Jump to content

ThePurpleOrange

Members
  • Posts

    14
  • Joined

  • Last visited

Everything posted by ThePurpleOrange

  1. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.7 (07.03.2016) Operating System: Windows 7 Ultimate x64 Ran by Connell (Administrator) on Wed 08/03/2016 at 17:11:18.77 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 9 Successfully deleted: C:\Users\Connell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9WOLDZ42 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Connell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KFS4V2DN (Temporary Internet Files Folder) Successfully deleted: C:\Users\Connell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L5WVOTIN (Temporary Internet Files Folder) Successfully deleted: C:\Users\Connell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SGZZ6GJN (Temporary Internet Files Folder) Successfully deleted: C:\Users\Connell\AppData\Roaming\appdataFr25.bin (File) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9WOLDZ42 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KFS4V2DN (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L5WVOTIN (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SGZZ6GJN (Temporary Internet Files Folder) Registry: 1 Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_9CACE28C2316D302DA197A798CC292BC (Registry Value) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Wed 08/03/2016 at 17:13:25.96 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Zemana AntiMalware 2.21.2.247 (Installed) ------------------------------------------------------- Scan Result : Completed Scan Date : 2016/8/3 Operating System : Windows 7 64-bit Processor : 8X Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz BIOS Mode : Legacy CUID : 12A38E73DB4B2BD4E0D9BC Scan Type : Scheduled Scan Duration : 3m 10s Scanned Objects : 20831 Detected Objects : 7 Excluded Objects : 0 Read Level : SCSI Auto Upload : Enabled Detect All Extensions : Disabled Scan Documents : Disabled Domain Info : WORKGROUP,0,2 Detected Objects ------------------------------------------------------- Chrome Shortcut Status : Scanned Object : --app-id=knipolnnllmklapflnccelgolnpehhpl MD5 : - Publisher : - Size : - Version : - Detection : Suspicious Browser Setting Cleaning Action : Repair Related Objects : Browser Setting - Chrome Shortcut Chrome Homepage Status : Scanned Object : http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTwkzwGbNf0NjqIAq_u7mGIGaoqOU7bB0poivK6FlvbX0g1PTW9xDSnf3a-XBRI_xiObg11ItU0aL3oplT533h6tiFot8jsJxu8DnBpLlP045uU6FdKyCQp749AMPeBBAx-f7UVnaZaR03snbyzZYpDPcpMepi_cpxnyu9rPYW5cR4GP5JpA_ MD5 : - Publisher : - Size : - Version : - Detection : Suspicious Browser Setting Cleaning Action : Repair Related Objects : Browser Setting - Chrome Homepage Isaac.exe Status : Scanned Object : %userprofile%\downloads\thebindingofisaacwrathofthelamb\the binding of isaac - wrath of the lamb\the binding of isaac\isaac.exe MD5 : 57903EE13BEF8405E8D45D950CE0DBDA Publisher : - Size : 4679168 Version : 1.0.0.0 Detection : Malware:Win32/Multi.Generic!Eeel Cleaning Action : Quarantine Related Objects : File - %userprofile%\downloads\thebindingofisaacwrathofthelamb\the binding of isaac - wrath of the lamb\the binding of isaac\isaac.exe ainjectr.exe Status : Scanned Object : %userprofile%\downloads\ainjectr.exe MD5 : C0006A137991A018B19D308635B81DFF Publisher : Proinstall Applications SRL Size : 231808 Version : 1.1.0.4 Detection : Adware:Win32/AdBundle.Generic!Ep Cleaning Action : Quarantine Related Objects : File - %userprofile%\downloads\ainjectr.exe AudioEngw.dll Status : Scanned Object : %systemroot%\syswow64\audioengw.dll MD5 : 1D94CC534E56D458B52168532063474E Publisher : - Size : 184320 Version : - Detection : Trojan:Win32/Vorniac.A!Rmml Cleaning Action : Quarantine Related Objects : File - %systemroot%\syswow64\audioengw.dll Scheduled Task - C:\Windows\System32\Tasks\ATIZN Scheduled Task - ATIZN.job SuperMeatBoySetup.exe Status : Scanned Object : %userprofile%\downloads\supermeatboysetup.exe MD5 : FCE2126CD28BB853A1ABBDADC4E636FE Publisher : - Size : 54272 Version : 0.0.0.0 Detection : Malware:Win32/Tazzi.A!Amte Cleaning Action : Quarantine Related Objects : File - %userprofile%\downloads\supermeatboysetup.exe p0sixspwnv1.0.8_setup.exe Status : Scanned Object : %userprofile%\downloads\p0sixspwnv1.0.8_setup.exe MD5 : C5B3CA42AD5D06CF6E40D9B2AB685DD3 Publisher : Joltlogic Size : 364400 Version : 3.7.1.0 Detection : Adware:Win32/AutoBulk.46ce2e!Ep Cleaning Action : Quarantine Related Objects : File - %userprofile%\downloads\p0sixspwnv1.0.8_setup.exe Cleaning Result ------------------------------------------------------- Cleaned : 7 Reported as safe : 0 Failed : 0 Looks like it found the issue based upon the scans in Win32 and System32... I'll know in a little while once I restart Malwarebytes
  2. Yeah here it is Malwarebytes Anti-Malware www.malwarebytes.org Update, 8/3/2016 3:18 PM, SYSTEM, CONNELL-PC, Scheduler, Failed, No Internet connection detected, Update, 8/3/2016 3:18 PM, SYSTEM, CONNELL-PC, Scheduler, Failed, No Internet connection detected, Update, 8/3/2016 3:22 PM, SYSTEM, CONNELL-PC, Scheduler, Remediation Database, 2016.8.2.1, 2016.8.3.1, Update, 8/3/2016 3:22 PM, SYSTEM, CONNELL-PC, Scheduler, IP Database, 2016.8.3.1, 2016.8.3.2, Update, 8/3/2016 3:22 PM, SYSTEM, CONNELL-PC, Scheduler, Domain Database, 2016.8.2.7, 2016.8.3.9, Update, 8/3/2016 3:22 PM, SYSTEM, CONNELL-PC, Scheduler, Malware Database, 2016.8.3.1, 2016.8.3.11, Protection, 8/3/2016 3:22 PM, SYSTEM, CONNELL-PC, Protection, Refresh, Starting, Protection, 8/3/2016 3:22 PM, SYSTEM, CONNELL-PC, Protection, Malicious Website Protection, Stopping, Protection, 8/3/2016 3:22 PM, SYSTEM, CONNELL-PC, Protection, Malicious Website Protection, Stopped, Protection, 8/3/2016 3:22 PM, SYSTEM, CONNELL-PC, Protection, Refresh, Success, Protection, 8/3/2016 3:22 PM, SYSTEM, CONNELL-PC, Protection, Malicious Website Protection, Starting, Protection, 8/3/2016 3:22 PM, SYSTEM, CONNELL-PC, Protection, Malicious Website Protection, Started, Scan, 8/3/2016 3:31 PM, SYSTEM, CONNELL-PC, Context, Start:8/3/2016 3:18 PM, Duration:12 min 29 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, Detection, 8/3/2016 3:32 PM, SYSTEM, CONNELL-PC, Protection, Malicious Website Protection, IP, 192.133.137.104, l.mediaadserver.org, 52299, Outbound, C:\Windows\SysWOW64\rundll32.exe, Detection, 8/3/2016 3:32 PM, SYSTEM, CONNELL-PC, Protection, Malicious Website Protection, IP, 192.133.137.104, l.mediaadserver.org, 52299, Outbound, C:\Windows\SysWOW64\rundll32.exe, Detection, 8/3/2016 3:33 PM, SYSTEM, CONNELL-PC, Protection, Malicious Website Protection, IP, 192.133.137.104, l.mediaadserver.org, 52411, Outbound, C:\Windows\SysWOW64\rundll32.exe, Detection, 8/3/2016 3:33 PM, SYSTEM, CONNELL-PC, Protection, Malicious Website Protection, IP, 192.133.137.104, l.mediaadserver.org, 52533, Outbound, C:\Windows\SysWOW64\rundll32.exe, Detection, 8/3/2016 3:33 PM, SYSTEM, CONNELL-PC, Protection, Malicious Website Protection, IP, 192.133.137.104, l.mediaadserver.org, 52657, Outbound, C:\Windows\SysWOW64\rundll32.exe, Detection, 8/3/2016 3:34 PM, SYSTEM, CONNELL-PC, Protection, Malicious Website Protection, IP, 192.133.137.104, l.mediaadserver.org, 53082, Outbound, C:\Windows\SysWOW64\rundll32.exe, Detection, 8/3/2016 3:36 PM, SYSTEM, CONNELL-PC, Protection, Malicious Website Protection, IP, 192.133.137.104, l.mediaadserver.org, 53404, Outbound, C:\Windows\SysWOW64\rundll32.exe, Detection, 8/3/2016 3:36 PM, SYSTEM, CONNELL-PC, Protection, Malicious Website Protection, IP, 192.133.137.104, l.mediaadserver.org, 53582, Outbound, C:\Windows\SysWOW64\rundll32.exe, Detection, 8/3/2016 3:36 PM, SYSTEM, CONNELL-PC, Protection, Malicious Website Protection, IP, 192.133.137.104, l.mediaadserver.org, 53588, Outbound, C:\Windows\SysWOW64\rundll32.exe, Detection, 8/3/2016 3:36 PM, SYSTEM, CONNELL-PC, Protection, Malicious Website Protection, IP, 192.133.137.104, l.mediaadserver.org, 53633, Outbound, C:\Windows\SysWOW64\rundll32.exe, Detection, 8/3/2016 3:37 PM, SYSTEM, CONNELL-PC, Protection, Malicious Website Protection, IP, 192.133.137.104, l.mediaadserver.org, 53694, Outbound, C:\Windows\SysWOW64\rundll32.exe, Detection, 8/3/2016 3:37 PM, SYSTEM, CONNELL-PC, Protection, Malicious Website Protection, IP, 192.133.137.104, l.mediaadserver.org, 53761, Outbound, C:\Windows\SysWOW64\rundll32.exe, Detection, 8/3/2016 3:37 PM, SYSTEM, CONNELL-PC, Protection, Malicious Website Protection, IP, 192.133.137.104, l.mediaadserver.org, 53811, Outbound, C:\Windows\SysWOW64\rundll32.exe, Detection, 8/3/2016 3:37 PM, SYSTEM, CONNELL-PC, Protection, Malicious Website Protection, IP, 192.133.137.104, l.mediaadserver.org, 53860, Outbound, C:\Windows\SysWOW64\rundll32.exe, Detection, 8/3/2016 3:38 PM, SYSTEM, CONNELL-PC, Protection, Malicious Website Protection, IP, 192.133.137.104, l.mediaadserver.org, 54032, Outbound, C:\Windows\SysWOW64\rundll32.exe, (end)
  3. Sophos found nothing but I accidentally closed the window before I could retrieve the log, but since nothing was found I figured it wasn't necessary. Malwarebytes continues to send me notifications saying it blocked a website. Could it be an issue within Malwarebytes?
