Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My computer suddenly started to lag VERY bad


  • This topic is locked This topic is locked
9 replies to this topic

#1 Immortalproject

Immortalproject

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:57 AM

Posted 17 June 2016 - 11:37 AM

Hello,

 

First things first this is my first time asking for help in forums so i don't know what to expect :)

 I have Windows 7 Ultimate, and for the past 2-3 days my computer suddenly became slow and very laggy, when i try to open something whole PC freezes for approximately 10 seconds, same goes with the chrome browser whatever i touch freezes. I'm writing this topic and for couple of seconds the browser freezes. Things i did : Disk cleanup and scanned my computer with Malwarebytes it detected 56 files (Malware, Trojan.miner, PUP's and some other), but it still have lags, so i gave up and wanted to get help from the professionals/experienced people :)

 

Details: It runs smoothly in Safe Mode, Shutdown process takes very long to operate, and i don't know if this helps but my friend asked me to download a game and play with him, so he sent me the URL, and there there were ads, and different websites popping out, i THINK the lag started from that website he sent me. I'm currently using Safe Mode.

 

PS. Sorry for my bad english, i'm not a native speaker  :P

 

Thanks,

 

Arthur 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-06-2016 01
Ran by Arturas (administrator) on ARTURAS-PC (17-06-2016 20:53:33)
Running from C:\Users\Arturas\Downloads
Loaded Profiles: Arturas (Available Profiles: Arturas)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13423688 2013-02-26] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [NCUpdateHelper] => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-06-08] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3346973620-2518307813-930778835-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-3346973620-2518307813-930778835-1000\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-3346973620-2518307813-930778835-1000\...\Run: [RGSC] => D:\Zaidimai\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-3346973620-2518307813-930778835-1000\...\Run: [Remote Mouse] => C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
HKU\S-1-5-21-3346973620-2518307813-930778835-1000\...\Run: [iFunBox Fast App Install Handler] => C:\Program Files (x86)\i-Funbox DevTeam\iFunBox.exe /tray
HKU\S-1-5-21-3346973620-2518307813-930778835-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-3346973620-2518307813-930778835-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53130368 2016-05-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3346973620-2518307813-930778835-1000\...\MountPoints2: {4ac85e19-22f3-11e4-9a2c-94de80ceba61} - G:\LG_PC_Programs.exe
HKU\S-1-5-21-3346973620-2518307813-930778835-1000\...\MountPoints2: {928034a8-9a8e-11e3-8dbc-806e6f6e6963} - E:\Run.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk [2014-02-20]
ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (GIGABYTE Technology Co.,Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2016-03-28]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{5C582B4F-DFCC-4D12-B1CA-2A2686F4123D}: [DhcpNameServer] 192.168.1.254 212.59.2.2
Tcpip\..\Interfaces\{CAD4F9EB-58FF-486B-AC42-2610DC23A669}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{F993626E-4763-4027-A292-0E68789D7546}: [DhcpNameServer] 192.168.1.254 212.59.2.2
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3346973620-2518307813-930778835-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3346973620-2518307813-930778835-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3346973620-2518307813-930778835-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKU\S-1-5-21-3346973620-2518307813-930778835-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3346973620-2518307813-930778835-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3346973620-2518307813-930778835-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-17] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll => No File
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-17] (Oracle Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3346973620-2518307813-930778835-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3346973620-2518307813-930778835-1000 -> Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Users\Arturas\AppData\Roaming\Mozilla\Firefox\Profiles\84s6b0sp.default
FF Homepage: www.google.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-17] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-17] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-04-11] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-04-11] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-3346973620-2518307813-930778835-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Arturas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-11] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3346973620-2518307813-930778835-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
FF SearchPlugin: C:\Users\Arturas\AppData\Roaming\Mozilla\Firefox\Profiles\84s6b0sp.default\searchplugins\yandex-avast.xml [2015-07-14]
FF Extension: One Click Proxy - C:\Users\Arturas\AppData\Roaming\Mozilla\Firefox\Profiles\84s6b0sp.default\Extensions\jid0-zXo3XFGyiDalgkeEO4UYJTUwo2I@jetpack.xpi [2015-08-26]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.11.42\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.11.42\coFFPlgn [2016-06-17]
 
Chrome: 
=======
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\Arturas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Arturas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-13]
CHR Extension: (Google Docs) - C:\Users\Arturas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-13]
CHR Extension: (Google Drive) - C:\Users\Arturas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (Adguard AdBlocker) - C:\Users\Arturas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2016-06-09]
CHR Extension: (YouTube) - C:\Users\Arturas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Arturas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\Arturas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-13]
CHR Extension: (Google Docs Offline) - C:\Users\Arturas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Click&Clean) - C:\Users\Arturas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2016-04-28]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Arturas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-06-11]
CHR Extension: (Norton Identity Safe) - C:\Users\Arturas\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-08-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Arturas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Arturas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-13]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-06-27]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-06-27]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [182304 2014-11-24] (EasyAntiCheat Ltd)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2015-01-12] (Hi-Rez Studios) [File not signed]
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-04-11] (Intel Corporation)
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [419248 2016-06-07] (LogMeIn, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
S2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe [131144 2015-03-05] (Symantec Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5132656 2013-11-25] (INCA Internet Co., Ltd.)
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-12-25] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 SBAMSvc; "C:\Program Files (x86)\ParetoLogic\XoftSpy AntiVirus Pro\SBAMSvc.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21584 2013-02-19] ()
S1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-02-20] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-04-30] (Intel Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S3 NPF; C:\Windows\SysWOW64\drivers\npf.sys [42512 2015-03-23] (CACE Technologies)
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1362576 2012-09-24] (Realtek Semiconductor Corporation                           )
S0 sfdrv01a; C:\Windows\System32\drivers\sfdrv01a.sys [77688 2006-07-05] (Protection Technology (StarForce))
S0 sfsync04; C:\Windows\System32\drivers\sfsync04.sys [77696 2006-06-14] (Protection Technology (StarForce))
R3 ssdevfactory; C:\Windows\System32\DRIVERS\ssdevfactory.sys [40576 2016-03-09] (SteelSeries ApS)
R3 sshid; C:\Windows\System32\DRIVERS\sshid.sys [51400 2016-02-02] (SteelSeries ApS)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-06-16] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [21584 2013-05-06] ()
S3 athur; system32\DRIVERS\athurx.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-17 20:53 - 2016-06-17 20:53 - 00021980 _____ C:\Users\Arturas\Downloads\FRST.txt
2016-06-17 20:52 - 2016-06-17 20:53 - 00000000 ____D C:\FRST
2016-06-17 20:52 - 2016-06-17 20:52 - 02386944 _____ (Farbar) C:\Users\Arturas\Downloads\FRST64.exe
2016-06-17 18:23 - 2016-06-17 18:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2016-06-17 18:23 - 2016-06-17 18:23 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2016-06-17 18:20 - 2016-06-17 18:20 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Arturas\Downloads\cbSetup.exe
2016-06-17 16:31 - 2016-06-17 16:31 - 00026355 _____ C:\Users\Arturas\Downloads\dds.txt
2016-06-17 15:27 - 2016-06-17 15:42 - 00000000 ____D C:\Users\Arturas\Desktop\Video
2016-06-17 11:33 - 2016-06-17 11:33 - 00000438 _____ C:\Windows\SysWOW64\WSCConfig.xml
2016-06-17 11:04 - 2016-06-17 11:04 - 00003136 _____ C:\Windows\System32\Tasks\ParetoLogic Registration3
2016-06-17 10:59 - 2016-06-17 10:59 - 00003260 _____ C:\Windows\System32\Tasks\ParetoLogic Update Version3
2016-06-17 10:59 - 2016-06-17 10:59 - 00002928 _____ C:\Windows\System32\Tasks\ParetoLogic Update Version3 Startup Task
2016-06-17 10:59 - 2016-06-17 10:59 - 00002758 _____ C:\Windows\System32\Tasks\XoftSpy AntiVirus Pro Startup
2016-06-17 10:58 - 2016-06-17 16:26 - 00000000 ____D C:\ProgramData\ParetoLogic
2016-06-17 10:58 - 2012-09-20 05:11 - 00258848 _____ (GFI Software) C:\Windows\system32\Drivers\SbFw.sys
2016-06-17 10:58 - 2012-09-20 05:11 - 00061216 _____ (GFI Software) C:\Windows\system32\Drivers\sbhips.sys
2016-06-17 10:58 - 2012-09-12 20:19 - 00120064 _____ (GFI Software) C:\Windows\system32\Drivers\SbFwIm.sys
2016-06-17 10:56 - 2016-06-17 10:57 - 10751992 _____ (ParetoLogic, Inc.) C:\Users\Arturas\Downloads\XoftSpy_AV_Setup.exe
2016-06-17 10:53 - 2016-06-17 10:54 - 00204496 _____ (Malwarebytes) C:\Users\Arturas\Downloads\startuplite-setup-1.07.exe
2016-06-17 10:43 - 2016-06-17 10:43 - 00000000 ____D C:\Windows\System32\Tasks\Norton Identity Safe
2016-06-17 00:11 - 2016-06-17 09:03 - 00359466 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2016-06-17 00:11 - 2016-06-17 09:03 - 00000574 _____ C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job
2016-06-17 00:11 - 2016-06-17 00:11 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-06-17 00:10 - 2016-06-17 00:11 - 21408640 _____ (Tweaking.com) C:\Users\Arturas\Downloads\tweaking.com_windows_repair_aio_setup.exe
2016-06-17 00:05 - 2016-06-17 00:05 - 01610816 _____ (Malwarebytes) C:\Users\Arturas\Downloads\JRT.exe
2016-06-16 23:41 - 2016-06-16 23:41 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-06-16 23:40 - 2016-06-17 00:04 - 00000000 ____D C:\ProgramData\RogueKiller
2016-06-16 23:18 - 2016-06-16 23:29 - 00000000 ____D C:\AdwCleaner
2016-06-16 23:18 - 2016-06-16 23:18 - 03703360 _____ C:\Users\Arturas\Downloads\AdwCleaner.exe
2016-06-16 18:01 - 2016-06-16 18:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-16 17:38 - 2016-06-16 23:15 - 00002243 _____ C:\Windows\epplauncher.mif
2016-06-16 17:37 - 2016-06-16 17:37 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-06-16 17:37 - 2016-06-16 17:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-06-16 17:36 - 2016-06-16 17:38 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-06-16 14:54 - 2016-06-17 20:08 - 00376198 _____ C:\Windows\ntbtlog.txt
2016-06-13 21:22 - 2016-06-13 21:22 - 00000926 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2016-06-13 21:22 - 2016-06-13 21:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2016-06-13 21:22 - 2016-06-13 21:22 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2016-06-13 18:25 - 2016-06-17 19:59 - 00000000 ____D C:\Users\Arturas\AppData\Roaming\Skype
2016-06-13 18:14 - 2016-06-13 18:14 - 00001100 _____ C:\Users\Arturas\Desktop\Play Saints Row III DirectX 11.lnk
2016-06-13 18:14 - 2016-06-13 18:14 - 00001085 _____ C:\Users\Arturas\Desktop\Play Saints Row III DirectX 9.lnk
2016-06-13 14:09 - 2016-06-13 15:13 - 00000000 ____D C:\Program Files (x86)\Universal Extractor
2016-06-13 12:59 - 2016-06-17 20:08 - 00000000 ____D C:\Users\Arturas\AppData\Local\LogMeIn Hamachi
2016-06-13 12:07 - 2016-06-13 12:07 - 00000000 ____D C:\Windows\pss
2016-06-13 00:55 - 2016-06-13 00:55 - 00000221 _____ C:\Users\Arturas\Desktop\Bully Scholarship Edition.url
2016-06-10 14:46 - 2016-06-11 12:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-08 10:56 - 2016-06-08 10:56 - 00034720 ____H (LogMeIn, Inc.) C:\Windows\system32\Drivers\hamachi.sys
2016-06-07 10:09 - 2016-06-07 10:09 - 00000000 ____D C:\Users\Arturas\AppData\Roaming\Dropbox
2016-06-07 10:08 - 2016-06-08 20:37 - 00000000 ____D C:\Users\Arturas\AppData\Local\Dropbox
2016-06-05 23:20 - 2016-06-05 23:20 - 00000000 ____D C:\Program Files (x86)\Skillbrains
2016-06-05 19:48 - 2016-06-05 19:48 - 00000000 ____D C:\Users\Arturas\AppData\Local\MONO development team
2016-05-27 20:33 - 2016-05-27 20:43 - 00000000 ____D C:\Users\Arturas\AppData\Roaming\PortForward.com
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-17 20:17 - 2014-02-20 18:14 - 00000000 ____D C:\Users\Arturas\AppData\Local\ElevatedDiagnostics
2016-06-17 19:15 - 2014-02-21 20:05 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-17 17:58 - 2009-07-14 07:45 - 00021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-17 17:58 - 2009-07-14 07:45 - 00021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-17 17:52 - 2014-03-20 21:57 - 00706118 _____ C:\Windows\system32\perfh019.dat
2016-06-17 17:52 - 2014-03-20 21:57 - 00144370 _____ C:\Windows\system32\perfc019.dat
2016-06-17 17:52 - 2009-07-14 08:13 - 01631100 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-17 17:52 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf
2016-06-17 17:47 - 2015-02-08 14:41 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-17 17:47 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-17 17:14 - 2014-04-15 11:19 - 00000000 ____D C:\Program Files (x86)\Steam
2016-06-17 16:50 - 2015-03-20 14:35 - 00000000 ____D C:\Windows\Minidump
2016-06-17 15:47 - 2016-01-29 21:59 - 00000000 ____D C:\Users\Arturas\Desktop\gabijos foto
2016-06-17 15:45 - 2014-02-20 17:28 - 00000000 ____D C:\Users\Arturas
2016-06-17 14:30 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\rescache
2016-06-17 13:41 - 2014-02-21 20:05 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-06-17 13:40 - 2014-02-21 20:05 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-17 13:40 - 2014-02-21 20:05 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-17 12:50 - 2014-02-20 20:17 - 00000000 ____D C:\Users\Arturas\AppData\Local\CrashDumps
2016-06-17 10:20 - 2014-03-08 17:23 - 00001230 __RSH C:\ProgramData\ntuser.pol
2016-06-17 10:20 - 2014-02-20 17:47 - 00109680 _____ C:\Users\Arturas\AppData\Local\GDIPFONTCACHEV1.DAT
2016-06-17 10:20 - 2009-07-14 07:45 - 05074120 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-17 10:18 - 2010-11-21 10:16 - 00000000 ____D C:\Windows\CSC
2016-06-17 10:14 - 2009-07-14 05:34 - 00000616 _____ C:\Windows\win.ini
2016-06-16 23:20 - 2015-01-12 17:52 - 00000000 ____D C:\Windows\system32\log
2016-06-16 23:15 - 2015-01-09 23:24 - 00000000 ____D C:\Fraps
2016-06-16 23:14 - 2015-05-23 12:54 - 00000000 ____D C:\Program Files\CyberGhost 5
2016-06-16 21:47 - 2015-12-07 15:30 - 00000000 ____D C:\Program Files (x86)\PokerStars.EU
2016-06-16 21:46 - 2015-12-07 15:31 - 00000000 ____D C:\Users\Arturas\AppData\Local\PokerStars.EU
2016-06-16 21:45 - 2014-05-29 17:52 - 00000000 ____D C:\Program Files (x86)\Origin
2016-06-16 21:45 - 2014-03-23 18:40 - 00000000 ____D C:\ProgramData\Origin
2016-06-16 21:26 - 2015-02-04 21:18 - 00000000 ____D C:\ProgramData\Red AdBlocker
2016-06-16 21:26 - 2014-02-20 19:22 - 00000000 ____D C:\Program Files (x86)\PCData
2016-06-16 20:47 - 2015-01-10 00:19 - 00014022 _____ C:\Windows\system32\--traceoff
2016-06-16 20:05 - 2014-03-20 23:11 - 00000000 ____D C:\ProgramData\AVAST Software
2016-06-16 17:19 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\Catroot2.old
2016-06-16 14:12 - 2014-06-30 20:09 - 00000000 ____D C:\Program Files (x86)\Audacity
2016-06-16 14:05 - 2015-07-14 18:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCsoft
2016-06-16 14:05 - 2014-02-20 17:37 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-06-13 18:23 - 2014-02-20 18:45 - 00000000 ____D C:\Users\Arturas\AppData\Roaming\Skype_old
2016-06-13 17:50 - 2016-04-08 21:51 - 00000000 ____D C:\Users\Arturas\AppData\Roaming\uTorrent
2016-06-13 15:03 - 2009-07-14 08:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-06-13 12:27 - 2014-02-20 20:28 - 00000000 ____D C:\Users\Arturas\AppData\Local\SKIDROW
2016-06-13 09:51 - 2014-04-27 22:40 - 00000000 ____D C:\Users\Arturas\Desktop\Dainos
2016-06-12 19:24 - 2015-08-17 12:29 - 00000000 ____D C:\Users\Arturas\AppData\Roaming\.minecraft
2016-06-11 12:27 - 2014-02-21 14:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-10 01:11 - 2016-03-28 18:40 - 00000000 ____D C:\Users\Arturas\AppData\Roaming\steelseries-engine-3-client
2016-06-09 02:30 - 2015-02-08 14:43 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-08 12:23 - 2014-07-04 14:52 - 00000000 ____D C:\Users\Arturas\AppData\Roaming\TeamViewer
2016-06-08 12:23 - 2014-07-04 14:52 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-06-08 10:56 - 2014-05-13 13:08 - 00034720 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2016-06-08 00:22 - 2014-02-20 17:49 - 03518522 ____H C:\Users\Arturas\AppData\Local\IconCache.db.backup
2016-06-06 22:45 - 2014-04-20 00:32 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-05 12:16 - 2014-02-20 18:45 - 00000000 ____D C:\ProgramData\Skype
2016-05-27 20:32 - 2014-04-16 21:16 - 00000000 ____D C:\Users\Arturas\AppData\Local\Downloaded Installations
 
==================== Files in the root of some directories =======
 
2014-05-26 23:43 - 2014-05-26 23:43 - 0000046 _____ () C:\Users\Arturas\AppData\Roaming\Camdata.ini
2014-05-26 23:43 - 2014-05-26 23:43 - 0000408 _____ () C:\Users\Arturas\AppData\Roaming\CamLayout.ini
2014-05-26 23:43 - 2014-05-26 23:43 - 0000408 _____ () C:\Users\Arturas\AppData\Roaming\CamShapes.ini
2014-05-26 23:42 - 2014-05-26 23:42 - 0004535 _____ () C:\Users\Arturas\AppData\Roaming\CamStudio.cfg
2014-07-29 11:26 - 2014-07-29 11:27 - 0000012 _____ () C:\Users\Arturas\AppData\Roaming\id.txt
2014-07-13 22:19 - 2014-07-14 13:30 - 0000098 _____ () C:\Users\Arturas\AppData\Roaming\LauncherSettings_live.cfg
2014-10-13 19:25 - 2014-10-13 19:25 - 0008144 _____ () C:\Users\Arturas\AppData\Roaming\TheHunterSettings_live.bin
2014-07-13 22:45 - 2014-10-13 19:22 - 0000040 _____ () C:\Users\Arturas\AppData\Roaming\TheHunterSettings_steam_live.cfg
2014-07-29 11:26 - 2014-07-29 11:27 - 0135274 _____ () C:\Users\Arturas\AppData\Roaming\Uninstall.exe
2014-05-26 23:33 - 2014-05-26 23:33 - 0000096 _____ () C:\Users\Arturas\AppData\Roaming\version2.xml
2014-03-06 23:50 - 2014-03-06 23:50 - 0000095 _____ () C:\Users\Arturas\AppData\Local\fusioncache.dat
2014-08-24 14:42 - 2014-08-24 14:42 - 0000000 ___SH () C:\Users\Arturas\AppData\Local\LumaEmu
2014-04-20 11:04 - 2014-04-20 11:04 - 0003380 _____ () C:\Users\Arturas\AppData\Local\recently-used.xbel
2014-05-17 14:24 - 2014-05-17 14:24 - 0000003 _____ () C:\Users\Arturas\AppData\Local\updater.log
2014-05-17 14:24 - 2014-06-04 13:48 - 0000825 _____ () C:\Users\Arturas\AppData\Local\UserProducts.xml
 
