Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer freezing and Windows Explorer crashing


  • This topic is locked This topic is locked
32 replies to this topic

#1 slivershell

slivershell

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 24 December 2016 - 01:42 PM

I had another post up not too long ago about MSE turning itself off. I say this because that's when the trouble started. I replaced MSE with Sophos free antivirus and notice that AppRider is constant occurrence. I used adware removal to get rid of it but it keeps coming back. My computer is trouble even now. It freezes where I can't use the mouse, the time is stuck at the moment it froze and Ctrl Alt Delete doesn't work, so I do a hard restart. Also, Windows explorer constantly crashes along with some other programs. MOM.exe had some trouble today. 

 

I have Windows 7 professional. Here are the logs. Sorry if I do this incorrectly, but I want this posted before it freezes again.

 

 

Logs are taking forever to load. I'll post them when they do.



BC AdBot (Login to Remove)

 


#2 slivershell

slivershell
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 24 December 2016 - 02:05 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
Ran by BBQ (administrator) on CLAIRE (22-12-2016 20:25:52)
Running from C:\Users\BBQ\Desktop
Loaded Profiles: BBQ (Available Profiles: BBQ)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(ArcSoft, Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Data Recorder\SDRService.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos System Protection\ssp.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 5660 series\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hauppauge Computer Works, Inc.) C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe
(Hauppauge Computer Works, Inc.) C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 5660 series\Bin\HPNetworkCommunicatorCom.exe
(Hauppauge Computer Works, Inc.) C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDevCentralService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190472 2009-09-16] (Logitech Inc.)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-09-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1480176 2016-12-16] (Sophos Limited)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
HKU\S-1-5-21-485299563-1421404851-635644667-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2876704 2016-12-19] (Valve Corporation)
HKU\S-1-5-21-485299563-1421404851-635644667-1000\...\Run: [HP ENVY 5660 series (NET)] => C:\Program Files\HP\HP ENVY 5660 series\Bin\ScanToPCActivationApp.exe [3483656 2014-08-22] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-485299563-1421404851-635644667-1000\...\MountPoints2: {bab0a4ab-2d32-11e3-bffa-e40ec5402939} - E:\LaunchU3.exe -a
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-10-02] (Microsoft Corporation)
AppInit_DLLs-x32: c:\progra~2\sn0310~1.boo => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk [2013-10-02]
ShortcutTarget: AutoStart IR.lnk -> C:\Program Files (x86)\WinTV\Ir.exe (Hauppauge Computer Works)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-05-10]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status.lnk [2013-10-02]
ShortcutTarget: WinTV Recording Status.lnk -> C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
Startup: C:\Users\BBQ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hauppauge Device Central Tray Tool.lnk [2013-10-02]
ShortcutTarget: Hauppauge Device Central Tray Tool.lnk -> C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe (Hauppauge Computer Works, Inc.)
Startup: C:\Users\BBQ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hauppauge Device Properties.lnk [2013-10-02]
ShortcutTarget: Hauppauge Device Properties.lnk -> C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe (Hauppauge Computer Works, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [139832 2016-12-16] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [139832 2016-12-16] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [139832 2016-12-16] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [139832 2016-12-16] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [139832 2016-12-16] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [139832 2016-12-16] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [139832 2016-12-16] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [139832 2016-12-16] (Sophos Limited)
Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [139832 2016-12-16] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [198016 2016-12-16] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [198016 2016-12-16] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [198016 2016-12-16] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [198016 2016-12-16] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [198016 2016-12-16] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [198016 2016-12-16] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [198016 2016-12-16] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [198016 2016-12-16] (Sophos Limited)
Winsock: Catalog9-x64 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [198016 2016-12-16] (Sophos Limited)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E1C8BA0A-394E-4D90-8E40-2099934A962D}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-485299563-1421404851-635644667-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-08-31] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-31] (Oracle Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-11-24] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-11-24] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
 
FireFox:
========
FF DefaultProfile: c15ibo21.default
FF ProfilePath: C:\Users\BBQ\AppData\Roaming\Mozilla\Firefox\Profiles\c15ibo21.default [2016-01-31]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-05-10] [not signed]
FF HKU\S-1-5-21-485299563-1421404851-635644667-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-31] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-31] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-10-02] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-11-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-11-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-10-02] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-09-29] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-485299563-1421404851-635644667-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-09-29] (Pando Networks)
FF Plugin HKU\S-1-5-21-485299563-1421404851-635644667-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-01-27] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-09-18] (Coupons, Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\BBQ\AppData\Local\Google\Chrome\User Data\Default [2016-12-21]
CHR Extension: (GoSavve) - C:\Users\BBQ\AppData\Local\Google\Chrome\User Data\Default\Extensions\alhffhfjlfifablimdpnelhegalepppl [2014-09-17]
CHR Extension: (Google Docs) - C:\Users\BBQ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\BBQ\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
CHR Extension: (YouTube) - C:\Users\BBQ\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-05]
CHR Extension: (Google Search) - C:\Users\BBQ\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-04]
CHR Extension: (Google Docs Offline) - C:\Users\BBQ\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\BBQ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Gmail) - C:\Users\BBQ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\BBQ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-02]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.
 
R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43072 2012-03-19] (ArcSoft, Inc.)
R2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [577536 2013-01-25] (Hauppauge Computer Works)
R3 HcwDevCentralService; C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDevCentralService.exe [401232 2013-02-07] (Hauppauge Computer Works, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-01-06] ()
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [229672 2016-12-16] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [200064 2016-12-16] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [780432 2016-12-16] (Sophos Limited)
R2 Sophos MCS Agent; C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe [1379856 2016-12-16] (Sophos Limited)
R2 Sophos MCS Client; C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe [1805368 2016-12-16] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [360040 2016-12-16] (Sophos Limited)
R2 SophosDataRecorderService; C:\Program Files\Sophos\Sophos Data Recorder\SDRService.exe [996240 2016-12-16] (Sophos Limited)
R2 sophossps; C:\Program Files\Sophos\Sophos System Protection\ssp.exe [5366040 2016-12-16] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3644368 2016-12-16] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2121224 2016-12-16] (Sophos Limited)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 hcwE5bda; C:\Windows\System32\drivers\hcwE5bda.sys [945136 2013-02-12] (Hauppauge Computer Work, Inc.)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [201168 2016-12-16] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2016-12-16] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2016-12-16] (Sophos Limited)
R3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-22 19:54 - 2016-12-22 19:54 - 00018180 _____ C:\Users\BBQ\Desktop\Addition.txt
2016-12-22 19:51 - 2016-12-22 20:25 - 00019544 _____ C:\Users\BBQ\Desktop\FRST.txt
2016-12-22 19:50 - 2016-12-22 19:50 - 00000000 ____D C:\Users\BBQ\Desktop\FRST-OlderVersion
2016-12-20 19:50 - 2016-12-22 19:51 - 00000000 ____D C:\FRST
2016-12-20 19:50 - 2016-12-22 19:50 - 02420736 _____ (Farbar) C:\Users\BBQ\Desktop\FRST64.exe
2016-12-17 19:17 - 2016-12-20 20:17 - 00000000 ____D C:\Windows\pss
2016-12-17 19:04 - 2016-12-18 04:04 - 00342078 _____ C:\Windows\ntbtlog.txt
2016-12-16 21:05 - 2016-12-16 21:06 - 03977168 _____ C:\Users\BBQ\Desktop\adwcleaner_6.041.exe
2016-12-16 17:40 - 2016-12-16 17:40 - 00000000 ____D C:\Users\BBQ\AppData\Local\Sophos
2016-12-16 17:24 - 2016-12-16 17:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2016-12-16 17:23 - 2016-12-16 17:40 - 00000000 ____D C:\ProgramData\Sophos
2016-12-16 17:23 - 2016-12-16 17:40 - 00000000 ____D C:\Program Files (x86)\Sophos
2016-12-16 17:23 - 2016-12-16 17:23 - 00000000 ____D C:\Program Files\Sophos
2016-12-16 17:23 - 2016-09-13 16:24 - 00044304 _____ (Sophos Limited) C:\Windows\system32\SophosBootTasks.exe
2016-12-16 17:22 - 2016-12-16 17:22 - 00201168 _____ (Sophos Limited) C:\Windows\system32\Drivers\savonaccess.sys
2016-12-16 17:22 - 2016-12-16 17:22 - 00176120 _____ (Sophos Limited) C:\Windows\system32\sdccoinstaller.dll
2016-12-16 17:22 - 2016-12-16 17:22 - 00038144 _____ (Sophos Limited) C:\Windows\system32\Drivers\sdcfilter.sys
2016-12-16 17:22 - 2016-12-16 17:22 - 00027904 _____ (Sophos Limited) C:\Windows\system32\Drivers\SophosBootDriver.sys
2016-12-16 17:20 - 2016-12-16 17:20 - 225196632 _____ (Sophos Limited) C:\Users\BBQ\Desktop\SophosInstall.exe
2016-12-16 16:52 - 2016-12-16 16:52 - 00000000 ____D C:\Program Files\Malwarebytes
2016-12-16 16:49 - 2016-12-16 16:49 - 51969976 _____ (Malwarebytes ) C:\Users\BBQ\Desktop\mb3-setup-consumer-3.0.4.1269.exe
2016-12-16 16:44 - 2016-12-16 16:45 - 51969976 _____ (Malwarebytes ) C:\Users\BBQ\Downloads\C8F6.tmp
2016-12-13 19:46 - 2016-12-13 19:46 - 00000000 ____D C:\Users\BBQ\AppData\Local\Chromium
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-22 20:26 - 2013-09-29 16:39 - 00000000 ____D C:\Program Files (x86)\Steam
2016-12-22 20:22 - 2014-09-18 19:52 - 00001332 _____ C:\Windows\Tasks\ILOULES.job
2016-12-22 20:22 - 2014-09-18 19:51 - 00001676 _____ C:\Windows\Tasks\NUBNMXZ.job
2016-12-22 20:22 - 2013-09-29 16:21 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-22 20:21 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-22 20:09 - 2009-07-14 00:08 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-22 19:56 - 2009-07-13 23:45 - 00025744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-22 19:56 - 2009-07-13 23:45 - 00025744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-20 19:43 - 2013-09-29 16:21 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-18 04:35 - 2014-06-12 21:41 - 00000000 ____D C:\AdwCleaner
2016-12-16 17:22 - 2014-09-18 20:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-16 17:14 - 2013-09-29 16:27 - 00001945 _____ C:\Windows\epplauncher.mif
2016-12-13 20:09 - 2015-02-20 09:48 - 00000000 ____D C:\Users\BBQ\AppData\Local\Steam
2016-12-07 19:57 - 2009-07-14 00:13 - 00782010 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-07 19:57 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
 
