Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan??? CPU use maxed and HDD is filling up


  • This topic is locked This topic is locked
3 replies to this topic

#1 Volstaz

Volstaz

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 17 October 2016 - 12:31 PM

Hey guys, downloaded a sketchy file the other night, turns out it was bad. Did a system restore to two weeks prior and this did not correct the issue. I am seeing my CPUs idling around 50-60% and have noticed a constant decline in available memory for my HDD. Process tree isn't showing anything odd, but upon checking the resource monitor I see two dllhost.exe files that start out active then self terminate when I go looking for their source. Any help would be great as I use this machine for work and need it functional.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-10-2016
Ran by Volstaz (administrator) on VOLSTAZ-PC (17-10-2016 12:25:44)
Running from C:\Users\Volstaz\Downloads
Loaded Profiles: Volstaz (Available Profiles: Volstaz)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
() C:\Program Files (x86)\D-Link\DWA-525 revA\ANIWConnService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(D-Link Corp.) C:\Program Files (x86)\D-Link\DWA-525 revA\AirNCFG.exe
(Wireless Service) C:\Program Files (x86)\D-Link\DWA-525 revA\WZCSLDR2.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\wbengine.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Valve Corporation) C:\Program Files (x86)\Steam\steamerrorreporter.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [D-Link D-Link DWA-525] => C:\Program Files (x86)\D-Link\DWA-525 revA\AirNCFG.exe [995328 2009-11-24] (D-Link Corp.)
HKLM-x32\...\Run: [WZCSLDR2] => C:\Program Files (x86)\D-Link\DWA-525 revA\WZCSLDR2.exe [122880 2009-11-03] (Wireless Service)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2053704521-392054411-2914475072-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-12] (Valve Corporation)
HKU\S-1-5-21-2053704521-392054411-2914475072-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2053704521-392054411-2914475072-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29642368 2016-09-12] (Skype Technologies S.A.)
HKU\S-1-5-21-2053704521-392054411-2914475072-1000\...\Run: [Broadvoice] => C:\Program Files (x86)\Broadvoice\Broadvoice.exe [9430528 2014-05-12] ()
HKU\S-1-5-21-2053704521-392054411-2914475072-1000\...\Run: [VkontakteDJ] => C:\Users\Volstaz\Downloads\the_black_keys_tighten_up_ft_ment_nelson_hip_hop_remix.mp3.exe /H
HKU\S-1-5-21-2053704521-392054411-2914475072-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [247344 2016-09-27] ()
HKU\S-1-5-21-2053704521-392054411-2914475072-1000\...\Run: [Discord] => C:\Users\Volstaz\AppData\Local\Discord\app-0.0.296\Discord.exe [62471352 2016-08-24] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-2053704521-392054411-2914475072-1000\...\Run: [TSMApplication] => C:\Program Files (x86)\TradeSkillMaster Application\app\TSMApplication.exe [1623040 2016-08-20] ()
HKU\S-1-5-21-2053704521-392054411-2914475072-1000\...\MountPoints2: {ddc8ccef-9e55-11e5-86a4-c860009d7657} - E:\Autorun.exe
HKU\S-1-5-21-2053704521-392054411-2914475072-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-04-07] (Microsoft Corporation)
Startup: C:\Users\Volstaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2015-12-15]
ShortcutTarget: Curse.lnk -> C:\Users\Volstaz\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
Startup: C:\Users\Volstaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2016-02-05] ()
Startup: C:\Users\Volstaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pizza Hotline.lnk [2016-01-11]
ShortcutTarget: Pizza Hotline.lnk -> C:\Program Files (x86)\opalonline\Pizza Hotline\pvxwin32.exe (Best Software Canada)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.100.254
Tcpip\..\Interfaces\{4C303C60-FA22-433B-8D08-74CCDB60EC57}: [DhcpNameServer] 192.168.100.254
Tcpip\..\Interfaces\{FD29B17F-4DBA-4D36-BED9-F6ED9A401E6F}: [DhcpNameServer] 192.168.100.254

