[false postive IP?]

thanks for help from MysterFCM and CatByte. I just checked the FixList.txt and I see it goint to clean up the XRD manager, that is one of the tools from my monitor calibration software, I think I have to keep that, is it?

 

Please advice, thanks!

[false postive IP?]

The Chrome problem was happened a weeks before, during this week I have seek for your specialist help, and here I have included a FRST log, do you think my system is clean now?

FRST.txt

Addition.txt

[false postive IP?]

what is installRex and how to remove?

[false postive IP?]

so my system still totally in all-safe and clean?

[false postive IP?]

thanks for your reply! you make me feel safe!

 

my Malwarebyte reporting the NZXT CAM, Kaspersky and Chrome also get similar malicious action, they are all not any P2P software....

(I have attached the MBAM export list showing these events)

malwarebyte_log.txt

MBAM.txt

[false postive IP?]

the NZXT CAM is the official software from NZXT which control and monitor and All-in-one watercooling blocks. I download it from NZXT official website.

 

I'm afraid if my system is actually get infected but those virus/malware keeps hiding out, and randomly connect to outer world and show these "malicious IP connection"

 

Is my system safe ?

[false postive IP?]

It's not an F/P (IPs have been found housing and/or infected with, Upatre).

 

Because the software connecting to these are using P2P tech, this is unfortunately, to be expected (they'll always connect to both good and bad/infected machines).

 

So am I get infected????

[false postive IP?]

Hi Malwarebyte,

 

I have my system cleanup by your advisor few days before but now something come back, these application try to reach an external IP and reports malicious action by Malwarebyte, are they false positive?

 

I have mentioned the similar problem before in my post#6 here:

https://forums.malwarebytes.org/index.php?/topic/168043-syswow64-cmdexe-possible-malware-hijack/page-2

 

Any idea??

MBAM.txt

[false postive IP?]

Hello Malwarebyte, I have seek for help from "Malware Removal Help" forum before about Malwarebyte report similar malicious IP. After the clean up task from your advisor, some IP still occur, I'm not sure if they are safe or not, could you please check?

 

 

Thank you.

MBAM.txt

[sysWOW64 cmd.exe, possible malware hijack?]

I have report the similar case at my post #6

I have once again scan my PC with malwarebyte and kaspersky, can't find anything. But it is weird that malwarebye keep report malicious action, right?

[sysWOW64 cmd.exe, possible malware hijack?]

Hi TwinHeadedEagle, my system come back something like this, these application try to reach an external IP and reports malicious action by Malwarebyte

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

 

Update, 05/05/2015 10:44:25 PM, SYSTEM, X99, Manual, Remediation Database, 2014.12.6.1, 2015.4.22.1, 

Update, 05/05/2015 10:44:25 PM, SYSTEM, X99, Manual, Rootkit Database, 2015.2.25.1, 2015.4.21.1, 

Update, 05/05/2015 10:44:27 PM, SYSTEM, X99, Manual, Malware Database, 2015.3.7.4, 2015.5.5.4, 

Protection, 05/05/2015 10:45:08 PM, SYSTEM, X99, Protection, Malware Protection, Starting, 

Protection, 05/05/2015 10:45:08 PM, SYSTEM, X99, Protection, Malware Protection, Started, 

Protection, 05/05/2015 10:45:08 PM, SYSTEM, X99, Protection, Malicious Website Protection, Starting, 

Protection, 05/05/2015 10:45:08 PM, SYSTEM, X99, Protection, Malicious Website Protection, Started, 

Update, 05/05/2015 10:51:55 PM, SYSTEM, X99, Manual, Malware Database, 2015.5.5.4, 2015.5.5.5, 

Protection, 05/05/2015 10:51:55 PM, SYSTEM, X99, Protection, Refresh, Starting, 

Protection, 05/05/2015 10:51:55 PM, SYSTEM, X99, Protection, Malicious Website Protection, Stopping, 

Protection, 05/05/2015 10:51:55 PM, SYSTEM, X99, Protection, Malicious Website Protection, Stopped, 

Protection, 05/05/2015 10:51:58 PM, SYSTEM, X99, Protection, Refresh, Success, 

Protection, 05/05/2015 10:51:58 PM, SYSTEM, X99, Protection, Malicious Website Protection, Starting, 

Protection, 05/05/2015 10:51:58 PM, SYSTEM, X99, Protection, Malicious Website Protection, Started, 

Scan, 05/05/2015 10:56:48 PM, SYSTEM, X99, Manual, Start:05/05/2015 10:52:07 PM, Duration:4 min 41 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, 

Protection, 05/05/2015 10:04:50 PM, SYSTEM, X99, Protection, Malware Protection, Starting, 

Protection, 05/05/2015 10:04:50 PM, SYSTEM, X99, Protection, Malware Protection, Started, 

Protection, 05/05/2015 10:04:50 PM, SYSTEM, X99, Protection, Malicious Website Protection, Starting, 

Protection, 05/05/2015 10:05:08 PM, SYSTEM, X99, Protection, Malicious Website Protection, Started, 

