Point Manager
Description: Mount Point Manager
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mountmgr
Device ID: ROOT\LEGACY_MOUNTMGR\0000

Name: CNG
Description: CNG
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: CNG
Device ID: ROOT\LEGACY_CNG\0000

Name: Programmable interrupt controller
Description: Programmable interrupt controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0000\4&1B5A7E87&0

Name: Microsoft ACPI-Compliant System
Description: Microsoft ACPI-Compliant System
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: ACPI
Device ID: ACPI_HAL\PNP0C08\0

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB\4&209DFF44&0

Name: High Definition Audio Controller
Description: High Definition Audio Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus
Device ID: PCI\VEN_1002&DEV_4383&SUBSYS_84361043&REV_40\3&267A616A&0&A2

Name: WAN Miniport (PPPOE)
Description: WAN Miniport (PPPOE)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasPppoe
Device ID: ROOT\MS_PPPOEMINIPORT\0000

Name: ATA Channel 0
Description: IDE Channel
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi
Device ID: PCIIDE\IDECHANNEL\5&17250B85&0&0

Name: Standard OpenHCD USB Host Controller
Description: Standard OpenHCD USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbohci
Device ID: PCI\VEN_1002&DEV_4397&SUBSYS_43971002&REV_00\3&267A616A&0&98

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: PCI\VEN_1002&DEV_5A14&SUBSYS_5A141002&REV_02\3&267A616A&0&00

Name: AMD Radeon R9 200 Series
Description: AMD Radeon R9 200 Series
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices, Inc.
Service: amdkmdap
Device ID: PCI\VEN_1002&DEV_6810&SUBSYS_04641043&REV_00\4&14E8F4CB&0&0010

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
Device ID: STORAGE\VOLUME\{E8E114C1-AC00-11E4-BBB8-806E6F6E6963}#0000000006500000

Name: HL-DT-ST DVDRAM GSA-E30L USB Device
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Device ID: USBSTOR\CDROM&VEN_HL-DT-ST&PROD_DVDRAM_GSA-E30L&REV_VE01\P01070215003712&0

Name: USB Composite Device
Description: USB Composite Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbccgp
Device ID: USB\VID_046D&PID_C537\5&15D9C317&0&2

Name: Null
Description: Null
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Null
Device ID: ROOT\LEGACY_NULL\0000

Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8169
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_85051043&REV_09\4&28B85F88&0&00A9

Name: System timer
Description: System timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0100\4&1B5A7E87&0

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB\4&21F60AC4&0

Name: TCP/IP Protocol Driver
Description: TCP/IP Protocol Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Tcpip
Device ID: ROOT\LEGACY_TCPIP\0000

Name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: PptpMiniport
Device ID: ROOT\MS_PPTPMINIPORT\0000

Name: HID-compliant mouse
Description: HID-compliant mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: mouhid
Device ID: HID\VID_046D&PID_C069\7&1AAE79B1&0&0000

Name: Performance Counters for Windows Driver
Description: Performance Counters for Windows Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: pcw
Device ID: ROOT\LEGACY_PCW\0000

Name: System Attribute Cache
Description: System Attribute Cache
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: discache
Device ID: ROOT\LEGACY_DISCACHE\0000

Name: ATA Channel 1
Description: IDE Channel
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi
Device ID: PCIIDE\IDECHANNEL\5&17250B85&0&1

Name: High precision event timer
Description: High precision event timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0103\2&DABA3FF&1

========================= Memory info: ===================================

Percentage of memory in use: 19%
Total physical RAM: 8090.43 MB
Available physical RAM: 6546.98 MB
Total Virtual: 16179.07 MB
Available Virtual: 14737.61 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:119.02 GB) (Free:60.96 GB) NTFS
3 Drive f: (T2.1) (Fixed) (Total:1863.01 GB) (Free:668.17 GB) NTFS

========================= Users: ========================================

User accounts for \\

Administrator            Badbleep                 Guest                   

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

**** End of log ****



#5 Mach1awd

Mach1awd
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  

Posted 10 January 2016 - 12:09 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-01-2015
Ran by Badbleep (administrator) on BADbleep-PC (10-01-2016 06:59:32)
Running from C:\Users\Badbleep\Desktop
Loaded Profiles: Badbleep (Available Profiles: Badbleep)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7200984 2015-02-05] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2013-01-28] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUS WiFi GO! FileTransfer Execute] => C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFile\WiFileTransfer.exe [1391416 2013-06-21] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [337432 2014-03-10] (Power Software Ltd)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-28] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-3908874892-2912949432-2940350283-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3908874892-2912949432-2940350283-1000\...\Policies\system: [EnableLUA] 0
HKU\S-1-5-21-3908874892-2912949432-2940350283-1000\...\MountPoints2: D - D:\setup.exe
HKU\S-1-5-21-3908874892-2912949432-2940350283-1000\...\MountPoints2: {218c8955-b2aa-11e4-9a2d-806e6f6e6963} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3908874892-2912949432-2940350283-1000\...\MountPoints2: {7a2a9314-bf6a-11e4-b6f3-ac220b50c290} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\TL-Bootstrap.exe
HKU\S-1-5-21-3908874892-2912949432-2940350283-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-02-03] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [AOD] => C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-28] (Advanced Micro Devices, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{8173850A-96AB-4C52-BA2B-42DBAB9C68A8}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-3908874892-2912949432-2940350283-1000 -> DefaultScope {DFF37A6E-82D2-4146-88AE-A35E806BC8B9} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3908874892-2912949432-2940350283-1000 -> {DFF37A6E-82D2-4146-88AE-A35E806BC8B9} URL = hxxps://www.google.com/search?q={searchTerms}
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-03] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-03] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Badbleep\AppData\Roaming\Mozilla\Firefox\Profiles\0bwm6wo3.default
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2015-02-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-03] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-17]
CHR Extension: (Google Docs) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-17]
CHR Extension: (Google Drive) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-01]
CHR Extension: (YouTube) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-01]
CHR Extension: (Google Search) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Google Sheets) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-17]
CHR Extension: (Google Docs Offline) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-01]
CHR Extension: (Gmail) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-17]
CHR Profile: C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-09]
CHR Extension: (Google Docs) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-09]
CHR Extension: (Google Drive) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-09]
CHR Extension: (YouTube) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-09]
CHR Extension: (Google Search) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-09]
CHR Extension: (Google Sheets) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-09]
CHR Extension: (Google Docs Offline) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-09]
CHR Extension: (Gmail) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-09]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-28] (Advanced Micro Devices, Inc.) [File not signed]
S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-09-17] ()
S2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
S2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2013-09-17] (ASUSTeK Computer Inc.)
S2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-16] (ASUSTeK Computer Inc.)
S2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.19\AsusFanControlService.exe [408960 2012-10-14] (ASUSTeK Computer Inc.)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7184440 2015-12-09] (GOG.com)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2013-01-28] (ASUSTek Computer Inc.)
R3 Alpham1; C:\Windows\System32\DRIVERS\Alpham164.sys [52992 2007-07-23] (Ideazon Corporation)
R3 Alpham2; C:\Windows\System32\DRIVERS\Alpham264.sys [21760 2007-03-20] (Ideazon Corporation)
S2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
S1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2013-01-14] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2015-02-05] (MCCI Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-01-07] ()
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
U3 PROCMON23; C:\Windows\System32\Drivers\PROCMON23.SYS [84792 2016-01-09] (Sysinternals - www.sysinternals.com)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2015-02-05] (Duplex Secure Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-10 06:59 - 2016-01-10 06:59 - 00011755 _____ C:\Users\Badbleep\Desktop\FRST.txt
2016-01-10 06:55 - 2016-01-10 06:55 - 00060709 _____ C:\Users\Badbleep\Desktop\MTB.txt
2016-01-10 06:53 - 2016-01-10 06:53 - 00004458 _____ C:\Users\Badbleep\Desktop\Rkill.txt
2016-01-10 06:51 - 2016-01-10 06:51 - 00000000 ____D C:\Windows\pss
2016-01-10 06:32 - 2016-01-10 06:32 - 314031720 _____ (AMD Inc.) C:\Users\Badbleep\Downloads\radeon-crimson-15.12-with-dotnet45-win7-64bit.exe
2016-01-10 06:27 - 2016-01-10 06:52 - 1111298460 _____ C:\Windows\Procmon.pmb
2016-01-09 21:43 - 2016-01-09 21:43 - 00084792 ____H (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCMON23.SYS
2016-01-09 21:33 - 2016-01-09 21:33 - 00000124 _____ C:\Users\Badbleep\Documents\ax_files.xml
2016-01-09 20:54 - 2016-01-09 20:59 - 00000000 ____D C:\AdwCleaner
2016-01-09 20:50 - 2016-01-09 20:50 - 00000000 ____D C:\Users\Badbleep\Downloads\Autoruns
2016-01-09 11:55 - 2016-01-09 11:55 - 00967601 _____ C:\Users\Badbleep\Downloads\ProcessMonitor.zip
2016-01-09 11:55 - 2016-01-09 11:55 - 00000000 ____D C:\Users\Badbleep\Downloads\ProcessMonitor
2016-01-09 11:55 - 2015-05-26 09:38 - 02046608 ____N (Sysinternals - www.sysinternals.com) C:\Users\Badbleep\Desktop\Procmon.exe
2016-01-09 05:56 - 2016-01-09 05:56 - 00007609 _____ C:\Users\Badbleep\AppData\Local\Resmon.ResmonCfg
2016-01-09 05:03 - 2016-01-09 03:12 - 00891392 _____ (Farbar) C:\Users\Badbleep\Desktop\MiniToolBox.exe
2016-01-09 04:35 - 2016-01-09 04:33 - 02370560 _____ (Farbar) C:\Users\Badbleep\Desktop\FRST64.exe
2016-01-09 04:33 - 2016-01-10 06:59 - 00000000 ____D C:\FRST
2016-01-09 04:33 - 2016-01-09 04:33 - 02370560 _____ (Farbar) C:\Users\Badbleep\Downloads\FRST64.exe
2016-01-09 04:32 - 2016-01-09 03:49 - 01749504 _____ C:\Users\Badbleep\Desktop\adwcleaner_5.028.exe
2016-01-09 03:49 - 2016-01-09 03:49 - 01749504 _____ C:\Users\Badbleep\Downloads\adwcleaner_5.028.exe
2016-01-09 03:12 - 2016-01-09 03:12 - 00891392 _____ (Farbar) C:\Users\Badbleep\Downloads\MiniToolBox.exe
2016-01-08 09:34 - 2016-01-08 09:34 - 00606532 _____ C:\Users\Badbleep\Downloads\Autoruns.zip
2016-01-08 09:34 - 2016-01-08 09:34 - 00000000 ____D C:\Users\Badbleep\Desktop\Autoruns
2016-01-08 09:32 - 2016-01-08 09:32 - 00000000 ____D C:\Users\Badbleep\Desktop\ProcessExplorer
2016-01-08 09:31 - 2016-01-08 09:31 - 01250844 _____ C:\Users\Badbleep\Downloads\ProcessExplorer.zip
2016-01-08 09:28 - 2016-01-08 09:28 - 00380416 _____ C:\Users\Badbleep\Desktop\5mt5trjz.exe
2016-01-07 10:28 - 2016-01-10 06:48 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-01-07 10:28 - 2016-01-07 10:28 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Badbleep\Desktop\rkill.exe
2016-01-07 10:25 - 2016-01-10 06:48 - 00000000 ____D C:\Users\Badbleep\Desktop\mbar
2016-01-07 09:57 - 2016-01-07 09:57 - 00000000 _____ C:\autoexec.bat
2016-01-07 09:56 - 2016-01-07 09:56 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2015-12-16 11:16 - 2015-12-16 11:16 - 00001393 _____ C:\Users\Badbleep\Desktop\iexplore.exe - Shortcut.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-10 06:57 - 2009-07-13 21:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-10 06:57 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-01-10 06:51 - 2009-07-13 19:20 - 00000000 ____D C:\Windows
2016-01-10 06:38 - 2015-08-22 06:57 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-10 06:37 - 2015-08-22 06:57 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-10 06:36 - 2009-07-13 20:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-10 06:36 - 2009-07-13 20:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-10 06:34 - 2015-02-03 13:34 - 00000000 _____ C:\Windows\Path.idx
2016-01-10 06:28 - 2015-02-06 08:00 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-10 06:28 - 2015-02-03 16:25 - 01048576 _____ C:\Windows\PE_Rom.dll
2016-01-10 06:27 - 2015-03-20 10:25 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-10 06:27 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-09 21:31 - 2015-10-31 17:11 - 00000000 ____D C:\ALLDATAW
2016-01-09 21:31 - 2015-02-03 16:10 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-09 21:12 - 2015-03-20 10:25 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-09 18:35 - 2015-07-21 20:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2016-01-09 18:35 - 2009-07-13 21:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-01-09 18:05 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF
2016-01-09 18:03 - 2015-03-20 10:25 - 00000000 ____D C:\Program Files\Google
2016-01-09 18:03 - 2015-03-20 10:25 - 00000000 ____D C:\Program Files (x86)\Google
2016-01-09 17:30 - 2015-04-13 14:46 - 00001866 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Software Updates.lnk
2016-01-09 17:12 - 2015-03-20 10:25 - 00000000 ____D C:\Users\Badbleep\AppData\Local\Google
2016-01-09 09:18 - 2015-02-27 13:51 - 00002518 _____ C:\Windows\MB.idx
2016-01-07 14:20 - 2015-02-07 13:28 - 00000000 ____D C:\Users\Badbleep\AppData\Local\QuickPar
2016-01-07 10:51 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\schemas
2016-01-07 10:37 - 2015-03-09 12:41 - 00000000 ____D C:\Windows\Minidump
2016-01-07 09:09 - 2015-07-21 20:54 - 00000000 ____D C:\Program Files (x86)\GalaxyClient
2016-01-07 08:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\ModemLogs
2016-01-02 15:41 - 2015-11-04 13:06 - 00000000 ____D C:\Users\Badbleep\AppData\Roaming\vlc
2016-01-02 11:56 - 2015-06-26 19:39 - 00000000 ____D C:\Program Files (x86)\Raptr
2016-01-02 11:28 - 2015-02-06 08:00 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-02 11:28 - 2015-02-06 08:00 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-02 11:28 - 2015-02-06 08:00 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-27 15:36 - 2015-11-25 18:08 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-12-27 12:24 - 2015-02-06 08:00 - 00000000 ____D C:\Users\Badbleep\AppData\Local\Adobe
2015-12-17 13:00 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Performance
2015-12-16 19:53 - 2015-06-16 13:53 - 00000000 ____D C:\Users\Badbleep\AppData\Roaming\Kodi
2015-12-16 19:32 - 2015-03-27 15:01 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-12-16 19:32 - 2015-03-27 15:01 - 00000000 ___SD C:\Windows\system32\GWX
2015-12-16 14:13 - 2015-03-20 10:25 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk

==================== Files in the root of some directories =======

2016-01-09 05:56 - 2016-01-09 05:56 - 0007609 _____ () C:\Users\Badbleep\AppData\Local\Resmon.ResmonCfg
2015-02-03 16:11 - 2015-02-03 16:11 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-01-09 07:14

==================== End of FRST.txt ============================


# AdwCleaner v5.028 - Logfile created 10/01/2016 at 07:11:15
# Updated 04/01/2016 by Xplode
# Database : 2016-01-04.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Badbleep - BADbleep-PC
# Running from : C:\Users\Badbleep\Desktop\adwcleaner_5.028.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [597 bytes] ##########


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-01-2015
Ran by Badbleep (administrator) on BADbleep-PC (10-01-2016 06:59:32)
Running from C:\Users\Badbleep\Desktop
Loaded Profiles: Badbleep (Available Profiles: Badbleep)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7200984 2015-02-05] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2013-01-28] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUS WiFi GO! FileTransfer Execute] => C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFile\WiFileTransfer.exe [1391416 2013-06-21] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [337432 2014-03-10] (Power Software Ltd)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-28] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-3908874892-2912949432-2940350283-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3908874892-2912949432-2940350283-1000\...\Policies\system: [EnableLUA] 0
HKU\S-1-5-21-3908874892-2912949432-2940350283-1000\...\MountPoints2: D - D:\setup.exe
HKU\S-1-5-21-3908874892-2912949432-2940350283-1000\...\MountPoints2: {218c8955-b2aa-11e4-9a2d-806e6f6e6963} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3908874892-2912949432-2940350283-1000\...\MountPoints2: {7a2a9314-bf6a-11e4-b6f3-ac220b50c290} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\TL-Bootstrap.exe
HKU\S-1-5-21-3908874892-2912949432-2940350283-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-02-03] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [AOD] => C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-28] (Advanced Micro Devices, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{8173850A-96AB-4C52-BA2B-42DBAB9C68A8}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-3908874892-2912949432-2940350283-1000 -> DefaultScope {DFF37A6E-82D2-4146-88AE-A35E806BC8B9} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3908874892-2912949432-2940350283-1000 -> {DFF37A6E-82D2-4146-88AE-A35E806BC8B9} URL = hxxps://www.google.com/search?q={searchTerms}
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-03] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-03] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Badbleep\AppData\Roaming\Mozilla\Firefox\Profiles\0bwm6wo3.default
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2015-02-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-03] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-17]
CHR Extension: (Google Docs) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-17]
CHR Extension: (Google Drive) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-01]
CHR Extension: (YouTube) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-01]
CHR Extension: (Google Search) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Google Sheets) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-17]
CHR Extension: (Google Docs Offline) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-01]
CHR Extension: (Gmail) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-17]
CHR Profile: C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-09]
CHR Extension: (Google Docs) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-09]
CHR Extension: (Google Drive) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-09]
CHR Extension: (YouTube) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-09]
CHR Extension: (Google Search) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-09]
CHR Extension: (Google Sheets) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-09]
CHR Extension: (Google Docs Offline) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-09]
CHR Extension: (Gmail) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-09]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-28] (Advanced Micro Devices, Inc.) [File not signed]
S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-09-17] ()
S2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
S2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2013-09-17] (ASUSTeK Computer Inc.)
S2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-16] (ASUSTeK Computer Inc.)
S2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.19\AsusFanControlService.exe [408960 2012-10-14] (ASUSTeK Computer Inc.)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7184440 2015-12-09] (GOG.com)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2013-01-28] (ASUSTek Computer Inc.)
R3 Alpham1; C:\Windows\System32\DRIVERS\Alpham164.sys [52992 2007-07-23] (Ideazon Corporation)
R3 Alpham2; C:\Windows\System32\DRIVERS\Alpham264.sys [21760 2007-03-20] (Ideazon Corporation)
S2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
S1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2013-01-14] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2015-02-05] (MCCI Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-01-07] ()
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
U3 PROCMON23; C:\Windows\System32\Drivers\PROCMON23.SYS [84792 2016-01-09] (Sysinternals - www.sysinternals.com)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2015-02-05] (Duplex Secure Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-10 06:59 - 2016-01-10 06:59 - 00011755 _____ C:\Users\Badbleep\Desktop\FRST.txt
2016-01-10 06:55 - 2016-01-10 06:55 - 00060709 _____ C:\Users\Badbleep\Desktop\MTB.txt
2016-01-10 06:53 - 2016-01-10 06:53 - 00004458 _____ C:\Users\Badbleep\Desktop\Rkill.txt
2016-01-10 06:51 - 2016-01-10 06:51 - 00000000 ____D C:\Windows\pss
2016-01-10 06:32 - 2016-01-10 06:32 - 314031720 _____ (AMD Inc.) C:\Users\Badbleep\Downloads\radeon-crimson-15.12-with-dotnet45-win7-64bit.exe
2016-01-10 06:27 - 2016-01-10 06:52 - 1111298460 _____ C:\Windows\Procmon.pmb
2016-01-09 21:43 - 2016-01-09 21:43 - 00084792 ____H (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCMON23.SYS
2016-01-09 21:33 - 2016-01-09 21:33 - 00000124 _____ C:\Users\Badbleep\Documents\ax_files.xml
2016-01-09 20:54 - 2016-01-09 20:59 - 00000000 ____D C:\AdwCleaner
2016-01-09 20:50 - 2016-01-09 20:50 - 00000000 ____D C:\Users\Badbleep\Downloads\Autoruns
2016-01-09 11:55 - 2016-01-09 11:55 - 00967601 _____ C:\Users\Badbleep\Downloads\ProcessMonitor.zip
2016-01-09 11:55 - 2016-01-09 11:55 - 00000000 ____D C:\Users\Badbleep\Downloads\ProcessMonitor
2016-01-09 11:55 - 2015-05-26 09:38 - 02046608 ____N (Sysinternals - www.sysinternals.com) C:\Users\Badbleep\Desktop\Procmon.exe
2016-01-09 05:56 - 2016-01-09 05:56 - 00007609 _____ C:\Users\Badbleep\AppData\Local\Resmon.ResmonCfg
2016-01-09 05:03 - 2016-01-09 03:12 - 00891392 _____ (Farbar) C:\Users\Badbleep\Desktop\MiniToolBox.exe
2016-01-09 04:35 - 2016-01-09 04:33 - 02370560 _____ (Farbar) C:\Users\Badbleep\Desktop\FRST64.exe
2016-01-09 04:33 - 2016-01-10 06:59 - 00000000 ____D C:\FRST
2016-01-09 04:33 - 2016-01-09 04:33 - 02370560 _____ (Farbar) C:\Users\Badbleep\Downloads\FRST64.exe
2016-01-09 04:32 - 2016-01-09 03:49 - 01749504 _____ C:\Users\Badbleep\Desktop\adwcleaner_5.028.exe
2016-01-09 03:49 - 2016-01-09 03:49 - 01749504 _____ C:\Users\Badbleep\Downloads\adwcleaner_5.028.exe
2016-01-09 03:12 - 2016-01-09 03:12 - 00891392 _____ (Farbar) C:\Users\Badbleep\Downloads\MiniToolBox.exe
2016-01-08 09:34 - 2016-01-08 09:34 - 00606532 _____ C:\Users\Badbleep\Downloads\Autoruns.zip
2016-01-08 09:34 - 2016-01-08 09:34 - 00000000 ____D C:\Users\Badbleep\Desktop\Autoruns
2016-01-08 09:32 - 2016-01-08 09:32 - 00000000 ____D C:\Users\Badbleep\Desktop\ProcessExplorer
2016-01-08 09:31 - 2016-01-08 09:31 - 01250844 _____ C:\Users\Badbleep\Downloads\ProcessExplorer.zip
2016-01-08 09:28 - 2016-01-08 09:28 - 00380416 _____ C:\Users\Badbleep\Desktop\5mt5trjz.exe
2016-01-07 10:28 - 2016-01-10 06:48 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-01-07 10:28 - 2016-01-07 10:28 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Badbleep\Desktop\rkill.exe
2016-01-07 10:25 - 2016-01-10 06:48 - 00000000 ____D C:\Users\Badbleep\Desktop\mbar
2016-01-07 09:57 - 2016-01-07 09:57 - 00000000 _____ C:\autoexec.bat
2016-01-07 09:56 - 2016-01-07 09:56 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2015-12-16 11:16 - 2015-12-16 11:16 - 00001393 _____ C:\Users\Badbleep\Desktop\iexplore.exe - Shortcut.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-10 06:57 - 2009-07-13 21:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-10 06:57 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-01-10 06:51 - 2009-07-13 19:20 - 00000000 ____D C:\Windows
2016-01-10 06:38 - 2015-08-22 06:57 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-10 06:37 - 2015-08-22 06:57 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-10 06:36 - 2009-07-13 20:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-10 06:36 - 2009-07-13 20:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-10 06:34 - 2015-02-03 13:34 - 00000000 _____ C:\Windows\Path.idx
2016-01-10 06:28 - 2015-02-06 08:00 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-10 06:28 - 2015-02-03 16:25 - 01048576 _____ C:\Windows\PE_Rom.dll
2016-01-10 06:27 - 2015-03-20 10:25 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-10 06:27 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-09 21:31 - 2015-10-31 17:11 - 00000000 ____D C:\ALLDATAW
2016-01-09 21:31 - 2015-02-03 16:10 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-09 21:12 - 2015-03-20 10:25 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-09 18:35 - 2015-07-21 20:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2016-01-09 18:35 - 2009-07-13 21:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-01-09 18:05 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF
2016-01-09 18:03 - 2015-03-20 10:25 - 00000000 ____D C:\Program Files\Google
2016-01-09 18:03 - 2015-03-20 10:25 - 00000000 ____D C:\Program Files (x86)\Google
2016-01-09 17:30 - 2015-04-13 14:46 - 00001866 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Software Updates.lnk
2016-01-09 17:12 - 2015-03-20 10:25 - 00000000 ____D C:\Users\Badbleep\AppData\Local\Google
2016-01-09 09:18 - 2015-02-27 13:51 - 00002518 _____ C:\Windows\MB.idx
2016-01-07 14:20 - 2015-02-07 13:28 - 00000000 ____D C:\Users\Badbleep\AppData\Local\QuickPar
2016-01-07 10:51 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\schemas
2016-01-07 10:37 - 2015-03-09 12:41 - 00000000 ____D C:\Windows\Minidump
2016-01-07 09:09 - 2015-07-21 20:54 - 00000000 ____D C:\Program Files (x86)\GalaxyClient
2016-01-07 08:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\ModemLogs
2016-01-02 15:41 - 2015-11-04 13:06 - 00000000 ____D C:\Users\Badbleep\AppData\Roaming\vlc
2016-01-02 11:56 - 2015-06-26 19:39 - 00000000 ____D C:\Program Files (x86)\Raptr
2016-01-02 11:28 - 2015-02-06 08:00 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-02 11:28 - 2015-02-06 08:00 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-02 11:28 - 2015-02-06 08:00 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-27 15:36 - 2015-11-25 18:08 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-12-27 12:24 - 2015-02-06 08:00 - 00000000 ____D C:\Users\Badbleep\AppData\Local\Adobe
2015-12-17 13:00 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Performance
2015-12-16 19:53 - 2015-06-16 13:53 - 00000000 ____D C:\Users\Badbleep\AppData\Roaming\Kodi
2015-12-16 19:32 - 2015-03-27 15:01 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-12-16 19:32 - 2015-03-27 15:01 - 00000000 ___SD C:\Windows\system32\GWX
2015-12-16 14:13 - 2015-03-20 10:25 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk

==================== Files in the root of some directories =======

2016-01-09 05:56 - 2016-01-09 05:56 - 0007609 _____ () C:\Users\Badbleep\AppData\Local\Resmon.ResmonCfg
2015-02-03 16:11 - 2015-02-03 16:11 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-01-09 07:14

==================== End of FRST.txt ============================




#6 Jo*

Jo*

  • Malware Response Team
  • 3,292 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:33 PM

Posted 10 January 2016 - 12:10 PM

sorry but I don't see where to add reports

copy and paste the content of the logs to your reply like you did it with the MiniToolBox log.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 Mach1awd

Mach1awd
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  

Posted 10 January 2016 - 12:13 PM

MiniToolBox by Farbar  Version: 02-11-2015
Ran by Badbleep (administrator) on 10-01-2016 at 06:55:48
Running from "C:\Users\Badbleep\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: To be filled by O.E.M. Manufacturer: To be filled by O.E.M.
Boot Mode: Minimal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Could not flush the DNS Resolver Cache: Function failed during execution.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
========================= IP Configuration: ================================

 

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Badbleep-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host google.com. Please check the name and try again.
Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.
Unable to contact IP driver. General failure.
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/09/2016 08:59:33 PM) (Source: Application Error) (User: )
Description: Faulting application name: aaHMSvc.exe, version: 0.1.0.18, time stamp: 0x00000000
Faulting module name: KERNELBASE.dll, version: 6.1.7601.19045, time stamp: 0x56258f05
Exception code: 0x0eedfade
Fault offset: 0x0000c42d
Faulting process id: 0xfac
Faulting application start time: 0xaaHMSvc.exe0
Faulting application path: aaHMSvc.exe1
Faulting module path: aaHMSvc.exe2
Report Id: aaHMSvc.exe3

Error: (01/09/2016 07:49:43 PM) (Source: Application Hang) (User: )
Description: The program Procmon64.exe version 3.20.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: fe0

Start Time: 01d14b580a65ac3e

Termination Time: 0

Application Path: C:\Users\Badbleep\AppData\Local\Temp\Procmon64.exe

Report Id: 270af1fc-b74d-11e5-9a81-ac220b50c290

Error: (01/09/2016 06:04:04 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/09/2016 06:04:04 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/09/2016 06:04:04 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/09/2016 06:04:04 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (01/09/2016 06:04:04 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/09/2016 06:04:04 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (01/09/2016 06:04:04 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/09/2016 06:04:04 PM) (Source: Windows Search Service) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

System errors:
=============
Error: (01/10/2016 06:53:07 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/10/2016 06:53:07 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/10/2016 06:53:07 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/10/2016 06:53:07 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/10/2016 06:53:07 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/10/2016 06:53:07 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/10/2016 06:53:06 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/10/2016 06:53:06 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/10/2016 06:53:06 AM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (01/10/2016 06:53:06 AM) (Source: DCOM) (User: )
Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89}

Microsoft Office Sessions:
=========================
Error: (01/09/2016 08:59:33 PM) (Source: Application Error)(User: )
Description: aaHMSvc.exe0.1.0.1800000000KERNELBASE.dll6.1.7601.1904556258f050eedfade0000c42dfac01d14b639efce565C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exeC:\Windows\syswow64\KERNELBASE.dllefa62a30-b756-11e5-9a81-ac220b50c290

Error: (01/09/2016 07:49:43 PM) (Source: Application Hang)(User: )
Description: Procmon64.exe3.20.0.0fe001d14b580a65ac3e0C:\Users\Badbleep\AppData\Local\Temp\Procmon64.exe270af1fc-b74d-11e5-9a81-ac220b50c290

Error: (01/09/2016 06:04:04 PM) (Source: Windows Search Service)(User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/09/2016 06:04:04 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/09/2016 06:04:04 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/09/2016 06:04:04 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (01/09/2016 06:04:04 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (01/09/2016 06:04:04 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (01/09/2016 06:04:04 PM) (Source: Windows Search Service)(User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (01/09/2016 06:04:04 PM) (Source: Windows Search Service)(User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
4700

=========================== Installed Programs ============================

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.04.01 - ASUSTeK Computer Inc.)
AMD Catalyst Install Manager (HKLM\...\{F37078EA-4B6A-1D6F-6FED-3EDF2117B42C}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 2.0.8.0000 - Asmedia Technology)
ASUS Boot Setting (HKLM-x32\...\{7AAE9187-C24F-4073-A951-36C370E7A3A5}) (Version: 1.00.17 - ASUSTeK Computer Inc.)
Asus Drivers Download Utility 3.6.1 (HKLM\...\{3E7C8168-166F-33BC-D659-3B4CFF633E35}_is1) (Version: 3.6.1 - LionSea Software)
ASUS GPU Tweak (HKLM-x32\...\{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.7.9.0 - ASUSTek COMPUTER INC.) Hidden
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.7.9.0 - ASUSTek COMPUTER INC.)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
CPUID ASUS CPU-Z 1.65 (HKLM\...\CPUID ASUS CPU-Z_is1) (Version: 1.65 - CPUID, Inc.)
Crysis 3 (HKLM-x32\...\Q3J5c2lzMw==_is1) (Version: 1 - )
DVDFab 9.1.1.9 (18/12/2013) (HKLM-x32\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
Exact Audio Copy 1.0beta4 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta4 - Andre Wiethoff)
FNC 11 Installer (HKLM-x32\...\{0FE07808-87DF-45A7-AEF8-97F3A60F4E00}) (Version: 11.06.0000 - Acresso Software) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.29.1 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.7 - Google Inc.) Hidden
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Kodi (HKCU\...\Kodi) (Version:  - XBMC-Foundation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2 - Mozilla)
NewsLeecher v5.0 Beta 3 (HKLM-x32\...\NewsLeecher_is1) (Version:  - )
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.9 - Power Software Ltd)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7058 - Realtek Semiconductor Corp.)
Samsung Kies3 (HKLM-x32\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Wolfenstein: The New Order (HKLM-x32\...\V29sZmVuc3RlaW5UaGVOZXdPcmRlcg==_is1) (Version: 1 - )

========================= Devices: ================================

Name: USB Input Device
Description: USB Input Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: HidUsb
Device ID: USB\VID_046D&PID_C537&MI_00\6&4AE3A44&0&0000

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB\4&67395F2&0

Name: TCP/IP Registry Compatibility
Description: TCP/IP Registry Compatibility
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: tcpipreg
Device ID: ROOT\LEGACY_TCPIPREG\0000

Name: WAN Miniport (SSTP)
Description: WAN Miniport (SSTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasSstp
Device ID: ROOT\MS_SSTPMINIPORT\0000

Name: PEAUTH
Description: PEAUTH
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: PEAUTH
Device ID: ROOT\LEGACY_PEAUTH\0000

Name: LDDM Graphics Subsystem
Description: LDDM Graphics Subsystem
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: DXGKrnl
Device ID: ROOT\LEGACY_DXGKRNL\0000

Name: ATI I/O Communications Processor PCI Bus Controller
Description: ATI I/O Communications Processor PCI Bus Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: ATI
Service: pci
Device ID: PCI\VEN_1002&DEV_4384&SUBSYS_00000000&REV_40\3&267A616A&0&A4

Name: Standard OpenHCD USB Host Controller
Description: Standard OpenHCD USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbohci
Device ID: PCI\VEN_1002&DEV_4397&SUBSYS_43971002&REV_00\3&267A616A&0&B0

Name: AMD FX™-8350 Eight-Core Processor          
Description: AMD Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Advanced Micro Devices
Service: AmdPPM
Device ID: ACPI\AUTHENTICAMD_-_AMD64_FAMILY_21_MODEL_2_-_AMD_FX™-8350_EIGHT-CORE_PROCESSOR___________\_5

Name: Ideazon Merc Stealth MM USB Human Interface Device
Description: Ideazon Merc Stealth MM USB Human Interface Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Ideazon USB Human Interface Device
Service: HidUsb
Device ID: USB\VID_1038&PID_0510&MI_01\7&28F085AC&0&0001

Name: PCI standard PCI-to-PCI bridge
Description: PCI standard PCI-to-PCI bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci
Device ID: PCI\VEN_1002&DEV_5A16&SUBSYS_5A141002&REV_00\3&267A616A&0&10

Name: High Definition Audio Controller
Description: High Definition Audio Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus
Device ID: PCI\VEN_1002&DEV_AAB0&SUBSYS_AAB01043&REV_00\4&14E8F4CB&0&0110

Name: Direct memory access controller
Description: Direct memory access controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0200\4&1B5A7E87&0

Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Device ID: ROOT\*ISATAP\0000

Name: HID-compliant consumer control device
Description: HID-compliant consumer control device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Microsoft
Service:
Device ID: HID\VID_1038&PID_0510&MI_01&COL01\8&12A601A1&0&0000

Name: Windows Firewall Authorization Driver
Description: Windows Firewall Authorization Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mpsdrv
Device ID: ROOT\LEGACY_MPSDRV\0000

Name: Asmedia 106x SATA Controller
Description: Asmedia 106x SATA Controller
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: Asmedia Technology
Service: asahci64
Device ID: PCI\VEN_1B21&DEV_0612&SUBSYS_84B71043&REV_01\4&2799F330&0&0020

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB\4&CA1A60D&0

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
Device ID: STORAGE\VOLUME\{E8E114C1-AC00-11E4-BBB8-806E6F6E6963}#000000000E500000

Name: NetIO Legacy TDI Support Driver
Description: NetIO Legacy TDI Support Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: tdx
Device ID: ROOT\LEGACY_TDX\0000

Name: Terminal Server Keyboard Driver
Description: Terminal Server Keyboard Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: TermDD
Device ID: ROOT\RDP_KBD\0000

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Device ID: ROOT\*TEREDO\0000

Name: USB Input Device
Description: USB Input Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: HidUsb
Device ID: USB\VID_046D&PID_C537&MI_01\6&4AE3A44&0&0001

Name: Communications Port (COM1)
Description: Communications Port
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard port types)
Service: Serial
Device ID: ACPI\PNP0501\1

