Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Explorer.exe http://kb-ribaki.org PUP that keeps coming back!


  • This topic is locked This topic is locked
11 replies to this topic

#1 Plumptons

Plumptons

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:13 AM

Posted 04 August 2016 - 03:09 AM

Pretty similar problem as with http://www.bleepingcomputer.com/forums/t/620700/explorerexe-httpkb-ribakiorg/
Attempted to delete the registry file, done multiple deep scans with 
Avast, Windows Defender, Malwarebytes and SpybotSnD
Manged to track the bugger down to this registry spot

 
PUP.Optional.StartPage, HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Plumptons
Tried going back to a restore point from a month ago, still having problems, running Windows 8.1 Enterprise 64bit

Please help!
Cheers

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-08-2016
Ran by Plumptons (administrator) on HOLODECK (04-08-2016 20:23:12)
Running from C:\Users\Plumptons\Downloads
Loaded Profiles: Plumptons (Available Profiles: Plumptons)
Platform: Windows 8.1 Enterprise (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Flux Software LLC) C:\Users\Plumptons\AppData\Local\FluxSoftware\Flux\flux.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR\A6210\A6210.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\regedit.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15818872 2016-04-29] (Logitech Inc.)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [RoccatKonePure] => C:\Program Files (x86)\ROCCAT\Kone Pure Mouse\KonePureMonitor.EXE [561152 2014-01-20] (ROCCAT GmbH)
HKLM-x32\...\Run: [RoccatIsku] => C:\Program Files (x86)\ROCCAT\Isku Keyboard\IskuMonitor.EXE [536576 2013-10-30] (ROCCAT GmbH)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9071752 2016-08-03] (AVAST Software)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\Run: [Spotify Web Helper] => C:\Users\Plumptons\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524848 2016-03-15] (Spotify Ltd)
HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3582240 2016-06-02] (Nota Inc.)
HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\system32\StikyNot.exe [479744 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3639280 2016-07-11] (Electronic Arts)
HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\Run: [Discord] => C:\Users\Plumptons\AppData\Local\Discord\app-0.0.292\Discord.exe [57746616 2016-07-08] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\Run: [f.lux] => C:\Users\Plumptons\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4177784 2016-01-16] (Disc Soft Ltd)
HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\Run: [EvolveClient] => C:\Program Files\Echobit\Evolve\EvolveClient.exe [3334528 2016-04-05] (Echobit LLC)
HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-14] (Piriform Ltd)
HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\Run: [Plumptons] => explorer.exe hxxp://kb-ribaki.org <===== ATTENTION
HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\MountPoints2: {0cb654a2-93dd-11e5-8257-60a44c3715c1} - "G:\setup.exe" 
HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\MountPoints2: {1994c665-caea-11e5-8284-60a44c3715c1} - "G:\setup.exe" 
HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\MountPoints2: {4da3767a-c7bc-11e5-827d-60a44c3715c1} - "F:\setup.exe" 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-03] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-11-26]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR A6210 Genie.lnk [2016-01-27]
ShortcutTarget: NETGEAR A6210 Genie.lnk -> C:\Program Files (x86)\NETGEAR\A6210\A6210.EXE (NETGEAR)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Roccat Talk.lnk [2015-11-26]
ShortcutTarget: Roccat Talk.lnk -> C:\Program Files (x86)\ROCCAT\Roccat Talk\Roccat Talk.exe (ROCCAT GmbH Co., Ltd.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 0.0.0.0
Tcpip\..\Interfaces\{2386229C-6DFC-432F-B785-96BDCB890EF0}: [DhcpNameServer] 192.168.1.254 0.0.0.0
Tcpip\..\Interfaces\{9C1D121B-6CBC-4CB6-A8C6-BC80C55ACCEA}: [DhcpNameServer] 192.168.1.254 0.0.0.0
Tcpip\..\Interfaces\{F8C505A4-0A01-400F-9517-2DC6E494E0A3}: [DhcpNameServer] 192.168.1.254 0.0.0.0
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130918709057627889&GUID=CCC869DE-40B5-446F-ACF8-8C9FDFEA9605
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-07-21] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-07-15] (AVAST Software)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-11-26] (LastPass)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-07-21] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-07-21] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-07-15] (AVAST Software)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-11-26] (LastPass)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-07-21] (Microsoft Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-11-26] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-11-26] (LastPass)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-21] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-07-21] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-21] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-07-21] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-21] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-07-21] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-21] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-07-21] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-13] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-11-26] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-07-21] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-13] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-04] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-11-26] (LastPass)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-21] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-07-21] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-06-30] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-06-30] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: BYOND -> C:\Program Files (x86)\BYOND\bin\npbyond.dll [2008-07-09] (BYOND)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-03]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-03]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
 