  4. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 8/1/2016 Scan Time: 1:32 PM Logfile: Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.08.01.10 Rootkit Database: v2016.05.27.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Connell Scan Type: Threat Scan Result: Completed Objects Scanned: 310311 Time Elapsed: 21 min, 29 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  5. I'm very sorry I definitely did not read the directions carefully enough I clicked clean instead of fix. Here is Fixlog.txt Fix result of Farbar Recovery Scan Tool (x64) Version: 27-07-2016 Ran by Connell (2016-07-31 19:40:40) Run:1 Running from C:\Users\Connell\Desktop Loaded Profiles: Connell (Available Profiles: Connell) Boot Mode: Normal ============================================== fixlist content: ***************** Start CreateRestorePoint: CloseProcesses: HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1 HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1 HKLM\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-3462628204-2175220548-686733109-1000\...\Run: [Ijtsoft] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Connell\AppData\Local\Ufmedia\qhpqefng.dll C:\Users\Connell\AppData\Local\Ufmedia\qhpqefng.dll C:\Users\Connell\AppData\Local\Ufmedia HKU\S-1-5-21-3462628204-2175220548-686733109-1000\...\MountPoints2: {c6a6da86-7f81-11e5-aebe-685d4307e1e3} - F:\OnePlus_setup.exe /s HKU\S-1-5-21-3462628204-2175220548-686733109-1000\...\MountPoints2: {d151366b-c037-11e4-aee0-685d4307e1e3} - E:\Autorun.exe HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 1 ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => No File CHR HKU\S-1-5-21-3462628204-2175220548-686733109-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION Tcpip\..\Interfaces\{B99DE71E-CD0F-4D2C-BA2E-9AA063082EBF}: [DhcpNameServer] 172.20.10.1 HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-3462628204-2175220548-686733109-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTwkzwGbNf0NjqIAq_u7mGIGaoqOU7bB0poivK6FlvbX0g1PTW9xDSnf3a-XBRI_xiObg11ItU0aL3oplT533h6tiFot8jsJxu8DnBpLlP045uU6FdKyCQp749AMPeBBAx-f7UVnaZaR03snbyzZYpDPcpMepi_cpxnyu9rPYW5cR4GP5JpA_ S2 caMyciloP; no ImagePath S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X] S3 ipadtst; \??\C:\Program Files (x86)\MSI\SUPER CHARGER\ipadtst_64.sys [X] S3 NTIOLib_1_0_3; \??\C:\Program Files (x86)\MSI\SUPER CHARGER\NTIOLib_X64.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] Task: {7E201D76-ADA6-419E-9CD2-D4A0E3705832} - System32\Tasks\e4wjqahj => C:\Program Files\Common Files\uywb2fn2\68b4d0yrm4eih.exe <==== ATTENTION C:\Program Files\Common Files\uywb2fn2\68b4d0yrm4eih.exe C:\Program Files\Common Files\uywb2fn2 Task: {CCE94F75-99CA-4A97-B80B-85174BFBB562} - System32\Tasks\downioadwi => C:\Windows\system32\config\systemprofile\AppData\Local\Vivasoncore <==== ATTENTION C:\Windows\system32\config\systemprofile\AppData\Local\Vivasoncore Task: {EA942C78-914B-43B4-86F6-969C7A959C3C} - System32\Tasks\443l40kz => C:\Program Files\Common Files\sq1x44oe\49ca6uqnrfle4.exe <==== ATTENTION C:\Program Files\Common Files\sq1x44oe\49ca6uqnrfle4.exe C:\Program Files\Common Files\sq1x44oe AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation [63] AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation [63] AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩敷畢敳睜湩敷畢敳攮數 CMD: ipconfig /flushdns EmptyTemp: end ***************** Error: (0) Failed to create a restore point. Processes closed successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\AllowLegacyWebView => value removed successfully HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\AllowUnhashedWebView => value removed successfully HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => value removed successfully HKU\S-1-5-21-3462628204-2175220548-686733109-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Ijtsoft => value removed successfully "C:\Users\Connell\AppData\Local\Ufmedia\qhpqefng.dll" => not found. C:\Users\Connell\AppData\Local\Ufmedia => moved successfully "HKU\S-1-5-21-3462628204-2175220548-686733109-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c6a6da86-7f81-11e5-aebe-685d4307e1e3}" => key removed successfully HKCR\CLSID\{c6a6da86-7f81-11e5-aebe-685d4307e1e3} => key not found. "HKU\S-1-5-21-3462628204-2175220548-686733109-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d151366b-c037-11e4-aee0-685d4307e1e3}" => key removed successfully HKCR\CLSID\{d151366b-c037-11e4-aee0-685d4307e1e3} => key not found. HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => value removed successfully "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\0PerformanceMonitor" => key removed successfully HKCR\CLSID\{3B5B973C-92A4-4855-9D3F-0F3D23332208} => key not found. "HKU\S-1-5-21-3462628204-2175220548-686733109-1000\SOFTWARE\Policies\Google" => key removed successfully HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B99DE71E-CD0F-4D2C-BA2E-9AA063082EBF}\\DhcpNameServer => value removed successfully "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully "HKU\S-1-5-21-3462628204-2175220548-686733109-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully Chrome HomePage => removed successfully caMyciloP => service not found. TrustedInstaller => service removed successfully ipadtst => service removed successfully NTIOLib_1_0_3 => service removed successfully Synth3dVsc => service removed successfully tsusbhub => service removed successfully VGPU => service removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7E201D76-ADA6-419E-9CD2-D4A0E3705832}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E201D76-ADA6-419E-9CD2-D4A0E3705832}" => key removed successfully C:\Windows\System32\Tasks\e4wjqahj => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e4wjqahj" => key removed successfully "C:\Program Files\Common Files\uywb2fn2\68b4d0yrm4eih.exe" => not found. "C:\Program Files\Common Files\uywb2fn2" => not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CCE94F75-99CA-4A97-B80B-85174BFBB562}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCE94F75-99CA-4A97-B80B-85174BFBB562}" => key removed successfully C:\Windows\System32\Tasks\downioadwi => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\downioadwi" => key removed successfully "C:\Windows\system32\config\systemprofile\AppData\Local\Vivasoncore" => not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA942C78-914B-43B4-86F6-969C7A959C3C}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA942C78-914B-43B4-86F6-969C7A959C3C}" => key removed successfully C:\Windows\System32\Tasks\443l40kz => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\443l40kz" => key removed successfully "C:\Program Files\Common Files\sq1x44oe\49ca6uqnrfle4.exe" => not found. "C:\Program Files\Common Files\sq1x44oe" => not found. "C:\Windows\SysWOW64\zlib.dll" => ":DocumentSummaryInformation" ADS not found. "C:\Windows\SysWOW64\zlib.dll" => ":SummaryInformation" ADS not found. C:\Windows\SysWOW64\zlib.dll => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully. 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩敷畢敳睜湩敷畢敳攮數 => Error: No automatic fix found for this entry. ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End ofCMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6462458 B Java, Flash, Steam htmlcache => 185596792 B Windows/system/drivers => 720649718 B Edge => 0 B Chrome => 527944581 B Firefox => 14646903 B Opera => 12024256 B Temp, IE cache, history, cookies, recent: Default => 66228 B Public => 0 B ProgramData => 0 B systemprofile => 55275797 B systemprofile32 => 73348 B LocalService => 66228 B NetworkService => 382830 B Connell => 315035331 B RecycleBin => 9986401757 B EmptyTemp: => 11 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 19:40:58 ====
  6. Ran FRST again and there is no mention of a fixlog.txt it only says it saved FRST.txt. Is there anything I need to check before the scan in order to create that log?
  7. Yeah sorry I left my computer scanning with sophos. The text is above. FRST was the only txt file that came up in the desktop after scanning. I will look again.