Detection, 05/05/2015 10:06:15 PM, SYSTEM, X99, Protection, Malicious Website Protection, IP, 166.78.246.145, 1147, Outbound, C:\Program Files (x86)\NZXT\CAM\CAM_Client.exe, 

Detection, 05/05/2015 10:06:15 PM, SYSTEM, X99, Protection, Malicious Website Protection, IP, 166.78.246.145, 1147, Outbound, C:\Program Files (x86)\NZXT\CAM\CAM_Client.exe, 

Detection, 05/05/2015 11:11:04 PM, SYSTEM, X99, Protection, Malicious Website Protection, IP, 213.226.201.226, 6881, Outbound, D:\Games\World_of_Tanks\WoTLauncher.exe, 

Detection, 05/05/2015 11:11:04 PM, SYSTEM, X99, Protection, Malicious Website Protection, IP, 213.226.201.226, 6881, Outbound, D:\Games\World_of_Tanks\WoTLauncher.exe, 

 

(end)

 

Any idea??

[sysWOW64 cmd.exe, possible malware hijack?]

Alright, thanks again TwinHeadedEagle!

[sysWOW64 cmd.exe, possible malware hijack?]

Inform me if it returns.

 

After reinstall Chrome browser, the Kaspersky Protection extension no longer clickable and usable, and the CMD.exe also disappear from my service. I doubt the IAT Hook is something related inside...... 

[sysWOW64 cmd.exe, possible malware hijack?]

Yes.

 

So.... what should I do?

[sysWOW64 cmd.exe, possible malware hijack?]

This doesn't need to mean that this is malware. Can you reinstall Chrome?

 

Just reinstalled Chrome, that IAT Hook is not occur. But as I said, it re-occur in random..... should I alert of it?

[sysWOW64 cmd.exe, possible malware hijack?]

OHH.... somethings come back 

 

[sysWOW64 cmd.exe, possible malware hijack?]

Thank you dude! Enjoy a beer! 

 

Cheers

[sysWOW64 cmd.exe, possible malware hijack?]

Many thanks TwinHeadedEagle. I try to surfing web as safety as possible, but I find that I suffer the same IAT HOOK and Malicious Outbound twice in a month... I doubt there will be happen again very soon. Any good tools I could try for first-aid if I suffer the same next time?

[sysWOW64 cmd.exe, possible malware hijack?]

the CMD.EXE now still running in background. As I said it seems like linked to the Kaspersky Protection chrome extension, if I remove this extension, the CMD.EXE will gone, do you think it is trustable?

[sysWOW64 cmd.exe, possible malware hijack?]

my system seems stable now, many thanks TwinHeadedEagle. But I still have the following questions:
 

 

1. What is that CMD.EXE running behind? Is that part of Kaspersky service?

2. Is my system infected with malware/rootkit ?

 

Many thanks!

[sysWOW64 cmd.exe, possible malware hijack?]

here is the log

zoek-results.log

[sysWOW64 cmd.exe, possible malware hijack?]

something detected in RougeKiller this morning, nothing is detected before, this is exactly the same malicious item I have 3 weeks before:

[sysWOW64 cmd.exe, possible malware hijack?]

(UPDATE)

some malicious action started on my machine, I have attached a log. I have got similar situation 3 weeks before, back to the date I have a fresh clean of windows, unfortunately the similar issue come back now

malwarebyte_log.txt

[sysWOW64 cmd.exe, possible malware hijack?]

Thanks, here are the logs

Addition.txt

FRST.txt

[sysWOW64 cmd.exe, possible malware hijack?]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2015 01

Ran by Solution at 2015-05-02 02:31:34

Running from C:\Users\Solution\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-1859955418-491830460-2377010485-500 - Administrator - Disabled)

Guest (S-1-5-21-1859955418-491830460-2377010485-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-1859955418-491830460-2377010485-1003 - Limited - Enabled)

Solution (S-1-5-21-1859955418-491830460-2377010485-1001 - Administrator - Enabled) => C:\Users\Solution

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Kaspersky Anti-Virus (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Kaspersky Anti-Virus (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

3DMark (HKLM-x32\...\{7330098c-3669-4f39-9e82-4221d489db39}) (Version: 1.4.828.0 - Futuremark)

3DMark (Version: 1.4.828.0 - Futuremark) Hidden

AIDA64 Extreme v4.50 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 4.50 - FinalWire Ltd.)