Chrome: 
=======
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\Plumptons\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Plumptons\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-30]
CHR Extension: (Google Docs) - C:\Users\Plumptons\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-30]
CHR Extension: (Google Drive) - C:\Users\Plumptons\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-30]
CHR Extension: (YouTube) - C:\Users\Plumptons\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-30]
CHR Extension: (Avast Online Security (BETA)) - C:\Users\Plumptons\AppData\Local\Google\Chrome\User Data\Default\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2016-08-03]
CHR Extension: (Avast SafePrice) - C:\Users\Plumptons\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-08-03]
CHR Extension: (Google Sheets) - C:\Users\Plumptons\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-30]
CHR Extension: (Google Docs Offline) - C:\Users\Plumptons\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-31]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Plumptons\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-08-03]
CHR Extension: (Gmail) - C:\Users\Plumptons\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-30]
CHR Extension: (Chrome Media Router) - C:\Users\Plumptons\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-02]
CHR Profile: C:\Users\Plumptons\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (No Name) - C:\Users\Plumptons\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-02]
CHR Extension: (No Name) - C:\Users\Plumptons\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-02]
CHR Extension: (No Name) - C:\Users\Plumptons\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-02]
CHR Extension: (No Name) - C:\Users\Plumptons\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-02]
CHR Extension: (No Name) - C:\Users\Plumptons\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gjknjjomckknofjidppipffbpoekiipm [2016-08-02]
CHR Extension: (No Name) - C:\Users\Plumptons\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-08-02]
CHR Extension: (No Name) - C:\Users\Plumptons\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-02]
CHR Profile: C:\Users\Plumptons\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (No Name) - C:\Users\Plumptons\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-02]
CHR Extension: (No Name) - C:\Users\Plumptons\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-02]
CHR Extension: (No Name) - C:\Users\Plumptons\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-08-02]
CHR Extension: (No Name) - C:\Users\Plumptons\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-02]
CHR Extension: (No Name) - C:\Users\Plumptons\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-02]
CHR Extension: (No Name) - C:\Users\Plumptons\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-08-02]
CHR Extension: (No Name) - C:\Users\Plumptons\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-08-02]
CHR Extension: (No Name) - C:\Users\Plumptons\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-02]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197640 2016-08-03] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1409032 2016-08-03] ()
S4 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2016-07-11] (BitRaider, LLC)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2950848 2016-07-04] (Microsoft Corporation)
S2 CTService; C:\Program Files (x86)\Cold Turkey\\CTService.exe [323072 2015-01-18] (Felix Belzile) [File not signed]
S4 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1369464 2016-01-16] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [239904 2016-01-23] (EasyAntiCheat Ltd)
S4 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1583488 2016-04-05] (Echobit LLC)
S4 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2016-06-21] (Futuremark)
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-15] (NVIDIA Corporation)
S4 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-04-29] (Logitech Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S4 NetgearSwitchUSB; C:\Program Files (x86)\NETGEAR\A6210\NetgearSwitchUSB.exe [192232 2015-09-17] ()
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3916368 2016-01-10] (INCA Internet Co., Ltd.)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-15] (NVIDIA Corporation)
S4 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-15] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-15] (NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2016-07-11] (Electronic Arts)
S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2016-01-21] ()
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2016-01-20] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-23] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 A6210; C:\Windows\system32\DRIVERS\A6210.sys [2240176 2015-05-20] (MediaTek Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-03] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-08-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-03] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [968536 2016-08-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513496 2016-08-03] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-03] (AVAST Software)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2016-07-11] (BitRaider)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-11-26] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-01-31] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-23] (Broadcom Corporation)
R3 EvolveVirtualAdapter; C:\Windows\system32\DRIVERS\evolve.sys [21656 2016-04-05] (Echobit, LLC)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2016-05-04] (LogMeIn Inc.)
R3 ladfGSS; C:\Windows\system32\drivers\ladfGSS.sys [45208 2016-04-16] (Logitech Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-22] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [85160 2016-04-19] (Logitech Inc.)
S3 lgLowAudio; C:\Windows\system32\drivers\lgLowAudio.sys [26264 2015-11-21] (Logitech Inc.)
S4 LMIRfsClientNP; no ImagePath
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-04] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-15] (NVIDIA Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [46016 2016-06-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-23] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [265056 2013-08-23] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-23] (Microsoft Corporation)
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-04 20:23 - 2016-08-04 20:23 - 00025999 _____ C:\Users\Plumptons\Downloads\FRST.txt
2016-08-04 20:22 - 2016-08-04 20:23 - 00000000 ____D C:\FRST
2016-08-04 20:22 - 2016-08-04 20:22 - 02393600 _____ (Farbar) C:\Users\Plumptons\Downloads\FRST64.exe
2016-08-04 08:11 - 2016-08-04 08:11 - 00230118 _____ C:\Windows\ntbtlog.txt
2016-08-03 14:48 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-08-03 14:46 - 2013-08-23 01:25 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20160803-144630.backup
2016-08-03 14:13 - 2016-08-03 14:13 - 00000000 ____D C:\Users\Plumptons\Documents\ProcAlyzer Dumps
2016-08-03 14:10 - 2016-08-03 14:10 - 00001407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-08-03 14:10 - 2016-08-03 14:10 - 00001395 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-08-03 14:10 - 2016-08-03 14:10 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2016-08-03 14:10 - 2016-08-03 14:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-08-03 14:10 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2016-08-03 13:59 - 2016-08-03 14:01 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Plumptons\Downloads\spybot-2.4.exe
2016-08-03 13:20 - 2016-08-03 13:20 - 863196425 _____ C:\Windows\MEMORY.DMP
2016-08-03 13:20 - 2016-08-03 13:20 - 00412808 _____ C:\Windows\Minidump\080316-17984-01.dmp
2016-08-03 13:20 - 2016-08-03 13:20 - 00000000 ____D C:\Windows\Minidump
2016-08-03 10:11 - 2016-08-03 10:11 - 00000000 ____D C:\Users\Plumptons\AppData\Local\PopcornTimeDesktop
2016-08-03 09:52 - 2016-08-03 09:52 - 00002291 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-03 09:52 - 2016-08-03 09:52 - 00002279 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-03 09:51 - 2016-08-04 20:17 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-03 09:51 - 2016-08-04 19:53 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-03 09:51 - 2016-08-03 11:13 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-08-03 09:51 - 2016-08-03 11:12 - 00003660 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-08-03 09:36 - 2016-08-04 19:56 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-03 09:36 - 2016-08-03 09:36 - 00001118 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-03 09:36 - 2016-08-03 09:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-03 09:35 - 2016-08-03 21:17 - 00000000 ____D C:\Program Files\CCleaner
2016-08-03 09:35 - 2016-08-03 09:35 - 00002798 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-08-03 09:35 - 2016-08-03 09:35 - 00000834 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-08-03 09:35 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-08-03 09:35 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-08-03 09:35 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-08-03 08:00 - 2016-08-03 08:00 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-08-03 08:00 - 2016-08-03 08:00 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-08-02 23:55 - 2016-08-02 23:55 - 00000222 _____ C:\Users\Plumptons\Desktop\Tom Clancy's Rainbow Six Siege.url
2016-08-02 23:43 - 2016-08-02 23:43 - 00000000 ____D C:\Users\Plumptons\AppData\Roaming\AVAST Software
2016-08-02 23:35 - 2016-08-03 08:02 - 00003890 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1470137709
2016-08-02 23:35 - 2016-08-03 08:02 - 00001059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone 1 Browser.lnk
2016-08-02 21:59 - 2016-08-02 22:01 - 29545040 _____ C:\Users\Plumptons\ts3_recording_16_08_02_21_59_0.wav
2016-08-02 21:34 - 2016-08-04 19:52 - 00000000 ____D C:\Users\Plumptons\AppData\Roaming\TS3Client
2016-08-02 20:51 - 2016-08-02 20:51 - 00001218 _____ C:\virus.txt
2016-08-02 19:00 - 2016-08-03 14:47 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-08-02 19:00 - 2016-08-03 14:45 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-08-02 18:56 - 2016-08-02 19:01 - 00000000 ____D C:\ProgramData\HitmanPro
2016-08-02 16:04 - 2016-08-02 23:31 - 00000000 ____D C:\AdwCleaner
2016-08-01 20:33 - 2016-08-01 20:34 - 343631748 _____ C:\Users\Plumptons\Downloads\Tom Clancy's Rainbow Six  Siege 07.31.2016 - 14.40.08.07.DVR.mp4
2016-07-31 18:05 - 2016-07-31 18:05 - 00557056 _____ C:\Users\Plumptons\Downloads\Types_of_Humour (1).ppt
2016-07-31 18:04 - 2016-07-31 18:04 - 00557056 _____ C:\Users\Plumptons\Downloads\Types_of_Humour.ppt
2016-07-30 22:09 - 2016-08-03 09:51 - 00000000 ____D C:\Users\Plumptons\AppData\Local\Deployment
2016-07-30 22:09 - 2016-08-03 08:18 - 00000000 ____D C:\Users\Plumptons\AppData\Local\Apps\2.0
2016-07-30 21:53 - 2016-08-03 09:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-07-30 21:53 - 2016-07-30 21:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-07-30 20:04 - 2016-08-03 09:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-07-29 22:08 - 2016-07-29 22:08 - 00000000 ____D C:\Users\Plumptons\AppData\Roaming\OBS
2016-07-29 16:00 - 2016-08-02 23:31 - 00000000 ____D C:\Program Files (x86)\Bethesda.net Launcher
2016-07-29 16:00 - 2016-07-29 16:01 - 00000000 ____D C:\Users\Plumptons\AppData\Local\Bethesda.net Launcher
2016-07-28 17:54 - 2016-07-28 17:54 - 00000218 _____ C:\Users\Plumptons\AppData\Local\recently-used.xbel
2016-07-23 14:19 - 2016-07-23 14:19 - 00124793 _____ C:\Users\Plumptons\Desktop\KB_21072016.PDF
2016-07-22 14:13 - 2016-07-28 11:10 - 00000000 ____D C:\Users\Plumptons\Documents\Duels of the Planeswalkers Dumps
2016-07-22 12:50 - 2016-07-22 12:50 - 00000000 ____D C:\Users\Plumptons\Documents\Wizards of the Coast