==================== Files in the root of some directories =======
 
2013-12-06 00:34 - 2013-12-06 00:34 - 49940480 _____ () C:\Program Files (x86)\GUTF82A.tmp
2014-09-01 03:18 - 2014-09-01 03:18 - 0002086 _____ () C:\Users\BBQ\AppData\Roaming\ILOULES
2014-09-01 03:18 - 2014-09-01 03:18 - 0001248 _____ () C:\Users\BBQ\AppData\Roaming\NUBNMXZ
2015-12-02 02:30 - 2015-12-02 02:30 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-05-10 15:50 - 2014-05-10 16:46 - 0000777 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\BBQ\AppData\Local\Temp\bdfilters.dll
C:\Users\BBQ\AppData\Local\Temp\DeviceCentralSetup.exe
C:\Users\BBQ\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\BBQ\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\BBQ\AppData\Local\Temp\IRBlast.exe
C:\Users\BBQ\AppData\Local\Temp\libeay32.dll
C:\Users\BBQ\AppData\Local\Temp\msvcr120.dll
C:\Users\BBQ\AppData\Local\Temp\optprosetup.exe
C:\Users\BBQ\AppData\Local\Temp\Quarantine.exe
C:\Users\BBQ\AppData\Local\Temp\sqlite3.dll
C:\Users\BBQ\AppData\Local\Temp\swt-win32-3349.dll
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2016-10-12 18:24] - [2016-08-29 10:04] - 3229696 ____A (Microsoft Corporation) 38AE1B3C38FAEF56FE4907922F0385BA
 
C:\Windows\SysWOW64\explorer.exe
[2016-10-12 18:24] - [2016-08-29 09:55] - 2972672 ____A (Microsoft Corporation) 6DDCA324434FFA506CF7DC4E51DB7935
 
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll
[2016-09-15 04:42] - [2016-08-16 12:36] - 1009152 ____A (Microsoft Corporation) 8F4B991E7837E8E0F90C856659456652
 
C:\Windows\SysWOW64\User32.dll
[2016-09-15 04:42] - [2016-08-15 21:48] - 0833024 ____A (Microsoft Corporation) 0FBC0E335B65EE5A0175631237817510
 
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
LastRegBack: 2016-12-04 00:20
 