Bandizip (HKLM\...\Bandizip) (Version: 5.05 - Bandisoft.com)

Bloody5 (HKLM-x32\...\Bloody3) (Version: 15.04.0004 - Bloody)

CAM (HKLM-x32\...\{46DA8827-18F8-4489-882C-4ACE5ECE524E}) (Version: 1.2.4 - NZXT)

CH Control Manager Software (HKLM-x32\...\CHControlManager_is1) (Version:  - )

CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )

CPUID HWMonitor 1.26 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )

CrystalDiskInfo 6.3.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.3.0 - Crystal Dew World)

CrystalDiskMark 3.0.3b Shizuku Edition (HKLM\...\CrystalDiskMark_is1) (Version: 3.0.3b - Crystal Dew World)

dBpoweramp (HKLM-x32\...\dBpoweramp) (Version: Release 15.1 - Illustrate)

dBpoweramp DSP Effects (HKLM-x32\...\dBpoweramp DSP Effects) (Version: Release 11 - Illustrate)

EaseUS Todo Backup Free 8.2  (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 8.2 - CHENGDU YIWO Tech Development Co., Ltd)

Elite Dangerous Launcher version 0.4.2220.0 (HKLM-x32\...\{696F8871-C91D-4CB1-825D-36BE18065575}_is1) (Version: 0.4.2220.0 - Frontier Developments)

EVGA E-LEET Tuning Utility X (HKLM-x32\...\{13223B74-593A-4633-9B3D-BADF9C29DECD}) (Version: 0.9.0 - EVGA Corporation)

EVGA OC Scanner X 3.6.1.2 (64-bit) (HKLM\...\{CC520CF6-B02E-49AA-8192-C1DDC159E0AA}}_is1) (Version:  - EVGA)

EVGA PrecisionX 16 (HKLM-x32\...\{0D30CA95-DFB2-4130-AF57-6E0D324DDB05}) (Version: 5.3.3 - EVGA Corporation)

foobar2000 v1.3.7 (HKLM-x32\...\foobar2000) (Version: 1.3.7 - Peter Pawlowski)

Futuremark SystemInfo (HKLM-x32\...\{03856D3F-DDDC-4C9A-9202-36529D21D94C}) (Version: 4.32.483.0 - Futuremark)

GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)

Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden

Honeyview (HKLM\...\Honeyview) (Version: 5.11 - Bandisoft.com)

i1Profiler (HKLM-x32\...\i1Profiler_is1) (Version: 1.5.6 - X-Rite)

Intel Extreme Tuning Utility (HKLM-x32\...\{ffa8daa3-4912-4a4a-aac4-a0549064268b}) (Version: 5.1.1.25 - Intel Corporation)

Intel Extreme Tuning Utility (x32 Version: 5.1.1.25 - Intel Corporation) Hidden

Intel® Network Connections 19.0.27.0 (HKLM\...\PROSetDX) (Version: 19.0.27.0 - Intel)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)

Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)

Kaspersky Anti-Virus (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden

Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)

MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.4.0 - Mozilla)

Mozilla Thunderbird 31.6.0 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 31.6.0 (x86 en-GB)) (Version: 31.6.0 - Mozilla)

MPC-BE x64 1.4.5.315 (HKLM\...\{FE09AF6D-78B2-4093-B012-FCDAF78693CE}_is1) (Version: 1.4.5.315 - MPC-BE Team)

NaturalPoint USB Drivers x64 (HKLM\...\{B408139D-04D6-4464-A979-D335E48F7063}) (Version: 2.50.0000 - NaturalPoint)

Nuance PDF Reader (HKLM-x32\...\{5F6C549F-78DA-4E0E-AE70-0BD981936D99}) (Version: 7.00.0000 - Nuance Communications, Inc.)

NVIDIA 3D Vision Controller Driver 349.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 349.95 - NVIDIA Corporation)

NVIDIA 3D Vision Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 350.12 - NVIDIA Corporation)

NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)

NVIDIA Graphics Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)

NVIDIA Miracast Virtual Audio 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 350.12 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation)

OpenAL (HKLM-x32\...\OpenAL) (Version:  - )

PlanetSide 2 (HKU\S-1-5-21-1859955418-491830460-2377010485-1001\...\SOE-PlanetSide 2) (Version:  - Sony Online Entertainment)

Plantronics® GameCom 780/788 Software for Dolby® Headphone (HKLM-x32\...\{EB3C9064-9140-4279-9E51-965119402151}) (Version: 3.20.0001 - Plantronics)

Potplayer-64 Bits (HKLM\...\PotPlayer64) (Version:  - Daum Kakao Corp.)

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.30171 - Realtek Semiconductor Corp.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)

Risen 2 - Dark Waters (HKLM-x32\...\Steam App 40390) (Version:  - Piranha Bytes)

SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden

SIGMA_PhotoPro 6.2 (HKLM-x32\...\SIGMA_PhotoPro) (Version: 6.2 - SIGMA corporation)

SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )

Spotify (HKU\S-1-5-21-1859955418-491830460-2377010485-1001\...\Spotify) (Version: 1.0.4.90.g0b6df40b - Spotify AB)

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

TrackIR 5 (HKLM-x32\...\{2f2e6053-043c-4d69-94d0-4d42304ea4ee}) (Version: 5.2.0200 - NaturalPoint)

Tt eSPORTS MEKA G Unit Illuminated gaming keyboard Driver V1.0 (HKLM-x32\...\{B309FBB9-A400-4865-BD46-29276E27B94A}}_is1) (Version:  - Ttesports Inc.)