  8. Sophos log: 2016-07-31 17:22:05.318 Sophos Virus Removal Tool version 2.5.5 2016-07-31 17:22:05.318 Copyright (c) 2009-2014 Sophos Limited. All rights reserved. 2016-07-31 17:22:05.318 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them. 2016-07-31 17:22:05.318 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64 2016-07-31 17:22:05.318 Checking for updates... 2016-07-31 17:22:05.583 Update progress: proxy server not available 2016-07-31 17:22:14.064 Option all = no 2016-07-31 17:22:14.064 Option recurse = yes 2016-07-31 17:22:14.064 Option archive = no 2016-07-31 17:22:14.064 Option service = yes 2016-07-31 17:22:14.064 Option confirm = yes 2016-07-31 17:22:14.064 Option sxl = yes 2016-07-31 17:22:14.064 Option max-data-age = 35 2016-07-31 17:22:14.064 Option EnableSafeClean = yes 2016-07-31 17:22:15.624 Option vdl-logging = yes 2016-07-31 17:22:15.639 Customer ID: 094260ca9b3af99f9d4a3909fc47a743 2016-07-31 17:22:15.639 Machine ID: 47146c858dcc40659593adc5dd3e002b 2016-07-31 17:22:15.639 Component SVRTcli.exe version 2.5.5 2016-07-31 17:22:15.639 Component control.dll version 2.5.5 2016-07-31 17:22:15.639 Component SVRTservice.exe version 2.5.5 2016-07-31 17:22:15.639 Component engine\osdp.dll version 1.44.1.2250 2016-07-31 17:22:15.639 Component engine\veex.dll version 3.65.0.2250 2016-07-31 17:22:15.639 Component engine\savi.dll version 9.0.1.2250 2016-07-31 17:22:15.639 Component rkdisk.dll version 1.5.30.0 2016-07-31 17:22:15.639 Version info: Product version 2.5.5 2016-07-31 17:22:15.639 Version info: Detection engine 3.65.0 2016-07-31 17:22:15.639 Version info: Detection data 5.26 2016-07-31 17:22:15.639 Version info: Build date 4/5/2016 2016-07-31 17:22:15.639 Version info: Data files added 716 2016-07-31 17:22:15.639 Version info: Last successful update (not yet updated) 2016-07-31 17:22:39.328 Downloading updates... 2016-07-31 17:22:39.343 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0 2016-07-31 17:22:39.343 Update progress: [I49502] Found supplement SAVIW32 LATEST 2016-07-31 17:22:39.343 Update progress: [I49502] Found supplement IDE527 LATEST 2016-07-31 17:22:39.343 Update progress: [I49502] Found supplement IDE528 LATEST 2016-07-31 17:22:39.343 Update progress: [I49502] Found supplement IDE529 LATEST 2016-07-31 17:22:39.343 Update progress: [I49502] Found supplement IDE530 LATEST 2016-07-31 17:22:39.343 Update progress: [I49502] Found supplement IDE531 LATEST 2016-07-31 17:22:39.343 Update progress: [I49502] Found supplement IDE532 LATEST 2016-07-31 17:22:39.343 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1 2016-07-31 17:22:39.343 Update progress: [I19463] Syncing product SAVIW32 70 2016-07-31 17:22:43.032 Update progress: [I19463] Syncing product IDE527 142 2016-07-31 17:22:43.906 Installing updates... 2016-07-31 17:22:44.514 Error level 1 2016-07-31 17:22:44.530 Update progress: [I19463] Syncing product IDE528 127 2016-07-31 17:22:44.530 Update progress: [I19463] Syncing product IDE529 135 2016-07-31 17:22:44.530 Update progress: [I19463] Syncing product IDE530 214 2016-07-31 17:22:44.530 Update progress: [I19463] Syncing product IDE531 105 2016-07-31 17:22:44.530 Update progress: [I19463] Syncing product IDE532 1 2016-07-31 17:22:56.887 Update successful 2016-07-31 17:23:08.352 Option all = no 2016-07-31 17:23:08.352 Option recurse = yes 2016-07-31 17:23:08.352 Option archive = no 2016-07-31 17:23:08.352 Option service = yes 2016-07-31 17:23:08.352 Option confirm = yes 2016-07-31 17:23:08.352 Option sxl = yes 2016-07-31 17:23:08.352 Option max-data-age = 35 2016-07-31 17:23:08.352 Option EnableSafeClean = yes 2016-07-31 17:23:08.477 Option vdl-logging = yes 2016-07-31 17:23:08.477 Customer ID: 094260ca9b3af99f9d4a3909fc47a743 2016-07-31 17:23:08.477 Machine ID: 47146c858dcc40659593adc5dd3e002b 2016-07-31 17:23:08.477 Component SVRTcli.exe version 2.5.5 2016-07-31 17:23:08.477 Component control.dll version 2.5.5 2016-07-31 17:23:08.477 Component SVRTservice.exe version 2.5.5 2016-07-31 17:23:08.477 Component engine\osdp.dll version 1.44.1.2250 2016-07-31 17:23:08.477 Component engine\veex.dll version 3.65.0.2250 2016-07-31 17:23:08.477 Component engine\savi.dll version 9.0.1.2250 2016-07-31 17:23:08.477 Component rkdisk.dll version 1.5.30.0 2016-07-31 17:23:08.477 Version info: Product version 2.5.5 2016-07-31 17:23:08.477 Version info: Detection engine 3.65.0 2016-07-31 17:23:08.477 Version info: Detection data 5.26 2016-07-31 17:23:08.477 Version info: Build date 4/5/2016 2016-07-31 17:23:08.477 Version info: Data files added 716 2016-07-31 17:23:08.477 Version info: Last successful update 7/31/2016 12:22:56 PM 2016-07-31 17:41:52.191 >>> Virus 'Troj/MSIL-GHN' found in file C:\$Recycle.Bin\S-1-5-21-3462628204-2175220548-686733109-1000\$R2FHOJV\run.exe 2016-07-31 17:42:07.979 >>> Virus 'Troj/MSIL-FUU' found in file C:\$Recycle.Bin\S-1-5-21-3462628204-2175220548-686733109-1000\$RSHX299\bin\84a6b820-8e08-4c23-913f-16c8f775a027\xtc.exe 2016-07-31 17:42:13.760 Could not open C:\hiberfil.sys 2016-07-31 17:42:20.515 Could not open C:\pagefile.sys 2016-07-31 17:51:48.365 Could not open C:\Users\Connell\AppData\Local\Google\Chrome\User Data\Default\Current Session 2016-07-31 17:51:48.365 Could not open C:\Users\Connell\AppData\Local\Google\Chrome\User Data\Default\Current Tabs 2016-07-31 19:00:05.640 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb 2016-07-31 19:00:05.641 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb 2016-07-31 19:00:10.725 Could not open C:\Windows\System32\config\RegBack\DEFAULT 2016-07-31 19:00:10.725 Could not open C:\Windows\System32\config\RegBack\SAM 2016-07-31 19:00:10.726 Could not open C:\Windows\System32\config\RegBack\SECURITY 2016-07-31 19:00:10.726 Could not open C:\Windows\System32\config\RegBack\SOFTWARE 2016-07-31 19:00:10.727 Could not open C:\Windows\System32\config\RegBack\SYSTEM 2016-07-31 19:14:25.315 The following items will be cleaned up: 2016-07-31 19:14:25.315 Troj/MSIL-GHN 2016-07-31 19:14:25.315 Troj/MSIL-FUU 2016-08-01 00:27:23.173 Threat 'Troj/MSIL-GHN' has been cleaned up. 2016-08-01 00:27:23.173 File "C:\$Recycle.Bin\S-1-5-21-3462628204-2175220548-686733109-1000\$R2FHOJV\run.exe" belongs to 'Troj/MSIL-GHN'. 2016-08-01 00:27:23.173 File "C:\$Recycle.Bin\S-1-5-21-3462628204-2175220548-686733109-1000\$R2FHOJV\run.exe" has been cleaned up. 2016-08-01 00:27:23.189 Removal successful 2016-08-01 00:27:24.905 Threat 'Troj/MSIL-FUU' has been cleaned up. 2016-08-01 00:27:24.905 File "C:\$Recycle.Bin\S-1-5-21-3462628204-2175220548-686733109-1000\$RSHX299\bin\84a6b820-8e08-4c23-913f-16c8f775a027\xtc.exe" belongs to 'Troj/MSIL-FUU'. 2016-08-01 00:27:24.905 File "C:\$Recycle.Bin\S-1-5-21-3462628204-2175220548-686733109-1000\$RSHX299\bin\84a6b820-8e08-4c23-913f-16c8f775a027\xtc.exe" has been cleaned up. 2016-08-01 00:27:24.905 Removal successful 2016-08-01 00:27:24.920 Contents of SafeClean bin directory: 2016-08-01 00:27:24.920 { 2016-08-01 00:27:24.920 RecordID : "0000000000000001", 2016-08-01 00:27:24.920 ItemType : "1", 2016-08-01 00:27:24.920 Location : "C:\$Recycle.Bin\S-1-5-21-3462628204-2175220548-686733109-1000\$R2FHOJV\", 2016-08-01 00:27:24.920 FileName : "run.exe", 2016-08-01 00:27:24.920 ThreatName : "Troj/MSIL-GHN", 2016-08-01 00:27:24.920 Checksum : "8b31a54112317d62fabb7fe3024070b233b4d545f6468a0a695e36b04f0236c7", 2016-08-01 00:27:24.920 TimeStamp : "Sun Jul 31 19:27:19 2016" 2016-08-01 00:27:24.920 } 2016-08-01 00:27:24.920 { 2016-08-01 00:27:24.920 RecordID : "0000000000000002", 2016-08-01 00:27:24.920 ItemType : "1", 2016-08-01 00:27:24.920 Location : "C:\$Recycle.Bin\S-1-5-21-3462628204-2175220548-686733109-1000\$RSHX299\bin\84a6b820-8e08-4c23-913f-16c8f775a027\", 2016-08-01 00:27:24.920 FileName : "xtc.exe", 2016-08-01 00:27:24.920 ThreatName : "Troj/MSIL-FUU", 2016-08-01 00:27:24.920 Checksum : "5cb75475c0ed7ca9de62fa6ad951b63e287b31d766f1e0de9b3b57e378b0b15b", 2016-08-01 00:27:24.920 TimeStamp : "Sun Jul 31 19:27:23 2016" 2016-08-01 00:27:24.920 } 2016-08-01 00:27:25.435 Error level 0 I will let you know if the website continues to come up. Thanks so much for your help!