Internet Explorer:
==================
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-10] (Oracle Corporation)
BHO-x32: Broadvoice Click2Dial plugin -> {9E631169-C97D-4370-8AE3-D58C362D377C} -> C:\Program Files (x86)\Broadvoice\BroadvoiceClick2Dial\Click2Dial32.dll [2013-11-26] ()
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-10] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: 4jul84d4.default
FF ProfilePath: C:\Users\Volstaz\AppData\Roaming\Mozilla\Firefox\Profiles\4jul84d4.default [2016-10-17]
FF Extension: (Adblock Plus) - C:\Users\Volstaz\AppData\Roaming\Mozilla\Firefox\Profiles\4jul84d4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF HKLM-x32\...\Firefox\Extensions: [{aefd1515-cce5-426a-9003-67c50982ac46}] - C:\Program Files (x86)\Broadvoice\BroadvoiceClick2Dial\FireFox
FF Extension: (Broadvoice Click2Dial) - C:\Program Files (x86)\Broadvoice\BroadvoiceClick2Dial\FireFox [2016-01-14] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-17] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-17] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-10] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-05-19] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-05-19] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqJvjaGwRUnfYzdE_osq7v4lUswcgcna1Q486l5FNfVs_w5EBzNH4pI-DGIvuSI3s0N_jVRPjILljsWgZRDGP9tnEZeVUHWDLvCF3vi4slSQfSyTKDBxz8go3-kBxkOwEsSea7ZevDf_ap1d4NLLXU_4u26uZUFuNHv4mQYMg&q={searchTerms}
CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
CHR Profile: C:\Users\Volstaz\AppData\Local\Google\Chrome\User Data\Default [2016-10-17]
CHR Extension: (Google Slides) - C:\Users\Volstaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-21]
CHR Extension: (Google Docs) - C:\Users\Volstaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-21]
CHR Extension: (Google Drive) - C:\Users\Volstaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-03]
CHR Extension: (YouTube) - C:\Users\Volstaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-03]
CHR Extension: (Google Search) - C:\Users\Volstaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-03]
CHR Extension: (Google Sheets) - C:\Users\Volstaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-21]
CHR Extension: (Google Docs Offline) - C:\Users\Volstaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-03]
CHR Extension: (Broadvoice Click2Dial) - C:\Users\Volstaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfolilgdligbejdemghepcmddplbgbm [2016-01-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Volstaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-29]
CHR Extension: (Gmail) - C:\Users\Volstaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-23]
CHR Extension: (Chrome Media Router) - C:\Users\Volstaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-20]
CHR HKLM-x32\...\Chrome\Extension: [mkfolilgdligbejdemghepcmddplbgbm] - C:\Program Files (x86)\Broadvoice\BroadvoiceClick2Dial\Chrome\Click2Dial.crx [2013-11-27]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 D_Link_DWA-525; C:\Program Files (x86)\D-Link\DWA-525 revA\ANIWZCSdS.exe [126976 2009-11-03] (Wireless Service) [File not signed]
R2 D_Link_DWA-525_WPS; C:\Program Files (x86)\D-Link\DWA-525 revA\ANIWConnService.exe [40960 2009-07-07] () [File not signed]
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [236832 2016-01-07] (EasyAntiCheat Ltd)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1310960 2016-09-27] (Overwolf LTD)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2102496 2015-06-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [224712 2015-07-24] (Safer-Networking Ltd.)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn Time) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-06] ()
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-01-06] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [46392 2016-01-06] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 netr28x; C:\Windows\System32\DRIVERS\Dnetr28x.sys [787968 2009-11-09] (Ralink Technology, Corp.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [10848 2000-04-10] () [File not signed]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-17 12:25 - 2016-10-17 12:26 - 00014815 _____ C:\Users\Volstaz\Downloads\FRST.txt
2016-10-17 12:23 - 2016-10-17 12:25 - 00000000 ____D C:\FRST
2016-10-17 12:23 - 2016-10-17 12:23 - 00000000 ____D C:\ProgramData\HitmanPro
2016-10-17 12:21 - 2016-10-17 12:21 - 02406912 _____ (Farbar) C:\Users\Volstaz\Downloads\FRST64.exe
2016-10-17 12:18 - 2016-10-17 12:18 - 00224968 _____ (ESET) C:\Users\Volstaz\Downloads\ESETPoweliksCleaner.exe
2016-10-17 12:18 - 2016-10-17 12:18 - 00000022 _____ C:\Users\Volstaz\Downloads\ESETPoweliksCleaner.exe_20161017.121835.4192.zip
2016-10-17 12:17 - 2016-10-17 12:23 - 11579432 _____ (SurfRight B.V.) C:\Users\Volstaz\Downloads\HitmanPro_x64.exe
2016-10-17 00:20 - 2016-10-17 00:23 - 00384664 _____ C:\TDSSKiller.3.1.0.11_17.10.2016_00.20.56_log.txt
2016-10-17 00:15 - 2016-10-17 00:15 - 00020700 _____ C:\ComboFix.txt
2016-10-17 00:03 - 2016-10-17 00:15 - 00000000 ____D C:\Qoobox
2016-10-17 00:02 - 2016-10-17 00:14 - 00000000 ____D C:\Windows\erdnt
2016-10-16 22:26 - 2016-10-17 12:16 - 00007609 _____ C:\Users\Volstaz\AppData\Local\Resmon.ResmonCfg
2016-10-16 21:01 - 2016-10-17 10:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-10-16 21:01 - 2016-10-16 21:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-16 21:01 - 2016-10-16 21:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-10-16 19:54 - 2016-10-16 19:56 - 00000000 ____D C:\Users\Volstaz\AppData\Local\app
2016-10-16 19:53 - 2016-10-16 20:24 - 00000000 ____D C:\ProgramData\Logic Handler
2016-10-16 19:53 - 2016-10-16 19:53 - 07203328 _____ C:\Users\Volstaz\AppData\Roaming\agent.dat
2016-10-16 19:53 - 2016-10-16 19:53 - 00140288 _____ C:\Users\Volstaz\AppData\Roaming\Installer.dat
2016-10-16 19:53 - 2016-10-16 19:53 - 00018432 _____ C:\Users\Volstaz\AppData\Roaming\Main.dat
2016-10-16 19:52 - 2016-10-16 19:52 - 00000000 _____ C:\TOSTACK
2016-10-16 19:43 - 2016-10-16 19:43 - 00000000 _____ C:\Users\Volstaz\Downloads\f
2016-10-10 04:39 - 2016-10-17 10:56 - 00000000 ____D C:\Users\Volstaz\Desktop\Homm3 WoG maybe
2016-10-09 02:02 - 2016-10-09 02:02 - 00000000 ____D C:\Users\Volstaz\Documents\BioshockHD
2016-10-09 02:02 - 2016-10-09 02:02 - 00000000 ____D C:\Users\Volstaz\AppData\Roaming\BioshockHD
2016-09-26 05:23 - 2016-09-26 05:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefly Studios
2016-09-26 05:23 - 2016-09-26 05:23 - 00000000 ____D C:\Program Files (x86)\Firefly Studios
2016-09-23 17:54 - 2016-10-17 14:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-09-20 12:26 - 2016-08-05 10:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-09-20 12:26 - 2016-08-05 10:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-17 14:38 - 2015-05-05 15:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-10-17 14:38 - 2015-05-05 15:13 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-10-17 14:38 - 2015-05-05 15:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-10-17 14:38 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-10-17 14:38 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\Dism
2016-10-17 14:38 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-10-17 14:37 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2016-10-17 12:25 - 2015-05-13 13:32 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-10-17 12:25 - 2015-04-04 21:22 - 00000000 ____D C:\Program Files (x86)\Steam
2016-10-17 12:24 - 2015-05-13 13:31 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-10-17 12:22 - 2009-07-13 23:45 - 00013760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-17 12:22 - 2009-07-13 23:45 - 00013760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-17 12:20 - 2015-04-04 22:09 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-10-17 12:20 - 2015-04-04 22:09 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-17 12:20 - 2015-04-04 22:09 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-10-17 12:20 - 2015-04-04 22:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-17 12:20 - 2015-04-04 22:09 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-10-17 12:20 - 2015-04-04 22:09 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-17 12:19 - 2015-04-21 11:21 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-17 12:13 - 2016-01-14 01:42 - 00000000 ____D C:\Users\Volstaz\AppData\Roaming\Broadvoice
2016-10-17 12:13 - 2015-12-15 02:24 - 00000000 ____D C:\Users\Volstaz\AppData\Roaming\Curse Client
2016-10-17 12:13 - 2015-04-04 21:47 - 00000000 ____D C:\Users\Volstaz\AppData\Roaming\Skype
2016-10-17 11:58 - 2009-07-14 00:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-17 11:58 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-10-17 11:53 - 2016-05-04 16:52 - 00000000 ____D C:\Users\Volstaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2016-10-17 11:53 - 2016-05-04 16:52 - 00000000 ____D C:\Users\Volstaz\AppData\Local\Overwolf