Some files in TEMP:
====================
C:\Users\Arturas\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Arturas\AppData\Local\Temp\libeay32.dll
C:\Users\Arturas\AppData\Local\Temp\msvcr120.dll
C:\Users\Arturas\AppData\Local\Temp\sqlite3.dll
C:\Users\Arturas\AppData\Local\Temp\_unps.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-06-17 14:10
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:16-06-2016 01
Ran by Arturas (2016-06-17 20:54:03)
Running from C:\Users\Arturas\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2014-02-20 14:28:44)
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3346973620-2518307813-930778835-500 - Administrator - Disabled)
Arturas (S-1-5-21-3346973620-2518307813-930778835-1000 - Administrator - Enabled) => C:\Users\Arturas
ASPNET (S-1-5-21-3346973620-2518307813-930778835-1004 - Limited - Enabled)
Guest (S-1-5-21-3346973620-2518307813-930778835-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3346973620-2518307813-930778835-1000\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.55.1350, 16.06.2014 - AIMP DevTeam)
AMD Catalyst Install Manager (HKLM\...\{AF88A32E-BC54-2AA3-2FC8-D63D86DF4A7A}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Batman: Arkham City™ GOTY (HKLM-x32\...\GFWL_{57520FA0-DF38-46A1-8046-3B1000008500}) (Version: 1.0.0000.133 - WB Games)
Batman: Arkham City™ GOTY (x32 Version: 1.0.0000.133 - WB Games) Hidden
Bully: Scholarship Edition (HKLM\...\Steam App 12200) (Version:  - Rockstar New England)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
EPSON L210 Series Printer Uninstall (HKLM\...\EPSON L210 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson User's Guide L210 Series (HKLM-x32\...\L210 Series Useg) (Version:  - )
GIGABYTE OC_GURU II (HKLM-x32\...\InstallShield_{5588D686-D23B-4C9D-BDFA-2A7875CD3722}) (Version: 1.30.0000 - GIGABYTE Technology Co.,Ltd.)
GIGABYTE OC_GURU II (x32 Version: 1.30.0000 - GIGABYTE Technology Co.,Ltd.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto: Episodes from Liberty City (x32 Version: 1.0.0002.135 - Rockstar Games Inc.) Hidden
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3186 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.472 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.472 - LogMeIn, Inc.) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.11.42 - Symantec Corporation)
NVIDIA PhysX (HKLM-x32\...\{6833245E-DD86-479A-882A-8360D62C8194}) (Version: 9.09.0720 - NVIDIA Corporation)
ON_OFF Charge 2 B13.0506.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.0506.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6519 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6849 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Software Updater (HKLM-x32\...\{C09D747A-BD47-42A9-915E-CEB6B1BB7C11}) (Version: 4.2.7 - SEIKO EPSON CORPORATION) <==== ATTENTION
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SteelSeries DTS Headphone X (HKLM\...\SteelSeries DTS Headphone X) (Version: 1.0.0.2 - SteelSeries)
SteelSeries Engine 3.7.1 (HKLM\...\SteelSeries Engine 3) (Version: 3.7.1 - SteelSeries ApS)
Unity Web Player (HKU\S-1-5-21-3346973620-2518307813-930778835-1000\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Vegas Pro 13.0 (64-bit) (HKLM\...\{CDA02BF0-BFBC-11E3-AFA0-F04DA23A5C58}) (Version: 13.0.290 - Sony)
View User's Guide (HKLM-x32\...\View User Guide) (Version: 3.60.43.0 - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Driver Package - Microsoft (xusb21) XnaComposite  (08/13/2009 2.1.0.1349) (HKLM\...\0AEBEF6F936CFE16E003F7E141631FAB754D9816) (Version: 08/13/2009 2.1.0.1349 - Microsoft)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3346973620-2518307813-930778835-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Arturas\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1823EFB3-27B8-4232-A7F7-78C331E88F38} - System32\Tasks\ParetoLogic Update Version3 => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: {19943922-E4A4-44DD-ACCF-C9E174E7344F} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: {213688DF-908A-4B64-8C62-E889B50103CE} - System32\Tasks\{419B483B-5E6D-4D7D-8904-B423212BCBDB} => pcalua.exe -a C:\Users\Arturas\Downloads\dotnetfx.exe -d C:\Users\Arturas\Downloads
Task: {21AAC881-EF63-4DD3-A0B9-F49DF95463B9} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe
Task: {2F8581D4-DD31-44D5-AC23-3832434B29EC} - System32\Tasks\{EE09277E-C884-421A-8430-B48CAD513E1C} => pcalua.exe -a F:\Installer.exe -d F:\
Task: {3036E9D4-A9DD-4891-9E94-C538DA995D47} - System32\Tasks\ParetoLogic Update Version3 Startup Task => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: {308E4C11-2A72-41E4-AC53-C8B6FA87AC00} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {33FDAC60-D19F-46D7-A333-A24D4CD5BBFF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-17] (Adobe Systems Incorporated)
Task: {3A69119B-528A-44C0-A04D-7A499A96E2E9} - System32\Tasks\Opera scheduled Autoupdate 1404474246 => C:\Program Files (x86)\Opera\launcher.exe
Task: {4435AB3B-28AC-40F5-AD15-49846AE4FE06} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-08] (Google Inc.)
Task: {4D715FA2-C427-46FA-A398-801174B00810} - System32\Tasks\{3CBC8D99-3445-4693-A3A6-6D8B7180EE3F} => pcalua.exe -a "D:\Zaidimai\Gelbetojai\Fire Department 3\FireSplash.exe" -d "D:\Zaidimai\Gelbetojai\Fire Department 3"
Task: {53220EB2-C9EC-4435-A34D-ED5273833EBC} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {69F07454-2026-4829-B004-A4C841E70B85} - System32\Tasks\XoftSpy AntiVirus Pro Startup => C:\Program Files (x86)\ParetoLogic\XoftSpy AntiVirus Pro\XoftSpy.exe
Task: {7A08F7BD-2873-4B31-81D7-F0599E64B453} - System32\Tasks\{57C140CE-31A1-4D66-B8EB-FA674F881E33} => pcalua.exe -a F:\INSTALL.EXE -d F:\
Task: {7B95D1C0-A089-470C-846E-26CC9DB58936} - System32\Tasks\{98665353-E255-4C17-BDEC-EEF0DCD0DCAA} => pcalua.exe -a "D:\Zaidimai\Gelbetojai\Fire Department 3\SetupSplash.exe" -d "D:\Zaidimai\Gelbetojai\Fire Department 3"
Task: {A3274A7A-DF67-469C-AC55-EE86AA5C1452} - System32\Tasks\update-S-1-5-21-3346973620-2518307813-930778835-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: {C21849D3-7033-4B67-BB47-7EE3F1E04FF4} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe
Task: {D476DA7B-9938-4DE9-A735-9B18A0A91287} - System32\Tasks\ParetoLogic Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns
Task: {DF75A6F4-E308-4CE6-9DF9-C3472450BA88} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {E6A67923-E226-4A87-94B1-9AF394D93809} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-08] (Google Inc.)
Task: {E90087A9-9BE7-4A1B-AEF9-BB4262846022} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\WSCStub.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d043942c96d3ea.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d090517ae9e44c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bfb3b591882a.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e23287dcdfb.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0efddb6a8f564.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12ec241351e00.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15e81d71b0a54.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1ab8126f07c9e.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RunOW.job => C:\Program Files (x86)\Overwolf\Overwolf.exe
Task: C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)Tweaking.com - Windows Repair)Created By Tweaking.com
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Arturas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\aeea6001c9fdcab9\Click&Clean.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ghgabhipcejejjmhhchfonmamedcbeod
ShortcutWithArgument: C:\Users\Arturas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->                                                                                                              
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-06-16 15:15 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Arturas\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2016-06-16 15:15 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Arturas\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows\system32\msln.exe:53f482b149e4a5ce698414a9ca9f5db4 [282]
AlternateDataStreams: C:\Users\Arturas:Heroes & Generals [38]
AlternateDataStreams: C:\ProgramData\TEMP:466F9D5D [132]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-01-06 22:02 - 2016-06-16 13:59 - 00000008 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3346973620-2518307813-930778835-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Arturas\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254 - 212.59.2.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: eventlog => 2
MSCONFIG\Services: Wecsvc => 3
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{7D5FD8E9-C6F7-43FF-8648-A7C6AF266EC9}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{2FA0345F-8C51-46D9-B079-2A518C28FE5F}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{F72DBB6B-ECAD-45ED-B4F8-048277D78D3B}] => (Allow) C:\Users\Arturas\Downloads\utorrent.exe
FirewallRules: [{1CAC6161-DB74-4DFB-BBAE-0F2FDBFB5C46}] => (Allow) C:\Users\Arturas\Downloads\utorrent.exe
FirewallRules: [{61162329-C406-4CD9-9DFB-7294B701376C}] => (Allow) C:\Program Files (x86)\PCData\minerd.exe
FirewallRules: [{34BFDDC2-D642-43FD-99D3-21997AD0811C}] => (Allow) C:\Program Files (x86)\PCData\minerd.exe
FirewallRules: [TCP Query User{C8D5DEF6-764B-41BA-89B2-AE1A9919ED31}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{1779F148-159B-4174-8191-1E96D03017AE}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{7CB51982-0B70-4BA2-A745-8844314E2508}] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{46AAE5FB-21A8-49A5-8CB7-A9FBB5F5DD19}] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{65BC4D62-AF8D-4A90-85EE-F328B36D6E43}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{601032D9-3DD6-4D97-AFB3-C623EECE1F0D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{486055F6-F499-45CF-BD4E-EB21B7DC12BB}D:\zaidimai\counter-strike 1.6\hl.exe] => (Allow) D:\zaidimai\counter-strike 1.6\hl.exe
FirewallRules: [UDP Query User{B3C8A5CE-1E2A-4147-A360-708983F3B3F2}D:\zaidimai\counter-strike 1.6\hl.exe] => (Allow) D:\zaidimai\counter-strike 1.6\hl.exe
FirewallRules: [{4F85129C-F27C-41A7-A412-CA9C402B7492}] => (Block) D:\zaidimai\counter-strike 1.6\hl.exe
FirewallRules: [{1BACB509-FAC3-462F-AA87-A57DCF8BF6A1}] => (Block) D:\zaidimai\counter-strike 1.6\hl.exe
FirewallRules: [TCP Query User{12A35CF0-15D5-461B-84F6-872BF4A1F375}C:\Program Files (x86)\electronic arts\EADM\Core.exe] => (Block) C:\Program Files (x86)\electronic arts\EADM\Core.exe
FirewallRules: [UDP Query User{A691751E-8478-4BB3-A1F4-D94DD89D880A}C:\Program Files (x86)\electronic arts\EADM\Core.exe] => (Block) C:\Program Files (x86)\electronic arts\EADM\Core.exe
FirewallRules: [{583D5614-C7E9-430E-9B76-464FBA14E5A5}] => (Allow) C:\Users\Arturas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8CE9F5CF-DE08-41A2-B1E9-829D2CCAB6ED}] => (Allow) C:\Users\Arturas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6F65FFC5-DA97-4B93-9217-843785C6FA46}] => (Allow) D:\STEAM\SteamApps\common\America's Army\AAPG\Binaries\AALauncher32.exe
FirewallRules: [{B8BAECAE-3171-41BF-9963-8FE8A6F82B85}] => (Allow) D:\STEAM\SteamApps\common\America's Army\AAPG\Binaries\AALauncher32.exe
FirewallRules: [TCP Query User{C9D90A1F-76E6-4A73-A6E3-31A7611B4CDC}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{B3FB7674-148D-482E-AF5F-2DE4EB194ED7}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{EF0E8777-E893-4A71-AD3D-CCA497F504FB}] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{ED567BF9-73A0-40B3-A3C4-DD3DAAE3C696}] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{B7023A59-06D2-4B96-AA12-72CC35E2E1E7}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C1CE4BCC-8430-42C8-9A5E-79B6F740ABAA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4D4004A6-C0A6-4141-92E2-B819DF35FCC5}] => (Allow) D:\Zaidima\BAC\Binaries\Win32\BatmanAC.exe
FirewallRules: [TCP Query User{2C7BCC18-A7C1-4390-9AC8-454BC725E1A1}D:\zaidimai\bac\binaries\win32\batmanac_o.exe] => (Allow) D:\zaidimai\bac\binaries\win32\batmanac_o.exe
FirewallRules: [UDP Query User{D65400C8-2B1F-4F39-902F-B1BBD6D91992}D:\zaidimai\bac\binaries\win32\batmanac_o.exe] => (Allow) D:\zaidimai\bac\binaries\win32\batmanac_o.exe
FirewallRules: [{58D08D8D-C4F9-41FF-96D8-A2DDC1364307}] => (Allow) D:\STEAM\SteamApps\common\theHunter\launcher\launcher.exe
FirewallRules: [{865EF941-06E7-411E-B7F5-76D2069E63F4}] => (Allow) D:\STEAM\SteamApps\common\theHunter\launcher\launcher.exe
FirewallRules: [{17CCE418-A9E6-4626-8B47-FB1FBD8295A1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CADE52F4-96BF-48E4-9F0F-CFF7871ABFF3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{5B964703-7BF1-46C3-B6FA-189A032DD936}C:\users\arturas\appdata\roaming\utorrent\updates\3.4.2_37754.exe] => (Block) C:\users\arturas\appdata\roaming\utorrent\updates\3.4.2_37754.exe
FirewallRules: [UDP Query User{3B8A4ED8-DE07-445C-A709-975300E913AC}C:\users\arturas\appdata\roaming\utorrent\updates\3.4.2_37754.exe] => (Block) C:\users\arturas\appdata\roaming\utorrent\updates\3.4.2_37754.exe
FirewallRules: [{08B11ABB-DE40-474F-8510-9768A7711203}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A15559CB-550E-483D-88F3-035AD3E7BF02}] => (Allow) D:\STEAM\SteamApps\common\America's Army\AAPG\Binaries\AALauncher32.exe
FirewallRules: [{0D09089A-75E0-436C-9BE3-394268A235DB}] => (Allow) D:\Zaidimai\LOL\lol.launcher.exe
FirewallRules: [{A81A39B3-CE82-41F5-AEA0-439AC31C30F5}] => (Allow) D:\Zaidimai\LOL\lol.launcher.exe
FirewallRules: [{A081B8EA-8537-44CF-AEA3-B0F95F4EB2F2}] => (Allow) D:\Zaidimai\LOL\lol.launcher.exe
FirewallRules: [{1998A3C4-A09D-4A7E-9D92-3AD39F788745}] => (Allow) D:\Zaidimai\LOL\lol.launcher.exe
FirewallRules: [{AFA8E6FF-4071-43B4-81C6-73835190D148}] => (Allow) D:\Zaidimai\LOL\lol.launcher.admin.exe
FirewallRules: [{D34A0E9D-9254-4367-AF72-E4930C61BC29}] => (Allow) D:\Zaidimai\LOL\lol.launcher.admin.exe
FirewallRules: [{8644E635-CDBF-439E-90FC-6C394FB00BCD}] => (Allow) D:\Zaidimai\LOL\lol.launcher.admin.exe
FirewallRules: [{C4869802-B84F-4731-B26C-369DEA0E2A6A}] => (Allow) D:\Zaidimai\LOL\lol.launcher.admin.exe
FirewallRules: [TCP Query User{441E2A28-E093-4EA8-8B03-D31EC8227286}D:\zaidimai\counter-strike\hl.exe] => (Allow) D:\zaidimai\counter-strike\hl.exe
FirewallRules: [UDP Query User{56BD0847-F5DB-4573-A743-08960AA784C6}D:\zaidimai\counter-strike\hl.exe] => (Allow) D:\zaidimai\counter-strike\hl.exe
FirewallRules: [{855E15A0-B26A-4EFE-AFB8-3C61948618EE}] => (Block) D:\zaidimai\counter-strike\hl.exe
FirewallRules: [{3676E419-FA38-45BC-BFC4-EBBFF7939278}] => (Block) D:\zaidimai\counter-strike\hl.exe
FirewallRules: [TCP Query User{25CF3FD1-D1D0-4A2D-98E4-DA44EE29A5B2}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [UDP Query User{6C185B93-A61D-42E0-8D39-1AAD9E3D9D5A}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{82D30A07-632B-4D61-B47B-DF5624358652}] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{C32E16E0-1958-4659-B065-C72DE8583014}] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [TCP Query User{53336A1B-0B62-4802-BABA-1FB2F8B38FBF}D:\zaidimai\counter - strike 1.6\hl.exe] => (Allow) D:\zaidimai\counter - strike 1.6\hl.exe
FirewallRules: [UDP Query User{BF0FAD6D-93EA-409D-9508-E8CCF483C8B1}D:\zaidimai\counter - strike 1.6\hl.exe] => (Allow) D:\zaidimai\counter - strike 1.6\hl.exe
FirewallRules: [{2D528806-DDCB-483C-90B2-A17348ABD61C}] => (Block) D:\zaidimai\counter - strike 1.6\hl.exe
FirewallRules: [{566532C1-6365-4DE3-8771-DC3FE407330A}] => (Block) D:\zaidimai\counter - strike 1.6\hl.exe
FirewallRules: [TCP Query User{0812CA42-C934-47AD-A915-5E8AB3F68505}D:\terraria server\terrariaserver.exe] => (Allow) D:\terraria server\terrariaserver.exe
FirewallRules: [UDP Query User{5B390DA4-28C4-4F8F-BAE1-AC4B8AD67DFB}D:\terraria server\terrariaserver.exe] => (Allow) D:\terraria server\terrariaserver.exe
FirewallRules: [{6ED8BA55-D311-46B3-B686-9405ECED08EA}] => (Allow) D:\terraria server\terrariaserver.exe
FirewallRules: [{1936A7AF-CDCE-4809-9E63-AC613825DC25}] => (Allow) D:\terraria server\terrariaserver.exe
FirewallRules: [TCP Query User{792AEAAB-63ED-4D74-9436-B883B7560696}D:\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) D:\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{929F52F1-FDB0-4C06-AA19-36D5CC9126D5}D:\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) D:\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{64B2959F-263F-4D3A-B1C8-543C690A2B2C}] => (Allow) D:\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{58E2253A-38A5-4D5C-BB1D-BC0F6EDEFCD8}] => (Allow) D:\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [TCP Query User{3E715EBE-41BF-476B-9667-F554E353E333}D:\zaidimai\serious sam classic tfe\bin\serioussam.exe] => (Allow) D:\zaidimai\serious sam classic tfe\bin\serioussam.exe
FirewallRules: [UDP Query User{C429A0FB-E4FC-4ED7-9B0F-4A95DFD5446B}D:\zaidimai\serious sam classic tfe\bin\serioussam.exe] => (Allow) D:\zaidimai\serious sam classic tfe\bin\serioussam.exe
FirewallRules: [{CD9880CF-3B42-4A00-A5D1-F72F040C423F}] => (Block) D:\zaidimai\serious sam classic tfe\bin\serioussam.exe
FirewallRules: [{6D12A402-B1B6-48C6-B6FE-89202FF84903}] => (Block) D:\zaidimai\serious sam classic tfe\bin\serioussam.exe
FirewallRules: [TCP Query User{9C351262-4769-4DB0-A644-083F0C5B4653}D:\zaidimai\grand theft auto iv\gtaiv.exe] => (Allow) D:\zaidimai\grand theft auto iv\gtaiv.exe
FirewallRules: [UDP Query User{0F5B0CC0-C01F-4DF3-8C10-BCC9C4472A84}D:\zaidimai\grand theft auto iv\gtaiv.exe] => (Allow) D:\zaidimai\grand theft auto iv\gtaiv.exe
FirewallRules: [{67BC8398-78CD-4A6E-A4BD-703699A64CE9}] => (Allow) D:\STEAM\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{CAE58AC5-DED0-43BC-85CE-C8D19B08161F}] => (Allow) D:\STEAM\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{24D0403C-E28D-480B-B945-F257ED2C0D87}] => (Allow) D:\STEAM\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{105AF521-BA6D-4E65-98FE-0AA4451674DA}] => (Allow) D:\STEAM\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{7ABDE60C-BDE2-4AA8-A984-8559CB83526F}] => (Allow) D:\STEAM\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{96C6CF8E-09B5-480B-AA09-F2327265438A}] => (Allow) D:\STEAM\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{E8D73BF9-280A-461B-82B1-5EBF03567717}] => (Allow) D:\STEAM\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{A4D559CE-7DA4-43D7-9202-319D0CD49890}] => (Allow) D:\STEAM\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{46F774DC-4483-421D-87A9-736D2F071CAD}] => (Allow) D:\STEAM\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{3F4AFD0E-A7D7-4A82-8CB9-6E9B4D3D014D}] => (Allow) D:\STEAM\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{70FE81D2-EAEC-4104-BC2B-C3A2C3D06F65}] => (Allow) D:\STEAM\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{201398B5-E0C1-4226-8C0D-49057611A2A8}] => (Allow) D:\STEAM\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{EB6600A3-E778-4BB7-AF64-39C3D3EAFEDB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C9879400-BC5F-4722-95FE-837A89573A91}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0641DE1F-E4BF-4CEF-8D19-A1AAD3160BE4}] => (Allow) D:\STEAM\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{A5721586-459F-4D7D-84F7-2159F04DF810}] => (Allow) D:\STEAM\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{62297BCF-DD9D-4584-9DD9-5B3497BF8FD2}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{8CA0CEAE-F85D-4080-A130-C2119C31B3E0}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{EB968B8E-D538-4E96-869D-71F0FCEABAC9}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D3DE2DE7-7121-42EB-87F6-0C00AE25BBB8}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{43EE4893-0506-4272-A465-9056A511C0C5}C:\users\arturas\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe] => (Allow) C:\users\arturas\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe
FirewallRules: [UDP Query User{CF5B588F-0B17-4597-A484-C833C6A9682C}C:\users\arturas\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe] => (Allow) C:\users\arturas\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe
FirewallRules: [{626AA8CF-7DB4-4580-B188-2DDDA1C2E01C}] => (Block) C:\users\arturas\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe
FirewallRules: [{A3D62FA5-8841-431F-A0DD-1FDD6229AF1B}] => (Block) C:\users\arturas\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe
FirewallRules: [{8E25777D-8864-4112-A3BD-C8256D22D62E}] => (Allow) D:\STEAM\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{A7A1C73C-2D82-4F1B-A6A9-3A75A3A87635}] => (Allow) D:\STEAM\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{DA3718A1-22D6-4A36-A83C-D055ADBBF354}] => (Allow) D:\STEAM\SteamApps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{9D1FA3B6-04A2-4103-9BAA-A49C817C3FE5}] => (Allow) D:\STEAM\SteamApps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{A9F6CDD4-41D8-49A9-95E7-6E8187A3E1EC}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [{33035FD1-CCBD-44A2-8648-2D646BD4F1E9}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [{37CE8327-0CC5-464E-BA9E-A2E541756F39}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [{6BAB313D-BA2F-4155-A3CC-F42FD629E3CE}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [{A9AC5CB4-A9CB-487E-A673-6C67B0C32DA4}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{4DEA8DC6-1EBD-4EC3-97BC-795E525B8637}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{C2D436EB-4A20-4F2D-A420-9E47C02897E6}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{F29F6B2E-B6DB-4A20-BD60-D45D0665482D}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{E1F3915F-38CF-43DB-B11E-6E32A153D0A5}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{589F33A9-8FAE-4BCC-8D83-23CE46DAAFF8}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{1AC1A71D-B95F-41A3-949E-3A7AF6BB269E}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{5CBAF580-357D-49D3-AA3F-C36ED1051434}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{B576996D-9884-4E27-AECD-720830D4979E}] => (Allow) C:\Users\Arturas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3B50DA21-CB00-41A5-A627-04384A06D2EC}] => (Allow) C:\Users\Arturas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B7D9E509-4817-46E7-9C73-0D172AF80590}] => (Allow) C:\Users\Arturas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{82E2A2DF-9CCD-4EF8-8D7C-6BF77BC8264D}] => (Allow) C:\Users\Arturas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{17E25F20-D63A-4B3F-906A-677DE286C9D0}] => (Allow) C:\Users\Arturas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{41B7B066-D8FC-4351-9237-27E254DB89EF}] => (Allow) C:\Users\Arturas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{14108A33-F223-44C7-A375-F8778C63E62F}] => (Allow) C:\Users\Arturas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{39921438-0426-40BB-8FE9-DCE6176B9165}] => (Allow) C:\Users\Arturas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F8A5ABAE-1007-42A8-8BA9-39D35B6F22D2}] => (Allow) D:\Zaidimai\Fire Department 3\FireSplash.exe
FirewallRules: [{7F59A2F7-D881-4876-9602-A21007D812D4}] => (Allow) D:\Zaidimai\Fire Department 3\FireSplash.exe
FirewallRules: [{CA8F8C35-2C57-4F9E-BE69-D6DF2980075A}] => (Allow) D:\Zaidimai\Fire Department 3\FireSplash.exe
FirewallRules: [{ED680666-541D-4443-8AEE-7B8A71DBB535}] => (Allow) D:\Zaidimai\Fire Department 3\FireSplash.exe
FirewallRules: [{DE17BE80-548E-4795-A55F-FE3AE21EBF9D}] => (Allow) D:\Zaidimai\Gelbetojai\Fire Department 3\FireSplash.exe
FirewallRules: [{396AD374-CA81-42B6-AE07-06526697F3C4}] => (Allow) D:\Zaidimai\Gelbetojai\Fire Department 3\FireSplash.exe
FirewallRules: [{4C34D627-ADBF-433D-962D-46AE1A62C85A}] => (Allow) D:\Zaidimai\Gelbetojai\Fire Department 3\FireSplash.exe
FirewallRules: [{67321734-D772-478E-A506-0CD72744B663}] => (Allow) D:\Zaidimai\Gelbetojai\Fire Department 3\FireSplash.exe
FirewallRules: [{07B1DDFA-B38D-4F2B-8573-7A0F5E878E5E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{6415084A-A6DB-46FF-9BF6-9F95D28C599C}D:\steam\steamapps\common\sven co-op\svends.exe] => (Allow) D:\steam\steamapps\common\sven co-op\svends.exe
FirewallRules: [UDP Query User{A6B75922-37A5-4BAB-8FF1-21D05B958431}D:\steam\steamapps\common\sven co-op\svends.exe] => (Allow) D:\steam\steamapps\common\sven co-op\svends.exe
FirewallRules: [{2FBE8E63-B29B-45C6-AC8C-EFC81CFCA70E}] => (Block) D:\steam\steamapps\common\sven co-op\svends.exe
FirewallRules: [{4F3DEC1D-AC99-4620-BF64-6AA16F26572B}] => (Block) D:\steam\steamapps\common\sven co-op\svends.exe
FirewallRules: [{BDAA72AB-0C72-4472-89BD-8F58D5D39B8C}] => (Allow) D:\Zaidimai\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{C865675B-8DF2-4251-9D8E-AEE24E8E8825}] => (Allow) D:\Zaidimai\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{CF1006AC-9955-4A29-AE94-8A09BE0D8429}] => (Allow) D:\STEAM\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{FCA2A56C-FCF9-4B80-BE16-3DDE2D4F173F}] => (Allow) D:\STEAM\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{68DA430F-FD0C-4326-ACE5-0EAA5FA1D9B0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{46646A51-2D48-4101-9F58-85C0111DF436}] => (Allow) D:\STEAM\SteamApps\common\Bully Scholarship Edition\Bully.exe
FirewallRules: [{F248ADEF-A58E-414C-8E4D-379375652160}] => (Allow) D:\STEAM\SteamApps\common\Bully Scholarship Edition\Bully.exe
FirewallRules: [TCP Query User{C423728C-EE78-4F85-A7BB-A1226FB9F8EF}D:\zaidimai\saints row the third\saintsrowthethird_dx11.exe] => (Allow) D:\zaidimai\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [UDP Query User{A4DDEDB8-F6E6-42C6-91C2-D26F5AD22B1A}D:\zaidimai\saints row the third\saintsrowthethird_dx11.exe] => (Allow) D:\zaidimai\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [{64A4071B-86E4-4602-B41D-771EC78D4A21}] => (Allow) D:\zaidimai\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [{6E135361-C723-4EF1-8792-414915B2FA16}] => (Allow) D:\zaidimai\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [TCP Query User{4EEC4FA6-36E6-4EA8-9825-0A3EDE169182}D:\zaidimai\saints row the third\saints row the third\saintsrowthethird_dx11.exe] => (Allow) D:\zaidimai\saints row the third\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [UDP Query User{85341D4B-4AD7-4D5D-A7B9-E12EDCCC1973}D:\zaidimai\saints row the third\saints row the third\saintsrowthethird_dx11.exe] => (Allow) D:\zaidimai\saints row the third\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [{0762AA55-9E20-48C3-A53F-9F194DC18438}] => (Allow) D:\zaidimai\saints row the third\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [{F01376E6-BAAC-4A3A-8964-95D47CBAB0D7}] => (Allow) D:\zaidimai\saints row the third\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [TCP Query User{B99E98AD-0602-4182-B1BF-670B0C17B0B2}D:\zaidimai\saints row the third\saints row the third\saintsrowthethird.exe] => (Allow) D:\zaidimai\saints row the third\saints row the third\saintsrowthethird.exe
FirewallRules: [UDP Query User{FE1B3DA9-FB21-458E-9F9F-B2F8D1693779}D:\zaidimai\saints row the third\saints row the third\saintsrowthethird.exe] => (Allow) D:\zaidimai\saints row the third\saints row the third\saintsrowthethird.exe
FirewallRules: [{F0BA3690-D519-4694-BD14-F4300958D8D5}] => (Block) D:\zaidimai\saints row the third\saints row the third\saintsrowthethird.exe
FirewallRules: [{AEC32CAD-F9AE-4F98-A2E3-B5F24FD70D19}] => (Block) D:\zaidimai\saints row the third\saints row the third\saintsrowthethird.exe
 