  9. AdwCleaner[C1].txt: # AdwCleaner v5.201 - Logfile created 31/07/2016 at 12:10:22 # Updated 30/06/2016 by ToolsLib # Database : 2016-07-31.2 [Server] # Operating system : Windows 7 Ultimate Service Pack 1 (X64) # Username : Connell - CONNELL-PC # Running from : C:\Users\Connell\Downloads\AdwCleaner (1).exe # Option : Clean # Support : https://toolslib.net/forum ***** [ Services ] ***** [-] Service Deleted : caMyciloP ***** [ Folders ] ***** [-] Folder Deleted : C:\ProgramData\PraiceDownlooiadeR [#] Folder Deleted : C:\ProgramData\Application Data\PraiceDownlooiadeR ***** [ Files ] ***** [-] File Deleted : C:\Users\Connell\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage [-] File Deleted : C:\Users\Connell\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage-journal [-] File Deleted : C:\Users\Connell\AppData\Roaming\appdataFr2.bin ***** [ DLLs ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8F06F2A-FDCE-4F12-8D2A-7A97A752CF1A} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B08006D8-1D22-458E-9370-F459542E5AF2} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B7298E57-3046-4F2A-B8C6-78CC8A60020C} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CB747D69-2EE7-40C0-BE35-BA6ED3EEA8A3} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DB559C6A-03B9-4961-9BC3-80D769710C2D} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C} [-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{79F768ED-0B12-42EF-8257-36751A0ECF3A}] [-] Key Deleted : HKCU\Software\winmnt [-] Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} [-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\akamaihd.net [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdncache-a.akamaihd.net [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\re-markit.co [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.re-markit00.re-markit.co [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\akamaihd.net [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cdncache-a.akamaihd.net ***** [ Web browsers ] ***** [-] [C:\Users\Connell\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fcgnigmofekcllgbiejhmigggmgehkip [-] [C:\Users\Connell\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTwkzwGbNf0NjqIAq_u7mGIGaoqOU7bB0poivK6FlvbX0g1PTW9xDSnf3a-XBRI_xiObg11ItU0aL3oplT533h6tiFot8jsJxu8DnBpLlP045uU6FdKyCQp749AMPeBBAx-f7UVnaZaR03snbyzZYpDPcpMepi_cpxnyu9rPYW5cR4GP5JpA_ ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [3210 bytes] - [31/07/2016 12:10:22] C:\AdwCleaner\AdwCleaner[S1].txt - [3824 bytes] - [31/07/2016 11:46:41] ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3356 bytes] ##########
  10. FRST.txt: aAdditional scan result of Farbar Recovery Scan Tool (x64) Version: 27-07-2016 Ran by Connell (2016-07-31 11:51:14) Running from C:\Users\Connell\Desktop Windows 7 Ultimate Service Pack 1 (X64) (2014-08-07 23:34:55) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3462628204-2175220548-686733109-500 - Administrator - Disabled) Connell (S-1-5-21-3462628204-2175220548-686733109-1000 - Administrator - Enabled) => C:\Users\Connell Guest (S-1-5-21-3462628204-2175220548-686733109-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3462628204-2175220548-686733109-1004 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20050 - Adobe Systems Incorporated) Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated) Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated) Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) BioShock (HKLM-x32\...\Steam App 7670) (Version: - 2K Boston) BioShock 2 (HKLM-x32\...\Steam App 8850) (Version: - 2K Marin) BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version: - Irrational Games) BitTorrent (HKU\S-1-5-21-3462628204-2175220548-686733109-1000\...\BitTorrent) (Version: 7.9.7.42331 - BitTorrent Inc.) BitTorrent (HKU\S-1-5-21-3462628204-2175220548-686733109-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\BitTorrent) (Version: 7.9.7.42331 - BitTorrent Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Borderlands (HKLM-x32\...\Steam App 8980) (Version: - Gearbox Software) Call of Duty: Black Ops - Multiplayer (HKLM-x32\...\Steam App 42710) (Version: - Treyarch) Call of Duty: Black Ops (HKLM-x32\...\Steam App 42700) (Version: - Treyarch) Call of Duty: World at War (HKLM-x32\...\Steam App 10090) (Version: - Treyarch) Canon MX340 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series) (Version: - ) Canyon Capers (HKLM-x32\...\Steam App 275490) (Version: - Crazy Moo Games) Chrome Remote Desktop Host (HKLM-x32\...\{159AA592-31AA-4EAC-A6CB-B47AB2CB1476}) (Version: 52.0.2743.48 - Google Inc.) Counter-Strike: Global Offensive - SDK (HKLM-x32\...\Steam App 745) (Version: - ) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) Crash Time II (HKLM-x32\...\Steam App 11390) (Version: - RTL interactive) Cry of Fear (HKLM-x32\...\Steam App 223710) (Version: - Team Psykskallar) Duck Game (HKLM-x32\...\Steam App 312530) (Version: - Landon Podbielski) foobar2000 v1.3.4 (HKLM-x32\...\foobar2000) (Version: 1.3.4 - Peter Pawlowski) Google Drive (HKLM-x32\...\{CBC9F5FD-5CFA-4A33-81CD-369EAB77E3A6}) (Version: 1.22.9403.0223 - Google, Inc.) Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden IdleMaster (HKU\S-1-5-21-3462628204-2175220548-686733109-1000\...\1d85483b1c982d8c) (Version: 1.4.0.0 - IdleMaster) IdleMaster (HKU\S-1-5-21-3462628204-2175220548-686733109-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1d85483b1c982d8c) (Version: 1.4.0.0 - IdleMaster) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation) Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed (HKLM\...\{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}) (Version: 15.0.0.0059 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{F0932859-AA60-459E-B843-0BDECA34E2C7}) (Version: 2.0.0.0086 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation) Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation) iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.) Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation) Just Cause (HKLM-x32\...\Steam App 6880) (Version: - Avalanche Studios) Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version: - Avalanche Studios) KLM (HKLM-x32\...\InstallShield_{4DEA5B85-6C56-45F3-AE00-FED756B0D3B4}) (Version: 1.0.1403.2801 - Application) KLM (x32 Version: 1.0.1403.2801 - Application) Hidden LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.13.2.0 - LG Electronics) LibreOffice 4.3.5.2 (HKLM-x32\...\{1D4E90DA-C33C-40ED-BA00-75F6E6DF9CB0}) (Version: 4.3.5.2 - The Document Foundation) LIMBO (HKLM\...\Steam App 48000) (Version: - Playdead) Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - ) MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version: - ) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Metro 2033 (HKLM-x32\...\Steam App 43110) (Version: - 4A Games) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Mitos.is: The Game (HKLM-x32\...\Steam App 389570) (Version: - Freakinware Studios) Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1 - Mozilla) MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD) NBTExplorer (HKLM-x32\...\{70417A42-7BA4-4801-BE5E-2C095BDC3048}) (Version: 2.7.1.0 - Justin Aquadro) NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation) NVIDIA Graphics Driver 344.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.60 - NVIDIA Corporation) NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation) Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.) PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version: - OVERKILL Software) PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version: - ) Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.) Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.38.1281 - Qualcomm Atheros) Hidden Qualcomm Atheros Killer E220x Drivers (Version: 1.1.38.1281 - Qualcomm Atheros) Hidden Qualcomm Atheros Network Manager (Version: 1.1.38.1281 - Qualcomm Atheros) Hidden Qualcomm Atheros Performance Suite (HKLM-x32\...\{70352071-9C2B-4EF0-88E6-9F16FEBAEB36}) (Version: 1.1.38.1281 - Qualcomm Atheros) Race The Sun (HKLM-x32\...\Steam App 253030) (Version: - Flippfly LLC) Racer 8 (HKLM-x32\...\Steam App 292380) (Version: - 30.06 Studios Ltd) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6549 - Realtek Semiconductor Corp.) RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder) S-Bar (HKLM-x32\...\{EA37105B-24BD-4B05-8D4A-3CA5945CBD40}) (Version: 21.012.12039 - ) SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden Simply Chess (HKLM-x32\...\Steam App 312280) (Version: - BlueLine Games) Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.) Sniper Elite: Nazi Zombie Army 2 (HKLM-x32\...\Steam App 247910) (Version: - ) Spotify (HKU\S-1-5-21-3462628204-2175220548-686733109-1000\...\Spotify) (Version: 1.0.33.106.g60b5d1f0 - Spotify AB) Spotify (HKU\S-1-5-21-3462628204-2175220548-686733109-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Spotify) (Version: 1.0.33.106.g60b5d1f0 - Spotify AB) Spotydl 0.9.36.0 (HKLM-x32\...\Spotydl_is1) (Version: 0.9.36.0 - spotydl.com) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) Super Meat Boy v1.5 (HKLM-x32\...\Super Meat Boy v1.5_is1) (Version: - Team Meat) Surgeon Simulator 2013 Steam Edition 1.0 (HKLM-x32\...\Surgeon Simulator 2013 Steam Edition 1.0) (Version: 1.0 - Cat-A-Cat) Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve) Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic) The Binding of Isaac - Rebirth version 1.0 (HKLM-x32\...\The Binding of Isaac - Rebirth_is1) (Version: 1.0 - ) The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version: - Edmund McMillen and Florian Himsl) The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios) The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.631 - Electronic Arts) TI Connect™ (HKLM-x32\...\{D06BA64C-4447-49B4-B99D-E85BEA9E1035}) (Version: 4.0.0.218 - Texas Instruments Inc.) Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton) Urban Trial Freestyle (HKLM\...\Steam App 243450) (Version: - Tate Multimedia) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0) (HKLM\...\EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 - Texas Instruments Inc.) Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1) (HKLM\...\7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 - Texas Instruments Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3462628204-2175220548-686733109-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Connell\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3462628204-2175220548-686733109-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Connell\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3462628204-2175220548-686733109-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Connell\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3462628204-2175220548-686733109-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Connell\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0EF177E3-FE5A-4A4A-83F2-1EA508EC95AE} - System32\Tasks\{4512EBBE-E3F5-4CA1-9C3C-321CAF84A626} => C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty World at War/CoDWaWmp.exe [2014-11-24] (Activision Blizzard, Inc.) Task: {11AF17C8-F7E8-499A-BFAE-A45C6D873BE4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-15] (Google Inc.) Task: {21CEB2D0-4501-42FE-81CD-D95F20221FC1} - System32\Tasks\{34CAA14B-6748-46D3-A10C-F2BFB6CA779E} => pcalua.exe -a C:\Users\Connell\Downloads\pinnacle-setup.exe -d C:\Users\Connell\Downloads Task: {49D33E60-C850-4432-A7C4-21AE2DA95122} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated) Task: {692C3DA6-BF22-439B-AA46-3247F757FF13} - System32\Tasks\Opera scheduled Autoupdate 1450630056 => C:\Program Files (x86)\Opera\launcher.exe Task: {694012BD-1C5B-463B-A2B4-AA7419237F6D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-15] (Google Inc.) Task: {7E201D76-ADA6-419E-9CD2-D4A0E3705832} - System32\Tasks\e4wjqahj => C:\Program Files\Common Files\uywb2fn2\68b4d0yrm4eih.exe <==== ATTENTION Task: {B252709E-CF35-4D98-9BDB-EC6FAAC03528} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated) Task: {CCE94F75-99CA-4A97-B80B-85174BFBB562} - System32\Tasks\downioadwi => C:\Windows\system32\config\systemprofile\AppData\Local\Vivasoncore <==== ATTENTION Task: {EA942C78-914B-43B4-86F6-969C7A959C3C} - System32\Tasks\443l40kz => C:\Program Files\Common Files\sq1x44oe\49ca6uqnrfle4.exe <==== ATTENTION Task: {F2F83BC2-7905-4698-85AE-1D19F9C87094} - System32\Tasks\ATIZN => Rundll32.exe "C:\Windows\SysWOW64\AudioEngw.dll",QDXXQJRM (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\ATIZN.job => rundll32.exe C:\Windows\SysWOW64\AudioEngw.dll Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Connell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp ShortcutWithArgument: C:\Users\Connell\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\c5292fd00b53b4d5\Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" --app-id=knipolnnllmklapflnccelgolnpehhpl ==================== Loaded Modules (Whitelisted) ============== 2014-08-07 19:34 - 2014-10-29 23:53 - 00012104 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll 2014-08-07 19:35 - 2014-10-29 21:10 - 00117064 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-11-25 15:14 - 2014-11-25 15:14 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2012-09-28 13:51 - 2012-09-28 13:51 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2016-07-31 11:46 - 2016-07-31 11:46 - 03712064 _____ () C:\Users\Connell\Downloads\AdwCleaner (1).exe 2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-08-07 19:34 - 2014-10-29 23:53 - 00010952 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll 2016-07-28 01:25 - 2016-07-28 01:25 - 00098816 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32api.