2016-07-21 12:14 - 2016-08-02 23:31 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-07-20 22:20 - 2016-07-20 22:20 - 00003516 _____ C:\Windows\System32\Tasks\Plumptons
2016-07-20 22:01 - 2016-08-02 23:32 - 00000000 ____D C:\Users\Plumptons\Downloads\RimWorld.RePack.by.Valdeni
2016-07-18 20:09 - 2016-07-18 20:16 - 00000000 ____D C:\Users\Plumptons\AppData\Local\ArmA 2
2016-07-18 20:06 - 2016-07-18 20:21 - 00000000 ____D C:\Users\Plumptons\Documents\ArmA 2
2016-07-18 20:06 - 2016-07-18 20:17 - 00000000 ____D C:\Users\Plumptons\AppData\Local\ArmA 2 OA
2016-07-18 20:06 - 2016-07-18 20:06 - 00000000 ____D C:\ProgramData\Bohemia Interactive Studio
2016-07-18 20:05 - 2016-07-18 20:09 - 00000000 ____D C:\Users\Plumptons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2016-07-18 20:05 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2016-07-18 20:05 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2016-07-18 20:05 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2016-07-18 20:05 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2016-07-18 20:05 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2016-07-18 20:05 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2016-07-18 20:05 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2016-07-18 20:05 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2016-07-15 19:25 - 2016-07-15 19:25 - 00000000 ____D C:\Users\Plumptons\AppData\Local\BlueStacks
2016-07-15 18:58 - 2016-08-03 08:00 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-07-15 18:58 - 2016-08-02 23:35 - 00001053 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-07-15 18:58 - 2016-07-15 18:58 - 00003890 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1468565903
2016-07-15 18:58 - 2016-07-15 18:58 - 00001053 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-07-15 18:57 - 2016-08-02 23:35 - 00001938 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-07-15 18:57 - 2016-08-02 23:32 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-07-15 18:57 - 2016-08-02 23:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-07-15 18:57 - 2016-08-02 23:31 - 00000000 ____D C:\Program Files\Common Files\AV
2016-07-15 18:56 - 2016-08-03 08:01 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-07-15 18:56 - 2016-08-03 08:01 - 00003922 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-07-15 18:56 - 2016-08-03 08:00 - 00513496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-07-15 18:56 - 2016-08-03 08:00 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.147016806707804
2016-07-15 18:56 - 2016-08-03 08:00 - 00163416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-07-15 18:56 - 2016-08-03 08:00 - 00108816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-07-15 18:56 - 2016-08-03 08:00 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-07-15 18:56 - 2016-08-03 08:00 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-07-15 18:56 - 2016-08-03 08:00 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-07-15 18:55 - 2016-08-03 08:00 - 00968536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-07-15 18:54 - 2016-08-02 23:31 - 00000000 ____D C:\ProgramData\AVAST Software
2016-07-15 18:54 - 2016-08-02 23:31 - 00000000 ____D C:\Program Files\AVAST Software
2016-07-15 18:54 - 2016-07-15 18:54 - 06253800 _____ (AVAST Software) C:\Users\Plumptons\Downloads\avast_free_antivirus_setup_online.exe
2016-07-13 11:43 - 2016-06-26 08:05 - 00050368 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-07-13 11:43 - 2016-06-26 06:13 - 00165376 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-07-13 11:43 - 2016-06-26 04:24 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-07-13 11:43 - 2016-06-26 04:15 - 01094656 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-07-13 11:43 - 2016-06-26 04:13 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-07-13 11:43 - 2016-06-26 04:05 - 00306176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-07-13 11:43 - 2016-06-23 01:48 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-07-13 11:43 - 2016-06-22 06:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-07-13 11:43 - 2016-06-22 02:12 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2016-07-13 11:43 - 2016-06-22 01:48 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-07-13 11:43 - 2016-06-22 01:48 - 01208320 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-07-13 11:43 - 2016-06-22 01:48 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-07-13 11:43 - 2016-06-22 01:48 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-07-13 11:43 - 2016-06-22 01:48 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-07-13 11:43 - 2016-06-22 01:48 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-07-13 11:43 - 2016-06-22 01:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-07-13 11:43 - 2016-06-12 07:45 - 07445856 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-07-13 11:43 - 2016-06-12 06:14 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-07-13 11:43 - 2016-06-12 06:11 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-07-13 11:43 - 2016-06-12 05:56 - 25812992 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-07-13 11:43 - 2016-06-12 05:56 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-07-13 11:43 - 2016-06-12 05:42 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-07-13 11:43 - 2016-06-12 05:23 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-07-13 11:43 - 2016-06-12 05:22 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-07-13 11:43 - 2016-06-12 05:22 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2016-07-13 11:43 - 2016-06-12 05:20 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-07-13 11:43 - 2016-06-12 05:13 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-07-13 11:43 - 2016-06-12 05:12 - 20348928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-07-13 11:43 - 2016-06-12 05:12 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-07-13 11:43 - 2016-06-12 05:07 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-07-13 11:43 - 2016-06-12 05:03 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-07-13 11:43 - 2016-06-12 05:00 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-07-13 11:43 - 2016-06-12 04:57 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-07-13 11:43 - 2016-06-12 04:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2016-07-13 11:43 - 2016-06-12 04:43 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-07-13 11:43 - 2016-06-12 04:38 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-07-13 11:43 - 2016-06-12 04:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-07-13 11:43 - 2016-06-12 04:31 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-07-13 11:43 - 2016-06-12 04:31 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-07-13 11:43 - 2016-06-12 04:30 - 15409664 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-07-13 11:43 - 2016-06-12 04:29 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-07-13 11:43 - 2016-06-12 04:26 - 02869248 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-07-13 11:43 - 2016-06-12 04:15 - 13806080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-07-13 11:43 - 2016-06-12 04:12 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-07-13 11:43 - 2016-06-12 04:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-07-13 11:43 - 2016-06-12 03:59 - 02392576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-07-13 11:43 - 2016-06-12 03:56 - 01315840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-07-13 11:43 - 2016-06-12 03:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-07-13 11:43 - 2016-01-31 07:50 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2016-07-13 11:43 - 2016-01-31 07:00 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\puiapi.dll
2016-07-13 11:43 - 2016-01-31 06:48 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll
2016-07-13 11:43 - 2016-01-31 06:18 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2016-07-13 11:43 - 2016-01-31 05:48 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiapi.dll
2016-07-13 11:43 - 2016-01-31 05:41 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
2016-07-13 11:42 - 2016-06-12 05:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-07-13 11:42 - 2016-06-12 05:01 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-07-13 11:42 - 2016-06-12 05:00 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-07-13 11:42 - 2016-06-12 04:31 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-07-13 11:41 - 2016-06-11 09:35 - 04167680 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-07-12 21:54 - 2016-08-02 23:32 - 00000000 ____D C:\Users\Plumptons\Downloads\PopcornTime
2016-07-11 16:21 - 2016-07-11 16:21 - 00000000 ____D C:\Users\Plumptons\Documents\HeroBlade Logs
2016-07-11 16:21 - 2016-07-11 16:21 - 00000000 ____D C:\Users\Plumptons\AppData\Local\SWTOR
2016-07-11 15:55 - 2016-07-11 15:55 - 00000000 ____D C:\Users\Public\Documents\BitRaider
2016-07-11 15:55 - 2016-07-11 15:55 - 00000000 ____D C:\ProgramData\BitRaider
2016-07-11 15:54 - 2016-07-11 15:54 - 00000000 ____D C:\Users\Plumptons\AppData\Local\SWTORPerf
2016-07-11 15:53 - 2016-07-11 15:53 - 00001473 _____ C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
2016-07-11 15:52 - 2016-07-11 15:52 - 29720272 _____ C:\Users\Plumptons\Downloads\SWTOR_setup.exe
2016-07-11 15:52 - 2016-07-11 15:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
2016-07-11 15:52 - 2016-07-11 15:52 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2016-07-10 16:03 - 2016-07-10 16:03 - 00000000 ____D C:\Users\Plumptons\AppData\LocalLow\Facepunch Studios LTD
2016-07-10 15:39 - 2016-06-30 06:02 - 00111552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-07-10 15:39 - 2016-05-04 14:23 - 00129824 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-07-10 15:39 - 2016-05-04 14:22 - 00130848 _____ C:\Windows\system32\vulkan-1.dll
2016-07-10 15:39 - 2016-05-04 14:22 - 00045344 _____ C:\Windows\system32\vulkaninfo.exe
2016-07-10 15:39 - 2016-05-04 14:22 - 00040224 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-07-10 15:37 - 2016-06-30 10:44 - 39979576 _____ C:\Windows\system32\nvcompiler.dll
2016-07-10 15:37 - 2016-06-30 10:44 - 35115968 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-07-10 15:37 - 2016-06-30 10:44 - 31626808 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-07-10 15:37 - 2016-06-30 10:44 - 25402424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-07-10 15:37 - 2016-06-30 10:44 - 17302264 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-07-10 15:37 - 2016-06-30 10:44 - 16774904 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-07-10 15:37 - 2016-06-30 10:44 - 13523392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-07-10 15:37 - 2016-06-30 10:44 - 10672752 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-07-10 15:37 - 2016-06-30 10:44 - 10656296 _____ C:\Windows\system32\nvptxJitCompiler.dll
2016-07-10 15:37 - 2016-06-30 10:44 - 10214760 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-07-10 15:37 - 2016-06-30 10:44 - 09006760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-07-10 15:37 - 2016-06-30 10:44 - 08742032 _____ C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-07-10 15:37 - 2016-06-30 10:44 - 08600904 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-07-10 15:37 - 2016-06-30 10:44 - 03513400 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-07-10 15:37 - 2016-06-30 10:44 - 03067448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-07-10 15:37 - 2016-06-30 10:44 - 01922616 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436869.dll
2016-07-10 15:37 - 2016-06-30 10:44 - 01579976 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2016-07-10 15:37 - 2016-06-30 10:44 - 01571776 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436869.dll
2016-07-10 15:37 - 2016-06-30 10:44 - 00984000 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-07-10 15:37 - 2016-06-30 10:44 - 00909248 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-07-10 15:37 - 2016-06-30 10:44 - 00878816 _____ C:\Windows\system32\nvmcumd.dll