Unigine Valley Benchmark version 1.0 (HKLM-x32\...\Unigine Valley Benchmark_is1) (Version: 1.0 - Unigine Corp.)

Uplay (HKLM-x32\...\Uplay) (Version: 5.2 - Ubisoft)

WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 3.6 - Bazis)

World of Tanks (HKU\S-1-5-21-1859955418-491830460-2377010485-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)

Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 0.3.0.5 - Wrye & Wrye Bash Development Team)

X-Rite Device Services Manager (HKLM-x32\...\{64285C74-388D-4147-B215-54B34AFBF0CA}) (Version: 2.3.82 - X-Rite)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-1859955418-491830460-2377010485-1001_Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32 -> C:\Program Files\Bandizip\bdzshl64.dll (Bandisoft.com)

CustomCLSID: HKU\S-1-5-21-1859955418-491830460-2377010485-1001_Classes\CLSID\{9B6D38F3-8EF4-48A5-AD30-FFFFFFFFFFFF}\InprocServer32 -> C:\Program Files\Honeyview\HVShell64.dll (Bandisoft.com)

 

==================== Restore Points  =========================

 

23-04-2015 10:15:14 Removed NVIDIA PhysX

25-04-2015 23:39:42 Installed DirectX

28-04-2015 07:16:14 Installed DirectX

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {5B575C9A-5E93-44A5-B42F-E81CB8DC134E} - System32\Tasks\X-Rite Device Services Software Updater => C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe [2014-06-23] (X-Rite Inc.)

Task: {7A86AF45-9CF3-470E-89FC-0213ED07570B} - \Optimize Start Menu Cache Files-S-1-5-21-1859955418-491830460-2377010485-1001 No Task File <==== ATTENTION

Task: {7D4510EE-8104-414C-A144-44A75B7EE6B9} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)

Task: {805E23A3-7A06-4C00-89D4-DD09BA48E74D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-07] (Google Inc.)

Task: {87711507-A234-4326-B918-03CEFA5DC1C7} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)

Task: {96160A96-454E-41C5-957A-3A3AF3BE3607} - System32\Tasks\CAM => C:\Program Files (x86)\NZXT\CAM\CAM_Client.exe [2015-02-13] ()

Task: {96985BA1-9E42-44BC-9093-EC59A84957C3} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)

Task: {AAD2010C-B656-4E4D-9BC4-6AF738B42B49} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-04-23] (Microsoft Corporation)

Task: {C6E1E11C-0935-4C58-B780-BD60A0D21654} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-07] (Google Inc.)

Task: {DA69D1C3-D108-4A75-B365-42B33F0C7269} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\X-Rite Device Services Software Updater.job => C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe

 

==================== Loaded Modules (whitelisted) ==============

 

2015-03-07 20:28 - 2015-04-08 22:30 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2015-04-23 21:32 - 2014-12-15 01:03 - 00241704 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe

2015-03-07 16:07 - 2014-01-21 17:41 - 00817440 ____N () C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe

2015-04-23 20:58 - 2015-04-17 16:42 - 18910208 _____ () C:\Program Files (x86)\Bloody5\Bloody5\Bloody5.exe

2015-03-07 16:01 - 2012-02-13 16:11 - 01672704 _____ () C:\Program Files (x86)\Ttesports\MEKA G UNIT Illuminated\MEKA G Unit HID.exe

2015-02-13 12:13 - 2015-02-13 12:13 - 07703016 _____ () C:\Program Files (x86)\NZXT\CAM\CAM_Client.exe

2015-04-23 21:32 - 2014-12-15 01:04 - 00253992 _____ () C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe

2015-03-07 16:51 - 2015-03-07 16:51 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll

2014-03-06 15:00 - 2014-03-06 15:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\kpcengine.2.3.dll

2015-04-23 21:31 - 2014-12-15 00:53 - 00098856 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll

2015-04-23 21:31 - 2014-12-15 00:53 - 00031272 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckTool.dll

2015-04-23 21:31 - 2014-12-15 00:53 - 00017448 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll

2015-04-23 21:32 - 2014-12-15 00:53 - 00088616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll

2015-04-23 21:31 - 2014-12-15 00:53 - 01296424 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll

2015-04-23 21:32 - 2014-12-15 00:53 - 00060968 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll

2015-04-23 21:31 - 2015-03-14 11:53 - 00107560 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll

2015-04-23 21:31 - 2014-12-15 00:53 - 00077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll

2015-04-23 21:31 - 2014-12-15 00:53 - 00030248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll

2015-04-23 21:32 - 2014-12-15 00:53 - 00068136 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll

2015-04-23 21:31 - 2014-12-15 00:53 - 00158248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll

2015-04-23 21:31 - 2015-03-14 11:54 - 00281128 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll

2015-04-23 21:31 - 2015-03-14 11:54 - 00072232 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll

2015-04-23 21:32 - 2014-12-15 00:53 - 00139816 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll

2015-04-23 21:31 - 2014-12-15 00:53 - 00037416 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll

2015-04-23 21:31 - 2015-03-14 11:54 - 00759848 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll

2015-04-23 21:31 - 2014-12-15 00:53 - 00193064 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll

2015-04-23 21:31 - 2014-12-15 00:53 - 00407080 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll

2015-04-23 21:31 - 2014-12-15 00:53 - 00148008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll

2015-04-23 21:31 - 2014-12-15 00:53 - 00076840 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll

2015-04-23 21:32 - 2014-12-15 00:53 - 00207912 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll

2015-04-23 21:31 - 2014-12-15 00:53 - 00024616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll

2015-04-23 21:31 - 2014-12-15 00:53 - 00020520 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll

2015-04-23 21:31 - 2014-12-15 00:53 - 00032296 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll

2015-04-23 21:32 - 2014-12-15 00:53 - 00034856 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll

2015-04-23 21:32 - 2014-12-15 00:53 - 00064040 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll

2015-04-23 21:31 - 2014-12-15 00:53 - 00022568 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll

2015-04-23 21:32 - 2014-12-15 00:53 - 00115752 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll

2015-04-23 21:31 - 2014-12-15 00:53 - 00194088 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll

2015-04-23 21:31 - 2014-12-15 00:53 - 00077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll

2015-04-23 21:31 - 2014-12-15 00:53 - 00037928 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll

2015-04-23 21:32 - 2014-12-15 00:53 - 00135720 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll

2015-04-23 21:31 - 2014-12-15 00:53 - 00020008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll

2015-04-23 21:32 - 2014-12-15 00:53 - 00043048 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll

2015-04-23 21:32 - 2014-12-15 00:53 - 00096808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBFireWall.dll

2014-06-23 18:06 - 2014-06-23 18:06 - 01588224 _____ () C:\Program Files (x86)\X-Rite\Devices\rm200\GoldenEye.dll

2014-06-23 18:06 - 2014-06-23 18:06 - 02633728 _____ () C:\Program Files (x86)\X-Rite\Devices\colormunki\colormunki.dll

2015-04-23 21:32 - 2014-12-15 00:53 - 00223784 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\SmartBackup.dll

2015-04-23 10:11 - 2015-03-28 04:45 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

2015-03-07 16:07 - 2014-01-21 17:41 - 00149792 ____N () C:\Program Files\Plantronics\GameCom 780 & 788\VmixPLGC.dll

2015-04-23 20:58 - 2013-04-03 18:29 - 00085504 _____ () C:\Program Files (x86)\Bloody5\Bloody5\DLL\DLL_ZoomControl.dll

2015-04-23 20:58 - 2014-01-10 17:48 - 04260352 _____ () C:\Program Files (x86)\Bloody5\Bloody5\Data\RES\Forms\Internet_Advertisement\Internet_Advertisement_DLL.dll

2015-04-29 22:33 - 2015-04-28 03:07 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libglesv2.dll

2015-04-29 22:33 - 2015-04-28 03:07 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libegl.dll

2015-02-13 12:14 - 2015-05-02 01:55 - 00032768 _____ () C:\Program Files (x86)\NZXT\CAM\GPULoadAPI.dll

2015-04-23 21:32 - 2014-12-15 01:04 - 00223272 _____ () C:\Program Files (x86)\EaseUS\TrayPopup\traynet.dll

2015-04-23 21:32 - 2014-12-15 01:04 - 00275496 _____ () C:\Program Files (x86)\EaseUS\TrayPopup\libcurl.dll

2015-04-23 21:32 - 2014-12-15 01:04 - 00118328 _____ () C:\Program Files (x86)\EaseUS\TrayPopup\zlib1.dll

2015-04-23 21:32 - 2015-03-14 12:05 - 00249896 _____ () C:\Program Files (x86)\EaseUS\TrayPopup\uexper.dll

2015-04-29 22:33 - 2015-04-28 03:07 - 14980424 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\PepperFlash\pepflashplayer.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\Users\Solution\OneDrive:ms-properties

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) ===============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

 

IE trusted site: HKU\S-1-5-21-1859955418-491830460-2377010485-1001\...\clonewarsadventures.com -> clonewarsadventures.com

IE trusted site: HKU\S-1-5-21-1859955418-491830460-2377010485-1001\...\freerealms.com -> freerealms.com

IE trusted site: HKU\S-1-5-21-1859955418-491830460-2377010485-1001\...\soe.com -> soe.com

IE trusted site: HKU\S-1-5-21-1859955418-491830460-2377010485-1001\...\sony.com -> sony.com

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-1859955418-491830460-2377010485-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Solution\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img4.jpg

DNS Servers: 8.8.8.8 - 8.8.4.4

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

 

==================== FirewallRules (whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [{527229AA-4AF7-4091-BC44-8631EFC512DD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{BE47152C-F695-4D1D-A455-3156E55E984B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{951D7608-200E-4480-8FA4-92C4ED3980A9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

FirewallRules: [{A628C5C6-7EB7-45D8-92DA-16461043746F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