==================== End of FRST.txt ============================


#3 slivershell

slivershell
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 24 December 2016 - 02:06 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by BBQ (22-12-2016 20:28:04)
Running from C:\Users\BBQ\Desktop
Windows 7 Professional Service Pack 1 (X64) (2013-09-29 20:06:08)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-485299563-1421404851-635644667-500 - Administrator - Disabled)
BBQ (S-1-5-21-485299563-1421404851-635644667-1000 - Administrator - Enabled) => C:\Users\BBQ
Guest (S-1-5-21-485299563-1421404851-635644667-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-485299563-1421404851-635644667-1002 - Limited - Enabled)
SophosSAUCLAIREaaa (S-1-5-21-485299563-1421404851-635644667-1007 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Sophos Home (Enabled - Up to date) {FFADE7EA-DC92-4602-D6B2-626CD3450A0F}
AS: Sophos Home (Enabled - Up to date) {44CC060E-FAA8-498C-EC02-591EA8C240B2}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4500_G510nz_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510nz (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510nz_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
ActiveState Komodo Edit 8.5.4 (HKLM-x32\...\{E65B87D8-30C4-4FB0-8C24-AFD64950A881}) (Version: 8.5.4 - ActiveState Software Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.0.1.152 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{46DA7FD9-8BC1-7BA8-98D1-27F46647871B}) (Version: 8.0.891.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft ShowBiz (HKLM-x32\...\{4653DA78-3DB2-4F38-A35D-675CA0AF49CA}) (Version:  - ArcSoft)
ArcSoft ShowBiz (HKLM-x32\...\InstallShield_{9D41D2EF-2D33-4CFD-8A3E-C7E6FCC3303B}) (Version: 5.0.1.480 - ArcSoft)
ArcSoft ShowBiz (x32 Version:  - ArcSoft) Hidden
Assassin’s Creed® III (HKLM-x32\...\Steam App 208480) (Version:  - Ubisoft Montreal)
Assassin's Creed Liberation (HKLM-x32\...\Steam App 260210) (Version:  - Ubisoft Sofia)
Audacity 2.0.4 (HKLM-x32\...\Audacity_is1) (Version: 2.0.4 - Audacity Team)
Aveyond (HKLM-x32\...\BFG-Aveyond) (Version:  - )
Bandicam (HKLM-x32\...\Bandicam) (Version: 2.1.2.740 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.8) (Version: 5.0.1.8 - Coupons.com Incorporated)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dead Mountaineer's Hotel (HKLM-x32\...\Steam App 10230) (Version:  - Electronic Paradise)
Deadly Sin (HKLM-x32\...\BFG-Deadly Sin) (Version:  - )
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
DocMgr (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
E-Hammer (HKLM-x32\...\E-Hammer1.0.0) (Version: 1.0.0 - Asus)
Fallout 3 - Game of the Year Edition (HKLM-x32\...\Steam App 22370) (Version:  - Bethesda Game Studios)
Fallout 4 (HKLM-x32\...\Steam App 377160) (Version:  - Bethesda Game Studios)
Fallout: New Vegas (HKLM\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
ffdshow [rev 497] [2006-11-04] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
FINAL FANTASY III (HKLM\...\Steam App 239120) (Version:  - Square Enix)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version:  - Greenheart Games)
GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)
Hauppauge Device Central (HKLM-x32\...\Hauppauge Device Central) (Version: 1.1.31038 - Hauppauge Computer Works, Inc.)
Hauppauge StreamEez (HKLM-x32\...\Hauppauge StreamEez) (Version: 1.0.31029 - Hauppauge Computer Works, Inc.)
Hauppauge WinTV 7 (HKLM-x32\...\Hauppauge WinTV 7) (Version: v7.0.31050 (CD 2.7) - Hauppauge Computer Works)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP ENVY 5660 series Basic Device Software (HKLM\...\{2C0721C5-0CD8-46BC-9D7D-666D3B171CFF}) (Version: 34.2.117.50647 - Hewlett-Packard Co.)
HP ENVY 5660 series Help (HKLM-x32\...\{607F50D9-40BD-4F17-A584-152F563293B4}) (Version: 34.0.0 - Hewlett Packard)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 4500 G510n-z (HKLM\...\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}) (Version: 13.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java SE Development Kit 8 Update 101 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180101}) (Version: 8.0.1010.13 - Oracle Corporation)
Leadwerks Game Engine (HKLM-x32\...\Steam App 251810) (Version:  - Leadwerks Software)
Logitech Gaming Software 5.08 (HKLM\...\{96F1BA99-300F-4DD5-A26B-788EF63B53B1}) (Version: 5.08.146 - Logitech)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 12 Essentials OEM.a01 (HKLM-x32\...\{2AC099EA-CC1C-4E4E-BDFC-0353DCF13DD0}) (Version: 12.5.00400 - Nero AG)
Network64 (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.3 - Black Tree Gaming)
NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Plants vs. Zombies (HKLM-x32\...\BFG-Plants vs Zombies) (Version:  - )
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Product Improvement Study for HP ENVY 5660 series (HKLM\...\{03EDBA70-A4E9-4AC9-A76A-8EE5172684BF}) (Version: 34.2.117.50647 - Hewlett-Packard Co.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
RPG Maker 2003 v1.08 (HKLM-x32\...\RPG Maker 2003_is1) (Version:  - Enterbrain, Inc.)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sophos Anti-Virus (HKLM-x32\...\{DFDA2077-95D0-4C5F-ACE7-41DA16639255}) (Version: 10.7.0.301 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{AFBCA1B9-496C-4AE6-98AE-3EA1CFF65C54}) (Version: 5.5.2.1 - Sophos Limited)
Sophos Diagnostic Utility (HKLM-x32\...\{4627F5A1-E85A-4394-9DB3-875DF83AF6C2}) (Version: 1.13.0.4 - Sophos Limited)
Sophos Home (HKLM-x32\...\{63F3BF88-DE8E-4B21-BB24-F64CE500308E}) (Version: 1.1.0.78 - Sophos Limited)
Sophos Management Communications System (HKLM-x32\...\{2C14E1A2-C4EB-466E-8374-81286D723D3A}) (Version: 4.3.0.107 - Sophos Limited)
Sophos System Protection (HKLM\...\{934BEF80-B9D1-4A86-8B42-D8A6716A8D27}) (Version: 2.6.0.71 - Sophos Limited)
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
The Elder Scrolls IV: Oblivion  (HKLM\...\Steam App 22330) (Version:  - Bethesda Game Studios)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Forest (HKLM\...\Steam App 242760) (Version:  - Endnight Games Ltd)
The Sims™ 3 (HKLM\...\Steam App 47890) (Version:  - The Sims Studio)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Vegas Pro 13.0 (64-bit) (HKLM\...\{D264BD11-6A9B-11E4-A4F7-F04DA23A5C58}) (Version: 13.0.428 - Sony)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Wireless N Client Utility (HKLM-x32\...\{AF31A19F-EC05-4494-969F-584B02DF16FF}) (Version: 7.0 - Rosewill)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {350DB980-C70D-4284-958C-796C735F2F88} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {4633B05A-AD3E-47FF-BAE2-99183EFBADDE} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe
Task: {5C9B2BD5-ACA4-4A73-A5D0-8F977EC157FA} - System32\Tasks\{B90B5711-50FC-429F-8637-4AC456E2CF42} => C:\Users\BBQ\Desktop\RPG_RT.exe
Task: {993B5AE1-DA4D-4221-9421-259A6C238B87} - System32\Tasks\{A11AFE42-BE5D-46DC-B822-F2B011A1ACC8} => C:\GOG Games\The Longest Journey\game.exe
Task: {9B0703CA-3DF9-46B5-9A24-99C2B47914F8} - System32\Tasks\HPCustParticipation HP ENVY 5660 series => C:\Program Files\HP\HP ENVY 5660 series\Bin\HPCustPartic.exe [2014-08-22] (Hewlett-Packard Development Company, LP)
Task: {A454D71C-D92D-45B4-8F98-313C2BA119C2} - System32\Tasks\{8829633D-B961-4769-9C40-3E5B573507DA} => C:\Users\BBQ\Desktop\RPG_RT.exe
Task: {C2B6C21D-ECA9-4C54-952B-3784BD0B5791} - System32\Tasks\{F832F058-37BE-4CB9-B65D-AF9EB4C467DE} => pcalua.exe -a D:\Setup\hdpvr2setup.exe -d D:\Setup
Task: {C9D0CD26-CE2A-4AA5-99A8-7735AA0B4327} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {E0464FA9-233E-46EB-BBF0-40C9870091B6} - System32\Tasks\HPCustPartic.exe_{813F9515-F797-4D59-AEED-BF876D0FFCE9} => C:\Program Files\HP\HP ENVY 5660 series\Bin\HPCustPartic.exe [2014-08-22] (Hewlett-Packard Development Company, LP)
Task: {EEBE4B62-400E-4679-A1B1-0FD0E15C430D} - System32\Tasks\ILOULES => C:\Users\BBQ\AppData\Roaming\ILOULES.exe <==== ATTENTION
Task: {F627D73E-EE62-41FB-95DE-E0035979CAAE} - System32\Tasks\NUBNMXZ => C:\Users\BBQ\AppData\Roaming\NUBNMXZ.exe <==== ATTENTION
Task: {FFA57A34-6B65-41B9-8A74-FA5D91A7C7C7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ILOULES.job => C:\Users\BBQ\AppData\Roaming\ILOULES.exe <==== ATTENTION
Task: C:\Windows\Tasks\NUBNMXZ.job => C:\Users\BBQ\AppData\Roaming\NUBNMXZ.exe <==== ATTENTION
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-01-06 14:43 - 2014-01-06 14:43 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-02 19:33 - 2011-08-23 08:04 - 00057344 _____ () C:\Program Files (x86)\WinTV\TVServer\libhdhomerun.dll
2013-10-02 19:33 - 2012-10-29 16:29 - 00018944 _____ () C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServerps.dll
2014-01-06 14:43 - 2014-01-06 14:43 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-02 19:33 - 2012-10-29 16:29 - 00018944 _____ () C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServerps.dll
2013-08-21 13:18 - 2016-12-08 10:13 - 00656160 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-20 19:03 - 2016-08-31 20:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-20 19:03 - 2016-08-31 20:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-20 19:03 - 2016-08-31 20:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-05-27 09:08 - 2016-12-19 21:25 - 02322720 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-28 18:53 - 2016-01-27 02:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-28 18:53 - 2016-01-27 02:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-28 18:53 - 2016-01-27 02:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-28 18:53 - 2016-01-27 02:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-28 18:53 - 2016-01-27 02:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-09-21 09:35 - 2016-12-19 21:25 - 00838944 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-04-02 17:36 - 2016-07-04 17:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-12-13 19:46 - 2016-12-05 11:21 - 67304736 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-12-13 19:46 - 2016-12-05 11:21 - 67304736 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2015-01-20 19:03 - 2015-09-24 18:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:44D90A78 [386]
AlternateDataStreams: C:\ProgramData\TEMP:6C7EBDC3 [468]
AlternateDataStreams: C:\ProgramData\TEMP:B1FBBD09 [386]
AlternateDataStreams: C:\ProgramData\TEMP:CAE2C3A5 [215]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-485299563-1421404851-635644667-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\BBQ\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{38CA5420-5177-481D-8730-567E9F2CC5B0}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{53A29A26-2543-4359-A7E2-615E76733664}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A054923D-C314-4F5A-8C66-A68BB4BF7D4F}] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{B49BD7F6-7B6C-4922-89A0-F2FDF918AE0B}] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{864316C2-FBF7-4D2A-82D5-A83713F23DD2}] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{DEF5B065-7F99-498C-A639-EEADA730E6E6}] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{A4F33CF8-0712-4B37-8FAA-35B7B4355E55}] => LPort=56812