==================== Restore Points =========================
 
16-06-2016 19:03:50 Installed DirectX
16-06-2016 20:38:13 Removed Windows Live ID Sign-in Assistant
16-06-2016 20:44:19 Removed Vegas Pro 13.0 (64-bit)
16-06-2016 21:48:38 Removed Windows Live ID Sign-in Assistant
17-06-2016 17:41:33 Removed Windows Live ID Sign-in Assistant
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/17/2016 12:45:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Skype.exe, version: 7.24.85.104, time stamp: 0x573b743c
Faulting module name: winspool.drv, version: 6.1.7601.17514, time stamp: 0x4ce7ba4b
Exception code: 0xc0000005
Fault offset: 0x00004952
Faulting process id: 0x6b0
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3
 
Error: (06/17/2016 10:21:49 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
 
Error: (06/17/2016 10:21:48 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
 
Error: (06/17/2016 10:15:41 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: Arturas-PC)
Description: Installing the performance counter strings for service .NET CLR Networking 4.0.0.0 () failed. The first DWORD in the Data section contains the error code.
 
Error: (06/17/2016 10:15:41 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: Arturas-PC)
Description: Installing the performance counter strings for service .NET Data Provider for Oracle () failed. The first DWORD in the Data section contains the error code.
 
Error: (06/17/2016 10:15:33 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: Arturas-PC)
Description: Installing the performance counter strings for service <Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-LoadPerf' Guid='{122ee297-bb47-41ae-b265-1ca8d1886d40}'/><EventID>3009</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2016-06-17T07:15:33.755862700Z'/><EventRecordID>13823</EventRecordID><Correlation/><Execution ProcessID='1188' ThreadID='2700'/><Channel>Application</Channel><Computer>Arturas-PC</Computer><Security UserID='S-1-5-21-3346973620-2518307813-930778835-1000'/></System><ProcessingErrorData><ErrorCode>15005</ErrorCode><DataItemName>BinaryData</DataItemName><EventPayload>6100730070006E00650074005F007300740061007400650000000800000017070000E4120000</EventPayload></ProcessingErrorData></Event> (%2) failed. The first DWORD in the Data section contains the error code.
 
Error: (08/05/2014 05:06:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GTAIV.exe, version: 1.0.0.0, time stamp: 0x49189a0c
Faulting module name: ScriptHook.dll_unloaded, version: 0.0.0.0, time stamp: 0x4c00493c
Exception code: 0xc0000005
Fault offset: 0x74297001
Faulting process id: 0xa68
Faulting application start time: 0xGTAIV.exe0
Faulting application path: GTAIV.exe1
Faulting module path: GTAIV.exe2
Report Id: GTAIV.exe3
 
Error: (08/05/2014 05:06:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GTAIV.exe, version: 1.0.0.0, time stamp: 0x49189a0c
Faulting module name: ScriptHook.dll_unloaded, version: 0.0.0.0, time stamp: 0x4c00493c
Exception code: 0xc0000005
Fault offset: 0x74297001
Faulting process id: 0x1538
Faulting application start time: 0xGTAIV.exe0
Faulting application path: GTAIV.exe1
Faulting module path: GTAIV.exe2
Report Id: GTAIV.exe3
 
Error: (08/05/2014 09:44:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/03/2014 10:58:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (06/17/2016 08:18:23 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.223.1737.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.9.0218.00
 
Source Path: 4.9.0218.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (06/17/2016 08:18:23 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error: (06/17/2016 08:08:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
%%1068 = The dependency service or group failed to start.
 
 
Error: (06/17/2016 08:08:39 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (06/17/2016 08:08:39 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (06/17/2016 08:08:35 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (06/17/2016 08:08:35 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084LMIGuardianSvc{D4258A22-CF85-489D-83AE-49FCD0DFAD29}
 
Error: (06/17/2016 08:08:26 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
AppleCharger
ccSet_NST
discache
MpFilter
sfdrv01a
sfsync04
spldr
UsbCharger
Wanarpv6
 
Error: (06/17/2016 08:08:26 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084LMIGuardianSvc{D4258A22-CF85-489D-83AE-49FCD0DFAD29}
 
Error: (06/17/2016 08:08:26 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
 
 
CodeIntegrity:
===================================
  Date: 2014-07-01 14:18:42.352
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-01 14:18:42.312
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-4130 CPU @ 3.40GHz
Percentage of memory in use: 65%
Total physical RAM: 1499.61 MB
Available physical RAM: 512.52 MB
Total Virtual: 2999.22 MB
Available Virtual: 2043.04 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:488.18 GB) (Free:287.53 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:443.23 GB) (Free:405.02 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A78426C9)
Partition 1: (Active) - (Size=488.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=443.2 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

Edited by Immortalproject, 17 June 2016 - 01:12 PM.


BC AdBot (Login to Remove)

 


#2 RayS

RayS

  • Malware Response Team
  • 2,434 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:57 AM

Posted 17 June 2016 - 12:29 PM

Hello immortalproject,

My name is Ray and I'll be assisting you with your issue. Please give me about a day to review your logs and prepare a reply. Since I'm still a trainee, all my posts have to be reviewed by my instructor prior to being posted to make sure that you receive the best assistance possible.

Thank you for your understanding, I'll be with you shortly!

RayS


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#3 Immortalproject

Immortalproject
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:57 AM

Posted 17 June 2016 - 12:39 PM

Superb, thanks!



#4 RayS

RayS

  • Malware Response Team
  • 2,434 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:57 AM

Posted 19 June 2016 - 02:37 AM

Hi Arthur,


Hello Arthur, and welcome to Bleeping Computer.

My name is Ray, and I will be helping you with your computer problem.

  • Please do not attach any log files to your replies unless specifically requested. Instead, please copy and paste the entire text of the logs into the body of your reply. Use separate consecutive posts if that's easier for you.
  • Please do not try to fix anything without being asked.
  • Always read my entire message before you begin to follow my instructions.
  • It may be helpful for you to print my instructions for easy reference.
  • Perform my instructions in the order as given.
  • Any fixes I provide are for this specific problem on this machine only.
  • Removing malware is hazardous. I will not knowingly advise actions that will damage your computer, but it is impossible to guarantee the safety of your system. It may even become necessary to re-format and re-install your operating system. Before we proceed, you should back up all your data -- preferably to a different computer or to off-line storage.

 

 

uTorrent Warning

Going over your logs, I noticed that you have uTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and trojans spread across P2P file sharing networks, gaming, and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however, that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned. Please let me know whether you will refrain from using uTorrent or will delete it.


 
Proxy server in use?

 

Some of the restrictions on your use of Microsoft Internet Explorer (MSIE) may have been set by a proxy server. Please tell me whether you are intentionally using a proxy server. If not, I will remove the restrictions in my next post.

 

 

Possible unwanted files and folders

Do you recognize C:\Windows\SysWOW64\WSCConfig.xml which was created on your PC on 2016-06-17 at 11:33 a.m.? If not, please submit this file to VirusTotal using the steps below.

Do you recognize the C:\Program Files (x86)\Skillbrains folder or any LightShot files that may be within it? If not, I'll delete the Skillbrains folder and all its contents in my next post.

 
Submit a file to VirusTotal.com

C:\Windows\SysWOW64\WSCConfig.xml may or may not be legitimate. Please submit it to VirusTotal for an online scan:

  • Please visit https://www.virustotal.com/.
  • Click the File tab.
  • Click Choose File.
  • Use the File Upload window to navigate to C:\Windows\SysWOW64\WSCConfig.xml on your local PC and click Open.
  • Click the Scan it! button on the VirusTotal website.
  • If a File already analyzed window pops up, click Reanalyze.
  • After a short time, the analysis will be presented on a web page.
  • Please copy the URL of that page (https:// etc.) and paste it into your reply to me.



 
 
Let's run FRST in FIX mode

Save your work and exit all programs because Farbar Recovery Scan Tool will reboot your computer.

Press the Windows key Windows_Logo_key.gif+ R on your keyboard at the same time. This will open the Run dialog box.
Type Notepad into the Run box and click OK.
Please copy and paste the entire contents of the code box below into a new file.
CloseProcesses:
EmptyTemp:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll => No File
Toolbar: HKU\S-1-5-21-3346973620-2518307813-930778835-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-3346973620-2518307813-930778835-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
2016-06-17 10:20 - 2014-03-08 17:23 - 00001230 __RSH C:\ProgramData\ntuser.pol
2016-06-16 20:47 - 2015-01-10 00:19 - 00014022 _____ C:\Windows\system32\--traceoff
2016-06-08 00:22 - 2014-02-20 17:49 - 03518522 ____H C:\Users\Arturas\AppData\Local\IconCache.db.backup
CustomCLSID: HKU\S-1-5-21-3346973620-2518307813-930778835-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Arturas\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
AlternateDataStreams: C:\Windows\system32\msln.exe:53f482b149e4a5ce698414a9ca9f5db4 [282]
On the Notepad menu, click Format and remove the checkmark from Word Wrap.
Save the file as fixlist.txt into the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST64.exe and click Fix only once and wait until the program completes execution.

Allow the computer to boot into Normal mode if possible.

The tool will create a log (Fixlog.txt). Please post it into your reply.
 
 

Let's try Normal mode

If your PC runs at normal speed without freezes, accomplish the next steps in Normal mode. Otherwise, boot into Safe Mode with Networking and continue.
 


Scan again with FRST

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Place a checkmark in the Addition.txt box.
  • Press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste both logs into your next reply.

 

 

Scan with AdwCleaner

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click I agree.
  • Click Scan.
  • AdwCleaner will begin... be patient as the scan may take some time to complete.
  • Copy and paste the contents of the logfile into your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when the tool was run.

 

 

In your next reply...

  • Confirm that you have backed up all your important files.
  • Tell me whether you have deleted uTorrent or will refrain from using it until this topic is closed.
  • Tell me whether you regularly use a proxy server.
  • Do you recognize C:\Windows\SysWOW64\WSCConfig.xml? If not, send me the address of the VirusTotal scan.
  • Do you recognize the C:\Program Files (x86)\Skillbrains folder or any LightShot files that may be within it?
  • Copy and paste the entire contents of Fixlog.txt into the body of your message.
  • Copy and paste the entire contents of the AdwCleaner log into the body of your message.
  • Describe encountered problems (if any) and include any other symptoms you may have discovered.

Thank you,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#5 Immortalproject

Immortalproject
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:57 AM

Posted 19 June 2016 - 07:55 AM

Hi Ray,

 

Thanks for your help!

 

I backed up all my important files to a different computer.

I deleted uTorrent from my computer.

About Proxy server, i don't actually know what proxy server is, or what you do with it :(

No, i don't seem to recognize neither C:\Windows\SysWOW64\WSCConfig.xml nor  C:\Program Files (x86)\Skillbrains folder or any LightShot files within it, here's the analysis URL for the WSCConfig.xml file: https://www.virustotal.com/en/file/c329d17049638149848dbca75d87b54368c6a04d9010fca38ae73f16d7b78450/analysis/1466333873/

 
Fixlog.txt
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 19-06-2016
Ran by Arturas (2016-06-19 14:04:09) Run:1
Running from C:\Users\Arturas\Downloads
Loaded Profiles: Arturas (Available Profiles: Arturas)
Boot Mode: Safe Mode (with Networking)
==============================================
 
fixlist content:
*****************
CloseProcesses:
EmptyTemp:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll => No File
Toolbar: HKU\S-1-5-21-3346973620-2518307813-930778835-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-3346973620-2518307813-930778835-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
2016-06-17 10:20 - 2014-03-08 17:23 - 00001230 __RSH C:\ProgramData\ntuser.pol
2016-06-16 20:47 - 2015-01-10 00:19 - 00014022 _____ C:\Windows\system32\--traceoff
2016-06-08 00:22 - 2014-02-20 17:49 - 03518522 ____H C:\Users\Arturas\AppData\Local\IconCache.db.backup
CustomCLSID: HKU\S-1-5-21-3346973620-2518307813-930778835-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Arturas\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
AlternateDataStreams: C:\Windows\system32\msln.exe:53f482b149e4a5ce698414a9ca9f5db4 [282]
*****************
 
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay" => key removed successfully
HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => key not found. 
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"C:\Windows\system32\GroupPolicy\Machine" => not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" => key removed successfully
"HKCR\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" => key removed successfully
HKU\S-1-5-21-3346973620-2518307813-930778835-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully
"HKU\S-1-5-21-3346973620-2518307813-930778835-1000\Software\MozillaPlugins\ubisoft.com/uplaypc" => key removed successfully
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll => not found.
C:\ProgramData\ntuser.pol => moved successfully
C:\Windows\system32\--traceoff => moved successfully
C:\Users\Arturas\AppData\Local\IconCache.db.backup => moved successfully
"HKU\S-1-5-21-3346973620-2518307813-930778835-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}" => key removed successfully
C:\Windows\system32\msln.exe => ":53f482b149e4a5ce698414a9ca9f5db4" ADS removed successfully.
 
=========== EmptyTemp: ==========
BITS transfer queue => 0 bytes
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15842683 bytes
Java, Flash, Steam htmlcache => 378006257 bytes
Windows/system/drivers => 1676804756 bytes
Edge => 0 bytes
Chrome => 132057233 bytes
Firefox => 372976844 bytes
Opera => 0 bytes
 
Temp, IE cache, history, cookies, recent:
Default => 66228 bytes
Public => 0 bytes
ProgramData => 0 bytes
systemprofile => 43302710 bytes
systemprofile32 => 800581 bytes
LocalService => 66228 bytes
NetworkService => 56207796 bytes
Arturas => 126243000 bytes
 
RecycleBin => 32366760 bytes
EmptyTemp: => 2.6 GB temporary data Removed.
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 14:06:56 ====
 
FRST.txt
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-06-2016
Ran by Arturas (administrator) on MAGNUM-PC (19-06-2016 15:02:10)
Running from C:\Users\Arturas\Downloads
Loaded Profiles: Arturas (Available Profiles: Arturas)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13423688 2013-02-26] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [NCUpdateHelper] => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-06-08] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3346973620-2518307813-930778835-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-3346973620-2518307813-930778835-1000\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-3346973620-2518307813-930778835-1000\...\Run: [RGSC] => D:\Zaidimai\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-3346973620-2518307813-930778835-1000\...\Run: [Remote Mouse] => C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
HKU\S-1-5-21-3346973620-2518307813-930778835-1000\...\Run: [iFunBox Fast App Install Handler] => C:\Program Files (x86)\i-Funbox DevTeam\iFunBox.exe /tray
HKU\S-1-5-21-3346973620-2518307813-930778835-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-3346973620-2518307813-930778835-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53130368 2016-05-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3346973620-2518307813-930778835-1000\...\MountPoints2: {4ac85e19-22f3-11e4-9a2c-94de80ceba61} - G:\LG_PC_Programs.exe
HKU\S-1-5-21-3346973620-2518307813-930778835-1000\...\MountPoints2: {928034a8-9a8e-11e3-8dbc-806e6f6e6963} - E:\Run.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk [2014-02-20]
ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (GIGABYTE Technology Co.,Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2016-03-28]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{5C582B4F-DFCC-4D12-B1CA-2A2686F4123D}: [DhcpNameServer] 192.168.1.254 212.59.2.2
Tcpip\..\Interfaces\{CAD4F9EB-58FF-486B-AC42-2610DC23A669}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{F993626E-4763-4027-A292-0E68789D7546}: [DhcpNameServer] 192.168.1.254 212.59.2.2
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3346973620-2518307813-930778835-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3346973620-2518307813-930778835-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3346973620-2518307813-930778835-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKU\S-1-5-21-3346973620-2518307813-930778835-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3346973620-2518307813-930778835-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3346973620-2518307813-930778835-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-17] (Oracle Corporation)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-17] (Oracle Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3346973620-2518307813-930778835-1000 -> Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Users\Arturas\AppData\Roaming\Mozilla\Firefox\Profiles\84s6b0sp.default
FF Homepage: www.google.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-17] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-17] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-04-11] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-04-11] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-3346973620-2518307813-930778835-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Arturas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-11] (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Arturas\AppData\Roaming\Mozilla\Firefox\Profiles\84s6b0sp.default\searchplugins\yandex-avast.xml [2015-07-14]
FF Extension: One Click Proxy - C:\Users\Arturas\AppData\Roaming\Mozilla\Firefox\Profiles\84s6b0sp.default\Extensions\jid0-zXo3XFGyiDalgkeEO4UYJTUwo2I@jetpack.xpi [2015-08-26]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.11.42\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.11.42\coFFPlgn [2016-06-19]
 