2016-10-17 11:53 - 2015-04-04 21:15 - 00000007 _____ C:\Windows\SysWOW64\ANIWZCSUSERNAME
2016-10-17 11:52 - 2016-05-04 16:52 - 00000000 ____D C:\Program Files (x86)\Overwolf
2016-10-17 11:52 - 2015-04-21 11:21 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-17 11:51 - 2015-04-04 21:43 - 00000007 _____ C:\Windows\SysWOW64\ANIWZCSUSERNAME{FD29B17F-4DBA-4D36-BED9-F6ED9A401E6F}
2016-10-17 11:51 - 2015-04-04 20:10 - 00000000 ____D C:\Users\Volstaz
2016-10-17 11:51 - 2015-04-04 20:07 - 00000000 ____D C:\ProgramData\NVIDIA
2016-10-17 11:51 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-17 11:01 - 2016-05-04 16:52 - 00000000 ____D C:\ProgramData\Overwolf
2016-10-17 10:57 - 2016-07-05 02:15 - 00000000 ____D C:\Users\Volstaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AGOT
2016-10-17 10:57 - 2016-06-14 22:26 - 00000000 ____D C:\Users\Volstaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2016-10-17 10:57 - 2016-06-14 12:41 - 00000000 ____D C:\Users\Volstaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-10-17 10:57 - 2016-05-20 21:09 - 00000000 ____D C:\Users\Volstaz\AppData\Roaming\bsnes
2016-10-17 10:57 - 2016-04-11 16:29 - 00000000 ____D C:\Users\Volstaz\AppData\Roaming\Screaming Bee
2016-10-17 10:57 - 2016-02-17 22:14 - 00000000 ____D C:\Users\Volstaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2016-10-17 10:57 - 2016-02-03 19:23 - 00000000 ____D C:\Users\Volstaz\AppData\Roaming\Battle.net
2016-10-17 10:57 - 2016-01-18 10:53 - 00000000 ____D C:\Users\Volstaz\AppData\Roaming\VKDJ
2016-10-17 10:57 - 2016-01-11 01:03 - 00000000 ____D C:\Windows\Downloaded Installations
2016-10-17 10:57 - 2016-01-11 01:03 - 00000000 ____D C:\Users\Volstaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pizza Hotline
2016-10-17 10:57 - 2015-10-27 11:45 - 00000000 ____D C:\Users\Volstaz\Desktop\Heroes of Might and Magic III Complete
2016-10-17 10:57 - 2015-07-09 18:41 - 00000000 ____D C:\Users\Volstaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-10-17 10:57 - 2015-05-18 22:41 - 00000000 ____D C:\Users\Volstaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
2016-10-17 10:57 - 2015-04-07 13:52 - 00000000 ____D C:\Users\Volstaz\AppData\Roaming\ftblauncher
2016-10-17 10:57 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-10-17 10:57 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\servicing
2016-10-17 10:57 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-10-17 10:57 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2016-10-17 10:56 - 2016-06-29 13:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TradeSkillMaster Application
2016-10-17 10:56 - 2016-06-09 19:04 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2
2016-10-17 10:56 - 2016-06-03 23:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
2016-10-17 10:56 - 2016-05-17 22:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2016-10-17 10:56 - 2016-05-17 19:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2016-10-17 10:56 - 2016-05-17 14:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolphin x86
2016-10-17 10:56 - 2016-05-07 01:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch
2016-10-17 10:56 - 2016-04-13 14:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\New Life of Heroes
2016-10-17 10:56 - 2016-04-12 18:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HoMM3 HD
2016-10-17 10:56 - 2016-04-09 16:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2016-10-17 10:56 - 2016-03-28 15:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2016-10-17 10:56 - 2016-02-03 19:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2016-10-17 10:56 - 2016-02-03 19:26 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2016-10-17 10:56 - 2016-02-03 19:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2016-10-17 10:56 - 2016-01-16 12:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-10-17 10:56 - 2016-01-14 01:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broadvoice
2016-10-17 10:56 - 2015-12-30 01:13 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-10-17 10:56 - 2015-12-30 01:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-10-17 10:56 - 2015-09-03 01:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2016-10-17 10:56 - 2015-09-01 20:06 - 00000000 ____D C:\ProgramData\Package Cache
2016-10-17 10:56 - 2015-08-23 22:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-10-17 10:56 - 2015-08-18 12:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BOSS
2016-10-17 10:56 - 2015-07-20 14:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III
2016-10-17 10:56 - 2015-07-15 08:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fallout Mod Manager
2016-10-17 10:56 - 2015-07-09 18:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-10-17 10:56 - 2015-07-08 22:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolphin
2016-10-17 10:56 - 2015-06-17 21:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-10-17 10:56 - 2015-06-17 21:45 - 00000000 ____D C:\Program Files\7-Zip
2016-10-17 10:56 - 2015-06-17 21:39 - 00000000 ____D C:\Users\Volstaz\AppData\Local\Black_Tree_Gaming
2016-10-17 10:56 - 2015-06-17 21:37 - 00000000 ____D C:\Program Files\Nexus Mod Manager
2016-10-17 10:56 - 2015-05-29 20:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories
2016-10-17 10:56 - 2015-04-06 14:14 - 00000000 ____D C:\ProgramData\Turbine
2016-10-17 10:56 - 2015-04-05 14:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time
2016-10-17 10:56 - 2015-04-05 14:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2016-10-17 10:56 - 2015-04-04 21:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-10-17 10:56 - 2015-04-04 20:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-10-17 10:53 - 2015-10-12 01:50 - 00000000 ____D C:\ProgramData\SystemRequirementsLab
2016-10-17 10:53 - 2015-07-22 11:08 - 00000000 ____D C:\Users\Volstaz\AppData\Local\CEF
2016-10-17 10:53 - 2015-04-04 21:47 - 00000000 ____D C:\ProgramData\Skype
2016-10-17 10:53 - 2015-04-04 20:38 - 00000000 ____D C:\Users\Volstaz\AppData\Local\Apps\2.0
2016-10-17 10:50 - 2016-01-11 01:03 - 00000000 ____D C:\Program Files (x86)\opalonline
2016-10-17 10:50 - 2014-12-02 02:29 - 00000000 ____D C:\Games
2016-10-17 02:21 - 2016-06-03 23:43 - 00000000 ____D C:\Users\Volstaz\AppData\Roaming\Mumble
2016-10-17 01:25 - 2015-04-21 11:21 - 00000000 ____D C:\Users\Volstaz\AppData\Local\Deployment
2016-10-13 08:40 - 2015-04-04 21:16 - 00003284 _____ C:\Users\Volstaz\AppData\Roaming\ANIWZCS{FD29B17F-4DBA-4D36-BED9-F6ED9A401E6F}
2016-10-06 16:42 - 2016-02-03 19:23 - 00000000 ____D C:\Users\Volstaz\AppData\Local\Battle.net
2016-10-05 12:02 - 2016-04-09 16:17 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2016-10-04 20:01 - 2016-02-03 19:22 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-10-03 16:06 - 2016-03-28 15:12 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2016-10-03 15:21 - 2015-04-21 11:23 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-30 15:30 - 2015-04-04 21:16 - 00003284 _____ C:\Windows\SysWOW64\ANIWZCS{FD29B17F-4DBA-4D36-BED9-F6ED9A401E6F}
2016-09-29 02:49 - 2016-02-03 19:28 - 00001236 _____ C:\Users\Public\Desktop\World of Warcraft.lnk
2016-09-26 18:41 - 2015-11-12 00:49 - 00000000 ____D C:\Users\Volstaz\Downloads\PopcornTime
2016-09-26 05:23 - 2015-04-04 21:00 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-09-25 18:31 - 2015-12-28 19:31 - 00000000 ____D C:\Users\Volstaz\AppData\Local\OurDarkerPurpose
2016-09-24 14:18 - 2015-04-04 19:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-23 13:04 - 2015-04-05 14:25 - 00000000 ____D C:\Program Files (x86)\Popcorn Time
2016-09-21 00:58 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2016-10-16 19:53 - 2016-10-16 19:53 - 7203328 _____ () C:\Users\Volstaz\AppData\Roaming\agent.dat
2015-04-04 21:31 - 2015-04-04 21:31 - 0000253 _____ () C:\Users\Volstaz\AppData\Roaming\ANICONFIG_{0ABC2ADE-A7AA-428D-AADF-18A2E8E4D6AB}.ini
2015-04-04 21:17 - 2015-04-04 21:22 - 0000253 _____ () C:\Users\Volstaz\AppData\Roaming\ANICONFIG_{521D9232-BD8E-40B1-8CC4-9783EBF86EB5}.ini
2015-04-04 21:16 - 2016-10-13 08:40 - 0003284 _____ () C:\Users\Volstaz\AppData\Roaming\ANIWZCS{FD29B17F-4DBA-4D36-BED9-F6ED9A401E6F}
2016-10-16 19:53 - 2016-10-16 19:53 - 0140288 _____ () C:\Users\Volstaz\AppData\Roaming\Installer.dat
2016-10-16 19:53 - 2016-10-16 19:53 - 0018432 _____ () C:\Users\Volstaz\AppData\Roaming\Main.dat
2016-10-16 22:26 - 2016-10-17 12:16 - 0007609 _____ () C:\Users\Volstaz\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Volstaz\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Volstaz\AppData\Local\Temp\Nexus Mod Manager-0.61.23.exe
C:\Users\Volstaz\AppData\Local\Temp\setup_3BCF.exe
C:\Users\Volstaz\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Volstaz\AppData\Local\Temp\sfextra.dll
C:\Users\Volstaz\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Volstaz\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-10-15 00:16