FirewallRules: [{1278513A-57E4-43C4-BD97-434BC881CBED}] => LPort=56812
FirewallRules: [{757E4F34-7ED2-4A7B-A33A-99690753C282}] => LPort=56812
FirewallRules: [{C952E39E-98A2-4222-AB09-5DB3C81E28D6}] => LPort=56812
FirewallRules: [{471A90E4-757D-4BC8-88D3-F1556FC095BC}] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{FE2CF4CD-5D53-43F7-A40C-937E03440BFB}] => C:\Program Files (x86)\Hauppauge\StreamEez\HcwDevCentralTool.exe
FirewallRules: [{B3198DDF-841A-4DEC-9DF9-589480647B18}] => C:\Program Files (x86)\Hauppauge\StreamEez\HcwDevCentralTool.exe
FirewallRules: [{C47B8EB5-08F2-41F3-96F4-2FEA068C5A8C}] => C:\Program Files (x86)\Hauppauge\StreamEez\HcwDevCentralTool.exe
FirewallRules: [{3F9B8EA3-E422-497F-9AA5-B78D30FEB6D4}] => C:\Program Files (x86)\Hauppauge\StreamEez\HcwDevCentralTool.exe
FirewallRules: [{1A1F4BF7-0F2F-4942-B98F-24EC4F2F5718}] => C:\Program Files (x86)\WinTV\WinTV7\WinTV7.exe
FirewallRules: [{FB074F87-724C-4DA6-80DA-01A191BBFC32}] => C:\Program Files (x86)\WinTV\WinTV7\WinTV7.exe
FirewallRules: [{3CB13638-94CF-41B0-BA23-F8C49C305045}] => C:\Program Files (x86)\WinTV\WinTV7\WinTV7.exe
FirewallRules: [{FE416060-99C9-4494-87C5-934F7E5F3677}] => C:\Program Files (x86)\WinTV\WinTV7\WinTV7.exe
FirewallRules: [{25785BF5-BCF3-41E5-ADAF-257E26C1E23C}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E13793CB-F973-47AD-8876-EAC8A8CA31FE}] => LPort=2869
FirewallRules: [{88A15F25-669F-4256-AF0A-D0032AA4C769}] => LPort=1900
FirewallRules: [{BDE588B3-4B4C-40AF-A080-AE420A2C4DAC}] => C:\Program Files (x86)\Steam\SteamApps\common\Fallout 3 goty\FalloutLauncher.exe
FirewallRules: [{2F88688E-A0FB-42BB-9A7A-17C095B0529C}] => C:\Program Files (x86)\Steam\SteamApps\common\Fallout 3 goty\FalloutLauncher.exe
FirewallRules: [{E420C8CD-6BF0-4CDE-B5A6-B32D6C999906}] => C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\UDK.exe
FirewallRules: [{A62260BA-9D0A-45D7-8779-3FFFE85B02F1}] => C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\UDK.exe
FirewallRules: [{7C22C744-942B-4488-AC37-0E7D6CFC5E57}] => C:\Program Files (x86)\Steam\SteamApps\common\Dead Mountaineer's Hotel\Game.exe
FirewallRules: [{A022AC5D-23C3-40AE-93A8-8B0D7EEBDD4A}] => C:\Program Files (x86)\Steam\SteamApps\common\Dead Mountaineer's Hotel\Game.exe
FirewallRules: [{1328312B-416F-4426-AD1A-21ECEF93CAAA}] => C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{A8007CA4-9368-459A-A3C6-1A9E74C0DD53}] => C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{C90F4A01-4C79-4323-9F00-B58880110E5E}] => C:\Program Files (x86)\Steam\SteamApps\common\Alan Wake\AlanWake.exe
FirewallRules: [{D770114F-19A2-4A8B-8965-8656258085B3}] => C:\Program Files (x86)\Steam\SteamApps\common\Alan Wake\AlanWake.exe
FirewallRules: [{DB8713DE-61E9-49BE-AD9C-A44FE713CA0B}] => C:\Program Files (x86)\Steam\SteamApps\common\The Sims 3\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{7E97C44A-E21B-4F68-8A3D-65E5F5415D67}] => C:\Program Files (x86)\Steam\SteamApps\common\The Sims 3\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{E7C909AC-45D9-42B2-B98D-B086C49EB75C}] => C:\Program Files (x86)\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{F2A458FA-C105-440A-8C1D-F3830C1C67A0}] => C:\Program Files (x86)\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{A9315691-12CA-43A1-90F6-1183761A441E}] => C:\Program Files (x86)\Steam\SteamApps\common\Assassin's Creed 3\AC3SP.exe
FirewallRules: [{882A9FD1-1AE7-4506-BAEC-3F28091898B1}] => C:\Program Files (x86)\Steam\SteamApps\common\Assassin's Creed 3\AC3SP.exe
FirewallRules: [{C748056F-924F-44AB-A8FA-5E942D49F00E}] => C:\Program Files (x86)\Steam\SteamApps\common\Assassin's Creed 3\AC3MP.exe
FirewallRules: [{E69178CD-ADBB-4CB9-9587-57FA202F1957}] => C:\Program Files (x86)\Steam\SteamApps\common\Assassin's Creed 3\AC3MP.exe
FirewallRules: [{BC43AFFC-99E0-4B1C-B92A-8A640A89C54B}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{B1FC9F04-84FA-46F0-865B-821587C4E93D}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{AE457890-2270-4A19-B992-0C3CD6D3D7FB}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{7C36C25E-CB03-4EB5-8B0A-7E6025DE2CF9}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{79F5BEBF-7741-4710-99E5-80B8BBCBBC68}C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [UDP Query User{E0D098A3-4C4B-4F86-A4F8-817FAEABD7CB}C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [{2921560A-87FB-4E1C-B7B8-571B5ED8652E}] => D:\setup\hpznui40.exe
FirewallRules: [{E04D64DA-A94F-4040-9DF0-5C434D81C838}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{0AE56A40-60A2-4B92-B26C-D9F31A5F1BD9}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{CD8146D4-E946-46C1-9E80-52EA170BCEDF}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{827920B8-1E07-44CF-9278-769CCDEB4EDA}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{8BCD591E-B49E-443D-9D7F-AF75759CD793}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{288B54A1-58B9-423F-A000-CBD86AC75693}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{674E5809-7358-4473-AFC5-6B8C3BB40102}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{889CAED8-2FA6-4A50-8CB6-B4265B94E352}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{AEBC56CF-8FD5-4D6A-A3E8-B64EF73BF516}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{EE240BC6-284A-4BA1-BCAF-15D9EBF6177B}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{1B8E8DA1-5A5E-414B-B111-7AD88455FA84}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{C19CB84E-DA4E-4C68-B7F7-8F56A15FAA83}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{3442FE1C-C863-4598-B068-1C2465E3481A}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{AB58D70A-C3B2-49A4-B72B-F879054452CF}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{6B83F75E-4709-4E10-BF8F-27F60695FFB3}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{9531BDA2-561C-47FB-AD15-5C758B4AB142}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{41DC2AB2-B294-4F18-8EAA-63A2CDD99CE1}] => C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{092BBFC6-0AEE-4170-A38C-B7F3A4821355}] => C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{C2C83F89-891E-424B-BC0E-01911AC645BC}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{80AB3E18-71BB-4A20-B793-6FED0F043A9B}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3B41F757-B091-4205-82B0-2A6A22CB4DE5}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{230AD87C-A227-4A47-A06D-7FFE99A364CB}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F15DB17D-ED85-4DB9-8E13-E41D8272A2F0}] => C:\Program Files (x86)\Steam\SteamApps\common\Assassin's Creed Liberation\ac3lhd_32.exe
FirewallRules: [{999A9D92-79D5-44D9-B2BF-9659ABD3B7FE}] => C:\Program Files (x86)\Steam\SteamApps\common\Assassin's Creed Liberation\ac3lhd_32.exe
FirewallRules: [{7CB950FB-243B-486A-BF74-86A987F1A309}] => C:\Program Files (x86)\Steam\SteamApps\common\Game Dev Tycoon\GameDevTycoon.exe
FirewallRules: [{35A51483-B281-4711-9A03-45161C8E9BB7}] => C:\Program Files (x86)\Steam\SteamApps\common\Game Dev Tycoon\GameDevTycoon.exe
FirewallRules: [{EDA356C6-3D2B-446D-890B-7B6FB07EB9DF}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{EFB52489-6CD8-4B9B-ADBA-AD3CF3C56F5B}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{DD99F62E-BB70-4808-AAB9-0518ADF5C73A}] => C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{589E2E23-3861-47AA-BB1A-9C36921981B8}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{66724BA0-CCBB-43CF-8D39-3E7986C63B92}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{545CBF64-F87C-478A-92F0-F64B24DEE2D2}] => C:\Program Files (x86)\Steam\SteamApps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{F83F58AC-0B4D-4631-9860-85E03D0AD4B7}] => C:\Program Files (x86)\Steam\SteamApps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{346D5F5F-9519-4714-BAC7-244A99603E11}] => C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
FirewallRules: [{9D49D417-37E3-413D-BB6A-64A3241A2D17}] => C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
FirewallRules: [TCP Query User{ED2B5F1B-A67A-4FDD-B8D0-0A0AD4455409}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [UDP Query User{0396BEF8-1C45-4127-A287-694F9009F66A}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [{6B63F4F2-7724-42C1-B6E8-E1F7B0B18F72}] => C:\Program Files (x86)\Steam\SteamApps\common\Leadwerks\Leadwerks.exe
FirewallRules: [{AA4193A8-0E5B-4321-BBCA-8B449EDB0A11}] => C:\Program Files (x86)\Steam\SteamApps\common\Leadwerks\Leadwerks.exe
FirewallRules: [{7D7963BD-6834-4A02-AD0D-ECECBBE21EED}] => C:\Program Files (x86)\Steam\SteamApps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{A4EB7008-0767-427C-8AD0-61D5AE6C732B}] => C:\Program Files (x86)\Steam\SteamApps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{0A6E7348-736E-4DBA-A6B4-A2A56C7B8976}] => C:\Program Files\HP\HP ENVY 5660 series\Bin\DeviceSetup.exe
FirewallRules: [{088637C1-C5F8-4274-9FAB-7B4830CB6354}] => LPort=5357
FirewallRules: [{81A63FF4-9A7E-4093-AE6D-F1619D3E04DF}] => C:\Program Files\HP\HP ENVY 5660 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{DC1D68CE-D920-44A3-81F6-EB52F7CE91BE}] => C:\Program Files (x86)\Steam\SteamApps\common\Oblivion\OblivionLauncher.exe
FirewallRules: [{816D4143-A434-4319-9A5D-14384D4CFD9E}] => C:\Program Files (x86)\Steam\SteamApps\common\Oblivion\OblivionLauncher.exe
FirewallRules: [{3FEF2009-1533-4851-BB8C-571E60B0CC66}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{82519930-E004-460E-BB17-CF942C9E2F8C}] => C:\Program Files (x86)\Steam\SteamApps\common\The Sims 3\Game\Bin\Sims3Launcher.exe
FirewallRules: [{308BCCF5-0370-4D3F-A83C-558A50CE06B2}] => C:\Program Files (x86)\Steam\SteamApps\common\The Sims 3\Game\Bin\Sims3Launcher.exe
FirewallRules: [{97472D1C-A66D-4E13-BD09-1B970DC35561}] => C:\Program Files (x86)\Steam\SteamApps\common\Final Fantasy III\FF3_Launcher.exe
FirewallRules: [{9FF13D54-F7C9-497A-AA0C-19131AAEC02A}] => C:\Program Files (x86)\Steam\SteamApps\common\Final Fantasy III\FF3_Launcher.exe
FirewallRules: [{C52F1973-F888-4617-8527-0F33DD9DCEC4}] => C:\Program Files (x86)\Steam\SteamApps\common\The Forest\TheForest.exe
FirewallRules: [{61B3C60F-C3E8-4547-BC3D-55E2B33B9BC9}] => C:\Program Files (x86)\Steam\SteamApps\common\The Forest\TheForest.exe
FirewallRules: [{5DF02C1C-3927-4734-B5F7-C7ECFC403D81}] => C:\Program Files (x86)\Steam\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{52365741-0EBD-4310-B241-DA3BAAFB4911}] => C:\Program Files (x86)\Steam\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
Name: Ethernet Controller
Description: Ethernet Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Video Controller
Description: Video Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/22/2016 08:37:03 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\SysWOW64\FirewallAPI.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Steam Client Service because of this error.
 