Chrome: 
=======
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\Arturas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Arturas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-13]
CHR Extension: (Google Docs) - C:\Users\Arturas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-13]
CHR Extension: (Google Drive) - C:\Users\Arturas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (Adguard AdBlocker) - C:\Users\Arturas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2016-06-09]
CHR Extension: (YouTube) - C:\Users\Arturas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Arturas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\Arturas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-13]
CHR Extension: (Google Docs Offline) - C:\Users\Arturas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Click&Clean) - C:\Users\Arturas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2016-04-28]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Arturas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-06-11]
CHR Extension: (Norton Identity Safe) - C:\Users\Arturas\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-08-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Arturas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Arturas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-13]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-06-27]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-06-27]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [182304 2014-11-24] (EasyAntiCheat Ltd)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2015-01-12] (Hi-Rez Studios) [File not signed]
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-04-11] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [419248 2016-06-07] (LogMeIn, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe [131144 2015-03-05] (Symantec Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5132656 2013-11-25] (INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-12-25] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 SBAMSvc; "C:\Program Files (x86)\ParetoLogic\XoftSpy AntiVirus Pro\SBAMSvc.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21584 2013-02-19] ()
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-02-20] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-04-30] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S3 NPF; C:\Windows\SysWOW64\drivers\npf.sys [42512 2015-03-23] (CACE Technologies)
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1362576 2012-09-24] (Realtek Semiconductor Corporation                           )
S0 sfdrv01a; C:\Windows\System32\drivers\sfdrv01a.sys [77688 2006-07-05] (Protection Technology (StarForce))
S0 sfsync04; C:\Windows\System32\drivers\sfsync04.sys [77696 2006-06-14] (Protection Technology (StarForce))
R3 ssdevfactory; C:\Windows\System32\DRIVERS\ssdevfactory.sys [40576 2016-03-09] (SteelSeries ApS)
R3 sshid; C:\Windows\System32\DRIVERS\sshid.sys [51400 2016-02-02] (SteelSeries ApS)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-06-16] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [21584 2013-05-06] ()
S3 athur; system32\DRIVERS\athurx.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-19 15:02 - 2016-06-19 15:03 - 00022115 _____ C:\Users\Arturas\Downloads\FRST.txt
2016-06-19 14:08 - 2016-06-19 14:08 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-06-19 14:04 - 2016-06-19 14:06 - 00005306 _____ C:\Users\Arturas\Downloads\Fixlog.txt
2016-06-19 13:54 - 2016-06-19 14:03 - 00000468 _____ C:\Users\Arturas\Desktop\New Text Document.txt
2016-06-19 13:46 - 2016-06-19 13:46 - 00000000 ____D C:\Users\Arturas\Downloads\FRST-OlderVersion
2016-06-18 20:38 - 2016-06-18 20:39 - 00000000 _____ C:\Users\Arturas\AppData\Local\{3979F806-D876-44FF-9247-8DEB568BD4BD}
2016-06-17 20:52 - 2016-06-19 15:02 - 00000000 ____D C:\FRST
2016-06-17 20:52 - 2016-06-19 13:46 - 02387456 _____ (Farbar) C:\Users\Arturas\Downloads\FRST64.exe
2016-06-17 18:23 - 2016-06-17 18:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2016-06-17 18:23 - 2016-06-17 18:23 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2016-06-17 18:20 - 2016-06-17 18:20 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Arturas\Downloads\cbSetup.exe
2016-06-17 16:31 - 2016-06-17 16:31 - 00026355 _____ C:\Users\Arturas\Downloads\dds.txt
2016-06-17 11:33 - 2016-06-17 11:33 - 00000438 _____ C:\Windows\SysWOW64\WSCConfig.xml
2016-06-17 11:04 - 2016-06-17 11:04 - 00003136 _____ C:\Windows\System32\Tasks\ParetoLogic Registration3
2016-06-17 10:59 - 2016-06-17 10:59 - 00003260 _____ C:\Windows\System32\Tasks\ParetoLogic Update Version3
2016-06-17 10:59 - 2016-06-17 10:59 - 00002928 _____ C:\Windows\System32\Tasks\ParetoLogic Update Version3 Startup Task
2016-06-17 10:59 - 2016-06-17 10:59 - 00002758 _____ C:\Windows\System32\Tasks\XoftSpy AntiVirus Pro Startup
2016-06-17 10:58 - 2016-06-17 16:26 - 00000000 ____D C:\ProgramData\ParetoLogic
2016-06-17 10:58 - 2012-09-20 05:11 - 00258848 _____ (GFI Software) C:\Windows\system32\Drivers\SbFw.sys
2016-06-17 10:58 - 2012-09-20 05:11 - 00061216 _____ (GFI Software) C:\Windows\system32\Drivers\sbhips.sys
2016-06-17 10:58 - 2012-09-12 20:19 - 00120064 _____ (GFI Software) C:\Windows\system32\Drivers\SbFwIm.sys
2016-06-17 10:43 - 2016-06-17 10:43 - 00000000 ____D C:\Windows\System32\Tasks\Norton Identity Safe
2016-06-17 00:11 - 2016-06-17 09:03 - 00359466 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2016-06-17 00:11 - 2016-06-17 09:03 - 00000574 _____ C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job
2016-06-17 00:11 - 2016-06-17 00:11 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-06-17 00:05 - 2016-06-17 00:05 - 01610816 _____ (Malwarebytes) C:\Users\Arturas\Downloads\JRT.exe
2016-06-16 23:41 - 2016-06-16 23:41 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-06-16 23:40 - 2016-06-17 00:04 - 00000000 ____D C:\ProgramData\RogueKiller
2016-06-16 23:18 - 2016-06-16 23:29 - 00000000 ____D C:\AdwCleaner
2016-06-16 23:18 - 2016-06-16 23:18 - 03703360 _____ C:\Users\Arturas\Downloads\AdwCleaner.exe
2016-06-16 18:01 - 2016-06-16 18:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-16 17:38 - 2016-06-16 23:15 - 00002243 _____ C:\Windows\epplauncher.mif
2016-06-16 17:37 - 2016-06-16 17:37 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-06-16 17:37 - 2016-06-16 17:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-06-16 17:36 - 2016-06-16 17:38 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-06-16 14:54 - 2016-06-19 14:56 - 00607040 _____ C:\Windows\ntbtlog.txt
2016-06-13 21:22 - 2016-06-13 21:22 - 00000926 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2016-06-13 21:22 - 2016-06-13 21:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2016-06-13 21:22 - 2016-06-13 21:22 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2016-06-13 18:25 - 2016-06-19 14:58 - 00000000 ____D C:\Users\Arturas\AppData\Roaming\Skype
2016-06-13 18:14 - 2016-06-13 18:14 - 00001100 _____ C:\Users\Arturas\Desktop\Play Saints Row III DirectX 11.lnk
2016-06-13 18:14 - 2016-06-13 18:14 - 00001085 _____ C:\Users\Arturas\Desktop\Play Saints Row III DirectX 9.lnk
2016-06-13 14:09 - 2016-06-13 15:13 - 00000000 ____D C:\Program Files (x86)\Universal Extractor
2016-06-13 12:59 - 2016-06-19 15:00 - 00000000 ____D C:\Users\Arturas\AppData\Local\LogMeIn Hamachi
2016-06-13 12:07 - 2016-06-13 12:07 - 00000000 ____D C:\Windows\pss
2016-06-13 00:55 - 2016-06-13 00:55 - 00000221 _____ C:\Users\Arturas\Desktop\Bully Scholarship Edition.url
2016-06-10 14:46 - 2016-06-11 12:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-08 10:56 - 2016-06-08 10:56 - 00034720 ____H (LogMeIn, Inc.) C:\Windows\system32\Drivers\hamachi.sys
2016-06-07 10:09 - 2016-06-07 10:09 - 00000000 ____D C:\Users\Arturas\AppData\Roaming\Dropbox
2016-06-07 10:08 - 2016-06-08 20:37 - 00000000 ____D C:\Users\Arturas\AppData\Local\Dropbox
2016-06-05 23:20 - 2016-06-05 23:20 - 00000000 ____D C:\Program Files (x86)\Skillbrains
2016-06-05 19:48 - 2016-06-05 19:48 - 00000000 ____D C:\Users\Arturas\AppData\Local\MONO development team
2016-05-27 20:33 - 2016-05-27 20:43 - 00000000 ____D C:\Users\Arturas\AppData\Roaming\PortForward.com
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-19 14:58 - 2015-02-08 14:41 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-19 14:58 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-19 14:21 - 2014-02-21 20:05 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-19 14:19 - 2014-03-20 21:57 - 00706118 _____ C:\Windows\system32\perfh019.dat
2016-06-19 14:19 - 2014-03-20 21:57 - 00144370 _____ C:\Windows\system32\perfc019.dat
2016-06-19 14:19 - 2009-07-14 08:13 - 01631100 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-19 14:19 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf
2016-06-19 14:13 - 2009-07-14 07:45 - 00021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-19 14:13 - 2009-07-14 07:45 - 00021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-19 14:06 - 2014-11-07 20:58 - 00000000 ____D C:\Users\Arturas\AppData\LocalLow\Temp
2016-06-19 14:04 - 2009-07-14 06:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-06-19 14:04 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-06-19 12:46 - 2016-01-29 21:59 - 00000000 ____D C:\Users\Arturas\Desktop\gabijos foto
2016-06-17 20:17 - 2014-02-20 18:14 - 00000000 ____D C:\Users\Arturas\AppData\Local\ElevatedDiagnostics
2016-06-17 17:14 - 2014-04-15 11:19 - 00000000 ____D C:\Program Files (x86)\Steam
2016-06-17 16:50 - 2015-03-20 14:35 - 00000000 ____D C:\Windows\Minidump
2016-06-17 15:45 - 2014-02-20 17:28 - 00000000 ____D C:\Users\Arturas
2016-06-17 14:30 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\rescache
2016-06-17 13:41 - 2014-02-21 20:05 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-06-17 13:40 - 2014-02-21 20:05 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-17 13:40 - 2014-02-21 20:05 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-17 12:50 - 2014-02-20 20:17 - 00000000 ____D C:\Users\Arturas\AppData\Local\CrashDumps
2016-06-17 10:20 - 2014-02-20 17:47 - 00109680 _____ C:\Users\Arturas\AppData\Local\GDIPFONTCACHEV1.DAT
2016-06-17 10:20 - 2009-07-14 07:45 - 05074120 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-17 10:18 - 2010-11-21 10:16 - 00000000 ____D C:\Windows\CSC
2016-06-17 10:14 - 2009-07-14 05:34 - 00000616 _____ C:\Windows\win.ini
2016-06-16 23:20 - 2015-01-12 17:52 - 00000000 ____D C:\Windows\system32\log
2016-06-16 23:15 - 2015-01-09 23:24 - 00000000 ____D C:\Fraps
2016-06-16 23:14 - 2015-05-23 12:54 - 00000000 ____D C:\Program Files\CyberGhost 5
2016-06-16 21:47 - 2015-12-07 15:30 - 00000000 ____D C:\Program Files (x86)\PokerStars.EU
2016-06-16 21:46 - 2015-12-07 15:31 - 00000000 ____D C:\Users\Arturas\AppData\Local\PokerStars.EU
2016-06-16 21:45 - 2014-05-29 17:52 - 00000000 ____D C:\Program Files (x86)\Origin
2016-06-16 21:45 - 2014-03-23 18:40 - 00000000 ____D C:\ProgramData\Origin
2016-06-16 21:26 - 2015-02-04 21:18 - 00000000 ____D C:\ProgramData\Red AdBlocker
2016-06-16 21:26 - 2014-02-20 19:22 - 00000000 ____D C:\Program Files (x86)\PCData
2016-06-16 20:05 - 2014-03-20 23:11 - 00000000 ____D C:\ProgramData\AVAST Software
2016-06-16 17:19 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\Catroot2.old
2016-06-16 14:12 - 2014-06-30 20:09 - 00000000 ____D C:\Program Files (x86)\Audacity
2016-06-16 14:05 - 2015-07-14 18:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCsoft
2016-06-16 14:05 - 2014-02-20 17:37 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-06-13 18:23 - 2014-02-20 18:45 - 00000000 ____D C:\Users\Arturas\AppData\Roaming\Skype_old
2016-06-13 15:03 - 2009-07-14 08:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-06-13 12:27 - 2014-02-20 20:28 - 00000000 ____D C:\Users\Arturas\AppData\Local\SKIDROW
2016-06-13 09:51 - 2014-04-27 22:40 - 00000000 ____D C:\Users\Arturas\Desktop\Dainos
2016-06-12 19:24 - 2015-08-17 12:29 - 00000000 ____D C:\Users\Arturas\AppData\Roaming\.minecraft
2016-06-11 12:27 - 2014-02-21 14:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-10 01:11 - 2016-03-28 18:40 - 00000000 ____D C:\Users\Arturas\AppData\Roaming\steelseries-engine-3-client
2016-06-09 02:30 - 2015-02-08 14:43 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-08 12:23 - 2014-07-04 14:52 - 00000000 ____D C:\Users\Arturas\AppData\Roaming\TeamViewer
2016-06-08 12:23 - 2014-07-04 14:52 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-06-08 10:56 - 2014-05-13 13:08 - 00034720 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2016-06-06 22:45 - 2014-04-20 00:32 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-05 12:16 - 2014-02-20 18:45 - 00000000 ____D C:\ProgramData\Skype
2016-05-27 20:32 - 2014-04-16 21:16 - 00000000 ____D C:\Users\Arturas\AppData\Local\Downloaded Installations
 
==================== Files in the root of some directories =======
 
2014-05-26 23:43 - 2014-05-26 23:43 - 0000046 _____ () C:\Users\Arturas\AppData\Roaming\Camdata.ini
2014-05-26 23:43 - 2014-05-26 23:43 - 0000408 _____ () C:\Users\Arturas\AppData\Roaming\CamLayout.ini
2014-05-26 23:43 - 2014-05-26 23:43 - 0000408 _____ () C:\Users\Arturas\AppData\Roaming\CamShapes.ini
2014-05-26 23:42 - 2014-05-26 23:42 - 0004535 _____ () C:\Users\Arturas\AppData\Roaming\CamStudio.cfg
2014-07-29 11:26 - 2014-07-29 11:27 - 0000012 _____ () C:\Users\Arturas\AppData\Roaming\id.txt
2014-07-13 22:19 - 2014-07-14 13:30 - 0000098 _____ () C:\Users\Arturas\AppData\Roaming\LauncherSettings_live.cfg
2014-10-13 19:25 - 2014-10-13 19:25 - 0008144 _____ () C:\Users\Arturas\AppData\Roaming\TheHunterSettings_live.bin
2014-07-13 22:45 - 2014-10-13 19:22 - 0000040 _____ () C:\Users\Arturas\AppData\Roaming\TheHunterSettings_steam_live.cfg
2014-07-29 11:26 - 2014-07-29 11:27 - 0135274 _____ () C:\Users\Arturas\AppData\Roaming\Uninstall.exe
2014-05-26 23:33 - 2014-05-26 23:33 - 0000096 _____ () C:\Users\Arturas\AppData\Roaming\version2.xml
2014-03-06 23:50 - 2014-03-06 23:50 - 0000095 _____ () C:\Users\Arturas\AppData\Local\fusioncache.dat
2014-08-24 14:42 - 2014-08-24 14:42 - 0000000 ___SH () C:\Users\Arturas\AppData\Local\LumaEmu
2014-04-20 11:04 - 2014-04-20 11:04 - 0003380 _____ () C:\Users\Arturas\AppData\Local\recently-used.xbel
2014-05-17 14:24 - 2014-05-17 14:24 - 0000003 _____ () C:\Users\Arturas\AppData\Local\updater.log
2014-05-17 14:24 - 2014-06-04 13:48 - 0000825 _____ () C:\Users\Arturas\AppData\Local\UserProducts.xml
2016-06-18 20:38 - 2016-06-18 20:39 - 0000000 _____ () C:\Users\Arturas\AppData\Local\{3979F806-D876-44FF-9247-8DEB568BD4BD}
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-06-17 14:10
 