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-10-2016
Ran by Volstaz (17-10-2016 12:26:44)
Running from C:\Users\Volstaz\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2015-04-05 01:10:48)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2053704521-392054411-2914475072-500 - Administrator - Disabled)
Guest (S-1-5-21-2053704521-392054411-2914475072-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2053704521-392054411-2914475072-1002 - Limited - Enabled)
Volstaz (S-1-5-21-2053704521-392054411-2914475072-1000 - Administrator - Enabled) => C:\Users\Volstaz

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Spybot - Search and Destroy (Enabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.06 beta (x64) (HKLM\...\7-Zip) (Version: 15.06 - Igor Pavlov)
A Game of Thrones version 1.2 (HKU\S-1-5-21-2053704521-392054411-2914475072-1000\...\{7C82709E-75FE-4C3A-976A-8C97908DDD7B}_is1) (Version: 1.2 - AGOT TEAM)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20039 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
Breath of Death VII  (HKLM\...\Steam App 107300) (Version:  - Zeboyd Games)
Broadvoice Softphone (HKLM-x32\...\Broadvoice) (Version: 2.07 - Broadvoice Softphone)
Caesar 3 (HKLM-x32\...\GOGPACKCAESAR3_is1) (Version: 2.0.0.9 - GOG.com)
Castle Crashers (HKLM-x32\...\Steam App 204360) (Version:  - The Behemoth)
Chivalry: Medieval Warfare (HKLM\...\Steam App 219640) (Version:  - Torn Banner Studios)
CPUID HWMonitor 1.29 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Crusader Kings II (HKLM-x32\...\Steam App 203770) (Version:  - Paradox Development Studio)
Cthulhu Saves the World  (HKLM\...\Steam App 107310) (Version:  - Zeboyd Games)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Curse Client (HKU\S-1-5-21-2053704521-392054411-2914475072-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
Darkest Dungeon (HKLM-x32\...\Steam App 262060) (Version:  - Red Hook Studios)
Discord (HKU\S-1-5-21-2053704521-392054411-2914475072-1000\...\Discord) (Version: 0.0.295 - Hammer & Chisel, Inc.)
D-Link DWA-525 (HKLM-x32\...\{1DEB8A37-56C9-4E41-9102-171D8EC91DF0}) (Version:  - D-Link)
Dolphin (HKLM-x32\...\Dolphin) (Version: 4.0.2 - Dolphin Development Team)
Dolphin x86 (HKLM-x32\...\Dolphin x86) (Version: 4.0.2 - Dolphin Development Team)
Don't Starve (HKLM\...\Steam App 219740) (Version:  - Klei Entertainment)
Don't Starve Together (HKLM\...\Steam App 322330) (Version:  - Klei Entertainment)
Duke Nukem 3D: Megaton Edition (HKLM\...\Steam App 225140) (Version:  - 3D Realms)
Fallout 2 (HKLM-x32\...\2_is1) (Version: 2.1.0.17 - GOG.com)
Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version:  - Q, Timeslip)
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - Subset Games)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
h3hota (HKLM-x32\...\HotA_is1) (Version:  - )
Hammerwatch (HKLM\...\Steam App 239070) (Version:  - Crackshell)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Intel® Chipset Device Software (x32 Version: 10.0.27 - Intel® Corporation) Hidden
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
MechWarrior Online (HKLM\...\Steam App 342200) (Version:  - Piranha Games Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 49.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.1 (x86 en-US)) (Version: 49.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.1.6109 - Mozilla)
Mumble 1.2.16 (HKLM-x32\...\{8C0C80AA-EA4D-4461-8B73-15A3A27F7D98}) (Version: 1.2.16 - Thorvald Natvig)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.23 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Graphics Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA PhysX (Legacy) (HKLM-x32\...\{FAAC26AD-73BA-40CE-86AA-C9213F9E064A}) (Version: 9.13.0604 - NVIDIA Corporation)
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
Our Darker Purpose (HKLM-x32\...\Steam App 262790) (Version:  - Avidly Wild Games)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.98.211.0 - Overwolf Ltd.)
Path of Exile (HKLM\...\Steam App 238960) (Version:  - Grinding Gear Games)
Pizza Hotline (remote setup) (HKLM-x32\...\{1ACE6274-3B59-4B0E-B8A2-B70F84E82B6B}) (Version: 6.01 - opalonline)
Pokemon Showdown (HKLM-x32\...\Pokemon Showdown) (Version:  - "Pokemon Showdown")
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.5.1.2 - Popcorn Time) <==== ATTENTION
Prison Architect (HKLM\...\Steam App 233450) (Version:  - Introversion Software)
Roll (HKLM-x32\...\RollerCoaster Tycoon Setup) (Version:  - )
RollerCoaster Tycoon 2 (HKLM-x32\...\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}) (Version:  - )
RollerCoaster Tycoon 2: Wacky Worlds (HKLM-x32\...\{B1AD83A0-DC92-41E3-B111-E9472349768C}) (Version:  - )
Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.)
Starbound (HKLM\...\Steam App 211820) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stronghold Crusader (HKLM-x32\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version:  - )
Sunless Sea (HKLM\...\Steam App 304650) (Version:  - Failbetter Games)
System Requirements Lab (HKLM-x32\...\{F89CDED6-B1F1-489F-BA44-698BF6A737C2}) (Version: 6.1.6.0 - Husdawg, LLC)
Tabletop Simulator (HKLM\...\Steam App 286160) (Version:  - Berserk Games)
TeamSpeak 3 Client (HKU\S-1-5-21-2053704521-392054411-2914475072-1000\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version:  - Nicalis, Inc.)
Torchlight II (HKLM\...\Steam App 200710) (Version:  - Runic Games)
TradeSkillMaster Application version 1.0 (HKLM-x32\...\{c44da794-b956-4d50-8733-346d56ae63c7}_is1) (Version: 1.0 - TradeSkillMaster)
Valkyria Chronicles™ (HKLM-x32\...\Steam App 294860) (Version:  - SEGA)
Verdun (HKLM\...\Steam App 242860) (Version:  - M2H)
VirtualDJ Home FREE (HKLM-x32\...\{EE9E75F0-1FB8-440A-A34A-058F7456E113}) (Version: 7.4.2 - Atomix Productions)
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - )
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
XCom Long War EW Mod version 1.0 (HKLM-x32\...\{860C3266-65B9-4BF2-937A-1778483046B5}_is1) (Version: 1.0 - JohnnyLump)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06B7E401-2C03-47FA-87F5-BF21FFCF697D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-17] (Adobe Systems Incorporated)
Task: {0D738211-F315-414B-8C0F-B72536951AE1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {17EAB891-A45B-4314-96AE-486CAD8AC922} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-21] (Google Inc.)
Task: {20D030B4-0E51-4678-9862-A020B2413C72} - System32\Tasks\{0BAC3562-0780-4C65-8E8A-137AAD2CFCA0} => Chrome.exe hxxp://ui.skype.com/ui/0/7.26.0.101/en/abandoninstall?page=tsProgressBar
Task: {272B412D-B1A1-4CD7-A05D-C4E006141305} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {28FA5541-4606-4F64-B7C9-21321A8FBBB4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {40B08D34-A78B-419F-A6D6-5E4767C16A65} - System32\Tasks\{EE2B1849-E6BA-4EEF-8826-2A9FE2B741EF} => Chrome.exe hxxp://ui.skype.com/ui/0/7.26.0.101/en/abandoninstall?page=tsProgressBar
Task: {886337B9-1FE3-4AD5-9BF4-014E513652FB} - System32\Tasks\{4E365484-D16C-48BA-852B-5E718AD24A0A} => Chrome.exe hxxp://ui.skype.com/ui/0/7.26.0.101/en/abandoninstall?page=tsProgressBar
Task: {8BD6A6FC-3EC0-4EBA-A147-9438EEC8203E} - System32\Tasks\{06B17E4A-F618-4EFA-8C31-58305D10F0D8} => Chrome.exe hxxp://ui.skype.com/ui/0/7.10.85.101/en/abandoninstall?page=tsProgressBar
Task: {9322BEC0-127D-40F6-8C27-F35F8B425D7E} - System32\Tasks\{19EBBD4B-8CAF-40BF-B68D-0F662D2B7CFB} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=7.3.0.101&amp;LastError=12002
Task: {A9CC3362-4E13-427F-BF85-8CB54DAB5383} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2016-09-27] (Overwolf LTD)
Task: {AA7D3F72-B2CF-49AC-870D-6F418EC3C7F6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {DCA02E1E-3F05-4F04-9F46-0D0D2A16A866} - System32\Tasks\{3193C62E-A078-4E16-B3CC-5DA8812064C2} => Chrome.exe hxxp://ui.skype.com/ui/0/7.26.0.101/en/abandoninstall?page=tsProgressBar
Task: {ECD14DC7-B01E-45F2-B9FE-AE8B0F4D9DE6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-21] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Volstaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki/
Shortcut: C:\Users\Volstaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com/