2016-07-10 15:37 - 2016-06-30 10:44 - 00771640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-07-10 15:37 - 2016-06-30 10:44 - 00707520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-07-10 15:37 - 2016-06-30 10:44 - 00669952 _____ C:\Windows\system32\nvfatbinaryLoader.dll
2016-07-10 15:37 - 2016-06-30 10:44 - 00565392 _____ C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-07-10 15:37 - 2016-06-30 10:44 - 00502080 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-07-10 15:37 - 2016-06-30 10:44 - 00476664 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-07-10 15:37 - 2016-06-30 10:44 - 00425016 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-07-10 15:37 - 2016-06-30 10:44 - 00422752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-07-10 15:37 - 2016-06-30 10:44 - 00394912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-07-10 15:37 - 2016-06-30 10:44 - 00379448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-07-10 15:37 - 2016-06-30 10:44 - 00214592 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2016-07-10 15:37 - 2016-06-30 10:44 - 00178136 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-07-10 15:37 - 2016-06-30 10:44 - 00155768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-07-10 15:37 - 2016-06-30 10:44 - 00153416 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-07-10 15:37 - 2016-06-30 10:44 - 00131768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-07-10 15:37 - 2016-06-30 10:44 - 00126008 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcaparm.dll
2016-07-10 15:37 - 2016-06-30 10:44 - 00046024 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2016-07-10 15:37 - 2016-06-30 10:44 - 00046016 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvadarm.sys
2016-07-09 15:09 - 2016-07-09 15:52 - 00000000 ____D C:\Users\Plumptons\AppData\Roaming\Natural Selection 2
2016-07-09 14:28 - 2016-08-02 23:32 - 00000000 ____D C:\Users\Plumptons\Downloads\Masterwork V1.09 (43.03)
2016-07-08 16:18 - 2016-07-08 16:44 - 00000000 ____D C:\Users\Plumptons\Desktop\Wallpapers
2016-07-06 20:30 - 2016-07-06 21:08 - 00000000 ____D C:\Users\Plumptons\BrawlhallaReplays
2016-07-06 20:21 - 2016-07-06 20:21 - 00000000 ____D C:\Users\Plumptons\AppData\Roaming\BrawlhallaAir
2016-07-06 20:08 - 2016-07-06 20:19 - 00000000 ____D C:\Users\Plumptons\Documents\3DMark
2016-07-06 20:08 - 2016-07-06 20:12 - 00000022 _____ C:\Windows\GPU-Z.INI
2016-07-06 20:08 - 2016-07-06 20:08 - 00000000 ____D C:\Users\Plumptons\AppData\Local\Futuremark
2016-07-06 20:08 - 2016-07-06 20:08 - 00000000 ____D C:\Temp
2016-07-06 20:08 - 2016-07-06 20:08 - 00000000 ____D C:\ProgramData\Futuremark
2016-07-06 20:07 - 2016-08-02 23:31 - 00000000 ____D C:\Program Files (x86)\Futuremark
2016-07-05 20:11 - 2016-08-02 23:31 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-07-05 20:09 - 2016-06-03 19:38 - 01922616 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436839.dll
2016-07-05 20:09 - 2016-06-03 19:38 - 01571776 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436839.dll
2016-07-05 20:03 - 2016-06-15 08:01 - 01767944 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2016-07-05 20:03 - 2016-06-15 08:01 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2016-07-05 20:03 - 2016-06-15 08:01 - 01377800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-07-05 20:03 - 2016-06-15 08:01 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-07-05 20:03 - 2016-06-15 08:01 - 00112216 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-07-05 20:02 - 2016-07-05 20:02 - 44984120 _____ (NVIDIA Corporation) C:\Users\Plumptons\Desktop\GeForce_Experience_v2.11.4.0.exe
2016-07-05 19:44 - 2016-07-05 19:44 - 00055537 _____ C:\Users\Plumptons\Desktop\dindex.jpeg
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-04 20:18 - 2015-11-26 10:24 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4146320921-1291286325-1682825296-1001
2016-08-04 20:13 - 2016-05-10 17:06 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-04 19:53 - 2015-11-26 10:54 - 00000000 __RDO C:\Users\Plumptons\SkyDrive
2016-08-04 19:53 - 2013-08-23 02:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-04 19:52 - 2016-01-31 13:05 - 00000000 ____D C:\Program Files\PeerBlock
2016-08-04 19:52 - 2016-01-19 18:08 - 00000000 ____D C:\Program Files (x86)\Steam
2016-08-04 19:52 - 2013-08-23 01:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-08-04 19:08 - 2015-11-26 13:48 - 00000000 ____D C:\Users\Plumptons\AppData\Roaming\Skype
2016-08-04 01:21 - 2015-11-26 10:19 - 00000000 ____D C:\Users\Plumptons
2016-08-03 21:17 - 2015-11-28 22:19 - 00000000 ____D C:\Users\Plumptons\AppData\Local\CrashDumps
2016-08-03 13:31 - 2015-11-30 03:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge
2016-08-03 11:44 - 2015-11-26 12:29 - 00000000 ____D C:\Users\Plumptons\Documents\My Games
2016-08-03 09:52 - 2015-11-26 10:59 - 00000000 ____D C:\Program Files (x86)\Google
2016-08-03 09:27 - 2015-11-26 10:43 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-03 09:18 - 2015-11-26 10:52 - 00000000 ____D C:\ProgramData\NVIDIA
2016-08-03 08:14 - 2016-03-15 21:27 - 00001086 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-08-03 08:13 - 2015-11-26 16:19 - 00000000 ____D C:\Users\Plumptons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-08-03 08:13 - 2015-11-26 16:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-08-03 08:13 - 2015-11-26 16:19 - 00000000 ____D C:\Program Files\WinRAR
2016-08-03 08:02 - 2013-08-23 01:36 - 00000000 ____D C:\Windows\Inf
2016-08-02 23:58 - 2016-05-07 15:25 - 00000000 ____D C:\Program Files\Microsoft Office
2016-08-02 23:49 - 2015-11-26 13:47 - 00000000 ____D C:\ProgramData\Skype
2016-08-02 23:48 - 2016-01-26 21:08 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-08-02 23:33 - 2016-01-27 11:40 - 00000000 ____D C:\Program Files (x86)\Cold Turkey
2016-08-02 23:32 - 2016-07-04 12:49 - 00000000 ____D C:\Windows\pss
2016-08-02 23:32 - 2016-05-07 15:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-08-02 23:32 - 2016-04-15 18:21 - 00000000 ____D C:\Users\Plumptons\AppData\Roaming\Battle.net
2016-08-02 23:32 - 2016-03-15 21:27 - 00000000 ____D C:\Users\Plumptons\AppData\Roaming\vlc
2016-08-02 23:32 - 2016-02-25 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
2016-08-02 23:32 - 2016-01-30 13:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2016-08-02 23:32 - 2016-01-27 11:46 - 00000000 ____D C:\Users\Plumptons\AppData\Local\Abelssoft
2016-08-02 23:32 - 2016-01-27 11:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Compressor
2016-08-02 23:32 - 2016-01-27 10:58 - 00000000 ____D C:\Users\Plumptons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-08-02 23:32 - 2016-01-27 10:58 - 00000000 ____D C:\Users\Plumptons\AppData\Roaming\discord
2016-08-02 23:32 - 2016-01-27 10:58 - 00000000 ____D C:\Users\Plumptons\AppData\Local\Discord
2016-08-02 23:32 - 2015-11-26 10:19 - 00000000 ____D C:\Users\Plumptons\AppData\Local\VirtualStore
2016-08-02 23:32 - 2015-11-26 10:19 - 00000000 ____D C:\Users\Plumptons\AppData\Local\Packages
2016-08-02 23:31 - 2016-06-24 09:56 - 00000000 ____D C:\GOG Games
2016-08-02 23:31 - 2016-06-20 21:09 - 00000000 ____D C:\Program Files (x86)\Dragons Dogma Dark Arisen
2016-08-02 23:31 - 2016-05-07 15:25 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-08-02 23:31 - 2016-04-15 18:23 - 00000000 ____D C:\Program Files (x86)\Overwatch
2016-08-02 23:31 - 2016-04-15 18:21 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-08-02 23:31 - 2016-04-05 14:25 - 00000000 ____D C:\Program Files\Echobit
2016-08-02 23:31 - 2016-02-25 18:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2016-08-02 23:31 - 2016-01-31 17:47 - 00000000 ____D C:\Program Files\Nexus Mod Manager
2016-08-02 23:31 - 2016-01-30 13:44 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2016-08-02 23:31 - 2016-01-20 12:49 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2016-08-02 23:31 - 2016-01-19 17:03 - 00000000 ____D C:\NVIDIA
2016-08-02 23:31 - 2015-12-01 00:11 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-08-02 23:31 - 2013-08-23 03:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-08-02 23:30 - 2013-08-23 03:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-02 23:28 - 2013-08-23 03:36 - 00000000 ____D C:\Windows\registration
2016-08-02 23:25 - 2016-05-01 20:31 - 00000000 ____D C:\ProgramData\Oracle
2016-08-02 23:25 - 2016-01-19 17:36 - 00000000 ____D C:\ProgramData\Origin
2016-08-02 23:25 - 2015-11-26 10:59 - 00000000 ____D C:\Users\Plumptons\AppData\Local\Google
2016-08-01 20:46 - 2013-08-23 03:36 - 00000000 ____D C:\Windows\LiveKernelReports
2016-07-30 20:17 - 2013-08-23 03:36 - 00000000 ____D C:\Windows\AppReadiness
2016-07-30 20:13 - 2015-11-26 15:16 - 00000000 ____D C:\Users\Plumptons\AppData\Roaming\DAEMON Tools Lite
2016-07-30 20:12 - 2015-11-27 07:15 - 00000000 ____D C:\Windows\Panther
2016-07-29 15:59 - 2016-04-15 18:22 - 00000000 ____D C:\Users\Plumptons\AppData\Local\Battle.net
2016-07-28 17:54 - 2016-01-30 10:16 - 00000000 ____D C:\Users\Plumptons\.oracle_jre_usage
2016-07-28 11:03 - 2015-11-30 16:15 - 00000000 ____D C:\Users\Plumptons\AppData\Local\dxhr
2016-07-22 22:31 - 2016-06-26 12:42 - 00000000 ____D C:\Program Files (x86)\Diablo III
2016-07-22 22:24 - 2016-04-18 17:51 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2016-07-22 22:24 - 2016-04-15 18:47 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2016-07-22 18:26 - 2016-01-20 12:48 - 00226168 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2016-07-22 17:09 - 2016-01-20 12:48 - 00226168 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2016-07-21 12:14 - 2013-08-23 03:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-07-15 19:25 - 2013-08-23 03:36 - 00000000 __RHD C:\Users\Public\Libraries
2016-07-15 19:05 - 2016-06-20 21:09 - 00000000 ____D C:\Users\Plumptons\AppData\Local\Microsoft Windows
2016-07-15 09:11 - 2013-08-23 03:36 - 00000000 ____D C:\Windows\rescache
2016-07-15 08:23 - 2016-01-26 01:32 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-07-14 11:14 - 2013-08-23 02:44 - 00477000 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-14 11:10 - 2015-11-30 22:03 - 00000000 ____D C:\Windows\system32\appraiser
2016-07-14 11:10 - 2013-09-30 15:54 - 00000000 ____D C:\Program Files\Windows Journal
2016-07-14 11:10 - 2013-08-23 03:36 - 00000000 ___RD C:\Windows\ToastData
2016-07-14 11:10 - 2013-08-23 03:20 - 00000000 ____D C:\Windows\CbsTemp
2016-07-13 18:33 - 2015-11-26 11:31 - 00000000 ____D C:\Windows\system32\MRT
2016-07-13 18:27 - 2015-11-26 11:31 - 144749672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-07-13 17:13 - 2016-05-10 17:06 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-07-13 17:13 - 2013-08-23 03:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-07-13 17:13 - 2013-08-23 03:36 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-12 23:34 - 2016-01-27 10:58 - 00002192 _____ C:\Users\Plumptons\Desktop\Discord.lnk
2016-07-12 23:06 - 2016-04-01 19:18 - 00000000 ____D C:\Users\Plumptons\Documents\BYOND
2016-07-11 15:49 - 2016-01-19 17:36 - 00000000 ____D C:\Program Files (x86)\Origin
2016-07-10 15:39 - 2015-11-26 10:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-07-10 15:39 - 2015-11-26 10:47 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-07-09 14:53 - 2016-01-20 00:20 - 00000000 ____D C:\Users\Plumptons\AppData\Local\Meph_and_the_LNP_Team__Lu
2016-07-08 15:50 - 2013-08-23 03:36 - 00000000 ____D C:\Windows\system32\NDF
2016-07-07 12:39 - 2015-11-26 11:10 - 00485032 _____ (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-07-05 20:03 - 2015-11-26 10:48 - 00000000 ____D C:\Users\Plumptons\AppData\Local\NVIDIA Corporation
2016-07-05 20:03 - 2015-11-26 10:48 - 00000000 ____D C:\Users\Plumptons\AppData\Local\NVIDIA
2016-07-05 20:03 - 2015-11-26 10:47 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-07-05 20:03 - 2015-11-26 10:47 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
 