==================== End of FRST.txt ============================
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-06-2016
Ran by Arturas (2016-06-19 15:03:37)
Running from C:\Users\Arturas\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2014-02-20 14:28:44)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3346973620-2518307813-930778835-500 - Administrator - Disabled)
Arturas (S-1-5-21-3346973620-2518307813-930778835-1000 - Administrator - Enabled) => C:\Users\Arturas
ASPNET (S-1-5-21-3346973620-2518307813-930778835-1004 - Limited - Enabled)
Guest (S-1-5-21-3346973620-2518307813-930778835-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.55.1350, 16.06.2014 - AIMP DevTeam)
AMD Catalyst Install Manager (HKLM\...\{AF88A32E-BC54-2AA3-2FC8-D63D86DF4A7A}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Batman: Arkham City™ GOTY (HKLM-x32\...\GFWL_{57520FA0-DF38-46A1-8046-3B1000008500}) (Version: 1.0.0000.133 - WB Games)
Batman: Arkham City™ GOTY (x32 Version: 1.0.0000.133 - WB Games) Hidden
Bully: Scholarship Edition (HKLM\...\Steam App 12200) (Version:  - Rockstar New England)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
EPSON L210 Series Printer Uninstall (HKLM\...\EPSON L210 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson User's Guide L210 Series (HKLM-x32\...\L210 Series Useg) (Version:  - )
GIGABYTE OC_GURU II (HKLM-x32\...\InstallShield_{5588D686-D23B-4C9D-BDFA-2A7875CD3722}) (Version: 1.30.0000 - GIGABYTE Technology Co.,Ltd.)
GIGABYTE OC_GURU II (x32 Version: 1.30.0000 - GIGABYTE Technology Co.,Ltd.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto: Episodes from Liberty City (x32 Version: 1.0.0002.135 - Rockstar Games Inc.) Hidden
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3186 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.472 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.472 - LogMeIn, Inc.) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.11.42 - Symantec Corporation)
NVIDIA PhysX (HKLM-x32\...\{6833245E-DD86-479A-882A-8360D62C8194}) (Version: 9.09.0720 - NVIDIA Corporation)
ON_OFF Charge 2 B13.0506.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.0506.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6519 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6849 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Software Updater (HKLM-x32\...\{C09D747A-BD47-42A9-915E-CEB6B1BB7C11}) (Version: 4.2.7 - SEIKO EPSON CORPORATION) <==== ATTENTION
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SteelSeries DTS Headphone X (HKLM\...\SteelSeries DTS Headphone X) (Version: 1.0.0.2 - SteelSeries)
SteelSeries Engine 3.7.1 (HKLM\...\SteelSeries Engine 3) (Version: 3.7.1 - SteelSeries ApS)
Unity Web Player (HKU\S-1-5-21-3346973620-2518307813-930778835-1000\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Vegas Pro 13.0 (64-bit) (HKLM\...\{CDA02BF0-BFBC-11E3-AFA0-F04DA23A5C58}) (Version: 13.0.290 - Sony)
View User's Guide (HKLM-x32\...\View User Guide) (Version: 3.60.43.0 - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Driver Package - Microsoft (xusb21) XnaComposite  (08/13/2009 2.1.0.1349) (HKLM\...\0AEBEF6F936CFE16E003F7E141631FAB754D9816) (Version: 08/13/2009 2.1.0.1349 - Microsoft)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1823EFB3-27B8-4232-A7F7-78C331E88F38} - System32\Tasks\ParetoLogic Update Version3 => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: {19943922-E4A4-44DD-ACCF-C9E174E7344F} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: {213688DF-908A-4B64-8C62-E889B50103CE} - System32\Tasks\{419B483B-5E6D-4D7D-8904-B423212BCBDB} => pcalua.exe -a C:\Users\Arturas\Downloads\dotnetfx.exe -d C:\Users\Arturas\Downloads
Task: {21AAC881-EF63-4DD3-A0B9-F49DF95463B9} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe
Task: {2F8581D4-DD31-44D5-AC23-3832434B29EC} - System32\Tasks\{EE09277E-C884-421A-8430-B48CAD513E1C} => pcalua.exe -a F:\Installer.exe -d F:\
Task: {3036E9D4-A9DD-4891-9E94-C538DA995D47} - System32\Tasks\ParetoLogic Update Version3 Startup Task => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: {308E4C11-2A72-41E4-AC53-C8B6FA87AC00} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {33FDAC60-D19F-46D7-A333-A24D4CD5BBFF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-17] (Adobe Systems Incorporated)
Task: {3A69119B-528A-44C0-A04D-7A499A96E2E9} - System32\Tasks\Opera scheduled Autoupdate 1404474246 => C:\Program Files (x86)\Opera\launcher.exe
Task: {4435AB3B-28AC-40F5-AD15-49846AE4FE06} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-08] (Google Inc.)
Task: {4D715FA2-C427-46FA-A398-801174B00810} - System32\Tasks\{3CBC8D99-3445-4693-A3A6-6D8B7180EE3F} => pcalua.exe -a "D:\Zaidimai\Gelbetojai\Fire Department 3\FireSplash.exe" -d "D:\Zaidimai\Gelbetojai\Fire Department 3"
Task: {53220EB2-C9EC-4435-A34D-ED5273833EBC} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {69F07454-2026-4829-B004-A4C841E70B85} - System32\Tasks\XoftSpy AntiVirus Pro Startup => C:\Program Files (x86)\ParetoLogic\XoftSpy AntiVirus Pro\XoftSpy.exe
Task: {7A08F7BD-2873-4B31-81D7-F0599E64B453} - System32\Tasks\{57C140CE-31A1-4D66-B8EB-FA674F881E33} => pcalua.exe -a F:\INSTALL.EXE -d F:\
Task: {7B95D1C0-A089-470C-846E-26CC9DB58936} - System32\Tasks\{98665353-E255-4C17-BDEC-EEF0DCD0DCAA} => pcalua.exe -a "D:\Zaidimai\Gelbetojai\Fire Department 3\SetupSplash.exe" -d "D:\Zaidimai\Gelbetojai\Fire Department 3"
Task: {A3274A7A-DF67-469C-AC55-EE86AA5C1452} - System32\Tasks\update-S-1-5-21-3346973620-2518307813-930778835-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: {C21849D3-7033-4B67-BB47-7EE3F1E04FF4} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe
Task: {D476DA7B-9938-4DE9-A735-9B18A0A91287} - System32\Tasks\ParetoLogic Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns
Task: {DF75A6F4-E308-4CE6-9DF9-C3472450BA88} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {E6A67923-E226-4A87-94B1-9AF394D93809} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-08] (Google Inc.)
Task: {E90087A9-9BE7-4A1B-AEF9-BB4262846022} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\WSCStub.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d043942c96d3ea.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d090517ae9e44c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bfb3b591882a.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e23287dcdfb.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0efddb6a8f564.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12ec241351e00.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15e81d71b0a54.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1ab8126f07c9e.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RunOW.job => C:\Program Files (x86)\Overwolf\Overwolf.exe
Task: C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)Tweaking.com - Windows Repair)Created By Tweaking.com
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Arturas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\aeea6001c9fdcab9\Click&Clean.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ghgabhipcejejjmhhchfonmamedcbeod
ShortcutWithArgument: C:\Users\Arturas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->                                                                                                              
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-12-13 13:32 - 2013-12-13 13:32 - 00034304 _____ () C:\Windows\System32\ssm4mlm.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-02-20 17:39 - 2013-04-12 01:50 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-08-06 13:07 - 2012-08-06 13:07 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-09-20 11:25 - 2015-12-25 23:42 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Arturas:Heroes & Generals [38]
AlternateDataStreams: C:\ProgramData\TEMP:466F9D5D [132]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-01-06 22:02 - 2016-06-16 13:59 - 00000008 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3346973620-2518307813-930778835-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Arturas\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254 - 212.59.2.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: eventlog => 2
MSCONFIG\Services: Wecsvc => 3
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{7D5FD8E9-C6F7-43FF-8648-A7C6AF266EC9}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{2FA0345F-8C51-46D9-B079-2A518C28FE5F}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{F72DBB6B-ECAD-45ED-B4F8-048277D78D3B}] => (Allow) C:\Users\Arturas\Downloads\utorrent.exe
FirewallRules: [{1CAC6161-DB74-4DFB-BBAE-0F2FDBFB5C46}] => (Allow) C:\Users\Arturas\Downloads\utorrent.exe
FirewallRules: [{61162329-C406-4CD9-9DFB-7294B701376C}] => (Allow) C:\Program Files (x86)\PCData\minerd.exe
FirewallRules: [{34BFDDC2-D642-43FD-99D3-21997AD0811C}] => (Allow) C:\Program Files (x86)\PCData\minerd.exe
FirewallRules: [TCP Query User{C8D5DEF6-764B-41BA-89B2-AE1A9919ED31}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{1779F148-159B-4174-8191-1E96D03017AE}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{7CB51982-0B70-4BA2-A745-8844314E2508}] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{46AAE5FB-21A8-49A5-8CB7-A9FBB5F5DD19}] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{65BC4D62-AF8D-4A90-85EE-F328B36D6E43}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{601032D9-3DD6-4D97-AFB3-C623EECE1F0D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{486055F6-F499-45CF-BD4E-EB21B7DC12BB}D:\zaidimai\counter-strike 1.6\hl.exe] => (Allow) D:\zaidimai\counter-strike 1.6\hl.exe
FirewallRules: [UDP Query User{B3C8A5CE-1E2A-4147-A360-708983F3B3F2}D:\zaidimai\counter-strike 1.6\hl.exe] => (Allow) D:\zaidimai\counter-strike 1.6\hl.exe
FirewallRules: [{4F85129C-F27C-41A7-A412-CA9C402B7492}] => (Block) D:\zaidimai\counter-strike 1.6\hl.exe
FirewallRules: [{1BACB509-FAC3-462F-AA87-A57DCF8BF6A1}] => (Block) D:\zaidimai\counter-strike 1.6\hl.exe
FirewallRules: [TCP Query User{12A35CF0-15D5-461B-84F6-872BF4A1F375}C:\Program Files (x86)\electronic arts\EADM\Core.exe] => (Block) C:\Program Files (x86)\electronic arts\EADM\Core.exe
FirewallRules: [UDP Query User{A691751E-8478-4BB3-A1F4-D94DD89D880A}C:\Program Files (x86)\electronic arts\EADM\Core.exe] => (Block) C:\Program Files (x86)\electronic arts\EADM\Core.exe
FirewallRules: [{583D5614-C7E9-430E-9B76-464FBA14E5A5}] => (Allow) C:\Users\Arturas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8CE9F5CF-DE08-41A2-B1E9-829D2CCAB6ED}] => (Allow) C:\Users\Arturas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6F65FFC5-DA97-4B93-9217-843785C6FA46}] => (Allow) D:\STEAM\SteamApps\common\America's Army\AAPG\Binaries\AALauncher32.exe
FirewallRules: [{B8BAECAE-3171-41BF-9963-8FE8A6F82B85}] => (Allow) D:\STEAM\SteamApps\common\America's Army\AAPG\Binaries\AALauncher32.exe
FirewallRules: [TCP Query User{C9D90A1F-76E6-4A73-A6E3-31A7611B4CDC}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{B3FB7674-148D-482E-AF5F-2DE4EB194ED7}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{EF0E8777-E893-4A71-AD3D-CCA497F504FB}] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{ED567BF9-73A0-40B3-A3C4-DD3DAAE3C696}] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{B7023A59-06D2-4B96-AA12-72CC35E2E1E7}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C1CE4BCC-8430-42C8-9A5E-79B6F740ABAA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4D4004A6-C0A6-4141-92E2-B819DF35FCC5}] => (Allow) D:\Zaidima\BAC\Binaries\Win32\BatmanAC.exe
FirewallRules: [TCP Query User{2C7BCC18-A7C1-4390-9AC8-454BC725E1A1}D:\zaidimai\bac\binaries\win32\batmanac_o.exe] => (Allow) D:\zaidimai\bac\binaries\win32\batmanac_o.exe
FirewallRules: [UDP Query User{D65400C8-2B1F-4F39-902F-B1BBD6D91992}D:\zaidimai\bac\binaries\win32\batmanac_o.exe] => (Allow) D:\zaidimai\bac\binaries\win32\batmanac_o.exe
FirewallRules: [{58D08D8D-C4F9-41FF-96D8-A2DDC1364307}] => (Allow) D:\STEAM\SteamApps\common\theHunter\launcher\launcher.exe
FirewallRules: [{865EF941-06E7-411E-B7F5-76D2069E63F4}] => (Allow) D:\STEAM\SteamApps\common\theHunter\launcher\launcher.exe
FirewallRules: [{17CCE418-A9E6-4626-8B47-FB1FBD8295A1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CADE52F4-96BF-48E4-9F0F-CFF7871ABFF3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{5B964703-7BF1-46C3-B6FA-189A032DD936}C:\users\arturas\appdata\roaming\utorrent\updates\3.4.2_37754.exe] => (Block) C:\users\arturas\appdata\roaming\utorrent\updates\3.4.2_37754.exe
FirewallRules: [UDP Query User{3B8A4ED8-DE07-445C-A709-975300E913AC}C:\users\arturas\appdata\roaming\utorrent\updates\3.4.2_37754.exe] => (Block) C:\users\arturas\appdata\roaming\utorrent\updates\3.4.2_37754.exe
FirewallRules: [{08B11ABB-DE40-474F-8510-9768A7711203}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A15559CB-550E-483D-88F3-035AD3E7BF02}] => (Allow) D:\STEAM\SteamApps\common\America's Army\AAPG\Binaries\AALauncher32.exe
FirewallRules: [{0D09089A-75E0-436C-9BE3-394268A235DB}] => (Allow) D:\Zaidimai\LOL\lol.launcher.exe
FirewallRules: [{A81A39B3-CE82-41F5-AEA0-439AC31C30F5}] => (Allow) D:\Zaidimai\LOL\lol.launcher.exe
FirewallRules: [{A081B8EA-8537-44CF-AEA3-B0F95F4EB2F2}] => (Allow) D:\Zaidimai\LOL\lol.launcher.exe
FirewallRules: [{1998A3C4-A09D-4A7E-9D92-3AD39F788745}] => (Allow) D:\Zaidimai\LOL\lol.launcher.exe
FirewallRules: [{AFA8E6FF-4071-43B4-81C6-73835190D148}] => (Allow) D:\Zaidimai\LOL\lol.launcher.admin.exe
FirewallRules: [{D34A0E9D-9254-4367-AF72-E4930C61BC29}] => (Allow) D:\Zaidimai\LOL\lol.launcher.admin.exe
FirewallRules: [{8644E635-CDBF-439E-90FC-6C394FB00BCD}] => (Allow) D:\Zaidimai\LOL\lol.launcher.admin.exe
FirewallRules: [{C4869802-B84F-4731-B26C-369DEA0E2A6A}] => (Allow) D:\Zaidimai\LOL\lol.launcher.admin.exe
FirewallRules: [TCP Query User{441E2A28-E093-4EA8-8B03-D31EC8227286}D:\zaidimai\counter-strike\hl.exe] => (Allow) D:\zaidimai\counter-strike\hl.exe
FirewallRules: [UDP Query User{56BD0847-F5DB-4573-A743-08960AA784C6}D:\zaidimai\counter-strike\hl.exe] => (Allow) D:\zaidimai\counter-strike\hl.exe
FirewallRules: [{855E15A0-B26A-4EFE-AFB8-3C61948618EE}] => (Block) D:\zaidimai\counter-strike\hl.exe
FirewallRules: [{3676E419-FA38-45BC-BFC4-EBBFF7939278}] => (Block) D:\zaidimai\counter-strike\hl.exe
FirewallRules: [TCP Query User{25CF3FD1-D1D0-4A2D-98E4-DA44EE29A5B2}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [UDP Query User{6C185B93-A61D-42E0-8D39-1AAD9E3D9D5A}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{82D30A07-632B-4D61-B47B-DF5624358652}] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{C32E16E0-1958-4659-B065-C72DE8583014}] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [TCP Query User{53336A1B-0B62-4802-BABA-1FB2F8B38FBF}D:\zaidimai\counter - strike 1.6\hl.exe] => (Allow) D:\zaidimai\counter - strike 1.6\hl.exe
FirewallRules: [UDP Query User{BF0FAD6D-93EA-409D-9508-E8CCF483C8B1}D:\zaidimai\counter - strike 1.6\hl.exe] => (Allow) D:\zaidimai\counter - strike 1.6\hl.exe
FirewallRules: [{2D528806-DDCB-483C-90B2-A17348ABD61C}] => (Block) D:\zaidimai\counter - strike 1.6\hl.exe
FirewallRules: [{566532C1-6365-4DE3-8771-DC3FE407330A}] => (Block) D:\zaidimai\counter - strike 1.6\hl.exe
FirewallRules: [TCP Query User{0812CA42-C934-47AD-A915-5E8AB3F68505}D:\terraria server\terrariaserver.exe] => (Allow) D:\terraria server\terrariaserver.exe
FirewallRules: [UDP Query User{5B390DA4-28C4-4F8F-BAE1-AC4B8AD67DFB}D:\terraria server\terrariaserver.exe] => (Allow) D:\terraria server\terrariaserver.exe
FirewallRules: [{6ED8BA55-D311-46B3-B686-9405ECED08EA}] => (Allow) D:\terraria server\terrariaserver.exe
FirewallRules: [{1936A7AF-CDCE-4809-9E63-AC613825DC25}] => (Allow) D:\terraria server\terrariaserver.exe
FirewallRules: [TCP Query User{792AEAAB-63ED-4D74-9436-B883B7560696}D:\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) D:\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{929F52F1-FDB0-4C06-AA19-36D5CC9126D5}D:\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) D:\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{64B2959F-263F-4D3A-B1C8-543C690A2B2C}] => (Allow) D:\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{58E2253A-38A5-4D5C-BB1D-BC0F6EDEFCD8}] => (Allow) D:\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [TCP Query User{3E715EBE-41BF-476B-9667-F554E353E333}D:\zaidimai\serious sam classic tfe\bin\serioussam.exe] => (Allow) D:\zaidimai\serious sam classic tfe\bin\serioussam.exe
FirewallRules: [UDP Query User{C429A0FB-E4FC-4ED7-9B0F-4A95DFD5446B}D:\zaidimai\serious sam classic tfe\bin\serioussam.exe] => (Allow) D:\zaidimai\serious sam classic tfe\bin\serioussam.exe
FirewallRules: [{CD9880CF-3B42-4A00-A5D1-F72F040C423F}] => (Block) D:\zaidimai\serious sam classic tfe\bin\serioussam.exe
FirewallRules: [{6D12A402-B1B6-48C6-B6FE-89202FF84903}] => (Block) D:\zaidimai\serious sam classic tfe\bin\serioussam.exe
FirewallRules: [TCP Query User{9C351262-4769-4DB0-A644-083F0C5B4653}D:\zaidimai\grand theft auto iv\gtaiv.exe] => (Allow) D:\zaidimai\grand theft auto iv\gtaiv.exe
FirewallRules: [UDP Query User{0F5B0CC0-C01F-4DF3-8C10-BCC9C4472A84}D:\zaidimai\grand theft auto iv\gtaiv.exe] => (Allow) D:\zaidimai\grand theft auto iv\gtaiv.exe
FirewallRules: [{67BC8398-78CD-4A6E-A4BD-703699A64CE9}] => (Allow) D:\STEAM\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{CAE58AC5-DED0-43BC-85CE-C8D19B08161F}] => (Allow) D:\STEAM\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{24D0403C-E28D-480B-B945-F257ED2C0D87}] => (Allow) D:\STEAM\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{105AF521-BA6D-4E65-98FE-0AA4451674DA}] => (Allow) D:\STEAM\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{7ABDE60C-BDE2-4AA8-A984-8559CB83526F}] => (Allow) D:\STEAM\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{96C6CF8E-09B5-480B-AA09-F2327265438A}] => (Allow) D:\STEAM\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{E8D73BF9-280A-461B-82B1-5EBF03567717}] => (Allow) D:\STEAM\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{A4D559CE-7DA4-43D7-9202-319D0CD49890}] => (Allow) D:\STEAM\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{46F774DC-4483-421D-87A9-736D2F071CAD}] => (Allow) D:\STEAM\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{3F4AFD0E-A7D7-4A82-8CB9-6E9B4D3D014D}] => (Allow) D:\STEAM\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{70FE81D2-EAEC-4104-BC2B-C3A2C3D06F65}] => (Allow) D:\STEAM\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{201398B5-E0C1-4226-8C0D-49057611A2A8}] => (Allow) D:\STEAM\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{EB6600A3-E778-4BB7-AF64-39C3D3EAFEDB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C9879400-BC5F-4722-95FE-837A89573A91}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0641DE1F-E4BF-4CEF-8D19-A1AAD3160BE4}] => (Allow) D:\STEAM\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{A5721586-459F-4D7D-84F7-2159F04DF810}] => (Allow) D:\STEAM\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{62297BCF-DD9D-4584-9DD9-5B3497BF8FD2}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{8CA0CEAE-F85D-4080-A130-C2119C31B3E0}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{EB968B8E-D538-4E96-869D-71F0FCEABAC9}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D3DE2DE7-7121-42EB-87F6-0C00AE25BBB8}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{43EE4893-0506-4272-A465-9056A511C0C5}C:\users\arturas\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe] => (Allow) C:\users\arturas\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe
FirewallRules: [UDP Query User{CF5B588F-0B17-4597-A484-C833C6A9682C}C:\users\arturas\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe] => (Allow) C:\users\arturas\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe
FirewallRules: [{626AA8CF-7DB4-4580-B188-2DDDA1C2E01C}] => (Block) C:\users\arturas\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe
FirewallRules: [{A3D62FA5-8841-431F-A0DD-1FDD6229AF1B}] => (Block) C:\users\arturas\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe
FirewallRules: [{8E25777D-8864-4112-A3BD-C8256D22D62E}] => (Allow) D:\STEAM\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{A7A1C73C-2D82-4F1B-A6A9-3A75A3A87635}] => (Allow) D:\STEAM\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{DA3718A1-22D6-4A36-A83C-D055ADBBF354}] => (Allow) D:\STEAM\SteamApps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{9D1FA3B6-04A2-4103-9BAA-A49C817C3FE5}] => (Allow) D:\STEAM\SteamApps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{A9F6CDD4-41D8-49A9-95E7-6E8187A3E1EC}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [{33035FD1-CCBD-44A2-8648-2D646BD4F1E9}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [{37CE8327-0CC5-464E-BA9E-A2E541756F39}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [{6BAB313D-BA2F-4155-A3CC-F42FD629E3CE}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [{A9AC5CB4-A9CB-487E-A673-6C67B0C32DA4}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{4DEA8DC6-1EBD-4EC3-97BC-795E525B8637}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{C2D436EB-4A20-4F2D-A420-9E47C02897E6}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{F29F6B2E-B6DB-4A20-BD60-D45D0665482D}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{E1F3915F-38CF-43DB-B11E-6E32A153D0A5}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{589F33A9-8FAE-4BCC-8D83-23CE46DAAFF8}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{1AC1A71D-B95F-41A3-949E-3A7AF6BB269E}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{5CBAF580-357D-49D3-AA3F-C36ED1051434}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{14108A33-F223-44C7-A375-F8778C63E62F}] => (Allow) C:\Users\Arturas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{39921438-0426-40BB-8FE9-DCE6176B9165}] => (Allow) C:\Users\Arturas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F8A5ABAE-1007-42A8-8BA9-39D35B6F22D2}] => (Allow) D:\Zaidimai\Fire Department 3\FireSplash.exe
FirewallRules: [{7F59A2F7-D881-4876-9602-A21007D812D4}] => (Allow) D:\Zaidimai\Fire Department 3\FireSplash.exe
FirewallRules: [{CA8F8C35-2C57-4F9E-BE69-D6DF2980075A}] => (Allow) D:\Zaidimai\Fire Department 3\FireSplash.exe
FirewallRules: [{ED680666-541D-4443-8AEE-7B8A71DBB535}] => (Allow) D:\Zaidimai\Fire Department 3\FireSplash.exe
FirewallRules: [{DE17BE80-548E-4795-A55F-FE3AE21EBF9D}] => (Allow) D:\Zaidimai\Gelbetojai\Fire Department 3\FireSplash.exe
FirewallRules: [{396AD374-CA81-42B6-AE07-06526697F3C4}] => (Allow) D:\Zaidimai\Gelbetojai\Fire Department 3\FireSplash.exe
FirewallRules: [{4C34D627-ADBF-433D-962D-46AE1A62C85A}] => (Allow) D:\Zaidimai\Gelbetojai\Fire Department 3\FireSplash.exe
FirewallRules: [{67321734-D772-478E-A506-0CD72744B663}] => (Allow) D:\Zaidimai\Gelbetojai\Fire Department 3\FireSplash.exe
FirewallRules: [{07B1DDFA-B38D-4F2B-8573-7A0F5E878E5E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{6415084A-A6DB-46FF-9BF6-9F95D28C599C}D:\steam\steamapps\common\sven co-op\svends.exe] => (Allow) D:\steam\steamapps\common\sven co-op\svends.exe
FirewallRules: [UDP Query User{A6B75922-37A5-4BAB-8FF1-21D05B958431}D:\steam\steamapps\common\sven co-op\svends.exe] => (Allow) D:\steam\steamapps\common\sven co-op\svends.exe
FirewallRules: [{2FBE8E63-B29B-45C6-AC8C-EFC81CFCA70E}] => (Block) D:\steam\steamapps\common\sven co-op\svends.exe
FirewallRules: [{4F3DEC1D-AC99-4620-BF64-6AA16F26572B}] => (Block) D:\steam\steamapps\common\sven co-op\svends.exe
FirewallRules: [{BDAA72AB-0C72-4472-89BD-8F58D5D39B8C}] => (Allow) D:\Zaidimai\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{C865675B-8DF2-4251-9D8E-AEE24E8E8825}] => (Allow) D:\Zaidimai\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{CF1006AC-9955-4A29-AE94-8A09BE0D8429}] => (Allow) D:\STEAM\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{FCA2A56C-FCF9-4B80-BE16-3DDE2D4F173F}] => (Allow) D:\STEAM\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{68DA430F-FD0C-4326-ACE5-0EAA5FA1D9B0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{46646A51-2D48-4101-9F58-85C0111DF436}] => (Allow) D:\STEAM\SteamApps\common\Bully Scholarship Edition\Bully.exe
FirewallRules: [{F248ADEF-A58E-414C-8E4D-379375652160}] => (Allow) D:\STEAM\SteamApps\common\Bully Scholarship Edition\Bully.exe
FirewallRules: [TCP Query User{C423728C-EE78-4F85-A7BB-A1226FB9F8EF}D:\zaidimai\saints row the third\saintsrowthethird_dx11.exe] => (Allow) D:\zaidimai\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [UDP Query User{A4DDEDB8-F6E6-42C6-91C2-D26F5AD22B1A}D:\zaidimai\saints row the third\saintsrowthethird_dx11.exe] => (Allow) D:\zaidimai\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [{64A4071B-86E4-4602-B41D-771EC78D4A21}] => (Allow) D:\zaidimai\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [{6E135361-C723-4EF1-8792-414915B2FA16}] => (Allow) D:\zaidimai\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [TCP Query User{4EEC4FA6-36E6-4EA8-9825-0A3EDE169182}D:\zaidimai\saints row the third\saints row the third\saintsrowthethird_dx11.exe] => (Allow) D:\zaidimai\saints row the third\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [UDP Query User{85341D4B-4AD7-4D5D-A7B9-E12EDCCC1973}D:\zaidimai\saints row the third\saints row the third\saintsrowthethird_dx11.exe] => (Allow) D:\zaidimai\saints row the third\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [{0762AA55-9E20-48C3-A53F-9F194DC18438}] => (Allow) D:\zaidimai\saints row the third\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [{F01376E6-BAAC-4A3A-8964-95D47CBAB0D7}] => (Allow) D:\zaidimai\saints row the third\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [TCP Query User{B99E98AD-0602-4182-B1BF-670B0C17B0B2}D:\zaidimai\saints row the third\saints row the third\saintsrowthethird.exe] => (Allow) D:\zaidimai\saints row the third\saints row the third\saintsrowthethird.exe
FirewallRules: [UDP Query User{FE1B3DA9-FB21-458E-9F9F-B2F8D1693779}D:\zaidimai\saints row the third\saints row the third\saintsrowthethird.exe] => (Allow) D:\zaidimai\saints row the third\saints row the third\saintsrowthethird.exe
FirewallRules: [{F0BA3690-D519-4694-BD14-F4300958D8D5}] => (Block) D:\zaidimai\saints row the third\saints row the third\saintsrowthethird.exe
FirewallRules: [{AEC32CAD-F9AE-4F98-A2E3-B5F24FD70D19}] => (Block) D:\zaidimai\saints row the third\saints row the third\saintsrowthethird.exe
 
==================== Restore Points =========================
 
16-06-2016 19:03:50 Installed DirectX
16-06-2016 20:38:13 Removed Windows Live ID Sign-in Assistant
16-06-2016 20:44:19 Removed Vegas Pro 13.0 (64-bit)
16-06-2016 21:48:38 Removed Windows Live ID Sign-in Assistant
17-06-2016 17:41:33 Removed Windows Live ID Sign-in Assistant
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/17/2016 12:45:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Skype.exe, version: 7.24.85.104, time stamp: 0x573b743c
Faulting module name: winspool.drv, version: 6.1.7601.17514, time stamp: 0x4ce7ba4b
Exception code: 0xc0000005
Fault offset: 0x00004952
Faulting process id: 0x6b0
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3
 
Error: (06/17/2016 10:21:49 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
 
Error: (06/17/2016 10:21:48 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
 
Error: (06/17/2016 10:15:41 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: MAGNUM-PC)
Description: Installing the performance counter strings for service .NET CLR Networking 4.0.0.0 () failed. The first DWORD in the Data section contains the error code.
 
Error: (06/17/2016 10:15:41 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: MAGNUM-PC)
Description: Installing the performance counter strings for service .NET Data Provider for Oracle () failed. The first DWORD in the Data section contains the error code.
 
Error: (06/17/2016 10:15:33 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: MAGNUM-PC)
Description: Installing the performance counter strings for service <Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-LoadPerf' Guid='{122ee297-bb47-41ae-b265-1ca8d1886d40}'/><EventID>3009</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2016-06-17T07:15:33.755862700Z'/><EventRecordID>13823</EventRecordID><Correlation/><Execution ProcessID='1188' ThreadID='2700'/><Channel>Application</Channel><Computer>Arturas-PC</Computer><Security UserID='S-1-5-21-3346973620-2518307813-930778835-1000'/></System><ProcessingErrorData><ErrorCode>15005</ErrorCode><DataItemName>BinaryData</DataItemName><EventPayload>6100730070006E00650074005F007300740061007400650000000800000017070000E4120000</EventPayload></ProcessingErrorData></Event> (%2) failed. The first DWORD in the Data section contains the error code.
 
Error: (08/05/2014 05:06:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GTAIV.exe, version: 1.0.0.0, time stamp: 0x49189a0c
Faulting module name: ScriptHook.dll_unloaded, version: 0.0.0.0, time stamp: 0x4c00493c
Exception code: 0xc0000005
Fault offset: 0x74297001
Faulting process id: 0xa68
Faulting application start time: 0xGTAIV.exe0
Faulting application path: GTAIV.exe1
Faulting module path: GTAIV.exe2
Report Id: GTAIV.exe3
 
Error: (08/05/2014 05:06:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GTAIV.exe, version: 1.0.0.0, time stamp: 0x49189a0c
Faulting module name: ScriptHook.dll_unloaded, version: 0.0.0.0, time stamp: 0x4c00493c
Exception code: 0xc0000005
Fault offset: 0x74297001
Faulting process id: 0x1538
Faulting application start time: 0xGTAIV.exe0
Faulting application path: GTAIV.exe1
Faulting module path: GTAIV.exe2
Report Id: GTAIV.exe3
 
Error: (08/05/2014 09:44:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/03/2014 10:58:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (06/19/2016 03:03:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The XoftSpy AntiVirus Pro service failed to start due to the following error: 
%%2 = The system cannot find the file specified.
 
 
Error: (06/19/2016 03:00:10 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
sfdrv01a
sfsync04
UsbCharger
 
Error: (06/19/2016 03:00:10 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
 
Error: (06/19/2016 02:59:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.
 
 
Error: (06/19/2016 02:59:40 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
 
Error: (06/19/2016 02:58:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Cobian Backup 11 Volume Shadow Copy Requester service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.
 
 
Error: (06/19/2016 02:58:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Cobian Backup 11 Volume Shadow Copy Requester service to connect.
 
Error: (06/19/2016 02:57:48 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Driver sfdrv01a.sys has been blocked from loading.
 
Error: (06/19/2016 02:57:47 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Driver sfsync04.sys has been blocked from loading.
 