==================== Loaded Modules (Whitelisted) ==============

2015-04-04 21:43 - 2009-07-07 21:49 - 00040960 _____ () C:\Program Files (x86)\D-Link\DWA-525 revA\ANIWConnService.exe
2015-04-04 20:52 - 2014-05-19 20:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-08-23 22:39 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-08-23 22:39 - 2014-05-13 13:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-08-23 22:39 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-08-23 22:39 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-04-04 21:43 - 2015-04-04 21:43 - 00073728 _____ () C:\Program Files (x86)\D-Link\DWA-525 revA\ANPDApi.dll
2015-04-04 21:43 - 2009-10-19 20:59 - 00274432 _____ () C:\Program Files (x86)\D-Link\DWA-525 revA\WlanApp.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2053704521-392054411-2914475072-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Volstaz\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.100.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8A44D283-D785-4A2F-B58B-096C24ACA368}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A24C0BF9-D2E5-4C92-A763-E54D07C0DA16}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DA176E3D-A9B5-440F-AF37-46E822BC495C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{8BDFB1DD-4ADA-4697-A736-F9F9449DC279}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{A362FA41-70DD-4657-B2DA-3E70411A1117}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{67F4C48D-D766-41B9-9526-5B59D6C323AB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9A5E4951-E176-4B40-859B-A96DB6191F80}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{54D180FC-81F0-4989-A310-0BA1C8456676}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{84F88449-65BE-4D72-BAA4-E2B32CEE9ECB}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{02E300C0-6262-48EC-B201-38D8B3F2DBAD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{B6F7A9E1-88B6-4DED-8456-B4DC5ADB0171}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{52AA6154-8C13-4004-84AF-D188986F6AC2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{E71448B1-90CD-4FA6-B3D1-02DECF14DE50}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [TCP Query User{27C935CF-A0C5-46CE-B242-5DEB25ECB77F}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{FF676C43-4084-4550-A8EE-6E97455F2D16}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{ADBBCE72-E14A-48BE-AEA2-E16CA4F6A3C7}C:\program files\java\jre1.8.0_40\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\java.exe
FirewallRules: [UDP Query User{FC38B62D-169A-4500-8B85-598477E0B5FE}C:\program files\java\jre1.8.0_40\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\java.exe
FirewallRules: [{E75C046C-DABE-4BCF-AD37-BA74D31AA043}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{324E248A-0C28-4F6F-9163-8E696A1E7658}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{16969614-477C-4385-B3E1-6441FE0A84B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [{EA605858-3AB7-461E-A33F-DA8F54842434}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [TCP Query User{837FCC3E-722F-48C8-A064-BA5609EE5853}C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [UDP Query User{4186884A-ACB5-41E3-BBCA-897BFE0F3C19}C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [{2C8B0A66-78FB-4AAC-9202-1586C1C5EFE7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{1C1445C5-562E-4371-A962-5C4E039E04FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{98350E43-646E-46D1-BA61-12DD249058C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe
FirewallRules: [{8DDCB06B-7C72-43F4-98AB-98B56D0CBCE1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe
FirewallRules: [TCP Query User{FE8D1585-B002-4ADC-AD26-6D5A33FD8E4C}C:\program files (x86)\steam\steamapps\common\blood bowl 2\benchmarkdx11.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\blood bowl 2\benchmarkdx11.exe
FirewallRules: [UDP Query User{6BEF8682-2526-4528-AB02-1E7C9BAF6A0C}C:\program files (x86)\steam\steamapps\common\blood bowl 2\benchmarkdx11.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\blood bowl 2\benchmarkdx11.exe
FirewallRules: [TCP Query User{99D2D854-1374-4E4C-8BF9-9FD0607CAF6B}C:\program files (x86)\steam\steamapps\common\blood bowl 2\bloodbowl2_dx_32.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\blood bowl 2\bloodbowl2_dx_32.exe
FirewallRules: [UDP Query User{0F50A245-810E-4E96-AF30-ABC98FA1A992}C:\program files (x86)\steam\steamapps\common\blood bowl 2\bloodbowl2_dx_32.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\blood bowl 2\bloodbowl2_dx_32.exe
FirewallRules: [{264F89F8-6C21-40D3-B4CD-A256CB7AE108}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings II\CK2game.exe
FirewallRules: [{1D2D2E23-6CA9-420B-AE46-269FD59D49E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings II\CK2game.exe
FirewallRules: [{EC66E49C-9C48-49AB-A71A-012F5D58EA09}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Valkyria Chronicles\Launcher.exe
FirewallRules: [{12B01C53-2375-49C5-9125-5CA0F377B8E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Valkyria Chronicles\Launcher.exe
FirewallRules: [TCP Query User{B937A95F-E724-499C-BA88-4FFD857C1FAD}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [UDP Query User{7289F7CA-A391-4024-87DD-DD5F1C963665}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [TCP Query User{7044D0F1-7F4E-4A93-A21D-3EE5C5A53AFA}C:\program files (x86)\popcorn time\popcorntimedesktop.exe] => (Allow) C:\program files (x86)\popcorn time\popcorntimedesktop.exe
FirewallRules: [UDP Query User{E6681DDB-BC0D-489D-84EB-09012720FDAE}C:\program files (x86)\popcorn time\popcorntimedesktop.exe] => (Allow) C:\program files (x86)\popcorn time\popcorntimedesktop.exe
FirewallRules: [TCP Query User{515D98C8-65B3-4F7C-B94D-32ED6DC1E98E}C:\program files (x86)\steam\steamapps\common\blood bowl 2\bloodbowl2_dx_32.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\blood bowl 2\bloodbowl2_dx_32.exe
FirewallRules: [UDP Query User{521BADBA-C407-41D2-8240-63D830CA5F8F}C:\program files (x86)\steam\steamapps\common\blood bowl 2\bloodbowl2_dx_32.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\blood bowl 2\bloodbowl2_dx_32.exe
FirewallRules: [{DF04DE2E-0D7A-4D5A-9A24-C0E52D088785}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FEB66195-0298-4286-8EC5-94D0174DD411}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{6445586C-2E61-4F23-9FD4-13985D967E16}C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [UDP Query User{C22F656C-9FE4-444F-82D3-D90723909CC5}C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [TCP Query User{8B758ADE-3348-481A-906B-E70DB249B330}C:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe
FirewallRules: [UDP Query User{700AFD99-B47F-4DAE-B43E-E997BF9E3682}C:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe
FirewallRules: [{061259CC-12B7-4723-B6DD-4D002B64F6BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ODP\nw.exe
FirewallRules: [{643162F4-60FC-44E1-A93C-F7A646D24D58}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ODP\nw.exe
FirewallRules: [{2C43BD1A-FBE0-4DE1-8B95-2DC99F385618}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [{505BBED7-D006-43E8-B8EA-21CC3D355B66}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [{352B0A30-066E-4A87-A23D-073F6BBF8D45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