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB20\4&318406F3&0

Name: Terminal Server Mouse Driver
Description: Terminal Server Mouse Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: TermDD
Device ID: ROOT\RDP_MOU\0000

Name: ACPI x64-based PC
Description: ACPI x64-based PC
Class Guid: {4d36e966-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard computers)
Service: \Driver\ACPI_HAL
Device ID: ROOT\ACPI_HAL\0000

Name: HID-compliant mouse
Description: HID-compliant mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: mouhid
Device ID: HID\VID_046D&PID_C537&MI_00\7&22EB83C0&0&0000

Name: System speaker
Description: System speaker
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0800\4&1B5A7E87&0

Name: Plug and Play Software Device Enumerator
Description: Plug and Play Software Device Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: swenum
Device ID: ROOT\SYSTEM\0000

Name: AMD SMBus
Description: AMD SMBus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices, Inc
Service:
Device ID: PCI\VEN_1002&DEV_4385&SUBSYS_43851002&REV_42\3&267A616A&0&A0

Name: VgaSave
Description: VgaSave
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: VgaSave
Device ID: ROOT\LEGACY_VGASAVE\0000

Name: Standard OpenHCD USB Host Controller
Description: Standard OpenHCD USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbohci
Device ID: PCI\VEN_1002&DEV_4399&SUBSYS_43991002&REV_00\3&267A616A&0&A5

Name: PCI standard PCI-to-PCI bridge
Description: PCI standard PCI-to-PCI bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci
Device ID: PCI\VEN_1002&DEV_5A18&SUBSYS_5A141002&REV_00\3&267A616A&0&20

Name: File as Volume Driver
Description: File as Volume Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: blbdrive
Device ID: ROOT\BLBDRIVE\0000

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB20\4&37566865&0

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: PCI\VEN_1022&DEV_1600&SUBSYS_00000000&REV_00\3&267A616A&0&C0

Name: PROCMON23
Description: PROCMON23
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: PROCMON23
Device ID: ROOT\LEGACY_PROCMON23\0000

Name: Asmedia 106x SATA Controller
Description: Asmedia 106x SATA Controller
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: Asmedia Technology
Service: asahci64
Device ID: PCI\VEN_1B21&DEV_0612&SUBSYS_84B71043&REV_01\4&312AFB2E&0&0028

Name: PCI bus
Description: PCI bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci
Device ID: ACPI\PNP0A03\0

Name: UMBus Root Bus Enumerator
Description: UMBus Root Bus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: umbus
Device ID: ROOT\UMBUS\0000

Name: Dynamic Volume Manager
Description: Dynamic Volume Manager
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: volmgrx
Device ID: ROOT\LEGACY_VOLMGRX\0000

Name: Composite Bus Enumerator
Description: Composite Bus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: CompositeBus
Device ID: ROOT\COMPOSITEBUS\0000

Name: HID Keyboard Device
Description: HID Keyboard Device
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: kbdhid
Device ID: HID\VID_046D&PID_C537&MI_01&COL01\7&361B9FFE&0&0000

Name: Microsoft Virtual Drive Enumerator Driver
Description: Microsoft Virtual Drive Enumerator Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: vdrvroot
Device ID: ROOT\VDRVROOT\0000

Name: AMD FX™-8350 Eight-Core Processor          
Description: AMD Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Advanced Micro Devices
Service: AmdPPM
Device ID: ACPI\AUTHENTICAMD_-_AMD64_FAMILY_21_MODEL_2_-_AMD_FX™-8350_EIGHT-CORE_PROCESSOR___________\_6

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB20\4&3892A9E2&0

Name: QoS Packet Scheduler
Description: QoS Packet Scheduler
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Psched
Device ID: ROOT\LEGACY_PSCHED\0000

Name: AMD FX™-8350 Eight-Core Processor          
Description: AMD Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Advanced Micro Devices
Service: AmdPPM
Device ID: ACPI\AUTHENTICAMD_-_AMD64_FAMILY_21_MODEL_2_-_AMD_FX™-8350_EIGHT-CORE_PROCESSOR___________\_1

Name: HID-compliant device
Description: HID-compliant device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service:
Device ID: HID\VID_1038&PID_0510&MI_01&COL02\8&12A601A1&0&0001

Name: Ancillary Function Driver for Winsock
Description: Ancillary Function Driver for Winsock
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AFD
Device ID: ROOT\LEGACY_AFD\0000

Name: Storage volumes
Description: Storage volumes
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: volsnap
Device ID: ROOT\LEGACY_VOLSNAP\0000

Name: msahci
Description: msahci
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: msahci
Device ID: ROOT\LEGACY_MSAHCI\0000

Name: Volume Manager
Description: Volume Manager
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: volmgr
Device ID: ROOT\VOLMGR\0000

Name: AMD SATA Controller
Description: AMD SATA Controller
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: AMD
Service: amd_sata
Device ID: PCI\VEN_1002&DEV_4391&SUBSYS_84DD1043&REV_40\3&267A616A&0&88

Name: System CMOS/real time clock
Description: System CMOS/real time clock
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0B00\4&1B5A7E87&0

Name: PCI standard ISA bridge
Description: PCI standard ISA bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: msisadrv
Device ID: PCI\VEN_1002&DEV_439D&SUBSYS_439D1002&REV_40\3&267A616A&0&A3

Name: PCI standard PCI-to-PCI bridge
Description: PCI standard PCI-to-PCI bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci
Device ID: PCI\VEN_1002&DEV_5A19&SUBSYS_5A141002&REV_00\3&267A616A&0&28

Name: Generic USB Hub
Description: Generic USB Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Generic USB Hub)
Service: usbhub
Device ID: USB\VID_0409&PID_005A\5&34472DFD&0&2

Name: QWAVE driver
Description: QWAVE driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: QWAVEdrv
Device ID: ROOT\LEGACY_QWAVEDRV\0000

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: PCI\VEN_1022&DEV_1601&SUBSYS_00000000&REV_00\3&267A616A&0&C1

Name: aksdf
Description: aksdf
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aksdf
Device ID: ROOT\LEGACY_AKSDF\0000

Name: ASMedia XHCI Controller
Description: ASMedia XHCI Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: ASMedia Technology Inc
Service: asmtxhci
Device ID: PCI\VEN_1B21&DEV_1042&SUBSYS_84881043&REV_00\4&1741AB47&0&0048

Name: Remote Access IPv6 ARP Driver
Description: Remote Access IPv6 ARP Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Wanarpv6
Device ID: ROOT\LEGACY_WANARPV6\0000

Name: HID-compliant consumer control device
Description: HID-compliant consumer control device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Microsoft
Service:
Device ID: HID\VID_046D&PID_C537&MI_01&COL02\7&361B9FFE&0&0001

Name: System board
Description: System board
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C01\1

Name: aksfridge
Description: aksfridge
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aksfridge
Device ID: ROOT\LEGACY_AKSFRIDGE\0000

Name: msisadrv
Description: msisadrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: msisadrv
Device ID: ROOT\LEGACY_MSISADRV\0000

Name: System board
Description: System board
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C01\C8

Name: Kernel Mode Driver Frameworks service
Description: Kernel Mode Driver Frameworks service
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Wdf01000
Device ID: ROOT\LEGACY_WDF01000\0000

Name: RDPCDD
Description: RDPCDD
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RDPCDD
Device ID: ROOT\LEGACY_RDPCDD\0000

Name: Standard Enhanced PCI to USB Host Controller
Description: Standard Enhanced PCI to USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbehci
Device ID: PCI\VEN_1002&DEV_4396&SUBSYS_43961002&REV_00\3&267A616A&0&92

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C02\10

Name: PCI standard PCI-to-PCI bridge
Description: PCI standard PCI-to-PCI bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci
Device ID: PCI\VEN_1002&DEV_43A0&SUBSYS_00001002&REV_00\3&267A616A&0&A8

Name: Bitlocker Drive Encryption Filter Driver
Description: Bitlocker Drive Encryption Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: fvevol
Device ID: ROOT\LEGACY_FVEVOL\0000

Name: PCI standard PCI-to-PCI bridge
Description: PCI standard PCI-to-PCI bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci
Device ID: PCI\VEN_1002&DEV_5A1C&SUBSYS_5A141002&REV_00\3&267A616A&0&48

Name: amdkmdag
Description: amdkmdag
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: amdkmdag
Device ID: ROOT\LEGACY_AMDKMDAG\0000

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: PCI\VEN_1022&DEV_1602&SUBSYS_00000000&REV_00\3&267A616A&0&C2

Name: AMD FX™-8350 Eight-Core Processor          
Description: AMD Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Advanced Micro Devices
Service: AmdPPM
Device ID: ACPI\AUTHENTICAMD_-_AMD64_FAMILY_21_MODEL_2_-_AMD_FX™-8350_EIGHT-CORE_PROCESSOR___________\_7

Name: WFP Lightweight Filter
Description: WFP Lightweight Filter
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: WfpLwf
Device ID: ROOT\LEGACY_WFPLWF\0000

Name: HID-compliant device
Description: HID-compliant device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service:
Device ID: HID\VID_046D&PID_C537&MI_01&COL03\7&361B9FFE&0&0002

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C02\14

Name: ASMedia XHCI Controller
Description: ASMedia XHCI Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: ASMedia Technology Inc
Service: asmtxhci
Device ID: PCI\VEN_1B21&DEV_1042&SUBSYS_84881043&REV_00\4&1F27578A&0&00AA

Name: AMD FX™-8350 Eight-Core Processor          
Description: AMD Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Advanced Micro Devices
Service: AmdPPM
Device ID: ACPI\AUTHENTICAMD_-_AMD64_FAMILY_21_MODEL_2_-_AMD_FX™-8350_EIGHT-CORE_PROCESSOR___________\_2

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: asmthub3
Device ID: USB\VID_040E&PID_0100&ASMEDIAUSBD_HUB\5&18B5FF43&0&0

Name: RDP Encoder Mirror Driver
Description: RDP Encoder Mirror Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RDPENCDD
Device ID: ROOT\LEGACY_RDPENCDD\0000

Name: hardlock
Description: hardlock
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: hardlock
Device ID: ROOT\LEGACY_HARDLOCK\0000

Name: NDIS System Driver
Description: NDIS System Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NDIS
Device ID: ROOT\LEGACY_NDIS\0000

Name: AODDriver4.3
Description: AODDriver4.3
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AODDriver4.3
Device ID: ROOT\LEGACY_AODDRIVER4.3\0000

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C02\15

Name: Reflector Display Driver used to gain access to graphics data
Description: Reflector Display Driver used to gain access to graphics data
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RDPREFMP
Device ID: ROOT\LEGACY_RDPREFMP\0000

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C02\2E

Name: WinpkFilter LightWeight Filter
Description: WinpkFilter LightWeight Filter
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ndisrd
Device ID: ROOT\LEGACY_NDISRD\0000

Name: HTTP
Description: HTTP
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: HTTP
Device ID: ROOT\LEGACY_HTTP\0000

Name: Standard Enhanced PCI to USB Host Controller
Description: Standard Enhanced PCI to USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbehci
Device ID: PCI\VEN_1002&DEV_4396&SUBSYS_43961002&REV_00\3&267A616A&0&9A

Name: PCI standard PCI-to-PCI bridge
Description: PCI standard PCI-to-PCI bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci
Device ID: PCI\VEN_1002&DEV_43A1&SUBSYS_00001002&REV_00\3&267A616A&0&A9

Name: User Mode Driver Frameworks Platform Driver
Description: User Mode Driver Frameworks Platform Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: WudfPf
Device ID: ROOT\LEGACY_WUDFPF\0000

Name: AsIO
Description: AsIO
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AsIO
Device ID: ROOT\LEGACY_ASIO\0000

Name: PCI standard PCI-to-PCI bridge
Description: PCI standard PCI-to-PCI bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci
Device ID: PCI\VEN_1002&DEV_5A1D&SUBSYS_5A141002&REV_00\3&267A616A&0&50

Name: HID-compliant device
Description: HID-compliant device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service:
Device ID: HID\VID_046D&PID_C537&MI_01&COL04\7&361B9FFE&0&0003

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C02\700

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: PCI\VEN_1022&DEV_1603&SUBSYS_00000000&REV_00\3&267A616A&0&C3