Error: (06/19/2016 02:48:31 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 0.0.0.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.9.0218.00
 
Source Path: 4.9.0218.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
 
CodeIntegrity:
===================================
  Date: 2014-07-01 14:18:42.352
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-01 14:18:42.312
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-4130 CPU @ 3.40GHz
Percentage of memory in use: 71%
Total physical RAM: 1499.61 MB
Available physical RAM: 429.25 MB
Total Virtual: 2999.22 MB
Available Virtual: 1054.86 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:488.18 GB) (Free:294.14 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:443.23 GB) (Free:405.02 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A78426C9)
Partition 1: (Active) - (Size=488.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=443.2 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 

AdwCleaner[S3].txt

 

# AdwCleaner v5.200 - Logfile created 19/06/2016 at 15:19:59
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-19.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (X64)
# Username : Arturas - MAGNUM-PC
# Running from : C:\Users\Arturas\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\ProgramData\ParetoLogic
Folder Found : C:\ProgramData\Application Data\ParetoLogic
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
Task Found : paretologic registration3
Task Found : paretologic update version3
Task Found : ParetoLogic Update Version3 Startup Task
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\ParetoLogic
Key Found : HKLM\SOFTWARE\ParetoLogic
Key Found : HKU\S-1-5-21-3346973620-2518307813-930778835-1000\Software\ParetoLogic
 
***** [ Web browsers ] *****
 
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [8550 bytes] - [16/06/2016 23:20:15]
C:\AdwCleaner\AdwCleaner[C2].txt - [1714 bytes] - [16/06/2016 23:29:59]
C:\AdwCleaner\AdwCleaner[S1].txt - [9031 bytes] - [16/06/2016 23:18:52]
C:\AdwCleaner\AdwCleaner[S2].txt - [1522 bytes] - [16/06/2016 23:24:48]
C:\AdwCleaner\AdwCleaner[S3].txt - [1336 bytes] - [19/06/2016 15:19:59]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1409 bytes] ##########
 
I downloaded AdwCleaner in Safe mode because in Normal mode my browser didn't want to open (Chrome), maybe it would've opened if i waited a little bit, but i scanned it in Normal mode. Shutdown process took 2 minutes or longer, when normally it takes seconds.
 
Note that i didn't delete anything, what AdwCleaner picked up, i followed your instructions.
 
Thanks for you help again,
 
Arthur

Edited by Immortalproject, 19 June 2016 - 08:02 AM.


#6 RayS

RayS

  • Malware Response Team
  • 2,434 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:57 AM

Posted 21 June 2016 - 08:26 AM

Hi Arthur,

Thank you for the logs.

The AdwCleaner log reveals no significant hits. You can ignore the results.

VirusTotal scan shows that C:\Windows\SysWOW64\WSCConfig.xml is not malicious. We will leave it untouched.

This post contains lots of steps. Please read all the way through before you begin.

Please clarify the status of your PC.

  • Except for the fact that Chrome didn't open, and shutdown takes over two minutes, is performance in Normal mode back to its usual pace?
  • In Normal mode, do other programs run excessively slowly? If so, tell me the names of some of the laggards.
  • During the shutdown, do you see a screen with a heading that says something like, "3 programs still need to close:"?

Let's run FRST in FIX mode again

Save your work and exit all programs because Farbar Recovery Scan Tool may reboot your computer.

Press the Windows key Windows_Logo_key.gif+ R on your keyboard at the same time. This will open the Run dialog box.
Type Notepad into the Run box and click OK.
Please copy and paste the entire contents of the code box below into a new file.

CloseProcesses:
2016-06-05 23:20 - 2016-06-05 23:20 - 00000000 ____D C:\Program Files (x86)\Skillbrains
Task: {19943922-E4A4-44DD-ACCF-C9E174E7344F} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: {A3274A7A-DF67-469C-AC55-EE86AA5C1452} - System32\Tasks\update-S-1-5-21-3346973620-2518307813-930778835-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
AlternateDataStreams: C:\ProgramData\TEMP:466F9D5D [132]

On the Notepad menu, click Format and remove the checkmark from Word Wrap.
Save the file as fixlist.txt into the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST64.exe and click Fix only once and wait until the program completes execution.

Allow the computer to boot into Normal mode if possible.

The tool will create a log (Fixlog.txt). Please post it into your reply.


Reset Google Chrome

If Chrome will not launch in Normal mode, perform the next step in Safe Mode with Networking.
 
To reset Google Chrome:

  • Click the Menu option button at the top right of the Google Chrome window.
  • Select Settings.
  • Click Show advanced settings (near bottom of window) and find the "Reset settings" section.
  • Click Reset settings.
  • In the dialogue that appears, click Reset.
  • Close Chrome and re-launch it.

Resetting your browser settings will impact the settings below:

  • Default search engine and saved search engines will be reset to their original defaults.
  • Homepage button will be hidden and the URL that you previously set will be removed.
  • Default startup tabs will be cleared. The browser will show a new tab when you startup or continue where you left off if you're on a Chromebook.
  • New Tab page will be empty unless you have a version of Chrome with an extension that controls it. In that case your page may be preserved.
  • Pinned tabs will be unpinned.
  • Content settings will be cleared and reset to their installation defaults.
  • Cookies and site data will be cleared.
  • Extensions and themes will be disabled.

For info about restoring settings, see: https://support.google.com/chrome/answer/3296214?p=ui_reset_settings&rd=1

Re-boot into Normal mode and try to launch Chrome. Tell me how long it takes Chrome to launch. Give me a verbatim copy of any messages and describe any unexpected symptoms.


Try Microsoft Internet Explorer (MSIE)

While in Normal mode, try surfing to a variety of websites using MSIE. Tell me how long it takes MSIE to launch. Give me a verbatim copy of any messages and describe any unexpected symptoms.



Run the System File Checker (SFC)

The sfc /scannow command (System File Checker) scans the integrity of all protected Windows system files and replaces corrupted, modified, or incorrect versions with the correct versions, if possible.

Note: Be aware that if you have modified your system files as in theming explorer/system files, running sfc /scannow will revert the system files such as explorer.exe back to it's default state.

Note: Make the appropriate backups of your system files that you have modified for theming if you wish to save them before running sfc /scannow.

  • Click the Windows Start Orb in the bottom-left.
  • In the search box, type cmd
  • In the search results, right-click cmd.exe then click Run as Administrator.
  • Copy and paste the following line of text into the black box:
    note: to paste, right-click in the black box and choose Paste.
    sfc /scannow
  • Press Enter to run the command.
    note: this scan may take a while to finish, and if SFC reports that it could not fix something, run the command again. Sometimes it may take running the sfc /scannow command three or more times to completely fix everything that it is able to fix.

To retrieve the System File Checker log:

  • Click the Windows Start Orb in the bottom-left.
  • In the search box, type cmd
  • In the search results, right-click cmd.exe then click Run as Administrator.
  • Copy and paste the following line of text into the black box:
    note: to paste, right-click in the black box and choose Paste.
    findstr /c:"[SR]" %windir%\logs\cbs\cbs.log > "%userprofile%\desktop\sfcdetails.txt"
  • Press Enter to run the command. A text file sfcdetails.txt will be created on your desktop.
  • Please post the contents of this log into your next reply.

 

 

Identify processor and space users
 
As you are doing other work in Normal mode, press Ctrl+Space+Esc together to open Windows Task Manager.

  • Click Show processes from all users in lower left corner of Windows Task Manager window.
  • Click Processes tab.
  • Widen the entire window and column headings as needed.
  • Click CPU column heading to sort processes. Tell me the Image Name of the top three users of CPU time.
  • Click Memory column heading to sort processes. Tell me the Image Name of the top three users of memory space.
  • Image names will shift into and out of the top three spots. Try to identify the three biggest hogs of time and space.
  • At the bottom of the Windows Task Manager window, tell me the average percentage values for CPU Usage and Physical Memory.

Repeat your observation of time and space users as you shut down your PC. Try especially to identify the greatest users of CPU time during the beginning of the shutdown process.
 
 
Close applications before shutdown

Windows closes programs one-at-a-time. This contributes to the total time it takes to accomplish a shutdown. How many programs do you usually have running when you shut down? Please manually close all applications except Windows Task Manager before beginning to shut down. Does that speed the process?


Get details of shutdown errors

  • Press the Start key and enter eventvwr.msc into the search box.
  • Click eventvwr.msc in the search results.
  • When Event Viewer opens, navigate to: Applications and Services Logs > Microsoft > Windows > Diagnostics-Performance >Operational.
  • In the Actions pane (right side of window), click Filter Current Log...
  • In Event level:, checkmark the box next to Error.
  • In the <All Event IDs> box, enter 200-299.
  • Click OK
  • In the Actions pane, click Save Filtered Log File As...
  • In the Save As window, enter shutdowns for the File name.
  • The Save as type: should already have Event Files (*.evtx) selected. Don't change the type.
  • Click Save.
  • The Display Information window will pop up. click the Display information for these languages: radio button.
  • Be sure English (United States) is checkmarked, then click OK.
  • Close the Event Viewer window.

Find shutdowns.evtx in My Documents folder. Bleeping Computer does not allow attaching .evtx files, therefore, it is necessary to change the file extension of shutdowns.evtx to shutdowns.txt. Attach shutdowns.txt to your reply.

If you don't see file extensions in Windows Explorer, follow these steps:

  • Click Start, open My Computer, select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Uncheck: Hide file extensions for known file types.
  • Click Yes to confirm.

 

 

In your next reply...

  • Please answer the three enumerated questions about the status of your PC.
  • Copy and paste the entire contents of Fixlog.txt into the body of your message.
  • After resetting Chrome, tell me how long it takes to launch. Give me a verbatim copy of any messages and describe any unexpected symptoms.
  • Tell me how long it takes MSIE to launch. Give me a verbatim copy of any messages and describe any unexpected symptoms.
  • Copy and paste the contents of sfcdetails.txt into the body of your message.
  • Give me Image Name of the top three space and time users and the CPU and memory percentages during normal operations and again as you shut down.
  • Does shutdown time improve if you manually close applications before beginning to shut down?
  • Attach shutdowns.txt to your reply.

Do you have any further comments about your PC?

Regards,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#7 Immortalproject

Immortalproject
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:57 AM

Posted 21 June 2016 - 05:15 PM

Hi Ray,
 
1. I don't know how to explain to you this but when i turned on my machine, the lag was so big that when i clicked the Second mouse button on my desktop, and you know how a little bar appears or tablet i don't know how you call it, so it took like 2 minutes to appear, i'm used to do Refresh a couple of times to "reduce" the "lag", then when i hover over an icon with my cursor it lights up after 1 second, then i left my computer to sit for 10 minutes without doing anything, and it ran like in normal pace.
2. Well when Windows loads i can't open anything because of the major lag, but as i said, everything went back to normal after some time.
3. Yes it closes some programs, but Skype takes AGES to close, so i almost always do a force shutdown
 
Fixlog.txt
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 20-06-2016 01
Ran by Arturas (2016-06-21 22:41:22) Run:2
Running from C:\Users\Arturas\Downloads
Loaded Profiles: Arturas (Available Profiles: Arturas)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
2016-06-05 23:20 - 2016-06-05 23:20 - 00000000 ____D C:\Program Files (x86)\Skillbrains
Task: {19943922-E4A4-44DD-ACCF-C9E174E7344F} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: {A3274A7A-DF67-469C-AC55-EE86AA5C1452} - System32\Tasks\update-S-1-5-21-3346973620-2518307813-930778835-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
AlternateDataStreams: C:\ProgramData\TEMP:466F9D5D [132]
*****************
 
Processes closed successfully.
C:\Program Files (x86)\Skillbrains => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{19943922-E4A4-44DD-ACCF-C9E174E7344F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19943922-E4A4-44DD-ACCF-C9E174E7344F}" => key removed successfully
C:\Windows\System32\Tasks\update-sys => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\update-sys" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A3274A7A-DF67-469C-AC55-EE86AA5C1452}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3274A7A-DF67-469C-AC55-EE86AA5C1452}" => key removed successfully
C:\Windows\System32\Tasks\update-S-1-5-21-3346973620-2518307813-930778835-1000 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\update-S-1-5-21-3346973620-2518307813-930778835-1000" => key removed successfully
C:\ProgramData\TEMP => ":466F9D5D" ADS removed successfully.
 
 
The system needed a reboot.
 
==== End of Fixlog 22:41:37 ====
 
At first it took me 30 seconds to open Chrome (when there was no lag) after the reset it took 15 seconds
 
I never used MSIE, i took a couple of seconds to open, but then i desided to do a Reset because i had many ads in it, then it opened instantly after the Reset.
 