Program: Steam Client Service
File: C:\Windows\SysWOW64\FirewallAPI.dll
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C0000185
Disk type: 3
 
Error: (12/22/2016 08:37:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SteamService.exe, version: 3.75.32.7, time stamp: 0x585894cb
Faulting module name: FirewallAPI.dll, version: 6.1.7600.16385, time stamp: 0x4a5bd9f1
Exception code: 0xc0000006
Fault offset: 0x000583bf
Faulting process id: 0x1148
Faulting application start time: 0x01d25cbd04e937d2
Faulting application path: C:\Program Files (x86)\Common Files\Steam\SteamService.exe
Faulting module path: C:\Windows\SysWOW64\FirewallAPI.dll
Report Id: 4dfc19c2-c8b0-11e6-a36b-e29910f9be24
 
Error: (12/22/2016 08:35:53 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\SysWOW64\FirewallAPI.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Steam Client Service because of this error.
 
Program: Steam Client Service
File: C:\Windows\SysWOW64\FirewallAPI.dll
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C0000185
Disk type: 3
 
Error: (12/22/2016 08:35:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SteamService.exe, version: 3.75.32.7, time stamp: 0x585894cb
Faulting module name: FirewallAPI.dll, version: 6.1.7600.16385, time stamp: 0x4a5bd9f1
Exception code: 0xc0000006
Fault offset: 0x000583bf
Faulting process id: 0x1510
Faulting application start time: 0x01d25cbbebfaa27a
Faulting application path: C:\Program Files (x86)\Common Files\Steam\SteamService.exe
Faulting module path: C:\Windows\SysWOW64\FirewallAPI.dll
Report Id: 23dd0029-c8b0-11e6-a36b-e29910f9be24
 
Error: (12/22/2016 08:35:31 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\System32\wininet.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Tasks because of this error.
 
Program: Host Process for Windows Tasks
File: C:\Windows\System32\wininet.dll
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C0000185
Disk type: 3
 
Error: (12/22/2016 08:35:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: taskhost.exe, version: 6.1.7601.18010, time stamp: 0x50aee9f3
Faulting module name: wininet.dll, version: 11.0.9600.18525, time stamp: 0x58123676
Exception code: 0xc0000006
Fault offset: 0x00000000000c0134
Faulting process id: 0xc80
Faulting application start time: 0x01d25cbafc05e4d5
Faulting application path: C:\Windows\system32\taskhost.exe
Faulting module path: C:\Windows\system32\wininet.dll
Report Id: 16d3b6e9-c8b0-11e6-a36b-e29910f9be24
 
Error: (12/22/2016 08:30:48 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\System32\wbem\cimwin32.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program WMI Provider Host because of this error.
 
Program: WMI Provider Host
File: C:\Windows\System32\wbem\cimwin32.dll
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C0000185
Disk type: 3
 
Error: (12/22/2016 08:30:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmiprvse.exe, version: 6.1.7601.17514, time stamp: 0x4ce79d42
Faulting module name: cimwin32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c567
Exception code: 0xc0000006
Fault offset: 0x00000000000ee670
Faulting process id: 0x10ac
Faulting application start time: 0x01d25cbc05407ea3
Faulting application path: C:\Windows\system32\wbem\wmiprvse.exe
Faulting module path: C:\Windows\system32\wbem\cimwin32.dll
Report Id: 6dfeef78-c8af-11e6-a36b-e29910f9be24
 
Error: (12/22/2016 08:26:35 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1_for_KB2491683~31bf3856ad364e35~amd64~~6.1.1.1.cat for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.
 
Program: Host Process for Windows Services
File: C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1_for_KB2491683~31bf3856ad364e35~amd64~~6.1.1.1.cat
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C0000185
Disk type: 3
 
Error: (12/22/2016 08:26:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_CryptSvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: bcryptprimitives.dll, version: 6.1.7601.23451, time stamp: 0x573365b4
Exception code: 0xc0000006
Fault offset: 0x00000000000080bf
Faulting process id: 0xb74
Faulting application start time: 0x01d25cbb7c7d7a33
Faulting application path: C:\Windows\System32\svchost.exe
Faulting module path: C:\Windows\system32\bcryptprimitives.dll
Report Id: d73fd56d-c8ae-11e6-a36b-e29910f9be24
 
 
System errors:
=============
Error: (12/22/2016 08:37:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Steam Client Service service terminated unexpectedly.  It has done this 2 time(s).
 
Error: (12/22/2016 08:36:34 PM) (Source: Microsoft-Windows-CorruptedFileRecovery-Server) (EventID: 10) (User: NT AUTHORITY)
Description: The system file C:\Windows\System32\wbem\cimwin32.dll may be corrupted, but Windows could not determine if the file was actually damaged (error code 2147753986). No repair action was taken. Run the command "sfc /scannow" at an administrative command prompt to check for errors and to repair the file if necessary.
 
Error: (12/22/2016 08:36:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Steam Client Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/22/2016 08:35:53 PM) (Source: Microsoft-Windows-CorruptedFileRecovery-Server) (EventID: 10) (User: NT AUTHORITY)
Description: The system file C:\Windows\System32\wininet.dll may be corrupted, but Windows could not determine if the file was actually damaged (error code 2147753986). No repair action was taken. Run the command "sfc /scannow" at an administrative command prompt to check for errors and to repair the file if necessary.
 
Error: (12/22/2016 08:30:46 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: 
An instance of the service is already running.
 
Error: (12/22/2016 08:28:55 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort1.
 
Error: (12/22/2016 08:28:55 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort1.
 
Error: (12/22/2016 08:28:55 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort1.
 
Error: (12/22/2016 08:28:55 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort1.
 
Error: (12/22/2016 08:28:55 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort1.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2500 CPU @ 3.30GHz
Percentage of memory in use: 27%
Total physical RAM: 8073.09 MB
Available physical RAM: 5866.12 MB
Total Virtual: 16144.36 MB
Available Virtual: 13967.4 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:165.78 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: E202775A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#4 polskamachina

polskamachina

  • Malware Response Team
  • 3,938 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:11 AM

Posted 27 December 2016 - 01:03 AM

Hi silvershell :)

 

My name is polskamachina and I would like to welcome you back to the Malware Removal Forum. I will be helping you with your malware issues.

What follows below are some ground rules for this forum.
 
I will reply as soon as possible (typically within 24-48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, please let me know. I am in California at GMT-8 hours (Pacific Standard Time). If I do not respond to you within 48 hours, feel free to send me a private message.

Some points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine. Running any additional tools may detect false positives, interfere with our tools, cause unforeseen damage, or system instability.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • I cannot see your computer. Periodically update me on the condition of your computer, and provide as much detail as you can in every post.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
  • NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.
  • NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. Please remember to copy the entire post so you do not miss any instructions.

Please give me some time to review your situation and I will get back to you with further instructions.

 

polskamachina



#5 slivershell

slivershell
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 27 December 2016 - 12:19 PM

Awesome! Thank you polskamachina! I hope everything works out. I got a bunch of steam games for Christmas and I'm itching to play them!



#6 polskamachina

polskamachina

  • Malware Response Team
  • 3,938 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:11 AM

Posted 27 December 2016 - 11:14 PM

Hi silvershell :)

 

I know you're anxious to get back up to full steam (no pun intended, ok maybe a little pun intended) but I have to make sure I leave no stone unturned! :busy:  Please be patient.

 

polskamachina



#7 polskamachina

polskamachina

  • Malware Response Team
  • 3,938 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:11 AM

Posted 30 December 2016 - 01:08 AM

Hi silvershell :)

 

I'm putting together the final touches on the fix... please stay with me.

 

polskamachina



#8 polskamachina

polskamachina

  • Malware Response Team
  • 3,938 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:11 AM

Posted 30 December 2016 - 03:30 PM

Hi silvershell :)
 
Sorry for the delay. Let's begin!
 