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: asmthub3
Device ID: USB\VID_040E&PID_0100&ASMEDIAUSBD_HUB\5&1BBD1AF2&0&0

Name: Link-Layer Topology Discovery Responder
Description: Link-Layer Topology Discovery Responder
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: rspndr
Device ID: ROOT\LEGACY_RSPNDR\0000

Name: NDProxy
Description: NDProxy
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NDProxy
Device ID: ROOT\LEGACY_NDPROXY\0000

Name: Hardware Policy Driver
Description: Hardware Policy Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: hwpolicy
Device ID: ROOT\LEGACY_HWPOLICY\0000

Name: ASMedia XHCI Controller
Description: ASMedia XHCI Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: ASMedia Technology Inc
Service: asmtxhci
Device ID: PCI\VEN_1B21&DEV_1042&SUBSYS_84881043&REV_00\4&9B80F17&0&00AB

Name: AsUpIO
Description: AsUpIO
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AsUpIO
Device ID: ROOT\LEGACY_ASUPIO\0000

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C02\99

Name: Microsoft System Management BIOS Driver
Description: Microsoft System Management BIOS Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: mssmbios
Device ID: ROOT\MSSMBIOS\0000

Name: OCZ-VERTEX4 ATA Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Device ID: IDE\DISKOCZ-VERTEX4_____________________________1.5_____\6&2121FB36&0&0.0.0

Name: SCDEmu
Description: SCDEmu
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SCDEmu
Device ID: ROOT\LEGACY_SCDEMU\0000

Name: IOMap
Description: IOMap
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: IOMap
Device ID: ROOT\LEGACY_IOMAP\0000

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C02\E11

Name: AMD FX™-8350 Eight-Core Processor          
Description: AMD Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Advanced Micro Devices
Service: AmdPPM
Device ID: ACPI\AUTHENTICAMD_-_AMD64_FAMILY_21_MODEL_2_-_AMD_FX™-8350_EIGHT-CORE_PROCESSOR___________\_8

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
Device ID: STORAGE\VOLUME\{D7B01D37-AD62-11E4-8E2A-AC220B50C290}#0000000000100000

Name: WAN Miniport (IKEv2)
Description: WAN Miniport (IKEv2)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasAgileVpn
Device ID: ROOT\MS_AGILEVPNMINIPORT\0000

Name: IDE Channel
Description: IDE Channel
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: atapi
Device ID: ROOT\LEGACY_ATAPI\0000

Name: AMD FX™-8350 Eight-Core Processor          
Description: AMD Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Advanced Micro Devices
Service: AmdPPM
Device ID: ACPI\AUTHENTICAMD_-_AMD64_FAMILY_21_MODEL_2_-_AMD_FX™-8350_EIGHT-CORE_PROCESSOR___________\_3

Name: HID-compliant device
Description: HID-compliant device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service:
Device ID: HID\VID_046D&PID_C537&MI_01&COL05\7&361B9FFE&0&0004

Name: AMD High Definition Audio Device
Description: AMD High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices
Service: AtiHDAudioService
Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1003\5&20D90D91&0&0001

Name: Standard Enhanced PCI to USB Host Controller
Description: Standard Enhanced PCI to USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbehci
Device ID: PCI\VEN_1002&DEV_4396&SUBSYS_43961002&REV_00\3&267A616A&0&B2

Name: PCI standard PCI-to-PCI bridge
Description: PCI standard PCI-to-PCI bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci
Device ID: PCI\VEN_1002&DEV_43A2&SUBSYS_00001002&REV_00\3&267A616A&0&AA

Name: Numeric data processor
Description: Numeric data processor
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C04\4&1B5A7E87&0

Name: Security Driver
Description: Security Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: secdrv
Device ID: ROOT\LEGACY_SECDRV\0000

Name: PCI standard PCI-to-PCI bridge
Description: PCI standard PCI-to-PCI bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci
Device ID: PCI\VEN_1002&DEV_5A1E&SUBSYS_5A141002&REV_00\3&267A616A&0&68

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: asmthub3
Device ID: USB\VID_040E&PID_0100&ASMEDIAUSBD_HUB\5&BB9E5C8&0&0

Name: KSecDD
Description: KSecDD
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: KSecDD
Device ID: ROOT\LEGACY_KSECDD\0000

Name: NETBT
Description: NETBT
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NetBT
Device ID: ROOT\LEGACY_NETBT\0000

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: PCI\VEN_1022&DEV_1604&SUBSYS_00000000&REV_00\3&267A616A&0&C4

Name: Beep
Description: Beep
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Beep
Device ID: ROOT\LEGACY_BEEP\0000

Name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: Rasl2tp
Device ID: ROOT\MS_L2TPMINIPORT\0000

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Device ID: ROOT\LEGACY_SPLDR\0000
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft ACPI-Compliant Embedded Controller
Description: Microsoft ACPI-Compliant Embedded Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C09\4&1B5A7E87&0

Name: KSecPkg
Description: KSecPkg
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: KSecPkg
Device ID: ROOT\LEGACY_KSECPKG\0000

Name: Microsoft Network Inspection System
Description: Microsoft Network Inspection System
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NisDrv
Device ID: ROOT\LEGACY_NISDRV\0000

Name: WAN Miniport (Network Monitor)
Description: WAN Miniport (Network Monitor)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Device ID: ROOT\MS_NDISWANBH\0000

Name: WDC WD2002FAEX-00MJRA0 ATA Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Device ID: IDE\DISKWDC_WD2002FAEX-00MJRA0__________________01.01L01\6&33DBABDB&0&1.0.0

Name: HID-compliant device
Description: HID-compliant device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service:
Device ID: HID\VID_046D&PID_C537&MI_01&COL06\7&361B9FFE&0&0005

Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR
Device ID: USB\VID_152E&PID_2507\P01070215003712

Name: sptd
Description: sptd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: sptd
Device ID: ROOT\LEGACY_SPTD\0000

Name: ATA Channel 0
Description: IDE Channel
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi
Device ID: PCIIDE\IDECHANNEL\5&1181CD07&0&0

Name: ACPI Power Button
Description: ACPI Power Button
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C0C\AA

Name: USB Composite Device
Description: USB Composite Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbccgp
Device ID: USB\VID_1038&PID_0510\6&4A1241D&0&3

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
Device ID: STORAGE\VOLUME\{E8E114C1-AC00-11E4-BBB8-806E6F6E6963}#0000000000100000

Name: Link-Layer Topology Discovery Mapper I/O Driver
Description: Link-Layer Topology Discovery Mapper I/O Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: lltdio
Device ID: ROOT\LEGACY_LLTDIO\0000

Name: Standard OpenHCD USB Host Controller
Description: Standard OpenHCD USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbohci
Device ID: PCI\VEN_1002&DEV_4397&SUBSYS_43971002&REV_00\3&267A616A&0&90

Name: PCI standard PCI-to-PCI bridge
Description: PCI standard PCI-to-PCI bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci
Device ID: PCI\VEN_1002&DEV_43A3&SUBSYS_00001002&REV_00\3&267A616A&0&AB

Name: PCI standard PCI-to-PCI bridge
Description: PCI standard PCI-to-PCI bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci
Device ID: PCI\VEN_1002&DEV_5A1F&SUBSYS_5A141002&REV_00\3&267A616A&0&58

Name: WAN Miniport (IP)
Description: WAN Miniport (IP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Device ID: ROOT\MS_NDISWANIP\0000

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: PCI\VEN_1022&DEV_1605&SUBSYS_00000000&REV_00\3&267A616A&0&C5

Name: Microsoft Windows Management Interface for ACPI
Description: Microsoft Windows Management Interface for ACPI
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: WmiAcpi
Device ID: ACPI\PNP0C14\ASUSWMI

Name: Realtek High Definition Audio
Description: Realtek High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: IntcAzAudAddService
Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0892&SUBSYS_10438436&REV_1003\4&1DC8007C&0&0001

Name: ACPI Fixed Feature Button
Description: ACPI Fixed Feature Button
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\FIXEDBUTTON\2&DABA3FF&1

Name: NSI proxy service driver.
Description: NSI proxy service driver.
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: nsiproxy
Device ID: ROOT\LEGACY_NSIPROXY\0000

Name: Common Log (CLFS)
Description: Common Log (CLFS)
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: CLFS
Device ID: ROOT\LEGACY_CLFS\0000

Name: ATA Channel 1
Description: IDE Channel
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi
Device ID: PCIIDE\IDECHANNEL\5&1181CD07&0&1

Name: AMD FX™-8350 Eight-Core Processor          
Description: AMD Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Advanced Micro Devices
Service: AmdPPM
Device ID: ACPI\AUTHENTICAMD_-_AMD64_FAMILY_21_MODEL_2_-_AMD_FX™-8350_EIGHT-CORE_PROCESSOR___________\_4

Name: Ideazon Merc Stealth USB Human Interface Device
Description: Ideazon Merc Stealth USB Human Interface Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Ideazon USB Human Interface Device
Service: HidUsb
Device ID: USB\VID_1038&PID_0510&MI_00\7&28F085AC&0&0000

Name: USB Input Device
Description: USB Input Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: HidUsb
Device ID: USB\VID_046D&PID_C069\6&4A1241D&0&1

Name: WAN Miniport (IPv6)
Description: WAN Miniport (IPv6)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Device ID: ROOT\MS_NDISWANIPV6\0000

Name: Microsoft Windows Management Interface for ACPI
Description: Microsoft Windows Management Interface for ACPI
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: WmiAcpi
Device ID: ACPI\PNP0C14\MXM2

Name: HID Keyboard Device
Description: HID Keyboard Device
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: kbdhid
Device ID: HID\VID_1038&PID_0510&MI_00\8&367D3F63&0&0000

Name: Mount Point Manager
Description: Mount Point Manager
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mountmgr
Device ID: ROOT\LEGACY_MOUNTMGR\0000

Name: CNG
Description: CNG
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: CNG
Device ID: ROOT\LEGACY_CNG\0000

Name: Programmable interrupt controller
Description: Programmable interrupt controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0000\4&1B5A7E87&0

Name: Microsoft ACPI-Compliant System
Description: Microsoft ACPI-Compliant System
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: ACPI
Device ID: ACPI_HAL\PNP0C08\0

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB\4&209DFF44&0

Name: High Definition Audio Controller
Description: High Definition Audio Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus
Device ID: PCI\VEN_1002&DEV_4383&SUBSYS_84361043&REV_40\3&267A616A&0&A2

Name: WAN Miniport (PPPOE)
Description: WAN Miniport (PPPOE)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasPppoe
Device ID: ROOT\MS_PPPOEMINIPORT\0000

Name: ATA Channel 0
Description: IDE Channel
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi
Device ID: PCIIDE\IDECHANNEL\5&17250B85&0&0

Name: Standard OpenHCD USB Host Controller
Description: Standard OpenHCD USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbohci
Device ID: PCI\VEN_1002&DEV_4397&SUBSYS_43971002&REV_00\3&267A616A&0&98

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: PCI\VEN_1002&DEV_5A14&SUBSYS_5A141002&REV_02\3&267A616A&0&00

Name: AMD Radeon R9 200 Series
Description: AMD Radeon R9 200 Series
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices, Inc.
Service: amdkmdap
Device ID: PCI\VEN_1002&DEV_6810&SUBSYS_04641043&REV_00\4&14E8F4CB&0&0010

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
Device ID: STORAGE\VOLUME\{E8E114C1-AC00-11E4-BBB8-806E6F6E6963}#0000000006500000

Name: HL-DT-ST DVDRAM GSA-E30L USB Device
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Device ID: USBSTOR\CDROM&VEN_HL-DT-ST&PROD_DVDRAM_GSA-E30L&REV_VE01\P01070215003712&0

Name: USB Composite Device
Description: USB Composite Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbccgp
Device ID: USB\VID_046D&PID_C537\5&15D9C317&0&2

Name: Null
Description: Null
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Null
Device ID: ROOT\LEGACY_NULL\0000

Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8169
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_85051043&REV_09\4&28B85F88&0&00A9

Name: System timer
Description: System timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0100\4&1B5A7E87&0