sfcdetails.txt
 
2016-06-21 23:46:53, Info                  CSI    00000009 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:46:53, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
2016-06-21 23:46:55, Info                  CSI    0000000c [SR] Verify complete
2016-06-21 23:46:55, Info                  CSI    0000000d [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:46:55, Info                  CSI    0000000e [SR] Beginning Verify and Repair transaction
2016-06-21 23:46:58, Info                  CSI    00000010 [SR] Verify complete
2016-06-21 23:46:58, Info                  CSI    00000011 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:46:58, Info                  CSI    00000012 [SR] Beginning Verify and Repair transaction
2016-06-21 23:47:00, Info                  CSI    00000014 [SR] Verify complete
2016-06-21 23:47:00, Info                  CSI    00000015 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:47:00, Info                  CSI    00000016 [SR] Beginning Verify and Repair transaction
2016-06-21 23:47:02, Info                  CSI    00000018 [SR] Verify complete
2016-06-21 23:47:03, Info                  CSI    00000019 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:47:03, Info                  CSI    0000001a [SR] Beginning Verify and Repair transaction
2016-06-21 23:47:05, Info                  CSI    0000001c [SR] Verify complete
2016-06-21 23:47:05, Info                  CSI    0000001d [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:47:05, Info                  CSI    0000001e [SR] Beginning Verify and Repair transaction
2016-06-21 23:47:07, Info                  CSI    00000020 [SR] Verify complete
2016-06-21 23:47:08, Info                  CSI    00000021 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:47:08, Info                  CSI    00000022 [SR] Beginning Verify and Repair transaction
2016-06-21 23:47:10, Info                  CSI    00000024 [SR] Verify complete
2016-06-21 23:47:10, Info                  CSI    00000025 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:47:10, Info                  CSI    00000026 [SR] Beginning Verify and Repair transaction
2016-06-21 23:47:12, Info                  CSI    00000028 [SR] Verify complete
2016-06-21 23:47:12, Info                  CSI    00000029 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:47:12, Info                  CSI    0000002a [SR] Beginning Verify and Repair transaction
2016-06-21 23:47:14, Info                  CSI    0000002c [SR] Verify complete
2016-06-21 23:47:14, Info                  CSI    0000002d [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:47:14, Info                  CSI    0000002e [SR] Beginning Verify and Repair transaction
2016-06-21 23:47:16, Info                  CSI    00000030 [SR] Verify complete
2016-06-21 23:47:16, Info                  CSI    00000031 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:47:16, Info                  CSI    00000032 [SR] Beginning Verify and Repair transaction
2016-06-21 23:47:18, Info                  CSI    00000034 [SR] Verify complete
2016-06-21 23:47:18, Info                  CSI    00000035 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:47:18, Info                  CSI    00000036 [SR] Beginning Verify and Repair transaction
2016-06-21 23:47:20, Info                  CSI    00000038 [SR] Verify complete
2016-06-21 23:47:20, Info                  CSI    00000039 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:47:20, Info                  CSI    0000003a [SR] Beginning Verify and Repair transaction
2016-06-21 23:47:23, Info                  CSI    0000003c [SR] Verify complete
2016-06-21 23:47:23, Info                  CSI    0000003d [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:47:23, Info                  CSI    0000003e [SR] Beginning Verify and Repair transaction
2016-06-21 23:47:25, Info                  CSI    00000040 [SR] Verify complete
2016-06-21 23:47:25, Info                  CSI    00000041 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:47:25, Info                  CSI    00000042 [SR] Beginning Verify and Repair transaction
2016-06-21 23:47:28, Info                  CSI    00000044 [SR] Verify complete
2016-06-21 23:47:28, Info                  CSI    00000045 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:47:28, Info                  CSI    00000046 [SR] Beginning Verify and Repair transaction
2016-06-21 23:47:30, Info                  CSI    00000048 [SR] Verify complete
2016-06-21 23:47:30, Info                  CSI    00000049 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:47:30, Info                  CSI    0000004a [SR] Beginning Verify and Repair transaction
2016-06-21 23:47:33, Info                  CSI    0000004c [SR] Verify complete
2016-06-21 23:47:33, Info                  CSI    0000004d [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:47:33, Info                  CSI    0000004e [SR] Beginning Verify and Repair transaction
2016-06-21 23:47:35, Info                  CSI    00000050 [SR] Verify complete
2016-06-21 23:47:35, Info                  CSI    00000051 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:47:35, Info                  CSI    00000052 [SR] Beginning Verify and Repair transaction
2016-06-21 23:47:37, Info                  CSI    00000054 [SR] Verify complete
2016-06-21 23:47:37, Info                  CSI    00000055 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:47:37, Info                  CSI    00000056 [SR] Beginning Verify and Repair transaction
2016-06-21 23:47:39, Info                  CSI    00000058 [SR] Verify complete
2016-06-21 23:47:39, Info                  CSI    00000059 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:47:39, Info                  CSI    0000005a [SR] Beginning Verify and Repair transaction
2016-06-21 23:47:41, Info                  CSI    0000005c [SR] Verify complete
2016-06-21 23:47:41, Info                  CSI    0000005d [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:47:41, Info                  CSI    0000005e [SR] Beginning Verify and Repair transaction
2016-06-21 23:47:44, Info                  CSI    00000060 [SR] Verify complete
2016-06-21 23:47:44, Info                  CSI    00000061 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:47:44, Info                  CSI    00000062 [SR] Beginning Verify and Repair transaction
2016-06-21 23:47:47, Info                  CSI    00000064 [SR] Verify complete
2016-06-21 23:47:47, Info                  CSI    00000065 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:47:47, Info                  CSI    00000066 [SR] Beginning Verify and Repair transaction
2016-06-21 23:47:49, Info                  CSI    00000068 [SR] Verify complete
2016-06-21 23:47:49, Info                  CSI    00000069 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:47:49, Info                  CSI    0000006a [SR] Beginning Verify and Repair transaction
2016-06-21 23:47:50, Info                  CSI    0000006c [SR] Verify complete
2016-06-21 23:47:50, Info                  CSI    0000006d [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:47:50, Info                  CSI    0000006e [SR] Beginning Verify and Repair transaction
2016-06-21 23:47:52, Info                  CSI    00000070 [SR] Verify complete
2016-06-21 23:47:52, Info                  CSI    00000071 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:47:52, Info                  CSI    00000072 [SR] Beginning Verify and Repair transaction
2016-06-21 23:47:57, Info                  CSI    00000074 [SR] Verify complete
2016-06-21 23:47:57, Info                  CSI    00000075 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:47:57, Info                  CSI    00000076 [SR] Beginning Verify and Repair transaction
2016-06-21 23:48:02, Info                  CSI    00000079 [SR] Verify complete
2016-06-21 23:48:02, Info                  CSI    0000007a [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:48:02, Info                  CSI    0000007b [SR] Beginning Verify and Repair transaction
2016-06-21 23:48:06, Info                  CSI    0000007f [SR] Verify complete
2016-06-21 23:48:06, Info                  CSI    00000080 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:48:06, Info                  CSI    00000081 [SR] Beginning Verify and Repair transaction
2016-06-21 23:48:09, Info                  CSI    00000083 [SR] Verify complete
2016-06-21 23:48:09, Info                  CSI    00000084 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:48:09, Info                  CSI    00000085 [SR] Beginning Verify and Repair transaction
2016-06-21 23:48:12, Info                  CSI    0000008b [SR] Verify complete
2016-06-21 23:48:12, Info                  CSI    0000008c [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:48:12, Info                  CSI    0000008d [SR] Beginning Verify and Repair transaction
2016-06-21 23:48:16, Info                  CSI    0000008f [SR] Verify complete
2016-06-21 23:48:16, Info                  CSI    00000090 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:48:16, Info                  CSI    00000091 [SR] Beginning Verify and Repair transaction
2016-06-21 23:48:19, Info                  CSI    00000093 [SR] Verify complete
2016-06-21 23:48:19, Info                  CSI    00000094 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:48:19, Info                  CSI    00000095 [SR] Beginning Verify and Repair transaction
2016-06-21 23:48:24, Info                  CSI    000000b7 [SR] Verify complete
2016-06-21 23:48:25, Info                  CSI    000000b8 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:48:25, Info                  CSI    000000b9 [SR] Beginning Verify and Repair transaction
2016-06-21 23:48:28, Info                  CSI    000000be [SR] Verify complete
2016-06-21 23:48:28, Info                  CSI    000000bf [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:48:28, Info                  CSI    000000c0 [SR] Beginning Verify and Repair transaction
2016-06-21 23:48:32, Info                  CSI    000000c2 [SR] Verify complete
2016-06-21 23:48:33, Info                  CSI    000000c3 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:48:33, Info                  CSI    000000c4 [SR] Beginning Verify and Repair transaction
2016-06-21 23:48:36, Info                  CSI    000000c6 [SR] Verify complete
2016-06-21 23:48:36, Info                  CSI    000000c7 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:48:36, Info                  CSI    000000c8 [SR] Beginning Verify and Repair transaction
2016-06-21 23:48:38, Info                  CSI    000000ca [SR] Verify complete
2016-06-21 23:48:39, Info                  CSI    000000cb [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:48:39, Info                  CSI    000000cc [SR] Beginning Verify and Repair transaction
2016-06-21 23:48:42, Info                  CSI    000000ce [SR] Verify complete
2016-06-21 23:48:42, Info                  CSI    000000cf [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:48:42, Info                  CSI    000000d0 [SR] Beginning Verify and Repair transaction
2016-06-21 23:48:45, Info                  CSI    000000d2 [SR] Verify complete
2016-06-21 23:48:46, Info                  CSI    000000d3 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:48:46, Info                  CSI    000000d4 [SR] Beginning Verify and Repair transaction
2016-06-21 23:48:48, Info                  CSI    000000d6 [SR] Verify complete
2016-06-21 23:48:48, Info                  CSI    000000d7 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:48:48, Info                  CSI    000000d8 [SR] Beginning Verify and Repair transaction
2016-06-21 23:48:52, Info                  CSI    000000da [SR] Verify complete
2016-06-21 23:48:52, Info                  CSI    000000db [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:48:52, Info                  CSI    000000dc [SR] Beginning Verify and Repair transaction
2016-06-21 23:48:58, Info                  CSI    000000e0 [SR] Verify complete
2016-06-21 23:48:58, Info                  CSI    000000e1 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:48:58, Info                  CSI    000000e2 [SR] Beginning Verify and Repair transaction
2016-06-21 23:49:03, Info                  CSI    00000103 [SR] Verify complete
2016-06-21 23:49:03, Info                  CSI    00000104 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:49:03, Info                  CSI    00000105 [SR] Beginning Verify and Repair transaction
2016-06-21 23:49:09, Info                  CSI    00000107 [SR] Verify complete
2016-06-21 23:49:10, Info                  CSI    00000108 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:49:10, Info                  CSI    00000109 [SR] Beginning Verify and Repair transaction
2016-06-21 23:49:17, Info                  CSI    0000010b [SR] Verify complete
2016-06-21 23:49:17, Info                  CSI    0000010c [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:49:17, Info                  CSI    0000010d [SR] Beginning Verify and Repair transaction
2016-06-21 23:49:28, Info                  CSI    00000111 [SR] Verify complete
2016-06-21 23:49:28, Info                  CSI    00000112 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:49:28, Info                  CSI    00000113 [SR] Beginning Verify and Repair transaction
2016-06-21 23:49:31, Info                  CSI    00000115 [SR] Verify complete
2016-06-21 23:49:31, Info                  CSI    00000116 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:49:31, Info                  CSI    00000117 [SR] Beginning Verify and Repair transaction
2016-06-21 23:49:34, Info                  CSI    00000119 [SR] Verify complete
2016-06-21 23:49:34, Info                  CSI    0000011a [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:49:34, Info                  CSI    0000011b [SR] Beginning Verify and Repair transaction
2016-06-21 23:49:36, Info                  CSI    0000011d [SR] Verify complete
2016-06-21 23:49:36, Info                  CSI    0000011e [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:49:36, Info                  CSI    0000011f [SR] Beginning Verify and Repair transaction
2016-06-21 23:49:38, Info                  CSI    00000121 [SR] Verify complete
2016-06-21 23:49:38, Info                  CSI    00000122 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:49:38, Info                  CSI    00000123 [SR] Beginning Verify and Repair transaction
2016-06-21 23:49:39, Info                  CSI    00000125 [SR] Verify complete
2016-06-21 23:49:39, Info                  CSI    00000126 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:49:39, Info                  CSI    00000127 [SR] Beginning Verify and Repair transaction
2016-06-21 23:49:41, Info                  CSI    00000129 [SR] Verify complete
2016-06-21 23:49:42, Info                  CSI    0000012a [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:49:42, Info                  CSI    0000012b [SR] Beginning Verify and Repair transaction
2016-06-21 23:49:48, Info                  CSI    0000013d [SR] Verify complete
2016-06-21 23:49:48, Info                  CSI    0000013e [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:49:48, Info                  CSI    0000013f [SR] Beginning Verify and Repair transaction
2016-06-21 23:49:53, Info                  CSI    00000142 [SR] Verify complete
2016-06-21 23:49:53, Info                  CSI    00000143 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:49:53, Info                  CSI    00000144 [SR] Beginning Verify and Repair transaction
2016-06-21 23:49:54, Info                  CSI    00000146 [SR] Verify complete
2016-06-21 23:49:54, Info                  CSI    00000147 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:49:54, Info                  CSI    00000148 [SR] Beginning Verify and Repair transaction
2016-06-21 23:49:57, Info                  CSI    0000014a [SR] Verify complete
2016-06-21 23:49:57, Info                  CSI    0000014b [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:49:57, Info                  CSI    0000014c [SR] Beginning Verify and Repair transaction
2016-06-21 23:50:00, Info                  CSI    0000014e [SR] Verify complete
2016-06-21 23:50:00, Info                  CSI    0000014f [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:50:00, Info                  CSI    00000150 [SR] Beginning Verify and Repair transaction
2016-06-21 23:50:04, Info                  CSI    00000153 [SR] Verify complete
2016-06-21 23:50:04, Info                  CSI    00000154 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:50:04, Info                  CSI    00000155 [SR] Beginning Verify and Repair transaction
2016-06-21 23:50:11, Info                  CSI    00000158 [SR] Verify complete
2016-06-21 23:50:12, Info                  CSI    00000159 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:50:12, Info                  CSI    0000015a [SR] Beginning Verify and Repair transaction
2016-06-21 23:50:14, Info                  CSI    0000015c [SR] Verify complete
2016-06-21 23:50:14, Info                  CSI    0000015d [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:50:14, Info                  CSI    0000015e [SR] Beginning Verify and Repair transaction
2016-06-21 23:50:16, Info                  CSI    00000160 [SR] Verify complete
2016-06-21 23:50:16, Info                  CSI    00000161 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:50:16, Info                  CSI    00000162 [SR] Beginning Verify and Repair transaction
2016-06-21 23:50:24, Info                  CSI    00000164 [SR] Verify complete
2016-06-21 23:50:24, Info                  CSI    00000165 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:50:24, Info                  CSI    00000166 [SR] Beginning Verify and Repair transaction
2016-06-21 23:50:29, Info                  CSI    00000168 [SR] Verify complete
2016-06-21 23:50:30, Info                  CSI    00000169 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:50:30, Info                  CSI    0000016a [SR] Beginning Verify and Repair transaction
2016-06-21 23:50:38, Info                  CSI    0000016c [SR] Verify complete
2016-06-21 23:50:38, Info                  CSI    0000016d [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:50:38, Info                  CSI    0000016e [SR] Beginning Verify and Repair transaction
2016-06-21 23:50:42, Info                  CSI    00000170 [SR] Verify complete
2016-06-21 23:50:42, Info                  CSI    00000171 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:50:42, Info                  CSI    00000172 [SR] Beginning Verify and Repair transaction
2016-06-21 23:50:45, Info                  CSI    00000174 [SR] Verify complete
2016-06-21 23:50:45, Info                  CSI    00000175 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:50:45, Info                  CSI    00000176 [SR] Beginning Verify and Repair transaction
2016-06-21 23:50:49, Info                  CSI    00000178 [SR] Verify complete
2016-06-21 23:50:49, Info                  CSI    00000179 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:50:49, Info                  CSI    0000017a [SR] Beginning Verify and Repair transaction
2016-06-21 23:50:57, Info                  CSI    00000192 [SR] Verify complete
2016-06-21 23:50:57, Info                  CSI    00000193 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:50:57, Info                  CSI    00000194 [SR] Beginning Verify and Repair transaction
2016-06-21 23:51:00, Info                  CSI    00000196 [SR] Verify complete
2016-06-21 23:51:00, Info                  CSI    00000197 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:51:00, Info                  CSI    00000198 [SR] Beginning Verify and Repair transaction
2016-06-21 23:51:04, Info                  CSI    0000019a [SR] Verify complete
2016-06-21 23:51:04, Info                  CSI    0000019b [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:51:04, Info                  CSI    0000019c [SR] Beginning Verify and Repair transaction
2016-06-21 23:51:17, Info                  CSI    0000019e [SR] Verify complete
2016-06-21 23:51:18, Info                  CSI    0000019f [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:51:18, Info                  CSI    000001a0 [SR] Beginning Verify and Repair transaction
2016-06-21 23:51:22, Info                  CSI    000001a2 [SR] Verify complete
2016-06-21 23:51:22, Info                  CSI    000001a3 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:51:22, Info                  CSI    000001a4 [SR] Beginning Verify and Repair transaction
2016-06-21 23:51:26, Info                  CSI    000001a7 [SR] Verify complete
2016-06-21 23:51:27, Info                  CSI    000001a8 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:51:27, Info                  CSI    000001a9 [SR] Beginning Verify and Repair transaction
2016-06-21 23:51:30, Info                  CSI    000001ab [SR] Verify complete
2016-06-21 23:51:31, Info                  CSI    000001ac [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:51:31, Info                  CSI    000001ad [SR] Beginning Verify and Repair transaction
2016-06-21 23:51:38, Info                  CSI    000001af [SR] Verify complete
2016-06-21 23:51:38, Info                  CSI    000001b0 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:51:38, Info                  CSI    000001b1 [SR] Beginning Verify and Repair transaction
2016-06-21 23:51:41, Info                  CSI    000001b3 [SR] Verify complete
2016-06-21 23:51:41, Info                  CSI    000001b4 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:51:41, Info                  CSI    000001b5 [SR] Beginning Verify and Repair transaction
2016-06-21 23:51:44, Info                  CSI    000001b7 [SR] Verify complete
2016-06-21 23:51:44, Info                  CSI    000001b8 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:51:44, Info                  CSI    000001b9 [SR] Beginning Verify and Repair transaction
2016-06-21 23:51:47, Info                  CSI    000001bb [SR] Verify complete
2016-06-21 23:51:47, Info                  CSI    000001bc [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:51:47, Info                  CSI    000001bd [SR] Beginning Verify and Repair transaction
2016-06-21 23:51:50, Info                  CSI    000001bf [SR] Verify complete
2016-06-21 23:51:50, Info                  CSI    000001c0 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:51:50, Info                  CSI    000001c1 [SR] Beginning Verify and Repair transaction
2016-06-21 23:51:53, Info                  CSI    000001c5 [SR] Verify complete
2016-06-21 23:51:54, Info                  CSI    000001c6 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:51:54, Info                  CSI    000001c7 [SR] Beginning Verify and Repair transaction
2016-06-21 23:51:56, Info                  CSI    000001c9 [SR] Verify complete
2016-06-21 23:51:56, Info                  CSI    000001ca [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:51:56, Info                  CSI    000001cb [SR] Beginning Verify and Repair transaction
2016-06-21 23:52:00, Info                  CSI    000001cd [SR] Verify complete
2016-06-21 23:52:00, Info                  CSI    000001ce [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:52:00, Info                  CSI    000001cf [SR] Beginning Verify and Repair transaction
2016-06-21 23:52:08, Info                  CSI    000001d1 [SR] Verify complete
2016-06-21 23:52:08, Info                  CSI    000001d2 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:52:08, Info                  CSI    000001d3 [SR] Beginning Verify and Repair transaction
2016-06-21 23:52:13, Info                  CSI    000001d6 [SR] Verify complete
2016-06-21 23:52:13, Info                  CSI    000001d7 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:52:13, Info                  CSI    000001d8 [SR] Beginning Verify and Repair transaction
2016-06-21 23:52:18, Info                  CSI    000001da [SR] Verify complete
2016-06-21 23:52:18, Info                  CSI    000001db [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:52:18, Info                  CSI    000001dc [SR] Beginning Verify and Repair transaction
2016-06-21 23:52:21, Info                  CSI    000001de [SR] Verify complete
2016-06-21 23:52:21, Info                  CSI    000001df [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:52:21, Info                  CSI    000001e0 [SR] Beginning Verify and Repair transaction
2016-06-21 23:52:25, Info                  CSI    000001e3 [SR] Verify complete
2016-06-21 23:52:25, Info                  CSI    000001e4 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:52:25, Info                  CSI    000001e5 [SR] Beginning Verify and Repair transaction
2016-06-21 23:52:30, Info                  CSI    000001e7 [SR] Verify complete
2016-06-21 23:52:30, Info                  CSI    000001e8 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:52:30, Info                  CSI    000001e9 [SR] Beginning Verify and Repair transaction
2016-06-21 23:52:39, Info                  CSI    000001ec [SR] Verify complete
2016-06-21 23:52:39, Info                  CSI    000001ed [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:52:39, Info                  CSI    000001ee [SR] Beginning Verify and Repair transaction
2016-06-21 23:52:45, Info                  CSI    000001f0 [SR] Verify complete
2016-06-21 23:52:45, Info                  CSI    000001f1 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:52:45, Info                  CSI    000001f2 [SR] Beginning Verify and Repair transaction
2016-06-21 23:52:48, Info                  CSI    000001f4 [SR] Verify complete
2016-06-21 23:52:49, Info                  CSI    000001f5 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:52:49, Info                  CSI    000001f6 [SR] Beginning Verify and Repair transaction
2016-06-21 23:52:53, Info                  CSI    000001f8 [SR] Verify complete
2016-06-21 23:52:53, Info                  CSI    000001f9 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:52:53, Info                  CSI    000001fa [SR] Beginning Verify and Repair transaction
2016-06-21 23:52:57, Info                  CSI    000001fc [SR] Verify complete
2016-06-21 23:52:57, Info                  CSI    000001fd [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:52:57, Info                  CSI    000001fe [SR] Beginning Verify and Repair transaction
2016-06-21 23:53:01, Info                  CSI    00000200 [SR] Verify complete
2016-06-21 23:53:02, Info                  CSI    00000201 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:53:02, Info                  CSI    00000202 [SR] Beginning Verify and Repair transaction
2016-06-21 23:53:05, Info                  CSI    00000205 [SR] Verify complete
2016-06-21 23:53:06, Info                  CSI    00000206 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:53:06, Info                  CSI    00000207 [SR] Beginning Verify and Repair transaction
2016-06-21 23:53:11, Info                  CSI    00000209 [SR] Verify complete
2016-06-21 23:53:12, Info                  CSI    0000020a [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:53:12, Info                  CSI    0000020b [SR] Beginning Verify and Repair transaction
2016-06-21 23:53:14, Info                  CSI    0000020d [SR] Verify complete
2016-06-21 23:53:14, Info                  CSI    0000020e [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:53:14, Info                  CSI    0000020f [SR] Beginning Verify and Repair transaction
2016-06-21 23:53:17, Info                  CSI    00000211 [SR] Verify complete
2016-06-21 23:53:18, Info                  CSI    00000212 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:53:18, Info                  CSI    00000213 [SR] Beginning Verify and Repair transaction
2016-06-21 23:53:21, Info                  CSI    00000216 [SR] Verify complete
2016-06-21 23:53:21, Info                  CSI    00000217 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:53:21, Info                  CSI    00000218 [SR] Beginning Verify and Repair transaction
2016-06-21 23:53:27, Info                  CSI    0000021c [SR] Verify complete
2016-06-21 23:53:27, Info                  CSI    0000021d [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:53:27, Info                  CSI    0000021e [SR] Beginning Verify and Repair transaction
2016-06-21 23:53:31, Info                  CSI    00000221 [SR] Verify complete
2016-06-21 23:53:31, Info                  CSI    00000222 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:53:31, Info                  CSI    00000223 [SR] Beginning Verify and Repair transaction
2016-06-21 23:53:36, Info                  CSI    00000226 [SR] Verify complete
2016-06-21 23:53:37, Info                  CSI    00000227 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:53:37, Info                  CSI    00000228 [SR] Beginning Verify and Repair transaction
2016-06-21 23:53:41, Info                  CSI    0000022a [SR] Verify complete
2016-06-21 23:53:41, Info                  CSI    0000022b [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:53:41, Info                  CSI    0000022c [SR] Beginning Verify and Repair transaction
2016-06-21 23:53:47, Info                  CSI    0000022e [SR] Verify complete
2016-06-21 23:53:47, Info                  CSI    0000022f [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:53:47, Info                  CSI    00000230 [SR] Beginning Verify and Repair transaction
2016-06-21 23:53:52, Info                  CSI    00000233 [SR] Verify complete
2016-06-21 23:53:52, Info                  CSI    00000234 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:53:52, Info                  CSI    00000235 [SR] Beginning Verify and Repair transaction
2016-06-21 23:53:58, Info                  CSI    00000237 [SR] Verify complete
2016-06-21 23:53:58, Info                  CSI    00000238 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:53:58, Info                  CSI    00000239 [SR] Beginning Verify and Repair transaction
2016-06-21 23:54:00, Info                  CSI    0000023b [SR] Verify complete
2016-06-21 23:54:00, Info                  CSI    0000023c [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:54:00, Info                  CSI    0000023d [SR] Beginning Verify and Repair transaction
2016-06-21 23:54:02, Info                  CSI    0000023f [SR] Verify complete
2016-06-21 23:54:03, Info                  CSI    00000240 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:54:03, Info                  CSI    00000241 [SR] Beginning Verify and Repair transaction
2016-06-21 23:54:07, Info                  CSI    00000243 [SR] Verify complete
2016-06-21 23:54:07, Info                  CSI    00000244 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:54:07, Info                  CSI    00000245 [SR] Beginning Verify and Repair transaction
2016-06-21 23:54:12, Info                  CSI    00000247 [SR] Verify complete
2016-06-21 23:54:12, Info                  CSI    00000248 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:54:12, Info                  CSI    00000249 [SR] Beginning Verify and Repair transaction
2016-06-21 23:54:18, Info                  CSI    0000024b [SR] Verify complete
2016-06-21 23:54:18, Info                  CSI    0000024c [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:54:18, Info                  CSI    0000024d [SR] Beginning Verify and Repair transaction
2016-06-21 23:54:24, Info                  CSI    0000024f [SR] Verify complete
2016-06-21 23:54:24, Info                  CSI    00000250 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:54:24, Info                  CSI    00000251 [SR] Beginning Verify and Repair transaction
2016-06-21 23:54:27, Info                  CSI    00000253 [SR] Verify complete
2016-06-21 23:54:27, Info                  CSI    00000254 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:54:27, Info                  CSI    00000255 [SR] Beginning Verify and Repair transaction
2016-06-21 23:54:30, Info                  CSI    00000257 [SR] Verify complete
2016-06-21 23:54:30, Info                  CSI    00000258 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:54:30, Info                  CSI    00000259 [SR] Beginning Verify and Repair transaction
2016-06-21 23:54:36, Info                  CSI    0000025b [SR] Verify complete
2016-06-21 23:54:36, Info                  CSI    0000025c [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:54:36, Info                  CSI    0000025d [SR] Beginning Verify and Repair transaction
2016-06-21 23:54:45, Info                  CSI    0000025f [SR] Verify complete
2016-06-21 23:54:45, Info                  CSI    00000260 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:54:45, Info                  CSI    00000261 [SR] Beginning Verify and Repair transaction
2016-06-21 23:55:00, Info                  CSI    00000263 [SR] Verify complete
2016-06-21 23:55:00, Info                  CSI    00000264 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:55:00, Info                  CSI    00000265 [SR] Beginning Verify and Repair transaction
2016-06-21 23:55:08, Info                  CSI    00000267 [SR] Verify complete
2016-06-21 23:55:08, Info                  CSI    00000268 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:55:08, Info                  CSI    00000269 [SR] Beginning Verify and Repair transaction
2016-06-21 23:55:10, Info                  CSI    0000026b [SR] Verify complete
2016-06-21 23:55:11, Info                  CSI    0000026c [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:55:11, Info                  CSI    0000026d [SR] Beginning Verify and Repair transaction
2016-06-21 23:55:16, Info                  CSI    0000026f [SR] Verify complete
2016-06-21 23:55:16, Info                  CSI    00000270 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:55:16, Info                  CSI    00000271 [SR] Beginning Verify and Repair transaction
2016-06-21 23:55:20, Info                  CSI    00000273 [SR] Verify complete
2016-06-21 23:55:20, Info                  CSI    00000274 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:55:20, Info                  CSI    00000275 [SR] Beginning Verify and Repair transaction
2016-06-21 23:55:22, Info                  CSI    00000277 [SR] Verify complete
2016-06-21 23:55:22, Info                  CSI    00000278 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:55:22, Info                  CSI    00000279 [SR] Beginning Verify and Repair transaction
2016-06-21 23:55:24, Info                  CSI    0000027b [SR] Verify complete
2016-06-21 23:55:24, Info                  CSI    0000027c [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:55:24, Info                  CSI    0000027d [SR] Beginning Verify and Repair transaction
2016-06-21 23:55:28, Info                  CSI    0000027f [SR] Verify complete
2016-06-21 23:55:28, Info                  CSI    00000280 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:55:28, Info                  CSI    00000281 [SR] Beginning Verify and Repair transaction
2016-06-21 23:55:31, Info                  CSI    00000283 [SR] Verify complete
2016-06-21 23:55:31, Info                  CSI    00000284 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:55:31, Info                  CSI    00000285 [SR] Beginning Verify and Repair transaction
2016-06-21 23:55:36, Info                  CSI    00000287 [SR] Verify complete
2016-06-21 23:55:36, Info                  CSI    00000288 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:55:36, Info                  CSI    00000289 [SR] Beginning Verify and Repair transaction
2016-06-21 23:55:40, Info                  CSI    0000028b [SR] Verify complete
2016-06-21 23:55:40, Info                  CSI    0000028c [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:55:40, Info                  CSI    0000028d [SR] Beginning Verify and Repair transaction
2016-06-21 23:55:41, Info                  CSI    0000028f [SR] Verify complete
2016-06-21 23:55:41, Info                  CSI    00000290 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:55:41, Info                  CSI    00000291 [SR] Beginning Verify and Repair transaction
2016-06-21 23:55:42, Info                  CSI    00000293 [SR] Verify complete
2016-06-21 23:55:42, Info                  CSI    00000294 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:55:42, Info                  CSI    00000295 [SR] Beginning Verify and Repair transaction
2016-06-21 23:55:48, Info                  CSI    000002a3 [SR] Verify complete
2016-06-21 23:55:48, Info                  CSI    000002a4 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:55:48, Info                  CSI    000002a5 [SR] Beginning Verify and Repair transaction
2016-06-21 23:56:00, Info                  CSI    000002a7 [SR] Verify complete
2016-06-21 23:56:01, Info                  CSI    000002a8 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:56:01, Info                  CSI    000002a9 [SR] Beginning Verify and Repair transaction
2016-06-21 23:56:14, Info                  CSI    000002ab [SR] Verify complete
2016-06-21 23:56:14, Info                  CSI    000002ac [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:56:14, Info                  CSI    000002ad [SR] Beginning Verify and Repair transaction
2016-06-21 23:56:19, Info                  CSI    000002af [SR] Verify complete
2016-06-21 23:56:20, Info                  CSI    000002b0 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:56:20, Info                  CSI    000002b1 [SR] Beginning Verify and Repair transaction
2016-06-21 23:56:30, Info                  CSI    000002b3 [SR] Verify complete
2016-06-21 23:56:32, Info                  CSI    000002b4 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:56:32, Info                  CSI    000002b5 [SR] Beginning Verify and Repair transaction
2016-06-21 23:56:50, Info                  CSI    000002b7 [SR] Verify complete
2016-06-21 23:56:50, Info                  CSI    000002b8 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:56:50, Info                  CSI    000002b9 [SR] Beginning Verify and Repair transaction
2016-06-21 23:56:58, Info                  CSI    000002bb [SR] Verify complete
2016-06-21 23:56:58, Info                  CSI    000002bc [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:56:58, Info                  CSI    000002bd [SR] Beginning Verify and Repair transaction
2016-06-21 23:57:05, Info                  CSI    000002c0 [SR] Verify complete
2016-06-21 23:57:05, Info                  CSI    000002c1 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:57:05, Info                  CSI    000002c2 [SR] Beginning Verify and Repair transaction
2016-06-21 23:57:07, Info                  CSI    000002c4 [SR] Verify complete
2016-06-21 23:57:07, Info                  CSI    000002c5 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:57:07, Info                  CSI    000002c6 [SR] Beginning Verify and Repair transaction
2016-06-21 23:57:08, Info                  CSI    000002c8 [SR] Verify complete
2016-06-21 23:57:08, Info                  CSI    000002c9 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:57:08, Info                  CSI    000002ca [SR] Beginning Verify and Repair transaction
2016-06-21 23:57:16, Info                  CSI    000002cd [SR] Verify complete
2016-06-21 23:57:16, Info                  CSI    000002ce [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:57:16, Info                  CSI    000002cf [SR] Beginning Verify and Repair transaction
2016-06-21 23:57:26, Info                  CSI    000002d3 [SR] Verify complete
2016-06-21 23:57:26, Info                  CSI    000002d4 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:57:26, Info                  CSI    000002d5 [SR] Beginning Verify and Repair transaction
2016-06-21 23:57:34, Info                  CSI    000002db [SR] Verify complete
2016-06-21 23:57:34, Info                  CSI    000002dc [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:57:34, Info                  CSI    000002dd [SR] Beginning Verify and Repair transaction
2016-06-21 23:57:39, Info                  CSI    000002df [SR] Verify complete
2016-06-21 23:57:39, Info                  CSI    000002e0 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:57:39, Info                  CSI    000002e1 [SR] Beginning Verify and Repair transaction
2016-06-21 23:57:45, Info                  CSI    000002e9 [SR] Verify complete
2016-06-21 23:57:45, Info                  CSI    000002ea [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:57:45, Info                  CSI    000002eb [SR] Beginning Verify and Repair transaction
2016-06-21 23:57:51, Info                  CSI    000002f3 [SR] Verify complete
2016-06-21 23:57:51, Info                  CSI    000002f4 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:57:51, Info                  CSI    000002f5 [SR] Beginning Verify and Repair transaction
2016-06-21 23:57:56, Info                  CSI    000002fa [SR] Verify complete
2016-06-21 23:57:56, Info                  CSI    000002fb [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:57:56, Info                  CSI    000002fc [SR] Beginning Verify and Repair transaction
2016-06-21 23:58:00, Info                  CSI    000002fe [SR] Verify complete
2016-06-21 23:58:00, Info                  CSI    000002ff [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:58:00, Info                  CSI    00000300 [SR] Beginning Verify and Repair transaction
2016-06-21 23:58:02, Info                  CSI    00000304 [SR] Verify complete
2016-06-21 23:58:03, Info                  CSI    00000305 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:58:03, Info                  CSI    00000306 [SR] Beginning Verify and Repair transaction
2016-06-21 23:58:05, Info                  CSI    00000308 [SR] Verify complete
2016-06-21 23:58:05, Info                  CSI    00000309 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:58:05, Info                  CSI    0000030a [SR] Beginning Verify and Repair transaction
2016-06-21 23:58:08, Info                  CSI    0000030c [SR] Verify complete
2016-06-21 23:58:09, Info                  CSI    0000030d [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:58:09, Info                  CSI    0000030e [SR] Beginning Verify and Repair transaction
2016-06-21 23:58:14, Info                  CSI    00000333 [SR] Verify complete
2016-06-21 23:58:14, Info                  CSI    00000334 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:58:14, Info                  CSI    00000335 [SR] Beginning Verify and Repair transaction
2016-06-21 23:58:18, Info                  CSI    00000337 [SR] Verify complete
2016-06-21 23:58:18, Info                  CSI    00000338 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:58:18, Info                  CSI    00000339 [SR] Beginning Verify and Repair transaction
2016-06-21 23:58:21, Info                  CSI    0000033b [SR] Verify complete
2016-06-21 23:58:22, Info                  CSI    0000033c [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:58:22, Info                  CSI    0000033d [SR] Beginning Verify and Repair transaction
2016-06-21 23:58:24, Info                  CSI    0000033f [SR] Verify complete
2016-06-21 23:58:24, Info                  CSI    00000340 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:58:24, Info                  CSI    00000341 [SR] Beginning Verify and Repair transaction
2016-06-21 23:58:27, Info                  CSI    00000343 [SR] Verify complete
2016-06-21 23:58:27, Info                  CSI    00000344 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:58:27, Info                  CSI    00000345 [SR] Beginning Verify and Repair transaction
2016-06-21 23:58:31, Info                  CSI    00000352 [SR] Verify complete
2016-06-21 23:58:31, Info                  CSI    00000353 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:58:31, Info                  CSI    00000354 [SR] Beginning Verify and Repair transaction
2016-06-21 23:58:35, Info                  CSI    00000357 [SR] Verify complete
2016-06-21 23:58:35, Info                  CSI    00000358 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:58:35, Info                  CSI    00000359 [SR] Beginning Verify and Repair transaction
2016-06-21 23:58:44, Info                  CSI    0000035b [SR] Verify complete
2016-06-21 23:58:44, Info                  CSI    0000035c [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:58:44, Info                  CSI    0000035d [SR] Beginning Verify and Repair transaction
2016-06-21 23:58:48, Info                  CSI    00000368 [SR] Verify complete
2016-06-21 23:58:48, Info                  CSI    00000369 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:58:48, Info                  CSI    0000036a [SR] Beginning Verify and Repair transaction
2016-06-21 23:58:52, Info                  CSI    0000036f [SR] Verify complete
2016-06-21 23:58:52, Info                  CSI    00000370 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:58:52, Info                  CSI    00000371 [SR] Beginning Verify and Repair transaction
2016-06-21 23:58:54, Info                  CSI    00000373 [SR] Verify complete
2016-06-21 23:58:54, Info                  CSI    00000374 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:58:54, Info                  CSI    00000375 [SR] Beginning Verify and Repair transaction
2016-06-21 23:59:00, Info                  CSI    00000378 [SR] Verify complete
2016-06-21 23:59:00, Info                  CSI    00000379 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:59:00, Info                  CSI    0000037a [SR] Beginning Verify and Repair transaction
2016-06-21 23:59:03, Info                  CSI    0000037c [SR] Verify complete
2016-06-21 23:59:03, Info                  CSI    0000037d [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:59:03, Info                  CSI    0000037e [SR] Beginning Verify and Repair transaction
2016-06-21 23:59:05, Info                  CSI    00000380 [SR] Verify complete
2016-06-21 23:59:06, Info                  CSI    00000381 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:59:06, Info                  CSI    00000382 [SR] Beginning Verify and Repair transaction
2016-06-21 23:59:08, Info                  CSI    00000384 [SR] Verify complete
2016-06-21 23:59:08, Info                  CSI    00000385 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:59:08, Info                  CSI    00000386 [SR] Beginning Verify and Repair transaction
2016-06-21 23:59:14, Info                  CSI    00000388 [SR] Verify complete
2016-06-21 23:59:14, Info                  CSI    00000389 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:59:14, Info                  CSI    0000038a [SR] Beginning Verify and Repair transaction
2016-06-21 23:59:18, Info                  CSI    0000038c [SR] Verify complete
2016-06-21 23:59:18, Info                  CSI    0000038d [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:59:18, Info                  CSI    0000038e [SR] Beginning Verify and Repair transaction
2016-06-21 23:59:21, Info                  CSI    00000390 [SR] Verify complete
2016-06-21 23:59:21, Info                  CSI    00000391 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:59:21, Info                  CSI    00000392 [SR] Beginning Verify and Repair transaction
2016-06-21 23:59:27, Info                  CSI    0000039e [SR] Verify complete
2016-06-21 23:59:27, Info                  CSI    0000039f [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:59:27, Info                  CSI    000003a0 [SR] Beginning Verify and Repair transaction
2016-06-21 23:59:31, Info                  CSI    000003b0 [SR] Verify complete
2016-06-21 23:59:31, Info                  CSI    000003b1 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:59:31, Info                  CSI    000003b2 [SR] Beginning Verify and Repair transaction
2016-06-21 23:59:34, Info                  CSI    000003b4 [SR] Verify complete
2016-06-21 23:59:35, Info                  CSI    000003b5 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:59:35, Info                  CSI    000003b6 [SR] Beginning Verify and Repair transaction
2016-06-21 23:59:56, Info                  CSI    000003b8 [SR] Verify complete
2016-06-21 23:59:56, Info                  CSI    000003b9 [SR] Verifying 100 (0x0000000000000064) components
2016-06-21 23:59:56, Info                  CSI    000003ba [SR] Beginning Verify and Repair transaction
2016-06-22 00:00:00, Info                  CSI    000003bc [SR] Verify complete
2016-06-22 00:00:00, Info                  CSI    000003bd [SR] Verifying 100 (0x0000000000000064) components
2016-06-22 00:00:00, Info                  CSI    000003be [SR] Beginning Verify and Repair transaction
2016-06-22 00:00:04, Info                  CSI    000003c0 [SR] Verify complete
2016-06-22 00:00:04, Info                  CSI    000003c1 [SR] Verifying 100 (0x0000000000000064) components
2016-06-22 00:00:04, Info                  CSI    000003c2 [SR] Beginning Verify and Repair transaction
2016-06-22 00:00:08, Info                  CSI    000003c4 [SR] Verify complete
2016-06-22 00:00:08, Info                  CSI    000003c5 [SR] Verifying 100 (0x0000000000000064) components
2016-06-22 00:00:08, Info                  CSI    000003c6 [SR] Beginning Verify and Repair transaction
2016-06-22 00:00:11, Info                  CSI    000003ca [SR] Verify complete
2016-06-22 00:00:11, Info                  CSI    000003cb [SR] Verifying 100 (0x0000000000000064) components
2016-06-22 00:00:11, Info                  CSI    000003cc [SR] Beginning Verify and Repair transaction
2016-06-22 00:00:13, Info                  CSI    000003ce [SR] Verify complete
2016-06-22 00:00:13, Info                  CSI    000003cf [SR] Verifying 100 (0x0000000000000064) components
2016-06-22 00:00:13, Info                  CSI    000003d0 [SR] Beginning Verify and Repair transaction
2016-06-22 00:00:17, Info                  CSI    000003d2 [SR] Verify complete
2016-06-22 00:00:17, Info                  CSI    000003d3 [SR] Verifying 100 (0x0000000000000064) components
2016-06-22 00:00:17, Info                  CSI    000003d4 [SR] Beginning Verify and Repair transaction
2016-06-22 00:00:23, Info                  CSI    000003d6 [SR] Verify complete
2016-06-22 00:00:23, Info                  CSI    000003d7 [SR] Verifying 100 (0x0000000000000064) components
2016-06-22 00:00:23, Info                  CSI    000003d8 [SR] Beginning Verify and Repair transaction
2016-06-22 00:00:26, Info                  CSI    000003da [SR] Verify complete
2016-06-22 00:00:27, Info                  CSI    000003db [SR] Verifying 100 (0x0000000000000064) components
2016-06-22 00:00:27, Info                  CSI    000003dc [SR] Beginning Verify and Repair transaction
2016-06-22 00:00:30, Info                  CSI    000003de [SR] Verify complete
2016-06-22 00:00:30, Info                  CSI    000003df [SR] Verifying 100 (0x0000000000000064) components
2016-06-22 00:00:30, Info                  CSI    000003e0 [SR] Beginning Verify and Repair transaction
2016-06-22 00:00:33, Info                  CSI    000003e3 [SR] Verify complete
2016-06-22 00:00:33, Info                  CSI    000003e4 [SR] Verifying 100 (0x0000000000000064) components
2016-06-22 00:00:33, Info                  CSI    000003e5 [SR] Beginning Verify and Repair transaction
2016-06-22 00:00:36, Info                  CSI    000003e7 [SR] Verify complete
2016-06-22 00:00:37, Info                  CSI    000003e8 [SR] Verifying 100 (0x0000000000000064) components
2016-06-22 00:00:37, Info                  CSI    000003e9 [SR] Beginning Verify and Repair transaction
2016-06-22 00:00:40, Info                  CSI    000003ec [SR] Verify complete
2016-06-22 00:00:40, Info                  CSI    000003ed [SR] Verifying 100 (0x0000000000000064) components
2016-06-22 00:00:40, Info                  CSI    000003ee [SR] Beginning Verify and Repair transaction
2016-06-22 00:00:44, Info                  CSI    000003f1 [SR] Verify complete
2016-06-22 00:00:44, Info                  CSI    000003f2 [SR] Verifying 100 (0x0000000000000064) components
2016-06-22 00:00:44, Info                  CSI    000003f3 [SR] Beginning Verify and Repair transaction
2016-06-22 00:00:48, Info                  CSI    000003f5 [SR] Verify complete
2016-06-22 00:00:49, Info                  CSI    000003f6 [SR] Verifying 100 (0x0000000000000064) components
2016-06-22 00:00:49, Info                  CSI    000003f7 [SR] Beginning Verify and Repair transaction
2016-06-22 00:00:52, Info                  CSI    000003f9 [SR] Verify complete
2016-06-22 00:00:52, Info                  CSI    000003fa [SR] Verifying 100 (0x0000000000000064) components
2016-06-22 00:00:52, Info                  CSI    000003fb [SR] Beginning Verify and Repair transaction
2016-06-22 00:00:57, Info                  CSI    000003fe [SR] Verify complete
2016-06-22 00:00:57, Info                  CSI    000003ff [SR] Verifying 100 (0x0000000000000064) components
2016-06-22 00:00:57, Info                  CSI    00000400 [SR] Beginning Verify and Repair transaction
2016-06-22 00:01:02, Info                  CSI    00000402 [SR] Verify complete
2016-06-22 00:01:02, Info                  CSI    00000403 [SR] Verifying 100 (0x0000000000000064) components
2016-06-22 00:01:02, Info                  CSI    00000404 [SR] Beginning Verify and Repair transaction
2016-06-22 00:01:06, Info                  CSI    00000406 [SR] Verify complete
2016-06-22 00:01:06, Info                  CSI    00000407 [SR] Verifying 100 (0x0000000000000064) components
2016-06-22 00:01:06, Info                  CSI    00000408 [SR] Beginning Verify and Repair transaction
2016-06-22 00:01:11, Info                  CSI    0000040a [SR] Verify complete
2016-06-22 00:01:11, Info                  CSI    0000040b [SR] Verifying 100 (0x0000000000000064) components
2016-06-22 00:01:11, Info                  CSI    0000040c [SR] Beginning Verify and Repair transaction
2016-06-22 00:01:15, Info                  CSI    0000040e [SR] Verify complete
2016-06-22 00:01:15, Info                  CSI    0000040f [SR] Verifying 9 components
2016-06-22 00:01:15, Info                  CSI    00000410 [SR] Beginning Verify and Repair transaction
2016-06-22 00:01:16, Info                  CSI    00000412 [SR] Verify complete
2016-06-22 00:01:16, Info                  CSI    00000413 [SR] Repairing 0 components
2016-06-22 00:01:16, Info                  CSI    00000414 [SR] Beginning Verify and Repair transaction
2016-06-22 00:01:16, Info                  CSI    00000416 [SR] Repair complete
 