FirewallRules: [{ED911902-38AB-4100-9FF5-DEF4400B1573}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
FirewallRules: [TCP Query User{922A06FC-332C-4D0E-9D55-378E12E78EDE}C:\program files (x86)\java\jre1.8.0_65\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_65\bin\java.exe
FirewallRules: [UDP Query User{1B4FDDA6-B80A-4631-82DD-05DD3EEBC32A}C:\program files (x86)\java\jre1.8.0_65\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_65\bin\java.exe
FirewallRules: [{66BE8ACC-F08F-4C76-B5CD-BAB7F10DFDC7}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_65\bin\javacpl.exe
FirewallRules: [{B2E48819-3D5C-4DA6-AE5E-36131ED22568}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_65\bin\javacpl.exe
FirewallRules: [{E3A3BC53-26B6-4254-A004-095DA10AE274}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_65\bin\javacpl.exe
FirewallRules: [{7007A206-0B69-4C0E-9123-FFADDDF20CF7}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_65\bin\javacpl.exe
FirewallRules: [TCP Query User{A3A28E72-9986-4241-803B-8D9BC623BB6C}C:\program files (x86)\java\jre1.8.0_65\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_65\bin\jp2launcher.exe
FirewallRules: [UDP Query User{6957FA19-7BDE-4B9A-93D7-80923F173E4A}C:\program files (x86)\java\jre1.8.0_65\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_65\bin\jp2launcher.exe
FirewallRules: [TCP Query User{22609A21-6699-417A-9E24-DAA13AC34624}C:\program files (x86)\java\jre1.8.0_66\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\jp2launcher.exe
FirewallRules: [UDP Query User{7DED8E4B-6AD8-40E8-9217-2B0DB13F1ADD}C:\program files (x86)\java\jre1.8.0_66\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\jp2launcher.exe
FirewallRules: [TCP Query User{52A9FE93-24B8-4006-BF65-A6E67CE94D3E}C:\program files (x86)\broadvoice\broadvoice.exe] => (Allow) C:\program files (x86)\broadvoice\broadvoice.exe
FirewallRules: [UDP Query User{DC673025-D422-43FE-A2F8-91073C96A711}C:\program files (x86)\broadvoice\broadvoice.exe] => (Allow) C:\program files (x86)\broadvoice\broadvoice.exe
FirewallRules: [TCP Query User{DE233D36-F156-4785-AD77-EBD07F3549BE}C:\program files (x86)\java\jre1.8.0_66\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\java.exe
FirewallRules: [UDP Query User{7D837BA1-B234-497B-9D10-4F7103893F7B}C:\program files (x86)\java\jre1.8.0_66\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\java.exe
FirewallRules: [TCP Query User{04DD7B39-48BC-4005-A6BC-CAA9913328CA}C:\program files (x86)\java\jre1.8.0_60\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_60\bin\java.exe
FirewallRules: [UDP Query User{75A0BB82-7F67-4D08-B85E-939D356CEF68}C:\program files (x86)\java\jre1.8.0_60\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_60\bin\java.exe
FirewallRules: [{A187731A-984E-4CC3-898E-AED9E6466DFB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{D96465E3-0333-4F7D-B0EF-C4C104C09BEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [TCP Query User{A6425FC1-FD0D-477D-A9C8-542D098BCB94}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{0EBF3525-F954-40AC-B3B1-01817832C4FF}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{16D21AF5-8476-4FEB-A636-6BAB394B64FB}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{6F24DCAD-24AD-4BAC-8C11-7429F5C1A9E4}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{EE054890-0C6D-4473-95D5-BBAF16C51510}C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{F189EF55-8929-4C10-9FE8-4FCB8C8A332A}C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{D7D23288-DD3D-41EB-B268-C55AE3F621B4}C:\program files (x86)\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{3C2660E0-E5F1-438A-989A-33098736BBD1}C:\program files (x86)\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{8C2B4F5E-8277-4DE8-8773-8BEA9B325661}C:\program files (x86)\heroes of the storm\versions\base42273\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42273\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{04C2E248-685E-429B-BA42-0DA1205224DE}C:\program files (x86)\heroes of the storm\versions\base42273\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42273\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{21272E81-FF75-4C31-84BA-EAA2100F730D}C:\program files (x86)\heroes of the storm\versions\base42406\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42406\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{CE849C61-72DE-48BE-8F31-7A4BC76816CB}C:\program files (x86)\heroes of the storm\versions\base42406\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42406\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{0B646BB5-8954-43F6-A51A-81457E5CB695}C:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{01AC163F-F40A-4559-815C-2F2E6A2A3D6F}C:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{CA7D0EBB-E13B-4A3C-8891-05F5E7B4A995}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{A0B978B3-DFEE-4720-9818-F497EE930643}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{E584D3AB-65FE-48D7-B8F4-8CE5256C3FE7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{05E25686-E788-4761-9DD3-C8AA60D7CA8C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [TCP Query User{D4477C3A-B0DF-4F72-B573-9C4A80753269}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{2ECA0768-4179-4F95-9B2D-BBD0617163A1}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{B536AD48-5D6D-45EB-BF92-7D9E7DDEA701}C:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe
FirewallRules: [UDP Query User{3A556BC4-EDCB-4635-AC69-048090BC6D0E}C:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe
FirewallRules: [TCP Query User{745B25F4-83A7-45EB-B62B-935BF3AA0D61}C:\program files (x86)\broadvoice\broadvoice.exe] => (Allow) C:\program files (x86)\broadvoice\broadvoice.exe
FirewallRules: [UDP Query User{920016C1-EE2D-4BF7-948A-FFB7B2D44982}C:\program files (x86)\broadvoice\broadvoice.exe] => (Allow) C:\program files (x86)\broadvoice\broadvoice.exe
FirewallRules: [TCP Query User{807E268B-CA28-424A-8D36-B0B3C1C68294}C:\program files (x86)\heroes of the storm\versions\base42958\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42958\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{B163466C-689B-4FC6-B102-51F367C617E8}C:\program files (x86)\heroes of the storm\versions\base42958\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42958\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{C1EB232D-29B7-4E40-8FFE-4FA50FBCF5D7}C:\program files (x86)\java\jre1.8.0_60\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_60\bin\java.exe
FirewallRules: [UDP Query User{3980FD2F-C3BE-4A9A-B5F7-7F1B760A5827}C:\program files (x86)\java\jre1.8.0_60\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_60\bin\java.exe
FirewallRules: [{3C513B01-6A4C-4AA2-B38F-811FBDC29C3E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Verdun\Verdun.exe
FirewallRules: [{39D1D778-E0AE-4C06-B421-6F2D193E82E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Verdun\Verdun.exe