==================== Files in the root of some directories =======
 
2015-11-26 11:27 - 2015-11-26 11:27 - 20320792 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2016-07-28 17:54 - 2016-07-28 17:54 - 0000218 _____ () C:\Users\Plumptons\AppData\Local\recently-used.xbel
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-03 08:13
 
==================== End of FRST.txt ============================

Edited by Plumptons, 04 August 2016 - 03:25 AM.


BC AdBot (Login to Remove)

 


#2 Plumptons

Plumptons
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:13 AM

Posted 04 August 2016 - 03:26 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-08-2016
Ran by Plumptons (2016-08-04 20:23:43)
Running from C:\Users\Plumptons\Downloads
Windows 8.1 Enterprise (Update) (X64) (2015-11-25 22:19:29)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4146320921-1291286325-1682825296-500 - Administrator - Disabled)
Guest (S-1-5-21-4146320921-1291286325-1682825296-501 - Limited - Disabled)
Plumptons (S-1-5-21-4146320921-1291286325-1682825296-1001 - Administrator - Enabled) => C:\Users\Plumptons
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
100% Orange Juice (HKLM\...\Steam App 282800) (Version:  - Orange_Juice)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
AdVenture Capitalist (HKLM\...\Steam App 346900) (Version:  - Hyper Hippo Games)
Amnesia: The Dark Descent (HKLM\...\Steam App 57300) (Version:  - Frictional Games)
Arma 2 (HKLM\...\Steam App 33910) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM\...\Steam App 33930) (Version:  - Bohemia Interactive)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.2.2276 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.7.2.45672 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Brawlhalla (HKLM\...\Steam App 291550) (Version:  - Blue Mammoth Games)
BYOND (HKLM-x32\...\BYOND) (Version: 510.1347 - BYOND)
Call of Duty: Black Ops III (HKLM-x32\...\Steam App 311210) (Version:  - Treyarch)
CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform)
Chronicle: RuneScape Legends (HKLM\...\Steam App 205890) (Version:  - Jagex)
Cold Turkey (Basic) (HKLM-x32\...\{6498E673-B9C2-4544-A722-1E854B5B573E}_is1) (Version: 1.2.6 Basic - Felix Belzile)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CPUID CPU-Z 1.74 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.2.0.0115 - Disc Soft Ltd)
DARK SOULS III (HKLM\...\Steam App 374320) (Version:  - FromSoftware, Inc.)
DARK SOULS™ II (HKLM\...\Steam App 236430) (Version:  - FromSoftware, Inc)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dirty Bomb (HKLM\...\Steam App 333930) (Version:  - Splash Damage®)
Discord (HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\Discord) (Version: 0.0.292 - Hammer & Chisel, Inc.)
Divinity: Original Sin Enhanced Edition (HKLM\...\Steam App 373420) (Version:  - Larian Studios)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.18 - Echobit, LLC)
f.lux (HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\Flux) (Version:  - )
Fable III (HKLM-x32\...\Steam App 105400) (Version:  - Lionhead Studios)
Futuremark SystemInfo (HKLM-x32\...\{C7FF0DD8-90C1-4612-B41F-0CA013062953}) (Version: 4.47.597.0 - Futuremark)
Gloria Victis (HKLM\...\Steam App 327070) (Version:  - Black Eye Games)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.82 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)
Gyazo 3.2.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Hatoful Boyfriend (HKLM\...\Steam App 310080) (Version:  - Mediatonic)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Intel Driver Update Utility (HKLM-x32\...\{fe92d390-13ee-4660-a2f8-39a066fdffe0}) (Version: 2.2.0.5 - Intel)
Intel Processor Diagnostic Tool 64bit (HKLM\...\{E8EB0A84-C19C-4520-8671-56D4D4123D37}) (Version: 3.0.0.25 - Intel Corporation)
Intel® Driver Update Utility 2.2.0.5 (x32 Version: 2.2.0.1 - Intel) Hidden
Intel® Processor Identification Utility (HKLM-x32\...\{A92A4DB0-CD37-42D1-BE1D-603D53C24328}) (Version: 1.0.0.0 - Intel Corporation)
Kingdoms of Amalur: Reckoning™ (HKLM\...\Steam App 102500) (Version:  - Big Huge Games)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Logitech Gaming Software 8.83 (HKLM\...\Logitech Gaming Software) (Version: 8.83.85 - Logitech Inc.)
Mad Max (HKLM-x32\...\Steam App 234140) (Version:  - Avalanche Studios)
Magic Duels (HKLM\...\Steam App 316010) (Version:  - Stainless Games Ltd.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProplusRetail - en-us) (Version: 16.0.7070.2026 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\OneDriveSetup.exe) (Version: 17.3.6390.0509 - Microsoft Corporation)
Microsoft Project Professional 2016 - en-us (HKLM\...\ProjectProRetail - en-us) (Version: 16.0.7070.2026 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visio Professional 2016 - en-us (HKLM\...\VisioProRetail - en-us) (Version: 16.0.7070.2026 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Moonbase Alpha (HKLM\...\Steam App 39000) (Version:  - Virtual Heroes)
Natural Selection 2 (HKLM\...\Steam App 4920) (Version:  - Unknown Worlds Entertainment)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
NETGEAR A6210 Genie (HKLM-x32\...\InstallShield_{200F4AEE-982C-48EA-AC85-EF36FEB662C2}) (Version: 1.0.0.34 - NETGEAR)
NETGEAR A6210 Genie (x32 Version: 1.0.0.34 - NETGEAR) Hidden
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.10 - Black Tree Gaming)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 368.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.69 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 368.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.69 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 368.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 368.69 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.7030.1016 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7030.1016 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.7030.1016 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.11.1.6605 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{e6f894a7-c981-4a69-b7d0-5e3d4218ad71}) (Version: latest - ppy Pty Ltd)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Prison Architect (HKLM-x32\...\1441974651_is1) (Version: 2.12.0.16 - GOG.com)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
ROCCAT Isku Keyboard Driver (HKLM-x32\...\{4ABAF918-A6BD-43D8-AE0B-5292034B14CB}) (Version:  - Roccat GmbH)
ROCCAT Kone Pure Mouse Driver (HKLM-x32\...\{4905245D-56E7-4176-BE68-962728B803D6}) (Version:  - Roccat GmbH)
Roccat Talk (HKLM-x32\...\{605D671E-1D1E-4840-84D9-BFACE17F160D}) (Version: 1.00.0015 - Roccat GmbH)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.9.6 - Rockstar Games)
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
SafeZone Stable 1.48.2066.114 (x32 Version: 1.48.2066.114 - Avast Software) Hidden
SafeZone Stable 1.51.2220.47 (x32 Version: 1.51.2220.47 - Avast Software) Hidden
Sakura Clicker (HKLM\...\Steam App 383080) (Version:  - Winged Cloud)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\Spotify) (Version: 1.0.24.104.g92a22684 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 11.0.0.22 - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Starbound (HKLM\...\Steam App 211820) (Version:  - )
StarForge (HKLM\...\Steam App 227680) (Version:  - Code}{atch)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tabletop Simulator (HKLM\...\Steam App 286160) (Version:  - Berserk Games)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
Titan Quest (HKLM\...\Steam App 4540) (Version:  - Iron Lore Entertainment)
Titan Quest: Immortal Throne (HKLM\...\Steam App 4550) (Version:  - Iron Lore Entertainment)
Tom Clancy's Rainbow Six Siege (HKLM\...\Steam App 359550) (Version:  - Ubisoft Montreal)
Total War™: WARHAMMER® (HKLM\...\Steam App 364360) (Version:  - Creative Assembly)
Uplay (HKLM-x32\...\Uplay) (Version: 15.0 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1-2) (Version: 1.0.11.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.11.1 (Version: 1.0.11.1 - LunarG, Inc.) Hidden
Warhammer 40,000: Dawn of War – Soulstorm (HKLM\...\Steam App 9450) (Version:  - Relic Entertainment)
Warhammer® 40,000™: Dawn of War® II - Chaos Rising™ (HKLM\...\Steam App 20570) (Version:  - Relic Entertainment)
Warhammer® 40,000™: Dawn of War® II – Retribution™ (HKLM\...\Steam App 56400) (Version:  - Relic Entertainment)
Warhammer® 40,000™: Dawn of War® II (HKLM\...\Steam App 15620) (Version:  - Relic Entertainment)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4146320921-1291286325-1682825296-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Plumptons\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-4146320921-1291286325-1682825296-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Plumptons\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {075147D8-CD75-4384-ABBE-2A6FDD82F7AB} - System32\Tasks\EVGAPrecisionX => C:\Program Files (x86)\EVGA\PrecisionX 16\PrecisionX_x64.exe
Task: {0F8BD00E-B4AA-488D-B04E-201324A8A01C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-03] (AVAST Software)
Task: {12938FAA-4155-4EE9-A50E-6DB7D3E7579F} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-07-15] (AVAST Software)
Task: {14310F32-AF2B-490B-A96D-349F70D71EEC} - System32\Tasks\Plumptons => /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v Plumptons /t REG_SZ /d "explorer.exe hxxp://kb-ribaki.org"
Task: {202C5D97-4185-45CF-8365-615AF4E4776F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {2E2CE4A2-2B13-4EB3-A27C-62040A5DCA1E} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-06-02] ()
Task: {37D856AA-CA25-4385-BDCF-BCAC601EE9A8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-07-14] (Piriform Ltd)
Task: {579AFDE8-0CD3-4CEA-89DE-48A86B38491C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-07-21] (Microsoft Corporation)
Task: {5C957C5E-D404-4CEF-9B60-5660264CC03A} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-4146320921-1291286325-1682825296-1001 => C:\Users\Plumptons\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-05-15] (Microsoft Corporation)
Task: {5E8E8826-180A-4DDC-8EA2-A988E518701E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-03] (Google Inc.)
Task: {888E562A-C6F2-4EB9-A8E4-631F366625BB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {9C3BDACD-A232-4F5A-BA5B-71C48B3638C4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-13] (Adobe Systems Incorporated)
Task: {AFAA3888-1489-460C-BE2E-B1DA770036FB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-07-04] (Microsoft Corporation)
Task: {B36CA1B0-A807-42E7-A7B4-3A68999BEF51} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {BAD9C7C9-B525-42B7-A334-B2576E9E2CCB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-07-21] (Microsoft Corporation)
Task: {C6303159-482A-4B75-9E12-6B6B71FA9D42} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-07-04] (Microsoft Corporation)
Task: {CEC02767-D056-4AA6-B7C1-4879FE554D85} - System32\Tasks\SafeZone scheduled Autoupdate 1468565903 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-07-26] (Avast Software)
Task: {D2B67D03-5BEE-41C7-A3FA-D1E6FEA8211C} - System32\Tasks\SafeZone scheduled Autoupdate 1470137709 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-07-26] (Avast Software)
Task: {D86F663E-643B-40B1-A55F-7E5BEA87548C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-03] (Google Inc.)
Task: {EC7A5642-9A00-4A26-BD07-5444B8083974} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-07-13] (Microsoft Corporation)
Task: {F72477ED-4D7E-4A39-953C-47C14B3FE04B} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-06-02] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Plumptons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Offworld Trading Company\MyRobocopy.lnk -> C:\Program Files (x86)\Offworld Trading Company\Offworld_Data\StreamingAssets\Mods\Hidden\Tutorials\Source\MyRobocopy.bat (No File)
Shortcut: C:\Users\Plumptons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Offworld Trading Company\OffworldD3D10.lnk -> C:\Program Files (x86)\Offworld Trading Company\OffworldD3D10.bat (No File)
Shortcut: C:\Users\Plumptons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Offworld Trading Company\OffworldD3D9.lnk -> C:\Program Files (x86)\Offworld Trading Company\OffworldD3D9.bat (No File)
Shortcut: C:\Users\Plumptons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Offworld Trading Company\OffworldOpenGL.lnk -> C:\Program Files (x86)\Offworld Trading Company\OffworldOpenGL.bat (No File)
 
ShortcutWithArgument: C:\Users\Plumptons\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-05-07 15:28 - 2016-07-21 12:02 - 08921800 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2016-05-15 12:44 - 2016-05-15 12:44 - 00959168 _____ () C:\Users\Plumptons\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2015-11-27 20:00 - 2015-11-27 20:01 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll
2016-08-03 09:52 - 2016-07-19 13:31 - 02366280 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.82\libglesv2.dll
2016-08-03 09:52 - 2016-07-19 13:31 - 00107848 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.82\libegl.dll
2016-08-03 08:00 - 2016-08-03 08:00 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-08-03 21:22 - 2016-08-03 21:22 - 03004416 _____ () C:\Program Files\AVAST Software\Avast\defs\16080301\algo.dll
2016-08-03 08:00 - 2016-08-03 08:00 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-08-02 19:00 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-08-02 19:00 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-08-02 19:00 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-08-03 14:10 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-08-03 14:10 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-05-07 15:29 - 2016-07-21 12:03 - 08921800 _____ () C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2015-08-31 13:46 - 2015-08-31 13:46 - 00122880 _____ () C:\Program Files (x86)\NETGEAR\A6210\Ralink.dll
2012-11-21 17:26 - 2012-11-21 17:26 - 01204224 _____ () C:\Program Files (x86)\NETGEAR\A6210\RaWLAPI.dll
2016-07-15 18:55 - 2016-07-15 18:55 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows\Temp:$DATA [16]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7865 more sites.
 