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00110080 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\pywintypes27.dll 2016-07-28 01:25 - 2016-07-28 01:25 - 00364544 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\pythoncom27.dll 2016-07-28 01:25 - 2016-07-28 01:25 - 00045568 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\_socket.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 01161216 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\_ssl.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00320512 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32com.shell.shell.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00713216 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\_hashlib.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 01175040 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\wx._core_.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00805888 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\wx._gdi_.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00811008 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\wx._windows_.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 01062400 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\wx._controls_.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00735232 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\wx._misc_.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00682496 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\pysqlite2._sqlite.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00087552 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\_ctypes.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00119808 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32file.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00108544 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32security.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00007168 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\hashobjs_ext.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00026624 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\usb_ext.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00167936 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32gui.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00018432 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32event.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00128512 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\_elementtree.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00127488 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\pyexpat.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00013824 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\common.time34.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00036864 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\_psutil_windows.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00038912 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32inet.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00011264 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32crypt.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00070656 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\wx._html2.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00027136 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\_multiprocessing.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00020480 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\_yappi.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00035840 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32process.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00686080 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\unicodedata.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00122368 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\wx._wizard.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00024064 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32pipe.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00010240 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\select.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00025600 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32pdh.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00525640 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\windows._lib_cacheinvalidation.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00017408 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32profile.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00022528 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32ts.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00078336 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\wx._animate.pyd 2014-08-07 20:42 - 2016-04-29 15:10 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2015-01-20 22:42 - 2015-07-03 11:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll 2015-01-20 22:42 - 2015-07-03 11:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2015-01-20 22:42 - 2015-07-03 11:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2014-08-07 20:42 - 2016-07-08 20:06 - 02317904 _____ () C:\Program Files (x86)\Steam\video.dll 2014-09-10 17:43 - 2016-02-08 18:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2014-09-10 17:43 - 2016-02-08 18:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2014-09-10 17:43 - 2016-02-08 18:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2014-09-10 17:43 - 2016-02-08 18:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2014-09-10 17:43 - 2016-02-08 18:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2014-08-07 20:42 - 2016-07-08 20:06 - 00829520 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2016-03-27 17:26 - 2016-07-06 17:00 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll 2014-08-07 20:42 - 2016-06-14 14:14 - 49826080 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll 2015-04-11 12:34 - 2015-03-27 22:45 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2016-06-18 16:21 - 2016-06-15 04:15 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll 2016-06-18 16:21 - 2016-06-15 04:15 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation [63] AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation [63] AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2016-05-21 00:17 - 00001019 ____A C:\Windows\system32\Drivers\etc\hosts 0.0.0.0 pubads.g.doubleclick.net 0.0.0.0 securepubads.g.doubleclick.net 0.0.0.0 www.googletagservices.com 0.0.0.0 gads.pubmatic.com 0.0.0.0 ads.pubmatic.com 0.0.0.0 spclient.wg.spotify.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3462628204-2175220548-686733109-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Connell\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-3462628204-2175220548-686733109-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Connell\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^Users^Connell^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: Spotify => "C:\Users\Connell\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Connell\AppData\Roaming\Spotify\SpotifyWebHelper.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{DA38E8D6-CF8D-4702-90E8-31D3C617A789}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{B288F5A6-F345-4A5A-8BCE-88785C5D325D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{EDCB319F-0BFA-4AB5-A485-4E8C54729D78}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{9822A39C-F817-49B7-B3AA-13BB93EEA7CE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{B5B32267-715D-41FB-8F9C-07EEBD3B753A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{F27EF451-CCEE-4273-9D68-E92073FEDD55}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{DBB4A172-7F23-4200-BEF7-D3F7ED2978FC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{2418F017-3085-4AF6-BC97-BF889CBBB1EA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{5C7F2F81-E4EF-4B9B-BC2A-F2E9EE67274E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{7566B47E-7EB3-42BD-90DE-90C907C6F741}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe FirewallRules: [{68C4B628-E38B-4DE5-BC19-9155CEDAD424}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe FirewallRules: [{B3B7B59A-8151-49B6-9C68-1C91F9425DE8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Binding Of Isaac\Isaac.exe FirewallRules: [{9A2F713C-5D9C-4A75-9EC7-ABE598A97ADD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Binding Of Isaac\Isaac.exe FirewallRules: [{1A585DE8-6B64-4E08-9144-A370E7D5CAB4}] => (Allow) C:\Users\Connell\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{8EC17148-63EA-4088-80AD-BDF1F4956001}] => (Allow) C:\Users\Connell\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [TCP Query User{C503CD3A-C311-49A5-9AF5-9B78A9113D10}C:\users\connell\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\connell\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{1014A946-9336-4DFA-9B0F-F50FD98A2A79}C:\users\connell\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\connell\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{822AD24A-3D7D-4A78-BDE3-C6864D578CFE}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe FirewallRules: [UDP Query User{A10E3EF9-7D96-4A58-B796-C13ED2CD124D}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe FirewallRules: [{FA9B9903-0CFA-47AC-891F-6AF63EDD28ED}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe FirewallRules: [{911FC725-79CA-494B-916D-AC0E82F63A08}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe FirewallRules: [TCP Query User{E0F2606C-710D-43B9-95D9-3EF0F740C55B}C:\users\connell\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\connell\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{C1B1D582-2805-4131-899F-B6D6C1BD3724}C:\users\connell\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\connell\appdata\roaming\spotify\spotify.exe FirewallRules: [{F971ED3F-828C-4075-ADAB-2E3E028CFD7D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{4961EE55-1CB6-45C0-BC06-B07D52908FDA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{99200F14-6421-49FF-ADF9-AE37D736D634}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe FirewallRules: [{3E24DE2F-3FDF-4D65-8699-52DE675D6DE5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe FirewallRules: [{9143D219-C571-4419-93D7-DDC8EAF79420}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bioshock\Builds\Release\Bioshock.exe FirewallRules: [{F649E9AC-E628-49CA-9B32-56DF03EA4A3B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bioshock\Builds\Release\Bioshock.exe FirewallRules: [{397EFBFC-22CD-4DCA-BE71-97342FCBFF7B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock 2\SP\Builds\Binaries\Bioshock2Launcher.exe FirewallRules: [{70D9EFDF-4037-4B8A-A0F1-FA85569D0F5D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock 2\SP\Builds\Binaries\Bioshock2Launcher.exe FirewallRules: [{E53F3298-38CF-4CF6-AF8D-CEB2402ACE08}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock 2\MP\Builds\Binaries\Bioshock2Launcher.exe FirewallRules: [{3B0E0A43-A444-4A9B-94C7-C65A1B30EB1D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock 2\MP\Builds\Binaries\Bioshock2Launcher.exe FirewallRules: [{26993953-8EC3-4827-B668-25BC645DF6E0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands\Binaries\Borderlands.exe FirewallRules: [{2DEC0395-6E0A-4475-B685-0C41D5968678}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands\Binaries\Borderlands.exe FirewallRules: [{5759A086-36C5-4E04-AC81-3C0549322FAC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe FirewallRules: [{1FC76D11-08EC-444D-B68E-6339279C1447}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe FirewallRules: [TCP Query User{9E05A0E4-85FD-49C5-B683-72569836FE7E}C:\program files (x86)\dsdcs\ds4tool\ds4tool.exe] => (Allow) C:\program files (x86)\dsdcs\ds4tool\ds4tool.exe FirewallRules: [UDP Query User{13DEAB03-E9A0-476E-864E-763EB96D75DD}C:\program files (x86)\dsdcs\ds4tool\ds4tool.exe] => (Allow) C:\program files (x86)\dsdcs\ds4tool\ds4tool.exe FirewallRules: [{AA206736-7B00-4D06-BF07-7D0ACDC641C1}] => (Allow) D:\RouterSetup\QISWizard.exe FirewallRules: [{DE9E6FE8-6DDB-44B3-9F4E-BCD092E2E896}] => (Allow) D:\RouterSetup\QISWizard.exe