During normal operations and shutdowns it everything stays the same.
 1. Image Name: System Idle Process, CPU: 75
 2. Image Name: svchost.exe, CPU: 25
 3. Image Name: *chrome.exe *32, CPU: 0 (It actually depends, whenever i use chrome it goes up to 15-17 sometimes even to 50)
And i don't know why but there are 3-4 same Image Names: chrome.exe *32.
 1. Image Name: svchost.exe, Memory: 99.956 K
 2. Image Name: chrome.exe *32, Memory: 56.*** K (*** because it changes)
 3. Image Name: chrome.exe *32, Memory: 51.856 K
CPU usage: 25-27%   Physical Memory: 70-71%
 
I've had several problems getting details of shutdown errors:
1. When i try to search eventwvr.msc in the Search box, it says "No items match your search".
2. There is no My computer in Start, i some how deleted it long time ago and i don't know how to restore it.

The only program that needs to close before shutdown and its Skype
 
 As i said above after running my machine for a while it started to run normal but i didn't think that the problem was solved, after rebooting the computer at start there was no lag, but after some time it started lagging, then it stopped, it's like opposite of what i said before, very strange.
When i try to Maximize my browser, the page sometimes turns black or white then goes to normal after couple of seconds. I never seen anything like this before, this is the first  time i'm seeing this kind of lag, Do you suggest that i should reinstall my OS ?
Note that the lag affects my games and every other program, one day i played without lag, the next day the game lags like crazy.
 
Edit: I completed my reply, and my PC runs at normal pace, even better i think, but i don't think its over. Shutdown process was normal.
 
Until next time,
 
Arthur

Edited by Immortalproject, 21 June 2016 - 05:37 PM.


#8 RayS

RayS

  • Malware Response Team
  • 2,434 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:57 AM

Posted 23 June 2016 - 12:59 AM

Hi Arthur,

Thank you for Fixlog.txt and sfcdetails.txt. They both ran normally and no further action is needed. The CPU and Memory values you reported from Windows Task manager are normal.


Do you recognize XoftSpy AntiVirus Pro by Pareto Locic, Inc? Did you install it intentionally? It is corrupted and needs to be uninstalled. The following FRST script will do that. If you want to run XoftSpy AntiVirus Pro again, you will need to do a fresh installation later. Before proceeding with the next step, make a copy of any password or registration code that might be necessary if you decide to reinstall XoftSpy AntiVirus Pro.
 
 
Let's run FRST in FIX mode

Save your work and exit all programs because Farbar Recovery Scan Tool may reboot your computer.

Press the Windows key Windows_Logo_key.gif+ R on your keyboard at the same time. This will open the Run dialog box.
Type Notepad into the Run box and click OK.
Please copy and paste the entire contents of the code box below into a new file.

CloseProcesses:
S2 SBAMSvc; "C:\Program Files (x86)\ParetoLogic\XoftSpy AntiVirus Pro\SBAMSvc.exe" [X]
2016-06-17 11:04 - 2016-06-17 11:04 - 00003136 _____ C:\Windows\System32\Tasks\ParetoLogic Registration3
2016-06-17 10:59 - 2016-06-17 10:59 - 00003260 _____ C:\Windows\System32\Tasks\ParetoLogic Update Version3
2016-06-17 10:59 - 2016-06-17 10:59 - 00002928 _____ C:\Windows\System32\Tasks\ParetoLogic Update Version3 Startup Task
2016-06-17 10:59 - 2016-06-17 10:59 - 00002758 _____ C:\Windows\System32\Tasks\XoftSpy AntiVirus Pro Startup
2016-06-17 10:58 - 2016-06-17 16:26 - 00000000 ____D C:\ProgramData\ParetoLogic
2016-06-05 23:20 - 2016-06-05 23:20 - 00000000 ____D C:\Program Files (x86)\Skillbrains
Task: {1823EFB3-27B8-4232-A7F7-78C331E88F38} - System32\Tasks\ParetoLogic Update Version3 => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
C:\Program Files (x86)\Common Files\ParetoLogic\
Task: {19943922-E4A4-44DD-ACCF-C9E174E7344F} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: {3036E9D4-A9DD-4891-9E94-C538DA995D47} - System32\Tasks\ParetoLogic Update Version3 Startup Task => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: {69F07454-2026-4829-B004-A4C841E70B85} - System32\Tasks\XoftSpy AntiVirus Pro Startup => C:\Program Files (x86)\ParetoLogic\XoftSpy AntiVirus Pro\XoftSpy.exe
C:\Program Files (x86)\ParetoLogic\
Task: {A3274A7A-DF67-469C-AC55-EE86AA5C1452} - System32\Tasks\update-S-1-5-21-3346973620-2518307813-930778835-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: {D476DA7B-9938-4DE9-A735-9B18A0A91287} - System32\Tasks\ParetoLogic Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns
FirewallRules: [{583D5614-C7E9-430E-9B76-464FBA14E5A5}] => (Allow) C:\Users\Arturas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8CE9F5CF-DE08-41A2-B1E9-829D2CCAB6ED}] => (Allow) C:\Users\Arturas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{5B964703-7BF1-46C3-B6FA-189A032DD936}C:\users\arturas\appdata\roaming\utorrent\updates\3.4.2_37754.exe] => (Block) C:\users\arturas\appdata\roaming\utorrent\updates\3.4.2_37754.exe
FirewallRules: [UDP Query User{3B8A4ED8-DE07-445C-A709-975300E913AC}C:\users\arturas\appdata\roaming\utorrent\updates\3.4.2_37754.exe] => (Block) C:\users\arturas\appdata\roaming\utorrent\updates\3.4.2_37754.exe
FirewallRules: [{14108A33-F223-44C7-A375-F8778C63E62F}] => (Allow) C:\Users\Arturas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{39921438-0426-40BB-8FE9-DCE6176B9165}] => (Allow) C:\Users\Arturas\AppData\Roaming\uTorrent\uTorrent.exe

On the Notepad menu, click Format and remove the checkmark from Word Wrap.
Save the file as fixlist.txt into the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST64.exe and click Fix only once and wait until the program completes execution.

If requested, restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt). Please post it into your reply.
 
Don't reinstall XoftSpy AntiVirus Pro for now.
 
 

After XoftSpy AntiVirus Pro is successfully uninstalled, reboot your PC into Normal mode.

  • Is startup still slow?
  • Does Chrome still launch slowly?
  • Can you surf the net normally with Chrome?
  • Is shutdown still slow?

 

 

 

I've had several problems getting details of shutdown errors:
1. When i try to search eventwvr.msc in the Search box, it says "No items match your search".

Please try my instructions again using the correct spelling for eventvwr.msc except this time, let's increase the range of the filter to 100-299.

Get details of both bootup and shutdown errors

  • Press the Start key and enter eventvwr.msc into the search box.
  • Click eventvwr.msc in the search results.
  • When Event Viewer opens, navigate to: Applications and Services Logs > Microsoft > Windows > Diagnostics-Performance >Operational.
  • In the Actions pane (right side of window), click Filter Current Log...
  • In Event level:, checkmark the box next to Error.
  • In the <All Event IDs> box, enter 100-299.
  • Click OK
  • In the Actions pane, click Save Filtered Log File As...
  • In the Save As window, enter shutdowns for the File name.
  • The Save as type: should already have Event Files (*.evtx) selected. Don't change the type.
  • Click Save.
  • The Display Information window will pop up. click the Display information for these languages: radio button.
  • Be sure English (United States) is checkmarked, then click OK.
  • Close the Event Viewer window.

Find shutdowns.evtx in My Documents folder. Bleeping Computer does not allow attaching .evtx files, therefore, it is necessary to change the file extension of shutdowns.evtx to shutdowns.txt. Attach shutdowns.txt to your reply.

If you don't see file extensions in Windows Explorer, follow these steps:

  • Click Start, open My Computer, select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Uncheck: Hide file extensions for known file types.
  • Click Yes to confirm.

 

 

 

Scan again with FRST
 
Please launch FRST64.exe and place a checkmark in the box next to Addition.txt. Click Scan. Include the contents of FRST.txt and Addition.txt in your next reply.
 
 
 
Describe any abnormal shutdown symptoms

 

3. Yes it closes some programs, but Skype takes AGES to close, so i almost always do a force shutdown

Some programs will hang until they receive user input. For example, Notepad will wait for confirmation about saving an open file if any edits have been made. Other than this kind of wait, do any other programs besides Skype hang during shutdown?



In your next reply...

  • Copy and paste the entire contents of Fixlog.txt into the body of your message.
  • After XoftSpy AntiVirus Pro was successfully uninstalled:
    •     Is startup still slow?
    •     Does Chrome still launch slowly?
    •     Can you surf the net normally with Chrome?
    •     Is shutdown still slow?
  • Please tell me whether you intend to reinstall XoftSpy AntiVirus Pro.
  • Attach shutdowns.txt to your reply.
  • Copy and paste the entire contents of FRST.txt and Addition.txt into the body of your message.
  • Is Skype the only hanging program during shutdown?

Do you have any further comments about your PC?

Regards,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#9 Immortalproject

Immortalproject
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:57 AM

Posted 23 June 2016 - 03:52 PM

Hi Ray,

Well, last night the power went out all along our street and when it came back on, my computer won't turn on. I'm writing this reply from my phone. I guess that's where the journey ends. I really appreciate your help.

Thanks for your time and consideration,

Arthur

#10 RayS

RayS

  • Malware Response Team
  • 2,434 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:57 AM

Posted 25 June 2016 - 12:57 PM

Hi Arthur,

 

Well, last night the power went out all along our street and when it came back on, my computer won't turn on.

 

 

I'm sorry to hear about possible damage to your PC. Maybe you can get help with it on the Internal Hardware forum here at Bleeping Computer.

 

Thank you for trusting your original problem to us here at BC.

 

Best regards,

 

Ray

 


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users