FirewallRules: [TCP Query User{B7AA0B1A-4A52-4CA5-B6B4-2594A1F5CE1E}C:\program files (x86)\heroes of the storm\versions\base43259\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base43259\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{365947FD-F057-4389-B8D3-0A86110E731A}C:\program files (x86)\heroes of the storm\versions\base43259\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base43259\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{CDC53A28-B087-4CD7-906A-FE6583EB9B48}C:\program files (x86)\java\jre1.8.0_91\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\java.exe
FirewallRules: [UDP Query User{C4869094-841C-41BD-82FA-15FAC220AF01}C:\program files (x86)\java\jre1.8.0_91\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\java.exe
FirewallRules: [{F633EBEE-5F6B-4EA6-8E03-4C6610767B69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cthulhu Saves the World\CSTW.exe
FirewallRules: [{8CB7A160-A3AD-4B91-A0A7-2A734D654EF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cthulhu Saves the World\CSTW.exe
FirewallRules: [{970054D6-D042-467B-9403-9385BE22F135}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Breath of Death VII\BoDVIIPC.exe
FirewallRules: [{7613FD68-B2CA-4C69-AEA7-D6D2BD6A9F3C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Breath of Death VII\BoDVIIPC.exe
FirewallRules: [TCP Query User{3016E996-79E4-4937-82C2-FA65837F414F}C:\program files (x86)\heroes of the storm\versions\base44468\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base44468\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{E569CAEF-8105-4FE3-B2BA-EA425E25009F}C:\program files (x86)\heroes of the storm\versions\base44468\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base44468\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{83E7D0EE-05DB-45CE-97C9-D8AB98D0CF3A}C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe
FirewallRules: [UDP Query User{4AF55A43-0A57-4943-BEA2-B88CB740F210}C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe
FirewallRules: [{606BBC62-558F-4C1E-A79D-FCAB1EA12E67}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{07ECCD19-AEEB-4D25-8D5A-B260B3309065}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{7BFEDAE1-63EB-4FD2-AB2A-2156084CF251}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{A719007C-4785-4325-B4E0-E181BCFC145E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{65812F08-30CF-4E2F-BAD7-25A50A13FBA9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{BA532EF7-6A21-4EB7-9BBD-2E13130602DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{5E49BD9C-C69C-4F26-9C90-4AD63031E1C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{AC710153-FA07-43F2-8F11-093E12B6FAED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{90298569-32FC-48A4-B941-1F0253E27AE6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{78109A07-6F2C-49E7-9002-0ADDE1B950B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{14596AEE-1607-4943-93D2-7BF109A8EFCC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{72D979F3-9D03-4169-8C42-0ACF6CE2D388}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{2590AF55-A93C-4358-92E0-081E9416EB8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{388845EF-90AA-4930-B450-10BD8906E909}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{EC7C5750-A5FF-4BF7-97D5-EE509CC66359}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{C2BFCD5B-7137-4BCD-92D3-65F9FEC8F729}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{E0FA704B-904C-4D7B-8702-BED8DF096FEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MechWarrior Online\Bin64\MWOClient.exe
FirewallRules: [{28C15B6E-CACE-49A6-B1A7-61948CB40B24}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MechWarrior Online\Bin64\MWOClient.exe
FirewallRules: [{E5548A58-65CE-4393-9894-95386EC51AB5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SunlessSea\Sunless Sea.exe
FirewallRules: [{9CFCA8C1-BA7C-4B34-B4FD-69CB0C1BE62B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SunlessSea\Sunless Sea.exe
FirewallRules: [{8B97E34D-B6D9-4BA1-8C71-18334B732AEA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{CD6B9808-4F9F-4A69-9291-C8C4741F0596}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{BA2D1DEF-FC56-46D1-886A-BEA8AB0DCAC5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{4AED3838-E12D-4E62-9839-044C885599B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{010E00AB-2A93-4AC2-9F3D-F6283A38A2EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hammerwatch\Hammerwatch.exe
FirewallRules: [{31624D12-6978-4F5E-9149-C30731E193A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hammerwatch\Hammerwatch.exe
FirewallRules: [{E1D08CDF-60EF-40D4-8806-230D8579CA90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hammerwatch\editor\HammerEditor.exe
FirewallRules: [{1877E00F-9762-4DDF-B10A-D43BF42718CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hammerwatch\editor\HammerEditor.exe
FirewallRules: [{14D95627-CD3D-45A1-BC8E-F5194C56AB66}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{2BCB3F96-4063-4F37-AE7B-3D75F472484B}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{61718C3C-FCE8-4E4F-ABEF-DB13BD262C3B}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{48D29F62-230D-43E9-853A-58CEDC965BA3}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [TCP Query User{9D2C24F6-0754-4934-8FDA-BBDC4280792A}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [UDP Query User{E611DE71-E526-4D9F-8998-47D9CF4251D5}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [{64CC6FEA-DCF8-44E1-8FC1-A58D4D4C86D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{D39F2880-8DB4-493D-A2F9-1C368027A1AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{CD444666-EF8E-4D5D-A5A1-2C56C66C6D12}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{FD8E8C6D-1E74-4AC2-A06F-18DDAD0CDA75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{30D1CE21-AEC7-47A8-B659-8A784F80449A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{E2FEBF05-2E28-49B1-955A-C6E44A592113}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{552DE098-AA47-4C7B-8989-3CC9E819575B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{D9B348F1-995E-4557-A213-39CEBCC48B28}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{E662504F-E480-4E28-BAA0-1D228B9A7E13}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{D25B37D8-E510-4C68-8C94-BDFC1424CDB6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{E43D8045-0481-4521-8248-5029B9362E70}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{8B71AE48-F7F5-4ACD-BC53-82108D5ACF81}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{FD64E8AB-2D38-46D2-9302-E1E6151766A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
FirewallRules: [{53F421E6-9A36-484D-9076-731CE5FA0FB2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
FirewallRules: [{9E30A523-3D33-47C7-9E11-F25F3E2B6DEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\build.exe
FirewallRules: [{0FBF8C84-2DCD-452C-986F-501694D6D930}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\build.exe
FirewallRules: [{09149784-3C51-42D6-9413-F3B514024EC1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{22E8DAEF-1CEF-49E2-B0E4-4B597B470338}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{92F1860E-D8D1-41C4-AB1C-EF5C6A8DF100}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