FirewallRules: [{1EF06C8A-7D49-4A21-BD7B-B799FC959945}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Crash Time II\BurningWheels.exe FirewallRules: [{8256509E-B95C-452F-A5E3-95B7A2E4783F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Crash Time II\BurningWheels.exe FirewallRules: [{87D1289C-6035-405B-9811-44B05E30914A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RaceTheSun\RaceTheSun.exe FirewallRules: [{10152DB8-1D73-40A5-BB75-D567B377463B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RaceTheSun\RaceTheSun.exe FirewallRules: [{DCE5AD3B-9077-4D80-A6C5-6CE0948B01F6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY The Heist\payday_win32_release.exe FirewallRules: [{B28F2A1D-A2F0-49C7-98D2-B1538D042EB0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY The Heist\payday_win32_release.exe FirewallRules: [{401F5FB0-3CA0-4896-BD7F-3A54509A51F4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{A57A9E6D-A09F-4E6E-8D4C-CA583FCB6AE7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty World at War\CoDWaW.exe FirewallRules: [{6873FA36-3AF4-48A9-BF7A-E817E1FA6FE9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty World at War\CoDWaW.exe FirewallRules: [{2DC76630-8811-410E-8BB4-CEEB2B9819CD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty World at War\CoDWaWmp.exe FirewallRules: [{28648D93-F59A-4267-BBAD-2B9A90E51578}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty World at War\CoDWaWmp.exe FirewallRules: [{1DC656EA-0E91-457E-8E98-3CB369E63D39}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{9E3CE783-FA67-4D59-9D19-6BB1198F29CA}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{E58B98D2-4953-4F0D-A4D1-36DEA7AFD4C8}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{8F67A79D-1983-4BA0-87B4-8445423DE972}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{05B1767F-0C9E-40A5-A23A-2D36615C59FA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe FirewallRules: [{75E43D68-0CC9-46DC-A971-D0635E0CA8E4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe FirewallRules: [{7802756D-469A-438B-BB61-D0E6A269B1E5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Metro 2033\metro2033.exe FirewallRules: [{00FF530E-9827-4F40-B6DB-28B79F786EA1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Metro 2033\metro2033.exe FirewallRules: [TCP Query User{989366AF-4887-468F-A13F-27DDF65BCB95}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{E206568E-7EA8-4861-9CBA-53B33C116215}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [TCP Query User{C503F79C-AD27-4F77-BC98-2FB18F9D9CF2}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{07979529-45B3-4C5E-9C0C-DDB169DE5FF5}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [{E13E22A0-E8F2-4D11-BD3F-7DBC2B85AB75}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Just Cause\JustCause.exe FirewallRules: [{6D01B396-DCDE-4878-8B7D-01D013E8C5B8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Just Cause\JustCause.exe FirewallRules: [{F175529B-4187-4338-9248-88126DD40050}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Just Cause\JCSetup.exe FirewallRules: [{D2F070E2-BCFA-49A4-90C9-62D1010662CE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Just Cause\JCSetup.exe FirewallRules: [{33389AAC-C64D-4787-B856-356ABB02346F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Just Cause 2\JustCause2.exe FirewallRules: [{E8104FBB-1A91-46DD-B00B-2096210E277B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Just Cause 2\JustCause2.exe FirewallRules: [{916CA019-4E68-4175-9C3D-454F126FD86A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{DF0D5935-EB0F-4D70-9F58-CF073100BB27}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{CF343B15-678C-4985-85CD-507E769FF9CB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{4627C0BD-B1AE-44EB-9507-7AF1D94C701B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{09C7426A-BDD9-44BB-B3CA-0A34A1FE1B64}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [{3931894C-7C2D-4350-BE89-DD09E005074C}] => (Allow) C:\Users\Connell\AppData\Local\Temp\nsd2BC9.tmp\CnetInstaller-75337986.exe FirewallRules: [{DE998420-D7BB-478B-AB0D-69852DB7CE70}] => (Allow) C:\Users\Connell\AppData\Local\Temp\nsd2BC9.tmp\CnetInstaller-75337986.exe FirewallRules: [{622B5D74-BBB3-4AED-8724-5F4C2550923D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Black Ops\BlackOpsMP.exe FirewallRules: [{78E54645-9C95-4296-8E00-E0E7DDC73F13}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Black Ops\BlackOpsMP.exe FirewallRules: [{1E2B4075-7E51-4ECC-8649-1266EAC99D44}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Black Ops\BlackOps.exe FirewallRules: [{C13BA585-3636-48B5-9350-5AEE5D6E1866}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Black Ops\BlackOps.exe FirewallRules: [{FB4D899D-41D7-4E0A-B139-470963D6D1F8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{2E8BD465-1C82-406F-B2B4-52820F545CBA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{3E765821-FF82-4AC9-B506-55A71E3E0AF1}] => (Allow) C:\Program Files (x86)\Isoplex\Isoplex.exe FirewallRules: [{1AA21B0D-CB3C-4C44-9CBE-BB7DB7442F64}] => (Allow) C:\Program Files (x86)\Isoplex\Isoplex.exe FirewallRules: [{5909D34A-6914-4702-AE0A-6CAB057B324E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Racer 8\Racer8.exe FirewallRules: [{FB2170E4-E22F-48D3-ACD9-5B0C21E7B854}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Racer 8\Racer8.exe FirewallRules: [{7D3E41B9-52B7-4AC9-84EE-08795F36569E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Canyon Capers\CanyonCapers.exe FirewallRules: [{7A28065C-5931-440A-90FE-2E184D2DB216}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Canyon Capers\CanyonCapers.exe FirewallRules: [{E10B8A30-4E1B-4DBA-874F-40CB3D4AFB82}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite Nazi Zombie Army 2\bin\NZA2.exe FirewallRules: [{222BE021-0FD1-4EDF-8C62-68FFBA11BA36}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite Nazi Zombie Army 2\bin\NZA2.exe FirewallRules: [{A225856B-26CD-426A-BEC7-8D8D67A0E918}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe FirewallRules: [{264725EB-3E68-417A-891F-F59B28D98661}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe FirewallRules: [{497DFB50-ACE7-430C-8275-45A781462A6E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe FirewallRules: [{C51E1C5E-C12F-48C2-9B61-637932945C9B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe FirewallRules: [TCP Query User{745CA023-D195-48BB-B07F-1FE743F3AAE3}C:\users\connell\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\connell\appdata\local\google\chrome\application\chrome.exe FirewallRules: [UDP Query User{B98FF422-B68F-4E25-86B8-726AC1BD656C}C:\users\connell\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\connell\appdata\local\google\chrome\application\chrome.exe FirewallRules: [TCP Query User{95ED4F95-E045-48C7-9818-B00C3AD3C6E2}C:\users\connell\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\connell\appdata\local\google\chrome\application\chrome.exe FirewallRules: [UDP Query User{3EB31DAB-522D-4BD2-9582-2A8200FF0EA1}C:\users\connell\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\connell\appdata\local\google\chrome\application\chrome.exe FirewallRules: [TCP Query User{78C3627E-9651-481A-9936-B683E8B65464}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe FirewallRules: [UDP Query User{81CD46D1-9ADD-43A7-97DA-64D9570A8BF7}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe FirewallRules: [TCP Query User{5A5D4654-F2BB-436D-984F-E65159CB2A4D}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe FirewallRules: [UDP Query User{3A1AE821-4F63-4DBF-B571-2EB8F1252B2E}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe FirewallRules: [{64A1241C-6E72-45B9-9C3D-A62509E687CF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Chess\Chess.exe FirewallRules: [{B82C31CC-9A4A-4317-B111-4ABB415A9F08}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Chess\Chess.exe FirewallRules: [{0EBA18E6-EBAF-40E7-AA76-7E8EF3E055DA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cry of Fear\CoFLaunchApp.exe FirewallRules: [{8B421FC0-B0F1-489A-94EC-9BF07F225D93}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cry of Fear\CoFLaunchApp.exe FirewallRules: [TCP Query User{262BE0E5-C3A4-4119-8BC2-1F393555432D}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe FirewallRules: [UDP Query User{EA545A1E-BBC4-44DD-BBA0-A8E614BD96F6}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe FirewallRules: [{100B6A78-1994-4A9B-B1C9-5378C571B1EC}] => (Allow) C:\Windows\explorer.exe FirewallRules: [{9BFCD5FF-B020-4235-84AC-AD4C4E86155E}] => (Allow) C:\Windows\system32\rundll32.exe FirewallRules: [{908714A8-67DB-4FA8-858D-ED61BF9F9010}] => (Allow) C:\Windows\SysWOW64\rundll32.exe FirewallRules: [{6CC9702F-CB0B-4A80-AB60-DC32518B5BC4}] => (Allow) C:\Windows\SysWOW64\rundll32.exe FirewallRules: [{3A8F07B5-DA4E-4D93-B67C-ADD9F70E7778}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Duck Game\DuckGame.exe FirewallRules: [{A60DF1C7-0D87-478A-AC7D-5BA284D3672F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Duck Game\DuckGame.exe FirewallRules: [{1595350D-03C8-40B9-AEA0-3B48301B1242}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩敷畢敳睜湩敷畢敳攮數 FirewallRules: [{EE2E7BC6-3850-4757-8CC3-4A4A7C5621F6}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩敷畢敳睜湩敷畢敳⹟硥e FirewallRules: [{E8F3DC98-64AA-4FCE-9501-A5A5F1DC67F9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mitos.is The Game\Mitosis.exe FirewallRules: [{9123BBD7-9EC3-40C0-976C-DAFD9F179DFA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mitos.is The Game\Mitosis.exe FirewallRules: [TCP Query User{2CE70EBE-7CD4-4B16-95E7-FCA52A123AB4}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\javaw.exe FirewallRules: [UDP Query User{33407C7F-A238-4788-86F2-58715DF4995A}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\javaw.exe FirewallRules: [TCP Query User{0E8FE513-2CFF-4064-9A9E-A5DB74F4003B}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\javaw.exe FirewallRules: [UDP Query User{2C031B8D-989C-44F4-90D4-AF9664E8FC90}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\javaw.exe FirewallRules: [{E72CF3FB-19F4-4061-B438-01BA85C75FAA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{02F9B5A5-7A81-40C2-9122-196F93B7C986}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{CCD8DDA2-1F37-4AD6-BA18-C4D0FDF03A23}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{02E0149A-2CC8-4139-AD49-DC2F7E42D9D2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe FirewallRules: [{23A826FA-CB27-4DA4-A3CF-7384F91811D9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe FirewallRules: [{4A24FFDC-0F52-4AE9-9240-556B6BCF9CF0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Urban Trial Freestyle\UrbanTrialFreestyle.exe FirewallRules: [{E4351C2C-5FF3-44FB-A9C7-DB8D979E422D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Urban Trial Freestyle\UrbanTrialFreestyle.exe FirewallRules: [{56BCEFE1-38C1-404D-97A6-5E11338691AB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Limbo\limbo.exe FirewallRules: [{45E67988-1D53-4BB1-979D-7ED14E3D0081}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Limbo\limbo.exe FirewallRules: [{DBD15F69-B23E-4E69-BE15-4B96CCBA753D}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe FirewallRules: [{776DBFF3-C482-4101-AE6E-0FB92E12790A}] => (Allow) C:\Windows\SysWOW64\rundll32.exe FirewallRules: [{582C442C-73A5-487D-B2E1-EC3191CF1066}] => (Allow) C:\Windows\SysWOW64\rundll32.exe ==================== Restore Points ========================= ATTENTION: System Restore is disabled ==================== Faulty Device Manager Devices ============= Name: PCI Device Description: PCI Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (07/31/2016 11:27:25 AM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: NvStreamSvcFailed continue stopping. [0] Error: (07/30/2016 06:22:49 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: ) Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code: 0x80040154 Error: (07/30/2016 05:50:23 PM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: NvStreamSvcFailed continue stopping. [0] Error: (07/30/2016 04:12:26 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: ) Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code: 0x80040154 Error: (07/30/2016 03:49:39 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 124629 Error: (07/30/2016 03:49:39 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 124629 Error: (07/30/2016 03:49:36 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/30/2016 03:49:36 PM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: NvStreamSvcFailed continue stopping. [0] Error: (07/30/2016 03:10:38 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: ) Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code: 0x80040154 Error: (07/30/2016 02:10:38 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: ) Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code: 0x80040154 System errors: ============= Error: (07/31/2016 