IE restricted site: HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\123simsen.com -> www.123simsen.com
 
There are 7865 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-23 01:25 - 2016-08-03 14:46 - 00450709 ____R C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
 
There are 15461 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Plumptons\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: BRSptStub => 3
MSCONFIG\Services: Disc Soft Lite Bus Service => 3
MSCONFIG\Services: EvoSvc => 3
MSCONFIG\Services: Futuremark SystemInfo Service => 3
MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: LogiRegistryService => 2
MSCONFIG\Services: NetgearSwitchUSB => 2
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamNetworkSvc => 3
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: PnkBstrA => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: Update service => 2
HKLM\...\StartupApproved\StartupFolder: => "Install LastPass IE RunOnce.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Roccat Talk.lnk"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "LogMeIn GUI"
HKLM\...\StartupApproved\Run32: => "RoccatIsku"
HKLM\...\StartupApproved\Run32: => "RoccatKonePure"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\StartupApproved\Run: => "Gyazo"
HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\StartupApproved\Run: => "RESTART_STICKY_NOTES"
HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_5E3612A1B268903789B597551779726A"
HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\StartupApproved\Run: => "EvolveClient"
HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\StartupApproved\Run: => "BlueStacks Agent"
HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\StartupApproved\Run: => "WinStart"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{F15A104A-0564-4C32-814F-053F7DA090E9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{301FB31C-C030-46E7-B567-E4CC9CA973E8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{321E11CD-FFAF-4FF9-A600-AD233055E234}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{9FC70A13-377A-406C-A475-100026F5F5CF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DC0E3C31-4F44-4F86-95C4-A2C884E652EA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AC43AD5D-68C9-4A3C-88E0-473621A9F4E9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8EB224B9-D234-459D-897C-E4A550063BB5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B69F0CCA-1F98-4670-AC28-CC919611403C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4C75DE78-6B4E-47A5-8AAF-0C67BF392173}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{0644B648-ADC7-4B1A-8AAF-28CA601290E9}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{F24DE1F8-D805-4E65-994B-553ECD2C91AA}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{2C62C634-9FD0-4270-83D1-386A391A5959}C:\users\plumptons\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\plumptons\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{2B4E8DF6-9FF9-4755-A04E-882A89A02B86}C:\users\plumptons\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\plumptons\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{561294C4-B922-4DB1-80D7-224EF4449FBC}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{7782D43D-50CB-4058-A7D1-63F06B46E3FE}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{D12E5293-C2D8-46B2-9AA3-F1E29B05C0B8}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{29C5F235-E990-4989-8E57-6F6FCCE02E32}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{90FBE9B0-9D26-4E75-982D-6B9333A6F7C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{876CA5B9-EE67-49CF-98A8-B2479EA2CDA0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{9D6E28AA-D38A-4EE4-ACDE-B41DF4246F34}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{7BD56ACF-5E1D-402E-8AF6-4759EFDC8548}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{AD85BB85-B880-4B14-871D-118973FF0738}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{BF467C2E-0084-45B1-B4D3-4C70F3E37908}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{EB999567-A952-47F0-BDDC-7C438DD412E2}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{C32620C4-D3E8-437A-9549-F5C05684F32F}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{4064E657-EA01-4BB5-A921-BE6919A211F1}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{30A41E6C-937C-4AB5-8681-DBD9CC986FF8}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{40AE58D0-C9B6-4C85-B1CA-C5B1A76DC9AD}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{EAC17EA7-62CD-41E5-8AF3-9244E5C0BA77}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [TCP Query User{AA640A0C-0358-43BC-8049-CE3682F536C0}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{1E30830A-E92D-4512-BDA0-F45C20896B8B}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{FF2F9DC3-8C95-426F-B971-1101CAE61CF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B3B5D55D-405E-42FE-B399-2BD3C17B5EE6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{0456D860-D77C-4EB7-9AF5-739E72816FD7}C:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) C:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [UDP Query User{9120CF77-EBF4-4284-9F4E-1C0243A682C7}C:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) C:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [{AFD28EEE-601C-4C9B-87BE-5F27202338E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{47F85001-173E-4F6D-8BE6-C999138D802C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{2F495E5E-7D8E-4D77-8C42-79748D613BCA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{6E99F95F-B082-4D07-B216-5D1B8FF4270C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{8DE6A5B8-F008-444D-9BBB-D8B6CE6A5207}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mad Max\MadMax.exe
FirewallRules: [{08C793C3-DBCE-43DE-8261-E1F93B56557E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mad Max\MadMax.exe
FirewallRules: [{27BCA485-FB5D-4C35-976B-A45E42C1CCDC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{04EAC330-D1EF-4A04-BD63-4D01BB2B543F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{3D1470AC-B6F6-4AF5-9BCE-1ED8ADF8ED6A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{E37D858B-9F50-496F-8BAA-54223AA1F8B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{BC985BB7-A5FB-468A-A71E-EEC39F01633A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fable 3\FableLauncher.exe
FirewallRules: [{F5A27521-D589-4EC2-85D0-4A1A1FF25D91}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fable 3\FableLauncher.exe
FirewallRules: [TCP Query User{17F034FC-7056-44EF-BA6B-635B4ADE89E9}C:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe
FirewallRules: [UDP Query User{4F00274F-73E5-44C0-846D-F618F5E97EF7}C:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe
FirewallRules: [{D5207734-486D-48DA-BEEC-05288D0654DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops III\BlackOps3.exe
FirewallRules: [{BC549E8D-14C5-4BB4-A66D-BD38CB74942E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops III\BlackOps3.exe
FirewallRules: [{37A8DD8A-B85F-43D8-89D0-E9F57AEF8C01}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{8003928D-D9D6-47FA-8F4F-33C1F7BF7E59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{32069904-368B-43B4-BC31-989673DF9FD1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{1BE188A0-A3BB-43B2-AC62-D27A891F6962}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{2936EAE8-3867-4D5C-8571-D3FD1DEE2BBC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KOAReckoning\Reckoning.exe
FirewallRules: [{5568A330-1987-4B3D-8351-DDECA7B61FF6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KOAReckoning\Reckoning.exe
FirewallRules: [{B2DA9960-84D1-4478-A192-7295BA39D405}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Titan Quest Immortal Throne\Tqit.exe
FirewallRules: [{A4C7417F-F258-4375-8868-7086AA2982F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Titan Quest Immortal Throne\Tqit.exe
FirewallRules: [{E803F385-62AC-47C4-B15C-4057E87F1416}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Titan Quest\Titan Quest.exe
FirewallRules: [{9052B718-1768-4717-B47C-E999CAB9AB3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Titan Quest\Titan Quest.exe
FirewallRules: [{036D364C-007A-4881-AAFC-0FF0564DD954}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{3A5187EE-4433-48EA-ABD1-D6932DF70E85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{CED420BA-C916-4841-868E-84F9BF29DBF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\100 Orange Juice\100orange.exe
FirewallRules: [{5A19308D-8B79-4A9D-997A-C84010A72317}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\100 Orange Juice\100orange.exe
FirewallRules: [{B93C85DB-3D14-4B5A-81A8-B6935AD8A563}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{D748AED0-E0AE-4904-9402-404EADE05616}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [TCP Query User{FB171062-7457-4A01-875A-FF5FE776E5DF}C:\program files (x86)\byond\bin\byond.exe] => (Allow) C:\program files (x86)\byond\bin\byond.exe
FirewallRules: [UDP Query User{6E32E827-D335-4E52-9B33-C0A3137654A6}C:\program files (x86)\byond\bin\byond.exe] => (Allow) C:\program files (x86)\byond\bin\byond.exe
FirewallRules: [{9284D178-2D42-4B35-83C6-7854D526770F}] => (Allow) C:\Program Files\Echobit\Evolve\EvoSvc.exe
FirewallRules: [{611C0E96-6F3C-4601-A2CB-92B57C7B7FC1}] => (Allow) C:\Program Files\Echobit\Evolve\EvolveClient.exe
FirewallRules: [{86B8BAAB-5FF2-4B45-9E3B-5E4C804BF9B6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Moon Base Alpha\Binaries\Win32\MoonBaseAlphaGame.exe
FirewallRules: [{50E5498E-B8FB-410E-8B4F-728021353906}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Moon Base Alpha\Binaries\Win32\MoonBaseAlphaGame.exe
FirewallRules: [{FDF02B73-28D5-48C1-9FA1-697273541CC2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [{459EF3CC-FF7D-4020-ADE9-C347D4A8D2A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [TCP Query User{786FB9B6-6B82-4275-8D3F-D6BB1978C58A}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{14A93E80-EB87-4631-87F9-1D350FB1704E}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{F7D7B367-8453-48C6-AC2D-9999DA15E538}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{DA73E16E-2E5C-4B5F-A5B3-214927E67989}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{448B33FF-68EA-4211-9864-3863EC144754}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sakura Clicker\Sakura Clicker.exe
FirewallRules: [{7FA9945F-5D91-490A-8B71-1F2C0EFA8322}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sakura Clicker\Sakura Clicker.exe
FirewallRules: [TCP Query User{B4D5BB2B-83CF-43F9-89BC-E6AC8542EF8F}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [UDP Query User{5694BAAF-AF10-433C-970B-90F329DD1724}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [{EF208F5E-0494-40E5-A255-3E4B23743DCE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{E0AC9255-A0E5-45B0-B6A0-BC8CEBD9B645}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{F55D30F8-F329-41AC-ADD2-E57848430FE1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{73BB6DC2-260B-4470-9789-9F63AFE50F20}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{AD710275-0E6D-4822-8100-30C65714129F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{C66A39DF-A5DD-43C8-8D59-C3610CB80C14}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War 2\DOW2.exe
FirewallRules: [{9807ADF0-5E17-493D-9A20-A79C0207B608}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War 2\DOW2.exe
FirewallRules: [TCP Query User{6078FD7C-75E7-4E41-9280-30EEB5F874F0}C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe
FirewallRules: [UDP Query User{084BC679-E7E0-41DF-997F-2047B13495BE}C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe
FirewallRules: [{EBE184A3-C725-4465-96C8-8B5680915789}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\StarForge\StarForge.exe
FirewallRules: [{2CB20753-8264-41ED-AD39-ABE08F761E8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\StarForge\StarForge.exe
FirewallRules: [TCP Query User{86E7E0E6-7121-4CC8-8152-1A9DD5E5FD5B}C:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe
FirewallRules: [UDP Query User{65B1C0FB-F79B-4A17-8A7C-D195C071DB45}C:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe
FirewallRules: [{03FCFFD6-A4A0-411F-A395-37986C8D33BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Chronicle\Chronicle.exe
FirewallRules: [{345C8D49-12F7-4BEF-A631-F7BEFCF75EDE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Chronicle\Chronicle.exe
FirewallRules: [{C4B5E7DF-9705-4B9B-B617-D9DE6042E8F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War Soulstorm\Soulstorm.exe
FirewallRules: [{6696CC8F-8EC9-444D-A826-3781ED4FAF9D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War Soulstorm\Soulstorm.exe
FirewallRules: [{8497949A-4A4A-4B27-8B84-8835B0088129}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War II - Retribution\DOW2.exe
FirewallRules: [{8643F11D-8F59-4DCE-A023-3D9F955E780E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War II - Retribution\DOW2.exe
FirewallRules: [{D17B06AB-AC13-4F0D-8FBF-33270488C31B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gloria Victis\gv.exe
FirewallRules: [{BD16A49D-41BE-404B-9423-E04F3FEFE8C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gloria Victis\gv.exe
FirewallRules: [TCP Query User{09511951-6386-4DE9-A2E2-4C66A284569E}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{AD3D84DE-6014-46F7-B868-F3D98899C8FF}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{819B8B45-60B4-4383-93BD-3E53228BAD50}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe
FirewallRules: [{13D40FB8-7CFA-4AD5-9BF4-7A6264DC57B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe
FirewallRules: [{04E68BAD-D605-4550-BF93-8ADCD9ED1153}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{E77C7511-85E6-4ADB-A507-EF68D1190778}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{D4B2E089-54A5-46E8-A935-6FE0899E2320}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{EAAFE972-4169-4637-A983-95CFAA9D08F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{8D79CA54-7679-42C4-8871-844ED3390FB0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hatoful Boyfriend\hatoful.exe
FirewallRules: [{76FAB7CA-33C7-439A-BA1B-9EF6895FF63E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hatoful Boyfriend\hatoful.exe
FirewallRules: [{B94AD82A-592D-42CC-A73C-8A42FCCA3B83}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{9520201E-3677-4BEF-BA09-EA76B7904785}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{FE18BC69-DA50-44E7-A17A-80117AC41506}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{48722C6E-8613-4E75-A1A1-DCAB09D4B7D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{95E4499F-10CF-4D55-9F23-B24F3AA7F8D3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{8F105599-4B1E-4D23-9F72-D7D4A430DDEB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{29F72578-B658-42CE-80CD-C3D8849F62A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Natural Selection 2\ns2.exe
FirewallRules: [{C816121F-CBCB-401A-9414-70E8B5AF3522}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Natural Selection 2\ns2.exe
FirewallRules: [{EB990E7C-5D6D-472D-9B55-C589DBB3190B}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{19F86FDA-06CA-4B9D-A2C2-D64AF2D6535C}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{C4B2D00F-F195-4C56-85EF-97301B546A48}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{04D72312-B33F-4971-9674-8F02E4EAFFB1}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{32C2CFFE-B6AE-4338-BE1C-9412E446AA71}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2\arma2.exe
FirewallRules: [{435136A2-FBC4-4EF9-9F41-D19FB30B12F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2\arma2.exe
FirewallRules: [{970B8C1B-BC42-4B8A-B72F-141A4EF946F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe
FirewallRules: [{430DAAA9-4EF8-42C9-95BA-4FFDC8B0A313}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe
FirewallRules: [{8C5CA6EC-B52C-464C-8CA8-EFFC5BD69350}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe
FirewallRules: [{43E6E8B7-5A50-4D6F-90ED-5CE8B4C937AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe
FirewallRules: [{D908DC25-1268-4A7C-8CB6-8D43E2FAEB19}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{8D9E5CC9-574C-4507-A934-D3F771CDB3A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{DD7AB60A-7327-4B1B-AB0E-086193F8081F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic Duels\MagicDuels.exe
FirewallRules: [{9155E2FA-0C81-4789-9B91-4650749E362A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic Duels\MagicDuels.exe
FirewallRules: [{79F4381C-0344-46BE-9244-088B21BC24A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{3C2A79A5-4AC8-40D1-ABEB-927AF3212215}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{04665771-0B5E-4CC8-85DC-BA48EC23F1A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{38924B3B-6C61-4FE9-B4AD-B63C5BED0F03}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{46764E4D-ED1A-440F-B255-24C0FAB52532}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\mod_uploader.exe
FirewallRules: [{6512CA62-7034-45D3-89F0-8B8A9A9DDE9F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\mod_uploader.exe
FirewallRules: [{F2AFA470-64D1-4C48-8B4D-BEE1D2580154}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\rainbowsix.exe
FirewallRules: [{113F9689-72F2-432D-B517-FF73B8C04A20}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\rainbowsix.exe
FirewallRules: [{EAF4CCCD-1F71-4051-85C5-DAE9D0E55199}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{2991A781-DD00-41B9-818B-B1620ACE324B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [{10031878-239F-4B47-BD3E-3A147D3BDB45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [{B83BFCFB-9280-4CE7-81EA-A95A81BFC717}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{ADF81A4E-9750-4154-8445-6AA48087E026}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{B3A86758-70ED-44AB-A10A-FA47447BDAED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe
FirewallRules: [{4C7F6E4B-3B71-443F-ABCD-8B32693181C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
30-07-2016 19:02:19 ExpressVPN
02-08-2016 21:31:28 Removed Futuremark SystemInfo
02-08-2016 23:13:14 Restore Operation
04-08-2016 20:13:17 Removed Java 8 Update 91 (64-bit)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/04/2016 08:13:40 PM) (Source: VSS) (EventID: 12305) (User: )
Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
Error context: DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1 - 0000000000000180,0x00530190,0000000000000000,0,000000D83DF21090,4096,[0]).
 