96jfrSi.png Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts
  • Right-click JRT.exe and select Run as Administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications
  • On completion, a log JRT.txt will be created, saved to your desktop, and will automatically open
  • Copy and paste the JRT.txt into your next reply to me

Next:
 
Download RogueKiller from one of the following links and save it to your desktop:

  • Link 1
  • Link 2
    • Close all programs and disconnect any USB or external drives before running the tool.
    • Right-click RogueKiller.exe to select the tool and click Run As Administrator
    • Once the Prescan has finished, click Scan.
    • Once the Status box shows "Scan Finished", click the Report button to show the log, and then close the program. <--Don't fix anything!
    • Copy and paste the report that opens into your next reply.
      • The log can also be found in the following location: C:\ProgramData\RogueKiller\Logs\RKreport_SCN_mmddyyyy_hhmmss.log

In summary I will need from you:

  • JRT.txt
  • RogueKiller log

Let me know if you have any questions.
 
polskamachina



#9 slivershell

slivershell
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 30 December 2016 - 08:07 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 7 Professional x64 
Ran by BBQ (Administrator) on Fri 12/30/2016 at 19:53:55.05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 47 
 
Successfully deleted: C:\Users\BBQ\AppData\Local\installer (Folder) 
Successfully deleted: C:\Windows\couponprinter.ocx (File) 
Successfully deleted: C:\Program Files (x86)\GUTF82A.tmp (File) 
Successfully deleted: C:\Users\BBQ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\BBQ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1H0Q4W4K (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\BBQ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3FDIUKYN (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\BBQ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5M80Z4T1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\BBQ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\BBQ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6T382QPY (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\BBQ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\72OK57YD (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\BBQ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9TYTAHZU (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\BBQ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DKFQ129V (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\BBQ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ESOHPXPL (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\BBQ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\BBQ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H0U53OLY (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\BBQ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HIC8OOKM (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\BBQ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\BBQ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N22OG08U (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\BBQ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RS242DRL (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\BBQ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TN7LPSG7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\BBQ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VH48HGJZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\BBQ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7Q75IYC (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\BBQ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFEIGS8G (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\BBQ\AppData\Local\Temp\vitruvian-installer-install-v0001 (File) 
Successfully deleted: C:\Users\BBQ\AppData\Local\Temp\vitruvian-installer-processes-v0001 (File) 
Successfully deleted: C:\Users\BBQ\AppData\Local\Temp\vitruvian-installer-softwareregkeys-v0001 (File) 
Successfully deleted: C:\Users\BBQ\AppData\Local\Temp\vitruvian-installer-uninstall-v0001 (File) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1H0Q4W4K (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3FDIUKYN (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5M80Z4T1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6T382QPY (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\72OK57YD (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9TYTAHZU (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DKFQ129V (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ESOHPXPL (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H0U53OLY (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HIC8OOKM (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N22OG08U (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RS242DRL (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TN7LPSG7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VH48HGJZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7Q75IYC (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFEIGS8G (Temporary Internet Files Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 12/30/2016 at 20:00:10.88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#10 slivershell

slivershell
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 30 December 2016 - 09:00 PM

RogueKiller V12.9.0.0 (x64) [Dec 26 2016] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : BBQ [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 12/30/2016 20:18:21 (Duration : 00:36:16)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 4 ¤¤¤
[PUP.Gen0|Suspicious.Path|VT.Application.Win32.Coupons.a] (X64) HKEY_CLASSES_ROOT\CLSID\{1A53AD8B-D0B9-4E7F-88E4-50C07A65F2DC} (C:\Windows\COUPON~2.OCX) -> Found
[PUP.Gen0|Suspicious.Path|VT.Application.Win32.Coupons.a] (X64) HKEY_CLASSES_ROOT\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC} (C:\Windows\COUPON~2.OCX) -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-485299563-1421404851-635644667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-485299563-1421404851-635644667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
 
¤¤¤ Tasks : 4 ¤¤¤
[Suspicious.Path] %WINDIR%\Tasks\ILOULES.job -- C:\Users\BBQ\AppData\Roaming\ILOULES.exe (/infocmdline=OkE/0vv4UAJ7RGNLtx9XDGX1fKH1VYC72KelBx8VCL1on9jEs8n/tIqO7vdlyDBADpJ1eOd4hlO1TneOIw12dRCsR/H9E066S1Vb669Qv1/HqYrNhiLoh2ZYpKajg++KlsNGLYNF/D2QHj6UtK5Dd067e/6qBvXByCXWVzJyU/YAVhOc/3m5AlBupGk8RcPeL8UabTNV4porbhL6nPJSnZQLVFt53im3sc7GpEuRRYKjBxw1wyF0WgN8+rwGSGZCJ+L7OfNEygDo61xRJNSOfekmE53rsQR5E9hZDQTVVBbKb8MvSrhzRkTN/6QjZc/zAhsuu35Yc2ebWJQgVR//h3szjjynur4FBbqyfvJk+XJv80dlap/iKtiajzb+NuPanN+Pk6YcG/80RQwr3eTahv9OVTdC80u7/TMsHj6TJsF1x7S/iaB9Xu20BE0zzJrWEsFyptxaJfLRLmhlmnp+DmeRBWKTMbzmJNgMkmjUPsSjRljPb3T7kHds/pXnh824) -> Found
[Suspicious.Path] %WINDIR%\Tasks\NUBNMXZ.job -- C:\Users\BBQ\AppData\Roaming\NUBNMXZ.exe (/infocmdline=H6BG5vZoKB8eY9aCNa7Iw6lxMaj2PJoGgyRkYyNy/KEoh2wQFSenMs2QtzVvqlZ5CtX0QuKI74SnQci0G/Jtft73LytrCIBubfEPgNmyx1vs3urXJUp8sKG5Q7OQK1Rc1vfU/k4RkircWgA6QC/gOQ5NI/d4iu1egi6Ozu31RdojnEgHJVN///FHloA3hTOChak1Eq87ZR1WUVU+Xs7Ehx4c4XZf3ggeGF04OHm+wqfEJbkRXGgfavQRFglFDbKkswOtHNkenS1ybYnx9o1S6K4VM3KjqKfXUlQlVfV5fl1fQbwxRk/J73HNy7TE5eXhNaYZcxMvIkjocFWOau5yAQQerE9JTazX7VRT4KUxY+L1VZ98deHcTBDmDjlyvG30Ip7bV794Ngwz+K60pMlqUTs9jYwOP98zZGHxMURx0YpZRQmbPdO39g7Z4tLZXNkUjkGoBG64LWHk8VJwAaQFVvsM/t7RgSFp/Xz16TWkoydgk5qnD77t0c4bHwSBHhwfqA5POcZgiGcz88A0D/owDv2EW28VYmjIYUpcNAfwwBd8A7nOqSIXtDw3Vqe0JeZHQr6Yp/Ves+OqMM8587Ryv2iCkwpevi6rrr9x9A4crcJfU6S+2xTNAyYBSdpWy9qW1vh9vSUNyhCrdLSjq0PfHww9PoW/hIZdMw4hjfXxM70=) -> Found
[Suspicious.Path] \ILOULES -- C:\Users\BBQ\AppData\Roaming\ILOULES.exe (/infocmdline=OkE/0vv4UAJ7RGNLtx9XDGX1fKH1VYC72KelBx8VCL1on9jEs8n/tIqO7vdlyDBADpJ1eOd4hlO1TneOIw12dRCsR/H9E066S1Vb669Qv1/HqYrNhiLoh2ZYpKajg++KlsNGLYNF/D2QHj6UtK5Dd067e/6qBvXByCXWVzJyU/YAVhOc/3m5AlBupGk8RcPeL8UabTNV4porbhL6nPJSnZQLVFt53im3sc7GpEuRRYKjBxw1wyF0WgN8+rwGSGZCJ+L7OfNEygDo61xRJNSOfekmE53rsQR5E9hZDQTVVBbKb8MvSrhzRkTN/6QjZc/zAhsuu35Yc2ebWJQgVR//h3szjjynur4FBbqyfvJk+XJv80dlap/iKtiajzb+NuPanN+Pk6YcG/80RQwr3eTahv9OVTdC80u7/TMsHj6TJsF1x7S/iaB9Xu20BE0zzJrWEsFyptxaJfLRLmhlmnp+DmeRBWKTMbzmJNgMkmjUPsSjRljPb3T7kHds/pXnh824) -> Found
[Suspicious.Path] \NUBNMXZ -- C:\Users\BBQ\AppData\Roaming\NUBNMXZ.exe (/infocmdline=H6BG5vZoKB8eY9aCNa7Iw6lxMaj2PJoGgyRkYyNy/KEoh2wQFSenMs2QtzVvqlZ5CtX0QuKI74SnQci0G/Jtft73LytrCIBubfEPgNmyx1vs3urXJUp8sKG5Q7OQK1Rc1vfU/k4RkircWgA6QC/gOQ5NI/d4iu1egi6Ozu31RdojnEgHJVN///FHloA3hTOChak1Eq87ZR1WUVU+Xs7Ehx4c4XZf3ggeGF04OHm+wqfEJbkRXGgfavQRFglFDbKkswOtHNkenS1ybYnx9o1S6K4VM3KjqKfXUlQlVfV5fl1fQbwxRk/J73HNy7TE5eXhNaYZcxMvIkjocFWOau5yAQQerE9JTazX7VRT4KUxY+L1VZ98deHcTBDmDjlyvG30Ip7bV794Ngwz+K60pMlqUTs9jYwOP98zZGHxMURx0YpZRQmbPdO39g7Z4tLZXNkUjkGoBG64LWHk8VJwAaQFVvsM/t7RgSFp/Xz16TWkoydgk5qnD77t0c4bHwSBHhwfqA5POcZgiGcz88A0D/owDv2EW28VYmjIYUpcNAfwwBd8A7nOqSIXtDw3Vqe0JeZHQr6Yp/Ves+OqMM8587Ryv2iCkwpevi6rrr9x9A4crcJfU6S+2xTNAyYBSdpWy9qW1vh9vSUNyhCrdLSjq0PfHww9PoW/hIZdMw4hjfXxM70=) -> Found
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZEX-00RKKA0 ATA Device +++++
--- User ---
[MBR] 91dfba0ff967a3c528fcada185b00641
[BSP] 5c1ce4d1015c1dda688453ac05b8f580 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