11:37:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The TrustedInstaller service failed to start due to the following error: %%2 = The system cannot find the file specified. Error: (07/31/2016 11:27:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The TrustedInstaller service failed to start due to the following error: %%2 = The system cannot find the file specified. Error: (07/31/2016 11:27:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The TrustedInstaller service failed to start due to the following error: %%2 = The system cannot find the file specified. Error: (07/31/2016 11:27:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The TrustedInstaller service failed to start due to the following error: %%2 = The system cannot find the file specified. Error: (07/31/2016 11:27:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The TrustedInstaller service failed to start due to the following error: %%2 = The system cannot find the file specified. Error: (07/31/2016 11:27:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The TrustedInstaller service failed to start due to the following error: %%2 = The system cannot find the file specified. Error: (07/31/2016 11:27:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The TrustedInstaller service failed to start due to the following error: %%2 = The system cannot find the file specified. Error: (07/31/2016 11:27:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The TrustedInstaller service failed to start due to the following error: %%2 = The system cannot find the file specified. Error: (07/31/2016 11:27:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The TrustedInstaller service failed to start due to the following error: %%2 = The system cannot find the file specified. Error: (07/31/2016 11:27:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The TrustedInstaller service failed to start due to the following error: %%2 = The system cannot find the file specified. CodeIntegrity: =================================== Date: 2015-04-23 18:49:22.458 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-23 18:49:22.404 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-21 19:46:07.652 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-21 19:46:07.572 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-20 21:11:08.740 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-20 21:11:08.677 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-20 21:09:32.739 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-20 21:09:32.672 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-16 20:48:38.905 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-16 20:48:38.849 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz Percentage of memory in use: 30% Total physical RAM: 11426.75 MB Available physical RAM: 7984.55 MB Total Virtual: 22851.71 MB Available Virtual: 18282.05 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:687.61 GB) (Free:356.03 GB) NTFS Drive e: (Sims3) (CDROM) (Total:5.56 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: E0305439) Partition 1: (Not Active) - (Size=10.9 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=27) Partition 3: (Not Active) - (Size=687.6 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ Malwarebytes Scan Log: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 7/31/2016 Scan Time: 11:45 AM Logfile: Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.07.31.04 Rootkit Database: v2016.05.27.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Connell Scan Type: Threat Scan Result: Completed Objects Scanned: 311098 Time Elapsed: 22 min, 42 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  11. Here are the last two: FRST.txt Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-07-2016 Ran by Connell (administrator) on CONNELL-PC (30-07-2016 16:36:38) Running from C:\Users\Connell\Desktop Loaded Profiles: Connell (Available Profiles: Connell) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Spotify Ltd) C:\Users\Connell\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\KLM\KLM.exe (Micro-Star International Co.,Ltd.) C:\Program Files (x86)\S-Bar\S-Bar.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12445288 2012-01-10] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-27] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation) HKLM\...\Run: [MouseDriver] => TiltWheelMouse.exe HKLM-x32\...\Run: [KLM] => C:\Program Files (x86)\MSI\KLM\KLM.exe [1566344 2014-04-08] (Micro-Star International Co., Ltd.) HKLM-x32\...\Run: [S-Bar] => C:\Program Files (x86)\S-Bar\S-Bar.exe [5504416 2012-12-03] (Micro-Star International Co.,Ltd.) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-05] (Intel Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1 HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1 HKLM\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-3462628204-2175220548-686733109-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21969480 2015-05-19] (Google) HKU\S-1-5-21-3462628204-2175220548-686733109-1000\...\Run: [GoogleChromeAutoLaunch_9CACE28C2316D302DA197A798CC292BC] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [941720 2016-06-15] (Google Inc.) HKU\S-1-5-21-3462628204-2175220548-686733109-1000\...\Run: [Ijtsoft] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Connell\AppData\Local\Ufmedia\qhpqefng.dll HKU\S-1-5-21-3462628204-2175220548-686733109-1000\...\Run: [Spotify Web Helper] => C:\Users\Connell\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1554032 2016-07-09] (Spotify Ltd) HKU\S-1-5-21-3462628204-2175220548-686733109-1000\...\Run: [BluetoothManage] => rundll32.exe "%appdata%\Microsoft\btstack.dll",init HKU\S-1-5-21-3462628204-2175220548-686733109-1000\...\MountPoints2: {c6a6da86-7f81-11e5-aebe-685d4307e1e3} - F:\OnePlus_setup.exe /s HKU\S-1-5-21-3462628204-2175220548-686733109-1000\...\MountPoints2: {d151366b-c037-11e4-aee0-685d4307e1e3} - E:\Autorun.exe HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-08-10] (Microsoft Corporation) HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 1 AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2014-10-29] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156840 2014-10-29] (NVIDIA Corporation) ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => No File CHR HKU\S-1-5-21-3462628204-2175220548-686733109-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{8B1A40AA-06C3-4D8A-9494-3340F14D60DA}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{B99DE71E-CD0F-4D2C-BA2E-9AA063082EBF}: [DhcpNameServer] 172.20.10.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-3462628204-2175220548-686733109-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800 BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-04-19] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-19] (Oracle Corporation) FireFox: ======== FF ProfilePath: C:\Users\Connell\AppData\Roaming\Mozilla\Firefox\Profiles\x30hhdct.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-14] () FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-19] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-19] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-14] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTwkzwGbNf0NjqIAq_u7mGIGaoqOU7bB0poivK6FlvbX0g1PTW9xDSnf3a-XBRI_xiObg11ItU0aL3oplT533h6tiFot8jsJxu8DnBpLlP045uU6FdKyCQp749AMPeBBAx-f7UVnaZaR03snbyzZYpDPcpMepi_cpxnyu9rPYW5cR4GP5JpA_ CHR Profile: C:\Users\Connell\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Connell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20] CHR Extension: (YouTube) - C:\Users\Connell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (uBlock Origin) - C:\Users\Connell\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-06-26] CHR Extension: (Netflix) - C:\Users\Connell\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2015-08-31] CHR Extension: (Chrome Remote Desktop) - C:\Users\Connell\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-07-17] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Connell\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-08-29] CHR Extension: (Chrome Web Store Payments) - C:\Users\Connell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03] CHR Extension: (Gmail) - C:\Users\Connell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-29] CHR HKU\S-1-5-21-3462628204-2175220548-686733109-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe [76616 2016-06-20] (Google Inc.) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-27] (NVIDIA Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) S2 Micro Star SCM; C:\Windows\SysWOW64\MSIService.exe [160768 2009-07-09] (Micro-Star International Co., Ltd.) [File not signed] S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] () R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-27] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-27] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2078216 2015-10-09] (Electronic Arts) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2014-11-25] () R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [344576 2013-12-09] (Qualcomm Atheros) [File not signed] R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation) S2 caMyciloP; no ImagePath S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [80080 2013-11-08] (Qualcomm Atheros, Inc.) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [154320 2013-03-20] (Qualcomm Atheros, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-07-30] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-27] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA)) S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-03-11] () R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions) S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] () S3 ipadtst; \??\C:\Program Files (x86)\MSI\SUPER CHARGER\ipadtst_64.sys [X] S3 NTIOLib_1_0_3; \??\C:\Program Files (x86)\MSI\SUPER CHARGER\NTIOLib_X64.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-07-30 16:36 - 2016-07-30 16:37 - 00017130 _____ C:\Users\Connell\Desktop\FRST.txt 2016-07-30 16:35 - 2016-07-30 16:36 - 00000000 ____D C:\FRST 2016-07-30 16:34 - 2016-07-30 16:34 - 02394112 _____ (Farbar) C:\Users\Connell\Downloads\FRST64.exe 2016-07-30 16:34 - 2016-07-30 16:34 - 02394112 _____ (Farbar) C:\Users\Connell\Desktop\FRST64.exe 2016-07-30 16:01 - 2016-07-30 16:01 - 00000207 _____ C:\Windows\tweaking.com-regbackup-CONNELL-PC-Windows-7-Ultimate-(64-bit).dat 2016-07-30 16:01 - 2016-07-30 16:01 - 00000000 ____D C:\RegBackup 2016-07-30 16:00 - 2016-07-30 16:00 - 00000000 ____D C:\Users\Connell\Desktop\Regbackup 2016-07-30 15:59 - 2016-07-30 15:59 - 03251071 _____ C:\Users\Connell\Desktop\tweaking.com_registry_backup_portable.zip 2016-07-30 15:58 - 2016-07-30 15:59 - 03251071 _____ C:\Users\Connell\Downloads\tweaking.com_registry_backup_portable.zip 2016-07-30 15:55 - 2016-07-30 15:55 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Connell\Downloads\rkill.exe 2016-07-30 15:55 - 2016-07-30 15:55 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Connell\Desktop\rkill.exe 2016-07-30 15:54 - 2016-07-30 15:56 - 00004364 _____ C:\Users\Connell\Desktop\Rkill.txt 2016-07-30 15:54 - 2016-07-30 15:54 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Connell\Downloads\rkill.com 2016-07-25 20:52 - 2016-07-25 20:52 - 00000000 ____D C:\Users\Connell\Downloads\Big.Brother.US.S18E11.HDTV.x264-FUM[ettv] 2016-07-23 19:50 - 2016-07-23 19:50 - 00000000 ____D C:\Users\Connell\Downloads\Catch.Me.If.You.Can[ENG][DVDRip] 2016-07-22 21:48 - 2016-07-22 21:48 - 00000000 ____D C:\Users\Connell\Downloads\Big.Brother.US.S18E10.HDTV.x264-FUM[ettv] 2016-07-20 22:50 - 2016-07-20 22:50 - 00000007 _____ C:\Users\Connell\Documents\peyton.txt 2016-07-17 21:40 - 2016-07-17 22:28 - 00000000 ____D C:\Users\Connell\AppData\Local\Urban Trial Freestyle 2016-07-14 23:31 - 2016-07-14 23:31 - 06079168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2016-07-05 13:22 - 2016-07-05 13:22 - 00000221 _____ C:\Users\Connell\Desktop\LIMBO.url 2016-07-05 13:21 - 2016-07-05 13:21 - 00000222 _____ C:\Users\Connell\Desktop\Urban Trial Freestyle.url ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-07-30 16:34 - 2009-07-13 23:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-07-30 16:34 - 2009-07-13 23:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-07-30 16:31 - 2014-09-10 15:49 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-07-30 16:07 - 2014-08-11 16:03 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-07-30 15:44 - 2015-08-15 21:10 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-07-29 22:10 - 2015-08-15 21:10 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-07-28 23:48 - 2014-08-11 14:54 - 00000000 ____D C:\Users\Connell\AppData\Local\Spotify 2016-07-28 22:02 - 2014-08-11 14:54 - 00000000 ____D C:\Users\Connell\AppData\Roaming\Spotify 2016-07-28 21:39 - 2015-08-15 21:10 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-07-28 21:39 - 2015-08-15 21:10 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-07-28 