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB\4&21F60AC4&0

Name: TCP/IP Protocol Driver
Description: TCP/IP Protocol Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Tcpip
Device ID: ROOT\LEGACY_TCPIP\0000

Name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: PptpMiniport
Device ID: ROOT\MS_PPTPMINIPORT\0000

Name: HID-compliant mouse
Description: HID-compliant mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: mouhid
Device ID: HID\VID_046D&PID_C069\7&1AAE79B1&0&0000

Name: Performance Counters for Windows Driver
Description: Performance Counters for Windows Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: pcw
Device ID: ROOT\LEGACY_PCW\0000

Name: System Attribute Cache
Description: System Attribute Cache
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: discache
Device ID: ROOT\LEGACY_DISCACHE\0000

Name: ATA Channel 1
Description: IDE Channel
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi
Device ID: PCIIDE\IDECHANNEL\5&17250B85&0&1

Name: High precision event timer
Description: High precision event timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0103\2&DABA3FF&1

========================= Memory info: ===================================

Percentage of memory in use: 19%
Total physical RAM: 8090.43 MB
Available physical RAM: 6546.98 MB
Total Virtual: 16179.07 MB
Available Virtual: 14737.61 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:119.02 GB) (Free:60.96 GB) NTFS
3 Drive f: (T2.1) (Fixed) (Total:1863.01 GB) (Free:668.17 GB) NTFS

========================= Users: ========================================

User accounts for \\

Administrator            Badbleep                 Guest                   

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

**** End of log ****


Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2016.01.10.01
  rootkit: v2016.01.09.01

Windows 7 Service Pack 1 x64 NTFS (Safe Mode)
Internet Explorer 11.0.9600.18124
Badbleep :: BADbleep-PC [administrator]

1/10/2016 7:14:28 AM
mbar-log-2016-01-10 (07-14-28).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 335292
Time elapsed: 5 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)


Rkill 2.8.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/10/2016 06:53:41 AM in x64 mode. (Safe Mode)
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * Base Filtering Engine (BFE) is not Running.
   Startup Type set to: Automatic

 * DHCP Client (Dhcp) is not Running.
   Startup Type set to: Automatic

 * DNS Client (Dnscache) is not Running.
   Startup Type set to: Automatic

 * COM+ Event System (EventSystem) is not Running.
   Startup Type set to: Automatic

 * Windows Firewall (MpsSvc) is not Running.
   Startup Type set to: Automatic

 * Network Connections (Netman) is not Running.
   Startup Type set to: Manual

 * Network Store Interface Service (nsi) is not Running.
   Startup Type set to: Automatic

 * Security Center (wscsvc) is not Running.
   Startup Type set to: Disabled

 * Windows Update (wuauserv) is not Running.
   Startup Type set to: Automatic (Delayed Start)

 * Ancillary Function Driver for Winsock (AFD) is not Running.
   Startup Type set to: System

 * Windows Firewall Authorization Driver (mpsdrv) is not Running.
   Startup Type set to: Manual

 * NetBT (NetBT) is not Running.
   Startup Type set to: System

 * NSI proxy service driver. (nsiproxy) is not Running.
   Startup Type set to: System

 * NetIO Legacy TDI Support Driver (tdx) is not Running.
   Startup Type set to: System

Searching for Missing Digital Signatures:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 7 Home Premium x64
Ran by Badbleep (Administrator) on Sun 01/10/2016 at  8:11:27.35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 26

Successfully deleted: C:\Users\Badbleep\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0BP8COWU (Folder)
Successfully deleted: C:\Users\Badbleep\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1AAKIS2E (Folder)
Successfully deleted: C:\Users\Badbleep\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3EMM2XMC (Folder)
Successfully deleted: C:\Users\Badbleep\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3TL0YOAU (Folder)
Successfully deleted: C:\Users\Badbleep\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5HFXH761 (Folder)
Successfully deleted: C:\Users\Badbleep\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7DQPRMN0 (Folder)
Successfully deleted: C:\Users\Badbleep\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9CKCINC5 (Folder)
Successfully deleted: C:\Users\Badbleep\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9CTYDLQ7 (Folder)
Successfully deleted: C:\Users\Badbleep\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFTACJAV (Folder)
Successfully deleted: C:\Users\Badbleep\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB0SNR38 (Folder)
Successfully deleted: C:\Users\Badbleep\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBKLDE0U (Folder)
Successfully deleted: C:\Users\Badbleep\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JTEE8605 (Folder)
Successfully deleted: C:\Users\Badbleep\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L51SGNTM (Folder)
Successfully deleted: C:\Users\Badbleep\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LDK6K92E (Folder)
Successfully deleted: C:\Users\Badbleep\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OSHHY9Z7 (Folder)
Successfully deleted: C:\Users\Badbleep\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OU5IM1HZ (Folder)
Successfully deleted: C:\Users\Badbleep\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S7M7TD35 (Folder)
Successfully deleted: C:\Users\Badbleep\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SE61SJ3Q (Folder)
Successfully deleted: C:\Users\Badbleep\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TC2AEB8N (Folder)
Successfully deleted: C:\Users\Badbleep\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TNA96ANO (Folder)
Successfully deleted: C:\Users\Badbleep\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U6Q8TYAY (Folder)
Successfully deleted: C:\Users\Badbleep\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHJ3432K (Folder)
Successfully deleted: C:\Users\Badbleep\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VDG0AJJ3 (Folder)
Successfully deleted: C:\Users\Badbleep\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WYU0SD23 (Folder)
Successfully deleted: C:\Windows\prefetch\GOOGLETOOLBARMANAGER_A6282D74-8B7FCB84.pf (File)
Successfully deleted: C:\Windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-969E73DB.pf (File)

 

Registry: 0

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 01/10/2016 at  8:13:00.12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


and that's what I have up till now



#8 Jo*

Jo*

  • Malware Response Team
  • 3,292 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:33 PM

Posted 10 January 2016 - 12:13 PM

A FRST log is not allowed in this section of the forum.

I ask the mods to move this topic to the MRL Forum section.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:33 AM

Posted 10 January 2016 - 12:37 PM

The topic has been moved.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 Jo*

Jo*

  • Malware Response Team
  • 3,292 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:33 PM

Posted 10 January 2016 - 12:52 PM

From the logs that I've asked for, this one is missing:

***


:step1: Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#11 Mach1awd

Mach1awd
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  

Posted 10 January 2016 - 12:59 PM

 Results of screen317's Security Check version 1.009 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled! 
Microsoft Security Essentials  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 21 
 Java 8 Update 31 
 Java version 32-bit out of Date!
 Mozilla Firefox (41.0.2)
 Google Chrome (47.0.2526.106)
 Google Chrome (47.0.2526.80)
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 21% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

it is a SSD



#12 Jo*

Jo*

  • Malware Response Team
  • 3,292 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:33 PM

Posted 10 January 2016 - 01:04 PM

Hello,

:step1: Run Malwarebytes Anti-Rootkit again: Right-click mbar.exe and select Run As Administrator
  • Scan your system for malware
  • If malware is found, click on the Cleanup
  • button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • then please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step2: Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


:step3: Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


:step4: Scan with SystemLook
  • Please download SystemLook (32-bit) by jpshortstuff and save it to your desktop
  • Please download SystemLook (64-bit) by jpshortstuff and save it to your desktop For 64-bit users
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following code box into the main textfield:
:reg 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce

:regfind
System32\Tasks
Windows\Tasks
BootExecute
SecurityProviders
AppInit_DLLs
Userinit
DhcpNameServer
Chrome\Extensions
Chrome\User Data\Default\Extensions
.crx
Firefox\Extensions
MozillaPlugins
.xpi

:filefind
*.xpi
*.crx
*Chrome\Extensions*
*Chrome\User Data\Default\Extensions*
  • Click the Look button to start the scan (may take 5 ... 15 min.)
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
  • Please copy and paste the log to your reply.

***


:step5: How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#13 Mach1awd

Mach1awd
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  

Posted 10 January 2016 - 02:01 PM

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2016.01.10.02
  rootkit: v2016.01.09.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18124
Badbleep :: BADbleep-PC [administrator]

1/10/2016 10:20:43 AM
mbar-log-2016-01-10 (10-20-43).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 335627
Time elapsed: 6 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

 

# AdwCleaner v5.028 - Logfile created 10/01/2016 at 10:43:53
# Updated 04/01/2016 by Xplode
# Database : 2016-01-04.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Badbleep - BADbleep-PC
# Running from : C:\Users\Badbleep\Desktop\adwcleaner_5.028.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [597 bytes] ##########

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 7 Home Premium x64
Ran by Badbleep (Administrator) on Sun 01/10/2016 at 10:47:09.74
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 5

Successfully deleted: C:\Users\Badbleep\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5HFXH761 (Folder)
Successfully deleted: C:\Users\Badbleep\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFTACJAV (Folder)
Successfully deleted: C:\Users\Badbleep\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TC2AEB8N (Folder)
Successfully deleted: C:\Users\Badbleep\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TNA96ANO (Folder)
Successfully deleted: C:\Users\Badbleep\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WYU0SD23 (Folder)

 

Registry: 0

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 01/10/2016 at 10:49:08.20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

SystemLook 30.07.11 by jpshortstuff
Log created at 10:52 on 10/01/2016 by Badbleep
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=""C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s"
"MSC"=""C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"="C:\Windows\system32\StikyNot.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
(No values found)

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
(No values found)

========== regfind ==========

Searching for "System32\Tasks"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32]
@="C:\Windows\system32\taskschd.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C86F320-DEE3-4DD1-B972-A303F26B061E}\InprocServer32]
@="C:\Windows\system32\TaskSchdPS.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{e34cb9f1-c7f7-424c-be29-027dcc09363a}\1.0\0\win64]
@="C:\Windows\system32\taskschd.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{e34cb9f1-c7f7-424c-be29-027dcc09363a}\1.0\0\win64]
@="C:\Windows\system32\taskschd.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{e34cb9f1-c7f7-424c-be29-027dcc09363a}\1.0\0\win64]
@="C:\Windows\system32\taskschd.dll"

Searching for "Windows\Tasks"
No data found.

Searching for "BootExecute"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-smss-bootexecute_31bf3856ad364e35_none_2f98bf433f61b9b2]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\wow64_microsoft-windows-smss-bootexecute_31bf3856ad364e35_none_39ed699573c27bad]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager]
"BootExecute"="autocheck autochk *"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager]
"BootExecute"="autocheck autochk *"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"BootExecute"="autocheck autochk *"

Searching for "SecurityProviders"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders]
"SecurityProviders"="credssp.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SecurityProviders]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SecurityProviders]
"SecurityProviders"="credssp.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"="credssp.dll"

Searching for "AppInit_DLLs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"APPINIT_DLLS"="SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"APPINIT_DLLS"="SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

Searching for "Userinit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-userinit.resources_31bf3856ad364e35_en-us_903c6331299f704a]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-userinit_31bf3856ad364e35_none_a11115c99b789ded]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-userinit.resources_31bf3856ad364e35_en-us_341dc7ad7141ff14]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-userinit_31bf3856ad364e35_none_44f27a45e31b2cb7]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\Windows\system32\userinit.exe,"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="userinit.exe,"

Searching for "DhcpNameServer"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dhcp\Parameters\Options\44]
"RegLocation"="SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_?\DhcpNameServerList SYSTEM\CurrentControlSet\Services\NetBT\Adapters\?\DhcpNameServer"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dhcp\Parameters\Options\6]
"RegLocation"="SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpNameServer SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters]
"DhcpNameServer"="75.75.75.75 75.75.76.76"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{8173850A-96AB-4C52-BA2B-42DBAB9C68A8}]
"DhcpNameServer"="75.75.75.75 75.75.76.76"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Dhcp\Parameters\Options\44]
"RegLocation"="SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_?\DhcpNameServerList SYSTEM\CurrentControlSet\Services\NetBT\Adapters\?\DhcpNameServer"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Dhcp\Parameters\Options\6]
"RegLocation"="SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpNameServer SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Tcpip\Parameters]
"DhcpNameServer"="75.75.75.75 75.75.76.76"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{8173850A-96AB-4C52-BA2B-42DBAB9C68A8}]
"DhcpNameServer"="75.75.75.75 75.75.76.76"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dhcp\Parameters\Options\44]
"RegLocation"="SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_?\DhcpNameServerList SYSTEM\CurrentControlSet\Services\NetBT\Adapters\?\DhcpNameServer"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dhcp\Parameters\Options\6]
"RegLocation"="SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpNameServer SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]
"DhcpNameServer"="75.75.75.75 75.75.76.76"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8173850A-96AB-4C52-BA2B-42DBAB9C68A8}]
"DhcpNameServer"="75.75.75.75 75.75.76.76"

Searching for "Chrome\Extensions"
No data found.