#11 polskamachina

polskamachina

  • Malware Response Team
  • 3,938 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:11 AM

Posted 31 December 2016 - 09:21 PM

Hi silvershell,
 
Good job with the logs :thumbup2:

 

Let's proceed:

  • Close all programs and disconnect any USB or external drives before running the tool
  • Right-click RogueKiller and select Run As Administrator
  • Once the Prescan has finished, click Scan
  • Once the Status box shows Scan Finished, click the Delete button
  • When the Status box shows Deleting Finished, click the Report button to show the log
  • Copy and paste the report that opens into your next reply to me
    • The log can also be found in the following location: C:\ProgramData\RogueKiller\Logs\RKreport_DEL_mmddyyyy_hhmmss.log

In summary I will need from you:

  • RogueKiller log

Let me know if you have any questions and...Happy New Year!

 

polskamachina



#12 slivershell

slivershell
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 01 January 2017 - 01:47 PM

RogueKiller V12.9.0.0 (x64) [Dec 26 2016] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : BBQ [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 01/01/2017 13:10:28 (Duration : 00:32:15)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 4 ¤¤¤
[PUP.Gen0|Suspicious.Path|VT.Application.Win32.Coupons.a] (X64) HKEY_CLASSES_ROOT\CLSID\{1A53AD8B-D0B9-4E7F-88E4-50C07A65F2DC} (C:\Windows\COUPON~2.OCX) -> Deleted
[PUP.Gen0|Suspicious.Path|VT.Application.Win32.Coupons.a] (X64) HKEY_CLASSES_ROOT\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC} (C:\Windows\COUPON~2.OCX) -> Deleted
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-485299563-1421404851-635644667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-485299563-1421404851-635644667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Replaced (1)
 
¤¤¤ Tasks : 4 ¤¤¤
[Suspicious.Path] %WINDIR%\Tasks\ILOULES.job -- C:\Users\BBQ\AppData\Roaming\ILOULES.exe (/infocmdline=OkE/0vv4UAJ7RGNLtx9XDGX1fKH1VYC72KelBx8VCL1on9jEs8n/tIqO7vdlyDBADpJ1eOd4hlO1TneOIw12dRCsR/H9E066S1Vb669Qv1/HqYrNhiLoh2ZYpKajg++KlsNGLYNF/D2QHj6UtK5Dd067e/6qBvXByCXWVzJyU/YAVhOc/3m5AlBupGk8RcPeL8UabTNV4porbhL6nPJSnZQLVFt53im3sc7GpEuRRYKjBxw1wyF0WgN8+rwGSGZCJ+L7OfNEygDo61xRJNSOfekmE53rsQR5E9hZDQTVVBbKb8MvSrhzRkTN/6QjZc/zAhsuu35Yc2ebWJQgVR//h3szjjynur4FBbqyfvJk+XJv80dlap/iKtiajzb+NuPanN+Pk6YcG/80RQwr3eTahv9OVTdC80u7/TMsHj6TJsF1x7S/iaB9Xu20BE0zzJrWEsFyptxaJfLRLmhlmnp+DmeRBWKTMbzmJNgMkmjUPsSjRljPb3T7kHds/pXnh824) -> Deleted
[Suspicious.Path] %WINDIR%\Tasks\NUBNMXZ.job -- C:\Users\BBQ\AppData\Roaming\NUBNMXZ.exe (/infocmdline=H6BG5vZoKB8eY9aCNa7Iw6lxMaj2PJoGgyRkYyNy/KEoh2wQFSenMs2QtzVvqlZ5CtX0QuKI74SnQci0G/Jtft73LytrCIBubfEPgNmyx1vs3urXJUp8sKG5Q7OQK1Rc1vfU/k4RkircWgA6QC/gOQ5NI/d4iu1egi6Ozu31RdojnEgHJVN///FHloA3hTOChak1Eq87ZR1WUVU+Xs7Ehx4c4XZf3ggeGF04OHm+wqfEJbkRXGgfavQRFglFDbKkswOtHNkenS1ybYnx9o1S6K4VM3KjqKfXUlQlVfV5fl1fQbwxRk/J73HNy7TE5eXhNaYZcxMvIkjocFWOau5yAQQerE9JTazX7VRT4KUxY+L1VZ98deHcTBDmDjlyvG30Ip7bV794Ngwz+K60pMlqUTs9jYwOP98zZGHxMURx0YpZRQmbPdO39g7Z4tLZXNkUjkGoBG64LWHk8VJwAaQFVvsM/t7RgSFp/Xz16TWkoydgk5qnD77t0c4bHwSBHhwfqA5POcZgiGcz88A0D/owDv2EW28VYmjIYUpcNAfwwBd8A7nOqSIXtDw3Vqe0JeZHQr6Yp/Ves+OqMM8587Ryv2iCkwpevi6rrr9x9A4crcJfU6S+2xTNAyYBSdpWy9qW1vh9vSUNyhCrdLSjq0PfHww9PoW/hIZdMw4hjfXxM70=) -> Deleted
[Suspicious.Path] \ILOULES -- C:\Users\BBQ\AppData\Roaming\ILOULES.exe (/infocmdline=OkE/0vv4UAJ7RGNLtx9XDGX1fKH1VYC72KelBx8VCL1on9jEs8n/tIqO7vdlyDBADpJ1eOd4hlO1TneOIw12dRCsR/H9E066S1Vb669Qv1/HqYrNhiLoh2ZYpKajg++KlsNGLYNF/D2QHj6UtK5Dd067e/6qBvXByCXWVzJyU/YAVhOc/3m5AlBupGk8RcPeL8UabTNV4porbhL6nPJSnZQLVFt53im3sc7GpEuRRYKjBxw1wyF0WgN8+rwGSGZCJ+L7OfNEygDo61xRJNSOfekmE53rsQR5E9hZDQTVVBbKb8MvSrhzRkTN/6QjZc/zAhsuu35Yc2ebWJQgVR//h3szjjynur4FBbqyfvJk+XJv80dlap/iKtiajzb+NuPanN+Pk6YcG/80RQwr3eTahv9OVTdC80u7/TMsHj6TJsF1x7S/iaB9Xu20BE0zzJrWEsFyptxaJfLRLmhlmnp+DmeRBWKTMbzmJNgMkmjUPsSjRljPb3T7kHds/pXnh824) -> ERROR [80070002]
[Suspicious.Path] \NUBNMXZ -- C:\Users\BBQ\AppData\Roaming\NUBNMXZ.exe (/infocmdline=H6BG5vZoKB8eY9aCNa7Iw6lxMaj2PJoGgyRkYyNy/KEoh2wQFSenMs2QtzVvqlZ5CtX0QuKI74SnQci0G/Jtft73LytrCIBubfEPgNmyx1vs3urXJUp8sKG5Q7OQK1Rc1vfU/k4RkircWgA6QC/gOQ5NI/d4iu1egi6Ozu31RdojnEgHJVN///FHloA3hTOChak1Eq87ZR1WUVU+Xs7Ehx4c4XZf3ggeGF04OHm+wqfEJbkRXGgfavQRFglFDbKkswOtHNkenS1ybYnx9o1S6K4VM3KjqKfXUlQlVfV5fl1fQbwxRk/J73HNy7TE5eXhNaYZcxMvIkjocFWOau5yAQQerE9JTazX7VRT4KUxY+L1VZ98deHcTBDmDjlyvG30Ip7bV794Ngwz+K60pMlqUTs9jYwOP98zZGHxMURx0YpZRQmbPdO39g7Z4tLZXNkUjkGoBG64LWHk8VJwAaQFVvsM/t7RgSFp/Xz16TWkoydgk5qnD77t0c4bHwSBHhwfqA5POcZgiGcz88A0D/owDv2EW28VYmjIYUpcNAfwwBd8A7nOqSIXtDw3Vqe0JeZHQr6Yp/Ves+OqMM8587Ryv2iCkwpevi6rrr9x9A4crcJfU6S+2xTNAyYBSdpWy9qW1vh9vSUNyhCrdLSjq0PfHww9PoW/hIZdMw4hjfXxM70=) -> Deleted
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZEX-00RKKA0 ATA Device +++++
--- User ---
[MBR] 91dfba0ff967a3c528fcada185b00641
[BSP] 5c1ce4d1015c1dda688453ac05b8f580 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
 
 
 
 
Happy New Year to you too, polskamachina!!!!