FirewallRules: [{933E7C77-2B46-406C-A1C9-186BA85D9ABC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{67F962D6-F159-41DB-9CF5-89B8EC1291F8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{EDEAA550-3FF2-476E-9EE3-491C48043B57}] => (Allow) LPort=8080

FirewallRules: [{5F0DFB33-4858-4D21-A01B-749853043602}] => (Allow) LPort=2333

FirewallRules: [TCP Query User{18194263-BA42-4AD7-8E2C-B82F1C87C346}E:\source\d-link 320l add-on\dns-320l_sw_revall_storageutility_windows_5-1-0-3_all_en_20120706\d-link storage utility(5.1.0.3)_20120215.exe] => (Allow) E:\source\d-link 320l add-on\dns-320l_sw_revall_storageutility_windows_5-1-0-3_all_en_20120706\d-link storage utility(5.1.0.3)_20120215.exe

FirewallRules: [uDP Query User{4F5F5A71-3E5C-49FA-B7F3-0D4D0EEF9B7E}E:\source\d-link 320l add-on\dns-320l_sw_revall_storageutility_windows_5-1-0-3_all_en_20120706\d-link storage utility(5.1.0.3)_20120215.exe] => (Allow) E:\source\d-link 320l add-on\dns-320l_sw_revall_storageutility_windows_5-1-0-3_all_en_20120706\d-link storage utility(5.1.0.3)_20120215.exe

FirewallRules: [{DBFEF501-06F4-43BC-9930-F3272E842093}] => (Allow) LPort=5454

FirewallRules: [{560176B1-0634-4F74-AE06-2F9FD5FD3128}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe

FirewallRules: [TCP Query User{0B1859E5-AE3B-4086-8060-A1C8B81017B3}C:\users\solution\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\solution\appdata\roaming\spotify\spotify.exe

FirewallRules: [uDP Query User{C0E32EC8-4B5C-4E66-8104-233A9907EC5C}C:\users\solution\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\solution\appdata\roaming\spotify\spotify.exe

FirewallRules: [{7844BB8F-362A-4321-9F95-490D4965DC6F}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe

FirewallRules: [{6D7A18A4-300C-4E5A-8538-B0A41285790F}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe

FirewallRules: [{A21985A9-970A-47C3-BFB2-C40F5AA12285}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe

FirewallRules: [{63C5802D-2A38-4201-8D6B-E660ACC806C7}] => (Allow) D:\Steam\Steam.exe

FirewallRules: [{4AB7E6D3-BB87-4FBA-9197-AA32C2A38B5D}] => (Allow) D:\Steam\Steam.exe

FirewallRules: [{F9B3B913-2ED2-41F7-8761-14EC6D69905A}] => (Allow) D:\Steam\bin\steamwebhelper.exe

FirewallRules: [{83763C35-F5F8-4E25-B556-200AA819334F}] => (Allow) D:\Steam\bin\steamwebhelper.exe

FirewallRules: [{CACE2406-04FC-42AD-91AD-DB91428ABEDE}] => (Allow) D:\Steam\steamapps\common\Dungeon of the Endless\DungeonoftheEndless.exe

FirewallRules: [{9C06340A-078E-4076-A0D0-45478319E8AF}] => (Allow) D:\Steam\steamapps\common\Dungeon of the Endless\DungeonoftheEndless.exe

FirewallRules: [{26D85F4D-6463-4A0E-917D-286A39D97D37}] => (Allow) D:\Steam\steamapps\common\Hammerwatch\Hammerwatch.exe

FirewallRules: [{1112D57A-3C6E-44B0-8BD1-4DB291939C1E}] => (Allow) D:\Steam\steamapps\common\Hammerwatch\Hammerwatch.exe

FirewallRules: [{CDAD5E5C-2FD8-4331-837B-EAECF68E8C6C}] => (Allow) D:\Steam\steamapps\common\Hammerwatch\editor\HammerEditor.exe

FirewallRules: [{79A78CBB-4D8C-44F3-AA40-0ECC3C75627D}] => (Allow) D:\Steam\steamapps\common\Hammerwatch\editor\HammerEditor.exe

FirewallRules: [{04D1EF47-2595-416B-9F44-DAD7B695629C}] => (Allow) D:\Steam\steamapps\common\Tomb Raider\TombRaider.exe

FirewallRules: [{77FA6287-7081-4B9F-BFFD-5227EB9AFF1E}] => (Allow) D:\Steam\steamapps\common\Tomb Raider\TombRaider.exe

FirewallRules: [TCP Query User{5F59CA6C-0010-40DE-9766-503CCCAB1833}D:\games\world_of_tanks\wotlauncher.exe] => (Allow) D:\games\world_of_tanks\wotlauncher.exe

FirewallRules: [uDP Query User{3E4D6583-ED64-4D98-9ECC-2769059ADC7C}D:\games\world_of_tanks\wotlauncher.exe] => (Allow) D:\games\world_of_tanks\wotlauncher.exe

FirewallRules: [{396DED36-35C1-4158-B7B4-A0A424331A80}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe

FirewallRules: [{7A5476B9-9CB9-4C06-923D-8FCF55C64F65}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe

FirewallRules: [{45AF83F7-F042-48F0-A32E-C13AE4A0D808}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe

FirewallRules: [{9273F2E0-C810-4BA1-8DB9-45D4AB5CC927}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe

FirewallRules: [{E36C3496-C022-4DA9-B429-086FA691B94F}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe

FirewallRules: [{67479C2F-DC81-419F-8A09-A329397CBFD9}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe

FirewallRules: [{593C44F5-25B0-4DBE-9F2F-F1DB920F346A}] => (Allow) D:\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe

FirewallRules: [{44E39CF5-F84C-4B20-ADAC-F2C57E0AF1CA}] => (Allow) D:\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe

FirewallRules: [{21526613-9DF0-4BD1-ACCA-A52C88925FB7}] => (Allow) D:\Frontier\EDLaunch\EDLaunch.exe

FirewallRules: [{57E623AA-4422-41D9-B454-A10F46F0318F}] => (Allow) D:\Frontier\EDLaunch\EDLaunch.exe

FirewallRules: [{245CBA4C-8ACB-4E28-9510-01CA161AC038}] => (Allow) D:\Frontier\EDLaunch\EDLaunch.exe

FirewallRules: [{4E03B313-F094-4FE4-9B21-BA08A0BCC143}] => (Allow) D:\Frontier\EDLaunch\EDLaunch.exe

FirewallRules: [TCP Query User{EF2B2373-E38F-42E7-8F44-29E9B1AAC9A6}D:\steam\steamapps\common\insurgency2\insurgency.exe] => (Allow) D:\steam\steamapps\common\insurgency2\insurgency.exe

FirewallRules: [uDP Query User{A0F70403-11B1-4482-8B07-7C3EE3E2DD63}D:\steam\steamapps\common\insurgency2\insurgency.exe] => (Allow) D:\steam\steamapps\common\insurgency2\insurgency.exe

FirewallRules: [TCP Query User{A076A36F-5475-4358-A9EB-8FE125BA2F79}D:\steam\steamapps\common\dead island\deadislandgame.exe] => (Allow) D:\steam\steamapps\common\dead island\deadislandgame.exe

FirewallRules: [uDP Query User{AFFDD373-CD8C-469D-9CD8-A9DF2A3459A5}D:\steam\steamapps\common\dead island\deadislandgame.exe] => (Allow) D:\steam\steamapps\common\dead island\deadislandgame.exe

FirewallRules: [{1C650456-5C82-4A08-9EFE-C30A6574609C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{4F155C15-0CB3-4223-8EE0-4B6E5575AC7C}] => (Allow) D:\Steam\steamapps\common\Prison Architect\Prison Architect.exe

FirewallRules: [{C0DCC757-9D1C-450B-9C29-CD49A552AAAD}] => (Allow) D:\Steam\steamapps\common\Prison Architect\Prison Architect.exe

FirewallRules: [{E1965F69-4347-4C57-9FF6-1F98AC8614A7}] => (Allow) D:\Steam\steamapps\common\Dying Light\DyingLightGame.exe

FirewallRules: [{DEF401F6-5A74-41B3-85FB-10FAF8F11746}] => (Allow) D:\Steam\steamapps\common\Dying Light\DyingLightGame.exe

FirewallRules: [{A2E14456-7B34-4C6D-B9C2-59CE362B3840}] => (Allow) D:\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe

FirewallRules: [{77F66B83-5C88-4382-8140-E1E37CAC18FA}] => (Allow) D:\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe

FirewallRules: [{5C3259CF-F4C6-4ECF-A98C-7F2A7A800EF1}] => (Allow) D:\Steam\steamapps\common\The Forest\TheForest.exe

FirewallRules: [{3A80DB60-8D99-49CA-A7B2-65788B0CC39B}] => (Allow) D:\Steam\steamapps\common\The Forest\TheForest.exe

FirewallRules: [{48FFF7A9-17F1-45B5-A080-DBFCAEDE7BB4}] => (Allow) D:\Steam\steamapps\common\Risen 2\system\Risen2.exe

FirewallRules: [{AA5EC780-3014-4A26-BD9E-BEB0DFC69235}] => (Allow) D:\Steam\steamapps\common\Risen 2\system\Risen2.exe

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (05/02/2015 01:55:42 AM) (Source: Perflib) (EventID: 1008) (User: )

Description: BITSC:\Windows\System32\bitsperf.dll4

 

Error: (05/01/2015 09:35:01 PM) (Source: Perflib) (EventID: 1023) (User: )

Description: rdyboost4

 

Error: (04/29/2015 11:15:55 PM) (Source: Perflib) (EventID: 1023) (User: )

Description: rdyboost4

 

Error: (04/28/2015 10:56:36 PM) (Source: Perflib) (EventID: 1023) (User: )

Description: rdyboost4

 

Error: (04/28/2015 07:16:20 AM) (Source: VSS) (EventID: 12305) (User: )

Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.