Searching for "Chrome\User Data\Default\Extensions"
No data found.

Searching for ".crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown\cDefaultLaunchAttachmentPerms]
"tBuiltInPermList"="version:1|.ade:3|.adp:3|.app:3|.arc:3|.arj:3|.asp:3|.bas:3|.bat:3|.bz:3|.bz2:3|.cab:3|.chm:3|.class:3|.cmd:3|.com:3|.command:3|.cpl:3|.crt:3|.csh:3|.desktop:3|.dll:3|.exe:3|.fxp:3|.gz:3|.hex:3|.hlp:3|.hqx:3|.hta:3|.inf:3|.ini:3|.ins:3|.isp:3|.its:3|.job:3|.js:3|.jse:3|.ksh:3|.lnk:3|.lzh:3|.mad:3|.maf:3|.mag:3|.mam:3|.maq:3|.mar:3|.mas:3|.mat:3|.mau:3|.mav:3|.maw:3|.mda:3|.mdb:3|.mde:3|.mdt:3|.mdw:3|.mdz:3|.msc:3|.msi:3|.msp:3|.mst:3|.ocx:3|.ops:3|.pcd:3|.pi:3|.pif:3|.prf:3|.prg:3|.pst:3|.rar:3|.reg:3|.scf:3|.scr:3|.sct:3|.sea:3|.shb:3|.shs:3|.sit:3|.tar:3|.taz:3|.tgz:3|.tmp:3|.url:3|.vb:3|.vbe:3|.vbs:3|.vsmacros:3|.vss:3|.vst:3|.vsw:3|.webloc:3|.ws:3|.wsc:3|.wsf:3|.wsh:3|.z:3|.zip:3|.zlo:3|.zoo:3|.pdf:2|.fdf:2|.jar:3|.pkg:3|.tool:3|.term:3|.acm:3|.asa:3|.aspx:3|.ax:3|.ad:3|.application:3|.asx:3|.cer:3|.cfg:3|.chi:3|.class:3|.clb:3|.cnt:3|.cnv:3|.cpx:3|.crx:3|.der:3|.drv:3|.fon:3|.g
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown\cDefaultLaunchAttachmentPerms]
"tBuiltInPermList"="version:1|.ade:3|.adp:3|.app:3|.arc:3|.arj:3|.asp:3|.bas:3|.bat:3|.bz:3|.bz2:3|.cab:3|.chm:3|.class:3|.cmd:3|.com:3|.command:3|.cpl:3|.crt:3|.csh:3|.desktop:3|.dll:3|.exe:3|.fxp:3|.gz:3|.hex:3|.hlp:3|.hqx:3|.hta:3|.inf:3|.ini:3|.ins:3|.isp:3|.its:3|.job:3|.js:3|.jse:3|.ksh:3|.lnk:3|.lzh:3|.mad:3|.maf:3|.mag:3|.mam:3|.maq:3|.mar:3|.mas:3|.mat:3|.mau:3|.mav:3|.maw:3|.mda:3|.mdb:3|.mde:3|.mdt:3|.mdw:3|.mdz:3|.msc:3|.msi:3|.msp:3|.mst:3|.ocx:3|.ops:3|.pcd:3|.pi:3|.pif:3|.prf:3|.prg:3|.pst:3|.rar:3|.reg:3|.scf:3|.scr:3|.sct:3|.sea:3|.shb:3|.shs:3|.sit:3|.tar:3|.taz:3|.tgz:3|.tmp:3|.url:3|.vb:3|.vbe:3|.vbs:3|.vsmacros:3|.vss:3|.vst:3|.vsw:3|.webloc:3|.ws:3|.wsc:3|.wsf:3|.wsh:3|.z:3|.zip:3|.zlo:3|.zoo:3|.pdf:2|.fdf:2|.jar:3|.pkg:3|.tool:3|.term:3|.acm:3|.asa:3|.aspx:3|.ax:3|.ad:3|.application:3|.asx:3|.cer:3|.cfg:3|.chi:3|.class:3|.clb:3|.cnt:3|.cnv:3|.cpx:3|.crx:3|.der:3|.drv

Searching for "Firefox\Extensions"
No data found.

Searching for "MozillaPlugins"
[HKEY_CURRENT_USER\Software\MozillaPlugins]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E239E79D0F3E43448AC9DC382C0BD62]
"68AB67CA7DA73301B744CAF070E41400"="02:\Software\MozillaPlugins\Adobe Reader\Path"
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins]
[HKEY_USERS\S-1-5-21-3908874892-2912949432-2940350283-1000\Software\MozillaPlugins]

Searching for ".xpi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown\cDefaultLaunchAttachmentPerms]
"tBuiltInPermList"="version:1|.ade:3|.adp:3|.app:3|.arc:3|.arj:3|.asp:3|.bas:3|.bat:3|.bz:3|.bz2:3|.cab:3|.chm:3|.class:3|.cmd:3|.com:3|.command:3|.cpl:3|.crt:3|.csh:3|.desktop:3|.dll:3|.exe:3|.fxp:3|.gz:3|.hex:3|.hlp:3|.hqx:3|.hta:3|.inf:3|.ini:3|.ins:3|.isp:3|.its:3|.job:3|.js:3|.jse:3|.ksh:3|.lnk:3|.lzh:3|.mad:3|.maf:3|.mag:3|.mam:3|.maq:3|.mar:3|.mas:3|.mat:3|.mau:3|.mav:3|.maw:3|.mda:3|.mdb:3|.mde:3|.mdt:3|.mdw:3|.mdz:3|.msc:3|.msi:3|.msp:3|.mst:3|.ocx:3|.ops:3|.pcd:3|.pi:3|.pif:3|.prf:3|.prg:3|.pst:3|.rar:3|.reg:3|.scf:3|.scr:3|.sct:3|.sea:3|.shb:3|.shs:3|.sit:3|.tar:3|.taz:3|.tgz:3|.tmp:3|.url:3|.vb:3|.vbe:3|.vbs:3|.vsmacros:3|.vss:3|.vst:3|.vsw:3|.webloc:3|.ws:3|.wsc:3|.wsf:3|.wsh:3|.z:3|.zip:3|.zlo:3|.zoo:3|.pdf:2|.fdf:2|.jar:3|.pkg:3|.tool:3|.term:3|.acm:3|.asa:3|.aspx:3|.ax:3|.ad:3|.application:3|.asx:3|.cer:3|.cfg:3|.chi:3|.class:3|.clb:3|.cnt:3|.cnv:3|.cpx:3|.crx:3|.der:3|.drv:3|.fon:3|.g
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown\cDefaultLaunchAttachmentPerms]
"tBuiltInPermList"="version:1|.ade:3|.adp:3|.app:3|.arc:3|.arj:3|.asp:3|.bas:3|.bat:3|.bz:3|.bz2:3|.cab:3|.chm:3|.class:3|.cmd:3|.com:3|.command:3|.cpl:3|.crt:3|.csh:3|.desktop:3|.dll:3|.exe:3|.fxp:3|.gz:3|.hex:3|.hlp:3|.hqx:3|.hta:3|.inf:3|.ini:3|.ins:3|.isp:3|.its:3|.job:3|.js:3|.jse:3|.ksh:3|.lnk:3|.lzh:3|.mad:3|.maf:3|.mag:3|.mam:3|.maq:3|.mar:3|.mas:3|.mat:3|.mau:3|.mav:3|.maw:3|.mda:3|.mdb:3|.mde:3|.mdt:3|.mdw:3|.mdz:3|.msc:3|.msi:3|.msp:3|.mst:3|.ocx:3|.ops:3|.pcd:3|.pi:3|.pif:3|.prf:3|.prg:3|.pst:3|.rar:3|.reg:3|.scf:3|.scr:3|.sct:3|.sea:3|.shb:3|.shs:3|.sit:3|.tar:3|.taz:3|.tgz:3|.tmp:3|.url:3|.vb:3|.vbe:3|.vbs:3|.vsmacros:3|.vss:3|.vst:3|.vsw:3|.webloc:3|.ws:3|.wsc:3|.wsf:3|.wsh:3|.z:3|.zip:3|.zlo:3|.zoo:3|.pdf:2|.fdf:2|.jar:3|.pkg:3|.tool:3|.term:3|.acm:3|.asa:3|.aspx:3|.ax:3|.ad:3|.application:3|.asx:3|.cer:3|.cfg:3|.chi:3|.class:3|.clb:3|.cnt:3|.cnv:3|.cpx:3|.crx:3|.der:3|.drv

========== filefind ==========

Searching for "*.xpi"
No files found.

Searching for "*.crx"
C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\default_apps\docs.crx --a---- 4578 bytes [22:13 16/12/2015] [03:24 11/12/2015] 2C71C49F991095A1848624907BACBB08
C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\default_apps\drive.crx --a---- 25561 bytes [22:13 16/12/2015] [03:24 11/12/2015] 71E1283B8440F6264CEC99DF9AD81F5B
C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\default_apps\gmail.crx --a---- 24040 bytes [22:13 16/12/2015] [03:24 11/12/2015] 2E2E328E5BF6BE61203164B3E9EA8094
C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\default_apps\search.crx --a---- 26392 bytes [22:13 16/12/2015] [03:24 11/12/2015] 8AD223868AB9974F7746D0227730A0CC
C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\default_apps\youtube.crx --a---- 23668 bytes [22:13 16/12/2015] [03:24 11/12/2015] D2F6A1B11344D9AC7BCFB75900D4ADE1
C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\default_apps\docs.crx --a---- 4578 bytes [23:13 09/12/2015] [20:57 04/12/2015] 2C71C49F991095A1848624907BACBB08
C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\default_apps\drive.crx --a---- 25561 bytes [23:13 09/12/2015] [20:57 04/12/2015] 71E1283B8440F6264CEC99DF9AD81F5B
C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\default_apps\gmail.crx --a---- 24040 bytes [23:13 09/12/2015] [20:57 04/12/2015] 2E2E328E5BF6BE61203164B3E9EA8094
C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\default_apps\search.crx --a---- 26392 bytes [23:13 09/12/2015] [20:57 04/12/2015] 8AD223868AB9974F7746D0227730A0CC
C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\default_apps\youtube.crx --a---- 23668 bytes [23:13 09/12/2015] [20:57 04/12/2015] D2F6A1B11344D9AC7BCFB75900D4ADE1

Searching for "*Chrome\Extensions*"
No files found.

Searching for "*Chrome\User Data\Default\Extensions*"
No files found.

-= EOF =-



#14 Jo*

Jo*

  • Malware Response Team
  • 3,292 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:33 PM

Posted 10 January 2016 - 03:09 PM

I need all logs, when the pc runs in normal mode, not in safe mode!
 