 
Operation:
   Query Shadow Copies
 
Error: (08/03/2016 09:17:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CCleaner64.exe, version: 5.20.0.5668, time stamp: 0x5786a2aa
Faulting module name: ntdll.dll, version: 6.3.9600.18233, time stamp: 0x56bb4ebb
Exception code: 0xc000041d
Fault offset: 0x000000000003dd8e
Faulting process id: 0x1ef8
Faulting application start time: 0xCCleaner64.exe0
Faulting application path: CCleaner64.exe1
Faulting module path: CCleaner64.exe2
Report Id: CCleaner64.exe3
Faulting package full name: CCleaner64.exe4
Faulting package-relative application ID: CCleaner64.exe5
 
Error: (08/03/2016 09:17:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CCleaner64.exe, version: 5.20.0.5668, time stamp: 0x5786a2aa
Faulting module name: ntdll.dll, version: 6.3.9600.18233, time stamp: 0x56bb4ebb
Exception code: 0xc0000005
Fault offset: 0x000000000003dd8e
Faulting process id: 0x1ef8
Faulting application start time: 0xCCleaner64.exe0
Faulting application path: CCleaner64.exe1
Faulting module path: CCleaner64.exe2
Report Id: CCleaner64.exe3
Faulting package full name: CCleaner64.exe4
Faulting package-relative application ID: CCleaner64.exe5
 
Error: (08/03/2016 02:12:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SDUpdate.exe version 2.4.40.94 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1254
 
Start Time: 01d1ed2c50caf838
 
Termination Time: 1
 
Application Path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
 
Report Id: c49710b5-591f-11e6-82fb-60a44c3715c1
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (08/03/2016 01:22:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 165c
 
Start Time: 01d1ed25808ec884
 
Termination Time: 4294967295
 
Application Path: C:\Windows\system32\wwahost.exe
 
Report Id: c853eb48-5918-11e6-82fb-60a44c3715c1
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: Microsoft.WindowsLive.Mail
 
Error: (08/03/2016 01:22:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HOLODECK)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/03/2016 01:22:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: HOLODECK)
Description: App microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe+Microsoft.WindowsLive.Mail did not launch within its allotted time.
 