Error context: DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1 - 00000000000001AC,0x00530194,0000000000000000,0,0000001D94FD0080,4096,[0]).

 

 

Operation:

   Query Shadow Copies

 

Error: (04/27/2015 09:43:59 PM) (Source: Perflib) (EventID: 1023) (User: )

Description: rdyboost4

 

Error: (04/26/2015 09:53:17 AM) (Source: Perflib) (EventID: 1023) (User: )

Description: rdyboost4

 

Error: (04/24/2015 09:50:15 PM) (Source: Perflib) (EventID: 1023) (User: )

Description: rdyboost4

 

Error: (04/23/2015 09:26:30 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )

Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)

 

Error: (04/23/2015 10:43:42 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)

Description: Event provider ProtectionManagement attempted to register query "select * from MSFT_MpEvent" whose target class "MSFT_MpEvent" in //./root/microsoft/protectionManagement namespace does not exist. The query will be ignored.

 

 

System errors:

=============

Error: (05/02/2015 01:55:09 AM) (Source: DCOM) (EventID: 10016) (User: X99)

Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}X99SolutionS-1-5-21-1859955418-491830460-2377010485-1001LocalHost (Using LRPC)UnavailableUnavailable

 

Error: (05/02/2015 01:55:09 AM) (Source: DCOM) (EventID: 10016) (User: X99)

Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}X99SolutionS-1-5-21-1859955418-491830460-2377010485-1001LocalHost (Using LRPC)UnavailableUnavailable

 

Error: (05/02/2015 01:55:09 AM) (Source: DCOM) (EventID: 10016) (User: X99)

Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}X99SolutionS-1-5-21-1859955418-491830460-2377010485-1001LocalHost (Using LRPC)UnavailableUnavailable

 

Error: (05/02/2015 01:55:09 AM) (Source: DCOM) (EventID: 10016) (User: X99)

Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}X99SolutionS-1-5-21-1859955418-491830460-2377010485-1001LocalHost (Using LRPC)UnavailableUnavailable

 

Error: (05/02/2015 01:55:09 AM) (Source: DCOM) (EventID: 10016) (User: X99)

Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}X99SolutionS-1-5-21-1859955418-491830460-2377010485-1001LocalHost (Using LRPC)UnavailableUnavailable

 

Error: (05/02/2015 01:54:05 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

 

Error: (05/02/2015 01:54:04 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

 

Error: (05/02/2015 01:54:04 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Intel® Integrated Clock Controller Service - Intel® ICCS service terminated unexpectedly. It has done this 1 time(s).

 

Error: (05/02/2015 01:54:04 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Intel® Extreme Tuning Utility Service service terminated unexpectedly. It has done this 1 time(s).

 

Error: (05/02/2015 01:54:04 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Intel® Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).

 

 

Microsoft Office Sessions:

=========================

Error: (05/02/2015 01:55:42 AM) (Source: Perflib) (EventID: 1008) (User: )

Description: BITSC:\Windows\System32\bitsperf.dll4

 

Error: (05/01/2015 09:35:01 PM) (Source: Perflib) (EventID: 1023) (User: )

Description: rdyboost4

 

Error: (04/29/2015 11:15:55 PM) (Source: Perflib) (EventID: 1023) (User: )

Description: rdyboost4

 

Error: (04/28/2015 10:56:36 PM) (Source: Perflib) (EventID: 1023) (User: )

Description: rdyboost4

 

Error: (04/28/2015 07:16:20 AM) (Source: VSS) (EventID: 12305) (User: )

Description: DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1 - 00000000000001AC,0x00530194,0000000000000000,0,0000001D94FD0080,4096,[0])

 

Operation:

   Query Shadow Copies

 

Error: (04/27/2015 09:43:59 PM) (Source: Perflib) (EventID: 1023) (User: )

Description: rdyboost4

 

Error: (04/26/2015 09:53:17 AM) (Source: Perflib) (EventID: 1023) (User: )

Description: rdyboost4

 

Error: (04/24/2015 09:50:15 PM) (Source: Perflib) (EventID: 1023) (User: )

Description: rdyboost4

 

Error: (04/23/2015 09:26:30 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )

Description: 0x8898008d

 

Error: (04/23/2015 10:43:42 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)

Description: ProtectionManagementselect * from MSFT_MpEventMSFT_MpEvent//./root/microsoft/protectionManagement

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i7-5820K CPU @ 3.30GHz

Percentage of memory in use: 19%

Total physical RAM: 16307.71 MB

Available physical RAM: 13098.65 MB

Total Pagefile: 18739.71 MB

Available Pagefile: 14035.78 MB

Total Virtual: 131072 MB

Available Virtual: 131071.78 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:238.13 GB) (Free:202.14 GB) NTFS

Drive d: () (Fixed) (Total:476.81 GB) (Free:145.63 GB) NTFS

Drive e: () (Fixed) (Total:2794.39 GB) (Free:2657.2 GB) NTFS

 

==================== MBR & Partition Table ==================

 

==================== End Of Log ============================