***


FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

***


Please download Farbar Service Scanner and run it on the computer with the issue.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Make sure "Include All Files" option remains checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#15 Mach1awd

Mach1awd
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  

Posted 10 January 2016 - 03:41 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-01-2015
Ran by Badbleep (administrator) on BADbleep-PC (10-01-2016 12:39:00)
Running from C:\Users\Badbleep\Desktop
Loaded Profiles: Badbleep (Available Profiles: Badbleep)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Windows\SysWOW64\ASGT.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.19\AsusFanControlService.exe
(Aladdin Knowledge Systems Ltd.) C:\Windows\System32\hasplms.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_20_0_0_270_ActiveX.exe
(Microsoft Corporation) C:\Windows\winsxs\amd64_microsoft-windows-s..-downlevel.binaries_31bf3856ad364e35_6.3.9600.18124_none_5fab541cff413c41\MsSpellCheckingFacility.exe
(Sysinternals - www.sysinternals.com) C:\Users\Badbleep\Desktop\Autoruns\Autoruns.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7200984 2015-02-05] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2013-01-28] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUS WiFi GO! FileTransfer Execute] => C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFile\WiFileTransfer.exe [1391416 2013-06-21] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [337432 2014-03-10] (Power Software Ltd)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-28] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-3908874892-2912949432-2940350283-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\system32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3908874892-2912949432-2940350283-1000\...\Policies\system: [EnableLUA] 0
HKU\S-1-5-21-3908874892-2912949432-2940350283-1000\...\MountPoints2: D - D:\setup.exe
HKU\S-1-5-21-3908874892-2912949432-2940350283-1000\...\MountPoints2: {218c8955-b2aa-11e4-9a2d-806e6f6e6963} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3908874892-2912949432-2940350283-1000\...\MountPoints2: {7a2a9314-bf6a-11e4-b6f3-ac220b50c290} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\TL-Bootstrap.exe
HKU\S-1-5-21-3908874892-2912949432-2940350283-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-02-03] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [AOD] => C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-28] (Advanced Micro Devices, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{8173850A-96AB-4C52-BA2B-42DBAB9C68A8}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-3908874892-2912949432-2940350283-1000 -> DefaultScope {DFF37A6E-82D2-4146-88AE-A35E806BC8B9} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3908874892-2912949432-2940350283-1000 -> {DFF37A6E-82D2-4146-88AE-A35E806BC8B9} URL = hxxps://www.google.com/search?q={searchTerms}
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-03] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-03] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Badbleep\AppData\Roaming\Mozilla\Firefox\Profiles\0bwm6wo3.default
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2015-02-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-03] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-17]
CHR Extension: (Google Docs) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-17]
CHR Extension: (Google Drive) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-01]
CHR Extension: (YouTube) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-01]
CHR Extension: (Google Search) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Google Sheets) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-17]
CHR Extension: (Google Docs Offline) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-01]
CHR Extension: (Gmail) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-17]
CHR Profile: C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-09]
CHR Extension: (Google Docs) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-09]
CHR Extension: (Google Drive) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-09]
CHR Extension: (YouTube) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-09]
CHR Extension: (Google Search) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-09]
CHR Extension: (Google Sheets) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-09]
CHR Extension: (Google Docs Offline) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-09]
CHR Extension: (Gmail) - C:\Users\Badbleep\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-09]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-28] (Advanced Micro Devices, Inc.) [File not signed]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-09-17] ()
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2013-09-17] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-16] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.19\AsusFanControlService.exe [408960 2012-10-14] (ASUSTeK Computer Inc.)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7184440 2015-12-09] (GOG.com)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2013-01-28] (ASUSTek Computer Inc.)
R3 Alpham1; C:\Windows\System32\DRIVERS\Alpham164.sys [52992 2007-07-23] (Ideazon Corporation)
R3 Alpham2; C:\Windows\System32\DRIVERS\Alpham264.sys [21760 2007-03-20] (Ideazon Corporation)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2013-01-14] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2015-02-05] (MCCI Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-01-07] ()
R3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2016-01-10] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
U3 PROCMON23; C:\Windows\System32\Drivers\PROCMON23.SYS [84792 2016-01-09] (Sysinternals - www.sysinternals.com)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2015-02-05] (Duplex Secure Ltd.)
R4 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-10 12:39 - 2016-01-10 12:39 - 00013345 _____ C:\Users\Badbleep\Desktop\FRST.txt
2016-01-10 10:57 - 2016-01-10 10:57 - 00026850 _____ C:\Users\Badbleep\Desktop\SystemLook.txt
2016-01-10 10:52 - 2016-01-10 10:56 - 00026848 _____ C:\Users\Badbleep\Downloads\SystemLook.txt
2016-01-10 10:50 - 2016-01-10 10:50 - 00165376 _____ C:\Users\Badbleep\Downloads\SystemLook_x64.exe
2016-01-10 10:49 - 2016-01-10 10:49 - 00001210 _____ C:\Users\Badbleep\Desktop\JRT.txt
2016-01-10 10:43 - 2016-01-10 10:45 - 00000675 _____ C:\Users\Badbleep\Desktop\AdwCleaner[S3].txt
2016-01-10 10:30 - 2016-01-10 10:30 - 00002296 _____ C:\Users\Badbleep\Desktop\mbar-log-2016-01-10 (10-20-43).txt
2016-01-10 09:55 - 2016-01-10 09:56 - 00852720 _____ C:\Users\Badbleep\Downloads\SecurityCheck.exe
2016-01-10 08:09 - 2016-01-10 08:09 - 05646860 _____ (Swearware) C:\Users\Badbleep\Downloads\ComboFix.exe
2016-01-10 08:08 - 2016-01-10 08:08 - 01600184 _____ (Malwarebytes) C:\Users\Badbleep\Desktop\JRT.exe
2016-01-10 06:51 - 2016-01-10 06:51 - 00000000 ____D C:\Windows\pss
2016-01-10 06:32 - 2016-01-10 06:32 - 314031720 _____ (AMD Inc.) C:\Users\Badbleep\Downloads\radeon-crimson-15.12-with-dotnet45-win7-64bit.exe
2016-01-10 06:27 - 2016-01-10 06:52 - 1111298460 _____ C:\Windows\Procmon.pmb
2016-01-09 21:43 - 2016-01-09 21:43 - 00084792 ____H (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCMON23.SYS
2016-01-09 21:33 - 2016-01-09 21:33 - 00000124 _____ C:\Users\Badbleep\Documents\ax_files.xml
2016-01-09 20:54 - 2016-01-10 10:45 - 00000000 ____D C:\AdwCleaner
2016-01-09 20:50 - 2016-01-09 20:50 - 00000000 ____D C:\Users\Badbleep\Downloads\Autoruns
2016-01-09 11:55 - 2016-01-09 11:55 - 00967601 _____ C:\Users\Badbleep\Downloads\ProcessMonitor.zip
2016-01-09 11:55 - 2016-01-09 11:55 - 00000000 ____D C:\Users\Badbleep\Downloads\ProcessMonitor
2016-01-09 11:55 - 2015-05-26 09:38 - 02046608 ____N (Sysinternals - www.sysinternals.com) C:\Users\Badbleep\Desktop\Procmon.exe
2016-01-09 05:56 - 2016-01-09 05:56 - 00007609 _____ C:\Users\Badbleep\AppData\Local\Resmon.ResmonCfg
2016-01-09 05:03 - 2016-01-09 03:12 - 00891392 _____ (Farbar) C:\Users\Badbleep\Desktop\MiniToolBox.exe
2016-01-09 04:35 - 2016-01-09 04:33 - 02370560 _____ (Farbar) C:\Users\Badbleep\Desktop\FRST64.exe
2016-01-09 04:33 - 2016-01-10 12:39 - 00000000 ____D C:\FRST
2016-01-09 04:33 - 2016-01-09 04:33 - 02370560 _____ (Farbar) C:\Users\Badbleep\Downloads\FRST64.exe
2016-01-09 04:32 - 2016-01-09 03:49 - 01749504 _____ C:\Users\Badbleep\Desktop\adwcleaner_5.028.exe
2016-01-09 03:49 - 2016-01-09 03:49 - 01749504 _____ C:\Users\Badbleep\Downloads\adwcleaner_5.028.exe
2016-01-09 03:12 - 2016-01-09 03:12 - 00891392 _____ (Farbar) C:\Users\Badbleep\Downloads\MiniToolBox.exe
2016-01-08 09:34 - 2016-01-08 09:34 - 00606532 _____ C:\Users\Badbleep\Downloads\Autoruns.zip
2016-01-08 09:34 - 2016-01-08 09:34 - 00000000 ____D C:\Users\Badbleep\Desktop\Autoruns
2016-01-08 09:32 - 2016-01-08 09:32 - 00000000 ____D C:\Users\Badbleep\Desktop\ProcessExplorer
2016-01-08 09:31 - 2016-01-08 09:31 - 01250844 _____ C:\Users\Badbleep\Downloads\ProcessExplorer.zip
2016-01-08 09:28 - 2016-01-08 09:28 - 00380416 _____ C:\Users\Badbleep\Desktop\5mt5trjz.exe
2016-01-07 10:28 - 2016-01-10 10:30 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-01-07 10:28 - 2016-01-07 10:28 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Badbleep\Desktop\rkill.exe
2016-01-07 10:25 - 2016-01-10 10:30 - 00000000 ____D C:\Users\Badbleep\Desktop\mbar
2016-01-07 09:57 - 2016-01-07 09:57 - 00000000 _____ C:\autoexec.bat
2016-01-07 09:56 - 2016-01-07 09:56 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2015-12-16 11:16 - 2015-12-16 11:16 - 00001393 _____ C:\Users\Badbleep\Desktop\iexplore.exe - Shortcut.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-10 12:28 - 2015-02-06 08:00 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-10 12:12 - 2015-03-20 10:25 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-10 10:32 - 2015-08-22 06:57 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-10 10:20 - 2015-08-22 06:57 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-10 10:17 - 2015-05-15 17:59 - 00000000 ____D C:\Users\Badbleep\Desktop\New folder
2016-01-10 08:51 - 2009-07-13 20:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-10 08:51 - 2009-07-13 20:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-10 07:54 - 2009-07-13 21:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-10 07:54 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-01-10 07:53 - 2015-02-03 13:34 - 00000000 _____ C:\Windows\Path.idx
2016-01-10 07:48 - 2015-02-03 16:25 - 01048576 _____ C:\Windows\PE_Rom.dll
2016-01-10 07:47 - 2015-03-20 10:25 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-10 07:47 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-10 06:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows
2016-01-09 21:31 - 2015-10-31 17:11 - 00000000 ____D C:\ALLDATAW
2016-01-09 21:31 - 2015-02-03 16:10 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-09 18:35 - 2015-07-21 20:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2016-01-09 18:35 - 2009-07-13 21:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-01-09 18:05 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF
2016-01-09 18:03 - 2015-03-20 10:25 - 00000000 ____D C:\Program Files\Google
2016-01-09 18:03 - 2015-03-20 10:25 - 00000000 ____D C:\Program Files (x86)\Google
2016-01-09 17:30 - 2015-04-13 14:46 - 00001866 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Software Updates.lnk
2016-01-09 17:12 - 2015-03-20 10:25 - 00000000 ____D C:\Users\Badbleep\AppData\Local\Google
2016-01-09 09:18 - 2015-02-27 13:51 - 00002518 _____ C:\Windows\MB.idx
2016-01-07 14:20 - 2015-02-07 13:28 - 00000000 ____D C:\Users\Badbleep\AppData\Local\QuickPar
2016-01-07 10:51 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\schemas
2016-01-07 10:37 - 2015-03-09 12:41 - 00000000 ____D C:\Windows\Minidump
2016-01-07 09:09 - 2015-07-21 20:54 - 00000000 ____D C:\Program Files (x86)\GalaxyClient
2016-01-07 08:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\ModemLogs
2016-01-02 15:41 - 2015-11-04 13:06 - 00000000 ____D C:\Users\Badbleep\AppData\Roaming\vlc
2016-01-02 11:56 - 2015-06-26 19:39 - 00000000 ____D C:\Program Files (x86)\Raptr
2016-01-02 11:28 - 2015-02-06 08:00 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-02 11:28 - 2015-02-06 08:00 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-02 11:28 - 2015-02-06 08:00 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-27 15:36 - 2015-11-25 18:08 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-12-27 12:24 - 2015-02-06 08:00 - 00000000 ____D C:\Users\Badbleep\AppData\Local\Adobe
2015-12-17 13:00 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Performance
2015-12-16 19:53 - 2015-06-16 13:53 - 00000000 ____D C:\Users\Badbleep\AppData\Roaming\Kodi
2015-12-16 19:32 - 2015-03-27 15:01 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-12-16 19:32 - 2015-03-27 15:01 - 00000000 ___SD C:\Windows\system32\GWX
2015-12-16 14:13 - 2015-03-20 10:25 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk

==================== Files in the root of some directories =======

2016-01-09 05:56 - 2016-01-09 05:56 - 0007609 _____ () C:\Users\Badbleep\AppData\Local\Resmon.ResmonCfg
2015-02-03 16:11 - 2015-02-03 16:11 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-01-09 07:14

==================== End of FRST.txt ============================






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users