Error: (08/03/2016 11:41:28 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Steam.exe version 3.53.1.42 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: f14
 
Start Time: 01d1ed09a68dca94
 
Termination Time: 4294967295
 
Application Path: C:\Program Files (x86)\Steam\Steam.exe
 
Report Id: a0c280f5-590a-11e6-82fa-60a44c3715c1
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (08/03/2016 10:12:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PopcornTimeDesktop.exe, version: 5.4.9.0, time stamp: 0x03e33238
Faulting module name: libcef.dll, version: 3.1750.1738.0, time stamp: 0x5398a079
Exception code: 0x80000003
Fault offset: 0x0013fc00
Faulting process id: 0x132c
Faulting application start time: 0xPopcornTimeDesktop.exe0
Faulting application path: PopcornTimeDesktop.exe1
Faulting module path: PopcornTimeDesktop.exe2
Report Id: PopcornTimeDesktop.exe3
Faulting package full name: PopcornTimeDesktop.exe4
Faulting package-relative application ID: PopcornTimeDesktop.exe5
 
Error: (08/03/2016 10:11:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PopcornTimeDesktop.exe, version: 5.4.9.0, time stamp: 0x03e33238
Faulting module name: libcef.dll, version: 3.1750.1738.0, time stamp: 0x5398a079
Exception code: 0x80000003
Fault offset: 0x0013fc00
Faulting process id: 0x1710
Faulting application start time: 0xPopcornTimeDesktop.exe0
Faulting application path: PopcornTimeDesktop.exe1
Faulting module path: PopcornTimeDesktop.exe2
Report Id: PopcornTimeDesktop.exe3
Faulting package full name: PopcornTimeDesktop.exe4
Faulting package-relative application ID: PopcornTimeDesktop.exe5
 
 
System errors:
=============
Error: (08/04/2016 07:53:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CTService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/04/2016 07:53:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error: 
%%3 = The system cannot find the path specified.
 
Error: (08/04/2016 04:09:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CTService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/04/2016 04:08:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error: 
%%3 = The system cannot find the path specified.
 
Error: (08/04/2016 04:08:43 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:16:30 a.m. on ‎4/‎08/‎2016 was unexpected.
 
Error: (08/04/2016 04:08:25 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 32212256844655263513610616
 
Error: (08/04/2016 08:16:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CTService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/04/2016 08:16:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error: 
%%3 = The system cannot find the path specified.
 
Error: (08/04/2016 08:15:58 AM) (Source: DCOM) (EventID: 10005) (User: HOLODECK)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (08/04/2016 08:12:04 AM) (Source: DCOM) (EventID: 10005) (User: HOLODECK)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
 
CodeIntegrity:
===================================
  Date: 2016-06-26 19:58:23.404
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-26 19:58:23.213
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-26 19:58:23.013
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-26 19:58:22.822
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-26 19:58:22.630
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-26 19:58:22.411
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-26 19:58:22.209
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-26 19:58:21.999
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-21 18:51:22.646
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-21 18:51:21.987
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 16%
Total physical RAM: 16315.94 MB
Available physical RAM: 13704.79 MB
Total Virtual: 32699.94 MB
Available Virtual: 29845.75 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:218.73 GB) NTFS
Drive d: (Meme Locker) (Fixed) (Total:298.09 GB) (Free:53.83 GB) NTFS
Drive f: (Expansion Drive) (Fixed) (Total:931.51 GB) (Free:763.83 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 92648280)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: D991B30C)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 322F14A5)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:13 PM

Posted 04 August 2016 - 01:26 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-4095359683-2918008799-1588887154-1001\...\Run: [Chromium] => c:\users\entra\appdata\local\chromium\application\chrome.exe [1068544 2016-03-18] (The Chromium Authors)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> G:\VLC\npvlc.dll [No File]
CHR StartupUrls: Default -> "hxxps://startpage.com/eng/"
CHR Extension: (IBA Opt-out (by Google)) - C:\Users\entra\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb [2016-03-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\entra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-06-17]
C:\Users\entra\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb
C:\Users\entra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\Run: [Plumptons] => explorer.exe hxxp://kb-ribaki.org <===== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR Extension: (Avast SafePrice) - C:\Users\Plumptons\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-08-03]
CHR Extension: (No Name) - C:\Users\Plumptons\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gjknjjomckknofjidppipffbpoekiipm [2016-08-02]
CHR Extension: (No Name) - C:\Users\Plumptons\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-02]
CHR Extension: (No Name) - C:\Users\Plumptons\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-08-02]
CHR Extension: (No Name) - C:\Users\Plumptons\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-08-02]
CHR Extension: (No Name) - C:\Users\Plumptons\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-02]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
S4 LMIRfsClientNP; no ImagePath
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please let me know of any remaining issues?

#4 Plumptons

Plumptons
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:13 AM

Posted 04 August 2016 - 03:37 PM

Oh dear, things have turned south.
Initially computer wouldn't boot into normal windows. Got to the log in screen then once I typed my password, faced a black turned on screen. 
Tried booting into safe mode, it worked. 
Then rebooted into Windows. 
Something is deeply off with my OS. I feel its a cloned version or something?. Main differences between normal boot and safe mood are;
In normal boot Task manger is disabled. And the windows process freezes often. AND the download file where FTST was has been deleted. However, i found the fixlog.txt file within safe mode. 
 

Fix result of Farbar Recovery Scan Tool (x64) Version: 03-08-2016
Ran by Plumptons (2016-08-05 08:04:48) Run:1
Running from C:\Users\Plumptons\Downloads\FRST
Loaded Profiles: Plumptons (Available Profiles: Plumptons)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKU\S-1-5-21-4095359683-2918008799-1588887154-1001\...\Run: [Chromium] => c:\users\entra\appdata\local\chromium\application\chrome.exe [1068544 2016-03-18] (The Chromium Authors)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> G:\VLC\npvlc.dll [No File]
CHR StartupUrls: Default -> "hxxps://startpage.com/eng/"
CHR Extension: (IBA Opt-out (by Google)) - C:\Users\entra\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb [2016-03-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\entra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program
Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-06-17]
C:\Users\entra\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb
C:\Users\entra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
 
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\...\Run: [Plumptons] => explorer.exe hxxp://kb-ribaki.org <===== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR Extension: (Avast SafePrice) - C:\Users\Plumptons\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-08-03]
CHR Extension: (No Name) - C:\Users\Plumptons\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gjknjjomckknofjidppipffbpoekiipm [2016-08-02]
CHR Extension: (No Name) -
C:\Users\Plumptons\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-02]
CHR Extension: (No Name) - C:\Users\Plumptons\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-08-02]
CHR Extension: (No Name) - C:\Users\Plumptons\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-08-02]
CHR Extension: (No Name) - C:\Users\Plumptons\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-02]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
S4 LMIRfsClientNP; no ImagePath
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-4095359683-2918008799-1588887154-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Chromium => value not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.1 => key not found. 
Chrome StartupUrls => not found.
C:\Users\entra\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb => not found
C:\Users\entra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => not found
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully
Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-06-17] => Error: No automatic fix found for this entry.
"C:\Users\entra\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb" => not found.
"C:\Users\entra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
HKU\S-1-5-21-4146320921-1291286325-1682825296-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Plumptons => value removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
C:\Users\Plumptons\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => moved successfully
C:\Users\Plumptons\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gjknjjomckknofjidppipffbpoekiipm => moved successfully
CHR Extension: (No Name) - => not found
"C:\Users\Plumptons\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-02]" => not found.
C:\Users\Plumptons\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => moved successfully
C:\Users\Plumptons\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gomekmidlodglbbmalcneegieacbdmki => moved successfully
C:\Users\Plumptons\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => key not found. 
LMIRfsClientNP => service removed successfully
LMIInfo => service removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 20971520 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 74426135 B
Java, Flash, Steam htmlcache => 383997252 B
Windows/system/drivers => 433600 B
Edge => 0 B
Chrome => 442540161 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 2545524 B
NetworkService => 0 B
Plumptons => 297505652 B
 
RecycleBin => 2084511 B
EmptyTemp: => 1.1 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 08:06:38 ====

Help needed. 
The webpage didn't open when i did boot into windows however. 


#5 Plumptons

Plumptons
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:13 AM

Posted 04 August 2016 - 04:04 PM

Just booted into normal windows. It seems to be normal...... still have an odd feeling though. 



#6 Plumptons

Plumptons
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:13 AM

Posted 04 August 2016 - 04:21 PM

Just did some further testing. When I launch into windows with my wireless dongle plugged in, the issues with Task manager, downloads file being gone appear. 
Booting into normal windows without the wireless dongle is working as per normal. 
 



#7 Plumptons

Plumptons
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:13 AM

Posted 04 August 2016 - 04:25 PM

Actually, the 

kb-ribaki. org 

webpage just opened when I opened into normal windows without being connected to the internet. 
One step forwards and two steps back. :(


Edited by Plumptons, 04 August 2016 - 04:26 PM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:13 PM

Posted 05 August 2016 - 08:13 AM

Lets find out what we can find in the Registry.

Please run the Farbar Recovery Scan Tool. Enter kb-ribaki. org in the Search Box.
Click the Search Registry button, post the content of the Search.txt file in your next reply.

#9 Plumptons

Plumptons
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:13 AM

Posted 05 August 2016 - 08:54 PM

Farbar Recovery Scan Tool (x64) Version: 03-08-2016
Ran by Plumptons (2016-08-06 13:50:44)
Running from C:\Users\Plumptons\Downloads\FRST
Boot Mode: Normal
 
================== Search Registry: "kb-ribaki.org" ===========
 
[HKEY_USERS\S-1-5-21-4146320921-1291286325-1682825296-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Plumptons"="explorer.exe http://kb-ribaki.org"
 
====== End of Search ======


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:13 PM

Posted 06 August 2016 - 07:03 AM

Copy the text IN THE QUOTE BOX below to notepad. Save it as fixme.reg to your desktop.
Be sure the "Save as" type is set to "all files" Once you have saved Right click the .reg file and allow it to merge with the registry.
 

Windows Registry Editor Version 5.00

[HKEY_USERS\S-1-5-21-4146320921-1291286325-1682825296-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Plumptons"=-


Restart the computer when completed.

You can delete the fixme.reg file when done.

How is it now?

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:13 PM

Posted 12 August 2016 - 08:23 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:13 PM

Posted 18 August 2016 - 08:37 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users