06-10-2016 16:49:28 Removed Skype™ 7.28
11-10-2016 06:48:58 Windows Update
13-10-2016 03:00:12 Windows Update
14-10-2016 03:00:16 Windows Update
16-10-2016 20:16:26 Restore Operation
16-10-2016 21:39:31 Windows Update
17-10-2016 10:41:50 Restore Operation
17-10-2016 11:03:50 Windows Update

==================== Faulty Device Manager Devices =============

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/17/2016 11:53:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Overwolf.exe, version: 0.98.211.0, time stamp: 0x57ea59f1
Faulting module name: libcef.DLL, version: 3.2357.1289.0, time stamp: 0x55cb36cc
Exception code: 0x4000001f
Fault offset: 0x00159949
Faulting process id: 0xd98
Faulting application start time: 0x01d22896d81d1a5d
Faulting application path: C:\Program Files (x86)\Overwolf\Overwolf.exe
Faulting module path: C:\Program Files (x86)\Overwolf\0.98.211.0\libcef.DLL
Report Id: 42710fa9-948a-11e6-b0b8-c860009d7657

Error: (10/17/2016 01:59:17 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Wow-64.exe version 7.0.3.22810 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 173c

Start Time: 01d22843f01f6ab9

Termination Time: 33

Application Path: C:\Program Files (x86)\World of Warcraft\Wow-64.exe

Report Id: 35ba036c-9437-11e6-b66a-c860009d7657

Error: (10/17/2016 01:22:27 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Windows\System32\sdnclean64.exe".Error in manifest or policy file "C:\Windows\System32\sdnclean64.exe" on line 2.
The manifest file root element must be assembly.

Error: (10/17/2016 12:41:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 49.0.1.6109, time stamp: 0x57e44563
Faulting module name: mozglue.dll, version: 49.0.1.6109, time stamp: 0x57e43eea
Exception code: 0x80000003
Fault offset: 0x0000e846
Faulting process id: 0xce0
Faulting application start time: 0x01d22837add7be87
Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Faulting module path: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
Report Id: 4822be70-942c-11e6-9c05-c860009d7657

Error: (10/17/2016 12:30:01 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Skype.exe version 7.28.64.101 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ac0

Start Time: 01d22837370f4212

Termination Time: 20

Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe

Report Id:

Error: (10/16/2016 07:46:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Amnesia The Dark Descent Game.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 9b0

Start Time: 01d2280f704576cd

Termination Time: 3

Application Path: C:\Users\Volstaz\Downloads\Amnesia The Dark Descent Game.exe

Report Id:

Error: (10/14/2016 06:39:02 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\Tools.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\Tools.dll" on line 2.
The manifest file root element must be assembly.

Error: (10/14/2016 06:39:02 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDWinLogon.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDWinLogon.dll" on line 2.
The manifest file root element must be assembly.

Error: (10/14/2016 06:39:02 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDTasks.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDTasks.dll" on line 2.
The manifest file root element must be assembly.

Error: (10/14/2016 06:39:02 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDScanLibrary.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDScanLibrary.dll" on line 2.
The manifest file root element must be assembly.


System errors:
=============
Error: (10/17/2016 11:58:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (10/17/2016 11:58:07 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (10/17/2016 11:57:31 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80242016: October, 2016 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB3185330).

Error: (10/17/2016 11:00:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (10/17/2016 11:00:11 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (10/17/2016 12:13:53 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (10/17/2016 12:13:10 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (10/17/2016 12:11:11 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (10/16/2016 09:54:57 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: Unable to start a DCOM Server: {30D49246-D217-465F-B00B-AC9DDD652EB7}. The error:
"5"
Happened while starting this command:
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}

Error: (10/16/2016 09:54:28 PM) (Source: DCOM) (EventID: 10001) (User: )
Description: Unable to start a DCOM Server: {C39EE728-D419-4BD4-A3EF-EDA059DBD935} as /. The error:
"5"
Happened while starting this command:
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}


CodeIntegrity:
===================================
  Date: 2016-10-17 00:13:10.489
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-10-17 00:13:10.443
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Pentium® CPU G860 @ 3.00GHz
Percentage of memory in use: 20%
Total physical RAM: 16342.8 MB
Available physical RAM: 12926.27 MB
Total Virtual: 32683.78 MB
Available Virtual: 29461.7 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.72 GB) (Free:51.14 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 97BE5B6A)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 Volstaz

Volstaz
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 17 October 2016 - 01:21 PM

Ran a Malwarebytes, logs to follow, memory still dropping.



Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/17/2016
Scan Time: 12:52 PM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.10.17.08
Rootkit Database: v2016.09.26.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Volstaz

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 322159
Time Elapsed: 8 min, 57 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 1
PUP.Optional.VkontakteDJ, HKU\S-1-5-21-2053704521-392054411-2914475072-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|VkontakteDJ, C:\Users\Volstaz\Downloads\the_black_keys_tighten_up_ft_ment_nelson_hip_hop_remix.mp3.exe /H, Quarantined, [98b48515a4f6cd6951509f219b69926e]

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.VkontakteDJ, C:\Users\Volstaz\AppData\Roaming\VKDJ, Quarantined, [80cc613928724de9d4e72499b05435cb],

Files: 1
PUP.Optional.VkontakteDJ, C:\Users\Volstaz\AppData\Roaming\VKDJ\Config.ini, Quarantined, [80cc613928724de9d4e72499b05435cb],

Physical Sectors: 0
(No malicious items detected)


(end)



#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:42 PM

Posted 20 October 2016 - 01:02 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2053704521-392054411-2914475072-1000\...\Run: [VkontakteDJ] => C:\Users\Volstaz\Downloads\the_black_keys_tighten_up_ft_ment_nelson_hip_hop_remix.mp3.exe /H
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqJvjaGwRUnfYzdE_osq7v4lUswcgcna1Q486l5FNfVs_w5EBzNH4pI-DGIvuSI3s0N_jVRPjILljsWgZRDGP9tnEZeVUHWDLvCF3vi4slSQfSyTKDBxz8go3-kBxkOwEsSea7ZevDf_ap1d4NLLXU_4u26uZUFuNHv4mQYMg&q={searchTerms}
CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
CHR Extension: (Chrome Web Store Payments) - C:\Users\Volstaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-29]
CHR Extension: (Chrome Media Router) - C:\Users\Volstaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-20]
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn Time) [File not signed]
S3 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
Task: {9322BEC0-127D-40F6-8C27-F35F8B425D7E} - System32\Tasks\{19EBBD4B-8CAF-40BF-B68D-0F662D2B7CFB} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=7.3.0.101&amp;LastError=12002
FirewallRules: [TCP Query User{922A06FC-332C-4D0E-9D55-378E12E78EDE}C:\program files (x86)\java\jre1.8.0_65\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_65\bin\java.exe
FirewallRules: [UDP Query User{1B4FDDA6-B80A-4631-82DD-05DD3EEBC32A}C:\program files (x86)\java\jre1.8.0_65\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_65\bin\java.exe
FirewallRules: [TCP Query User{C1EB232D-29B7-4E40-8FFE-4FA50FBCF5D7}C:\program files (x86)\java\jre1.8.0_60\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_60\bin\java.exe
FirewallRules: [UDP Query User{3980FD2F-C3BE-4A9A-B5F7-7F1B760A5827}C:\program files (x86)\java\jre1.8.0_60\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_60\bin\java.exe
FirewallRules: [TCP Query User{CDC53A28-B087-4CD7-906A-FE6583EB9B48}C:\program files (x86)\java\jre1.8.0_91\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\java.exe


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old version(s) of Java via the Control Panel > Programs and Features.
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
==

Please post the Fixlog.txt file and let me know if the problem persists.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:42 PM

Posted 26 October 2016 - 09:42 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users