#13 polskamachina

polskamachina

  • Malware Response Team
  • 3,938 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:11 AM

Posted 02 January 2017 - 09:15 PM

Hi silvershell :)
 
Sorry for another delay in my response. The reason for the delay is that you have a few files that need investigating and I need to be very careful in determining what they are and how to handle them.
 
Please do the following:

  • Copy and paste the following text in its entirety into Notepad:
  • CreateRestorePoint:
    CloseProcesses:
    File: C:\Users\BBQ\AppData\Local\Temp\drm_dyndata_7370014.dll
    File: C:\Users\BBQ\AppData\Local\Temp\drm_dyndata_7380014.dll
    File: C:\Users\BBQ\AppData\Local\Temp\libeay32.dll
    File: C:\Users\BBQ\AppData\Local\Temp\msvcr120.dll
  • Save the file to your Desktop as fixlist.txt. Note: FRST64 and fixlist.txt must be in the same folder in order for the fix to work.
  • Run FRST64
  • Click on Fix
  • It should only take a few moments for the fix to complete
  • If you are asked to restart your computer, please do so
  • When the fix has completed, a new file will be created named Fixlog.txt, and it will be saved to your Downloads folder
  • Please copy and paste that log into your next reply to me

Let me know if you have any questions.
 
polskamachina



#14 slivershell

slivershell
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 03 January 2017 - 02:40 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 01-01-2017
Ran by BBQ (03-01-2017 13:55:03) Run:1
Running from C:\Users\BBQ\Desktop
Loaded Profiles: BBQ (Available Profiles: BBQ)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
File: C:\Users\BBQ\AppData\Local\Temp\drm_dyndata_7370014.dll
File: C:\Users\BBQ\AppData\Local\Temp\drm_dyndata_7380014.dll
File: C:\Users\BBQ\AppData\Local\Temp\libeay32.dll
File: C:\Users\BBQ\AppData\Local\Temp\msvcr120.dll
*****************
 
Restore point was successfully created.
Processes closed successfully.
 
========================= File: C:\Users\BBQ\AppData\Local\Temp\drm_dyndata_7370014.dll ========================
 
MD5: 251940E083E8DE21B1A65940A49ACA28
Creation and modification date: 2015-06-09 23:25 - 2015-06-09 23:25
Size: 0204800
Attributes: ----A
Company Name: Sony DADC Austria AG
Internal Name: 
Original Name: drm_dyndata.dll
Product: 
Description: SecuROM dynamic-data module
File Version: 1, 0, 0, 3
Product Version: 1, 0, 0, 3
Copyright: Copyright © 2004 - 2007 Sony DADC Austria AG
 
====== End of File: ======
 
 
========================= File: C:\Users\BBQ\AppData\Local\Temp\drm_dyndata_7380014.dll ========================
 
MD5: 3E9B2A232E90FA98DFE3F0866E201883
Creation and modification date: 2015-06-09 23:25 - 2015-06-09 23:25
Size: 0204800
Attributes: ----A
Company Name: Sony DADC Austria AG
Internal Name: 
Original Name: drm_dyndata.dll
Product: 
Description: SecuROM dynamic-data module
File Version: 1, 0, 0, 3
Product Version: 1, 0, 0, 3
Copyright: Copyright © 2004 - 2007 Sony DADC Austria AG
 
====== End of File: ======
 
 
========================= File: C:\Users\BBQ\AppData\Local\Temp\libeay32.dll ========================
 
MD5: 1F5F004AA46F9B9B18952792B46BB7B1
Creation and modification date: 2016-12-15 01:06 - 2016-12-15 01:06
Size: 2458672
Attributes: ----A
Company Name: The OpenSSL Project, http://www.openssl.org/
Internal Name: libeay32
Original Name: libeay32.dll
Product: The OpenSSL Toolkit
Description: OpenSSL shared library
File Version: 1.0.2h
Product Version: 1.0.2h
Copyright: Copyright © 1998-2006 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.
 
====== End of File: ======
 
 
========================= File: C:\Users\BBQ\AppData\Local\Temp\msvcr120.dll ========================
 
MD5: 034CCADC1C073E4216E9466B720F9849
Creation and modification date: 2016-12-15 01:06 - 2016-12-15 01:06
Size: 0970912
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: msvcr120.dll
Original Name: msvcr120.dll
Product: Microsoft® Visual Studio® 2013
Description: Microsoft® C Runtime Library
File Version: 12.00.21005.1 built by: REL
Product Version: 12.00.21005.1
Copyright: © Microsoft Corporation. All rights reserved.
 
====== End of File: ======
 
 
 
The system needed a reboot.
 
==== End of Fixlog 13:55:07 ====


#15 polskamachina

polskamachina

  • Malware Response Team
  • 3,938 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:11 AM

Posted 04 January 2017 - 08:02 PM

Hi silvershell,
 
The files we examined in your previous post turned out not to be a serious threat to your system. smile.png
 
Let's begin with the fixing:

  • Copy and paste the text below in its entirety into Notepad:
CreateRestorePoint:
CloseProcesses:
C:\Users\BBQ\AppData\Local\Temp\bdfilters.dll
C:\Users\BBQ\AppData\Local\Temp\DeviceCentralSetup.exe
C:\Users\BBQ\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\BBQ\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\BBQ\AppData\Local\Temp\IRBlast.exe
C:\Users\BBQ\AppData\Local\Temp\libeay32.dll
C:\Users\BBQ\AppData\Local\Temp\msvcr120.dll
C:\Users\BBQ\AppData\Local\Temp\optprosetup.exe
C:\Users\BBQ\AppData\Local\Temp\Quarantine.exe
C:\Users\BBQ\AppData\Local\Temp\sqlite3.dll
C:\Users\BBQ\AppData\Local\Temp\swt-win32-3349.dll
C:\Program Files (x86)\GUTF82A.tmp
C:\Users\BBQ\AppData\Roaming\ILOULES
C:\Users\BBQ\AppData\Roaming\NUBNMXZ
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-10-02] (Microsoft Corporation)
AppInit_DLLs-x32: c:\progra~2\sn0310~1.boo => No File
HKU\S-1-5-21-485299563-1421404851-635644667-1000\...\MountPoints2: {bab0a4ab-2d32-11e3-bffa-e40ec5402939} - E:\LaunchU3.exe -a
HKLM-x32\...\Run: [] => [X]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-485299563-1421404851-635644667-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-09-29] (Pando Networks)
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Extension: (GoSavve) - C:\Users\BBQ\AppData\Local\Google\Chrome\User Data\Default\Extensions\alhffhfjlfifablimdpnelhegalepppl [2014-09-17]
Hosts: Hosts file not detected in the default directory
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-05-10] [not signed]
Task: {EEBE4B62-400E-4679-A1B1-0FD0E15C430D} - System32\Tasks\ILOULES => C:\Users\BBQ\AppData\Roaming\ILOULES.exe <==== ATTENTION
Task: {F627D73E-EE62-41FB-95DE-E0035979CAAE} - System32\Tasks\NUBNMXZ => C:\Users\BBQ\AppData\Roaming\NUBNMXZ.exe <==== ATTENTION
Task: C:\Windows\Tasks\ILOULES.job => C:\Users\BBQ\AppData\Roaming\ILOULES.exe <==== ATTENTION
Task: C:\Windows\Tasks\NUBNMXZ.job => C:\Users\BBQ\AppData\Roaming\NUBNMXZ.exe <==== ATTENTION
C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:44D90A78 [386]
AlternateDataStreams: C:\ProgramData\TEMP:6C7EBDC3 [468]
AlternateDataStreams: C:\ProgramData\TEMP:B1FBBD09 [386]
AlternateDataStreams: C:\ProgramData\TEMP:CAE2C3A5 [215]
  • Save the file to your Desktop as fixlist.txt. Note: FRST64 and fixlist.txt must be in the same folder in order for the fix to work.
  • Run FRST64
  • Click on Fix
  • It should only take a few moments for the fix to complete
  • If you are asked to restart your computer, please do so
  • When the fix has completed, a new file will be created named, Fixlog.txt, and it will be saved to your Desktop
  • Please copy and paste that log into your next reply to me

In summary I will need from you:

  • Fixlog.txt
  • How is your computer behaving now? Is it still freezing up?

Let me know if you have any questions.

 

polskamachina






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users