21:39 - 2014-08-07 20:42 - 00000000 ____D C:\Program Files (x86)\Steam 2016-07-28 21:39 - 2009-07-14 00:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI 2016-07-28 21:39 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf 2016-07-28 01:28 - 2016-05-20 16:50 - 00005621 _____ C:\Users\Connell\Desktop\EZBlocker-log.txt 2016-07-28 01:24 - 2015-10-25 11:47 - 00000316 _____ C:\Windows\Tasks\ATIZN.job 2016-07-28 01:24 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-07-28 01:23 - 2014-09-16 16:46 - 00000000 ___HD C:\Windows\msdownld.tmp 2016-07-28 00:03 - 2014-08-11 16:03 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-07-28 00:03 - 2014-08-11 16:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-07-28 00:03 - 2014-08-11 16:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-07-25 22:13 - 2014-08-10 20:22 - 00000000 ____D C:\Users\Connell\AppData\Roaming\BitTorrent 2016-07-25 20:47 - 2015-09-19 20:37 - 00000000 ____D C:\Users\Connell\AppData\LocalLow\BitTorrent 2016-07-22 22:35 - 2014-08-08 22:23 - 00000000 ____D C:\Users\Connell\AppData\Roaming\vlc 2016-07-17 19:25 - 2014-08-07 22:16 - 00000000 ____D C:\Users\Connell\AppData\Roaming\.minecraft 2016-07-15 00:13 - 2014-11-21 21:13 - 00000000 ____D C:\Users\Connell\AppData\Roaming\Skype 2016-07-14 23:31 - 2014-09-10 15:49 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-07-14 23:31 - 2014-09-10 15:49 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-07-14 23:31 - 2014-09-10 15:49 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-07-14 23:15 - 2015-05-28 19:36 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-07-14 23:15 - 2015-05-28 19:35 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-07-14 23:13 - 2014-09-10 15:49 - 00000000 ____D C:\Windows\system32\Macromed 2016-07-14 23:13 - 2014-08-20 19:07 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2016-07-05 13:26 - 2014-08-07 19:43 - 00000000 ____D C:\Users\Connell\AppData\Local\Deployment 2016-06-30 13:00 - 2014-08-08 22:24 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2016-06-30 13:00 - 2014-08-08 22:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight ==================== Files in the root of some directories ======= 2015-07-12 10:41 - 2016-01-28 23:11 - 0000020 _____ () C:\Users\Connell\AppData\Roaming\appdataFr2.bin 2015-07-13 10:53 - 2015-07-17 19:38 - 0000024 _____ () C:\Users\Connell\AppData\Roaming\appdataFr25.bin 2012-05-03 06:12 - 2012-05-03 06:12 - 0000532 _____ () C:\Users\Connell\AppData\Local\datos.txt 2014-09-03 19:34 - 2014-09-03 19:34 - 0000000 _____ () C:\Users\Connell\AppData\Local\Driver_LOM_8161Present.flag 2014-09-03 15:11 - 2014-09-03 15:11 - 0003072 _____ () C:\Users\Connell\AppData\Local\file__0.localstorage 2014-02-05 15:08 - 2014-02-05 15:08 - 0193744 _____ () C:\Users\Connell\AppData\Local\lateral1.bmp 2010-11-12 04:10 - 2010-11-12 04:10 - 0193744 _____ () C:\Users\Connell\AppData\Local\lateral2.bmp 2014-02-05 15:10 - 2014-02-05 15:10 - 0195108 _____ () C:\Users\Connell\AppData\Local\lateral3.bmp 2014-02-05 16:50 - 2014-02-05 16:50 - 0043976 _____ () C:\Users\Connell\AppData\Local\save_en.bmp 2014-02-05 16:49 - 2014-02-05 16:49 - 0043976 _____ () C:\Users\Connell\AppData\Local\save_es.bmp 2015-04-11 13:14 - 2015-04-25 21:24 - 0011766 _____ () C:\Users\Connell\AppData\Local\Temp-log.txt 2015-05-28 19:02 - 2015-05-28 19:02 - 0000000 _____ () C:\Users\Connell\AppData\Local\Temp.dat ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll [2014-08-09 17:59] - [2015-04-25 20:35] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79 C:\Windows\SysWOW64\User32.dll [2014-08-09 17:59] - [2015-04-25 20:35] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-07-20 19:53 ==================== End of FRST.txt ============================ And here is Addition.txt: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-07-2016 Ran by Connell (2016-07-30 16:37:21) Running from C:\Users\Connell\Desktop Windows 7 Ultimate Service Pack 1 (X64) (2014-08-07 23:34:55) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3462628204-2175220548-686733109-500 - Administrator - Disabled) Connell (S-1-5-21-3462628204-2175220548-686733109-1000 - Administrator - Enabled) => C:\Users\Connell Guest (S-1-5-21-3462628204-2175220548-686733109-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3462628204-2175220548-686733109-1004 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20050 - Adobe Systems Incorporated) Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated) Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated) Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) BioShock (HKLM-x32\...\Steam App 7670) (Version: - 2K Boston) BioShock 2 (HKLM-x32\...\Steam App 8850) (Version: - 2K Marin) BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version: - Irrational Games) BitTorrent (HKU\S-1-5-21-3462628204-2175220548-686733109-1000\...\BitTorrent) (Version: 7.9.7.42331 - BitTorrent Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Borderlands (HKLM-x32\...\Steam App 8980) (Version: - Gearbox Software) Call of Duty: Black Ops - Multiplayer (HKLM-x32\...\Steam App 42710) (Version: - Treyarch) Call of Duty: Black Ops (HKLM-x32\...\Steam App 42700) (Version: - Treyarch) Call of Duty: World at War (HKLM-x32\...\Steam App 10090) (Version: - Treyarch) Canon MX340 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series) (Version: - ) Canyon Capers (HKLM-x32\...\Steam App 275490) (Version: - Crazy Moo Games) Chrome Remote Desktop Host (HKLM-x32\...\{159AA592-31AA-4EAC-A6CB-B47AB2CB1476}) (Version: 52.0.2743.48 - Google Inc.) Counter-Strike: Global Offensive - SDK (HKLM-x32\...\Steam App 745) (Version: - ) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) Crash Time II (HKLM-x32\...\Steam App 11390) (Version: - RTL interactive) Cry of Fear (HKLM-x32\...\Steam App 223710) (Version: - Team Psykskallar) Duck Game (HKLM-x32\...\Steam App 312530) (Version: - Landon Podbielski) foobar2000 v1.3.4 (HKLM-x32\...\foobar2000) (Version: 1.3.4 - Peter Pawlowski) Google Drive (HKLM-x32\...\{CBC9F5FD-5CFA-4A33-81CD-369EAB77E3A6}) (Version: 1.22.9403.0223 - Google, Inc.) Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden IdleMaster (HKU\S-1-5-21-3462628204-2175220548-686733109-1000\...\1d85483b1c982d8c) (Version: 1.4.0.0 - IdleMaster) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation) Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed (HKLM\...\{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}) (Version: 15.0.0.0059 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{F0932859-AA60-459E-B843-0BDECA34E2C7}) (Version: 2.0.0.0086 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation) Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation) iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.) Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation) Just Cause (HKLM-x32\...\Steam App 6880) (Version: - Avalanche Studios) Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version: - Avalanche Studios) KLM (HKLM-x32\...\InstallShield_{4DEA5B85-6C56-45F3-AE00-FED756B0D3B4}) (Version: 1.0.1403.2801 - Application) KLM (x32 Version: 1.0.1403.2801 - Application) Hidden LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.13.2.0 - LG Electronics) LibreOffice 4.3.5.2 (HKLM-x32\...\{1D4E90DA-C33C-40ED-BA00-75F6E6DF9CB0}) (Version: 4.3.5.2 - The Document Foundation) LIMBO (HKLM\...\Steam App 48000) (Version: - Playdead) Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - ) MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version: - ) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Metro 2033 (HKLM-x32\...\Steam App 43110) (Version: - 4A Games) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Mitos.is: The Game (HKLM-x32\...\Steam App 389570) (Version: - Freakinware Studios) Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1 - Mozilla) MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD) NBTExplorer (HKLM-x32\...\{70417A42-7BA4-4801-BE5E-2C095BDC3048}) (Version: 2.7.1.0 - Justin Aquadro) NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation) NVIDIA Graphics Driver 344.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.60 - NVIDIA Corporation) NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation) Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.) PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version: - OVERKILL Software) PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version: - ) Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.) Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.38.1281 - Qualcomm Atheros) Hidden Qualcomm Atheros Killer E220x Drivers (Version: 1.1.38.1281 - Qualcomm Atheros) Hidden Qualcomm Atheros Network Manager (Version: 1.1.38.1281 - Qualcomm Atheros) Hidden Qualcomm Atheros Performance Suite (HKLM-x32\...\{70352071-9C2B-4EF0-88E6-9F16FEBAEB36}) (Version: 1.1.38.1281 - Qualcomm Atheros) Race The Sun (HKLM-x32\...\Steam App 253030) (Version: - Flippfly LLC) Racer 8 (HKLM-x32\...\Steam App 292380) (Version: - 30.06 Studios Ltd) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6549 - Realtek Semiconductor Corp.) RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder) S-Bar (HKLM-x32\...\{EA37105B-24BD-4B05-8D4A-3CA5945CBD40}) (Version: 21.012.12039 - ) SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden Simply Chess (HKLM-x32\...\Steam App 312280) (Version: - BlueLine Games) Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.) Sniper Elite: Nazi Zombie Army 2 (HKLM-x32\...\Steam App 247910) (Version: - ) Spotify (HKU\S-1-5-21-3462628204-2175220548-686733109-1000\...\Spotify) (Version: 1.0.33.106.g60b5d1f0 - Spotify AB) Spotydl 0.9.36.0 (HKLM-x32\...\Spotydl_is1) (Version: 0.9.36.0 - spotydl.com) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) Super Meat Boy v1.5 (HKLM-x32\...\Super Meat Boy v1.5_is1) (Version: - Team Meat) Surgeon Simulator 2013 Steam Edition 1.0 (HKLM-x32\...\Surgeon Simulator 2013 Steam Edition 1.0) (Version: 1.0 - Cat-A-Cat) Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve) Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic) The Binding of Isaac - Rebirth version 1.0 (HKLM-x32\...\The Binding of Isaac - Rebirth_is1) (Version: 1.0 - ) The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version: - Edmund McMillen and Florian Himsl) The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios) The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.631 - Electronic Arts) TI Connect™ (HKLM-x32\...\{D06BA64C-4447-49B4-B99D-E85BEA9E1035}) (Version: 4.0.0.218 - Texas Instruments Inc.) Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton) Urban Trial Freestyle (HKLM\...\Steam App 243450) (Version: - Tate Multimedia) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0) (HKLM\...\EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 - Texas Instruments Inc.) Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1) (HKLM\...\7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 - Texas Instruments Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3462628204-2175220548-686733109-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Connell\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3462628204-2175220548-686733109-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Connell\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0EF177E3-FE5A-4A4A-83F2-1EA508EC95AE} - System32\Tasks\{4512EBBE-E3F5-4CA1-9C3C-321CAF84A626} => C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty World at War/CoDWaWmp.exe [2014-11-24] (Activision Blizzard, Inc.) Task: {11AF17C8-F7E8-499A-BFAE-A45C6D873BE4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-15] (Google Inc.) Task: {21CEB2D0-4501-42FE-81CD-D95F20221FC1} - System32\Tasks\{34CAA14B-6748-46D3-A10C-F2BFB6CA779E} => pcalua.exe -a C:\Users\Connell\Downloads\pinnacle-setup.exe -d C:\Users\Connell\Downloads Task: {49D33E60-C850-4432-A7C4-21AE2DA95122} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated) Task: {692C3DA6-BF22-439B-AA46-3247F757FF13} - System32\Tasks\Opera scheduled Autoupdate 1450630056 => C:\Program Files (x86)\Opera\launcher.exe Task: {694012BD-1C5B-463B-A2B4-AA7419237F6D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-15] (Google Inc.) Task: {7E201D76-ADA6-419E-9CD2-D4A0E3705832} - System32\Tasks\e4wjqahj => C:\Program Files\Common Files\uywb2fn2\68b4d0yrm4eih.exe <==== ATTENTION Task: {B252709E-CF35-4D98-9BDB-EC6FAAC03528} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated) Task: {CCE94F75-99CA-4A97-B80B-85174BFBB562} - System32\Tasks\downioadwi => C:\Windows\system32\config\systemprofile\AppData\Local\Vivasoncore <==== ATTENTION Task: {EA942C78-914B-43B4-86F6-969C7A959C3C} - System32\Tasks\443l40kz => C:\Program Files\Common Files\sq1x44oe\49ca6uqnrfle4.exe <==== ATTENTION Task: {F2F83BC2-7905-4698-85AE-1D19F9C87094} - System32\Tasks\ATIZN => Rundll32.exe "C:\Windows\SysWOW64\AudioEngw.dll",QDXXQJRM (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\ATIZN.job => rundll32.exe C:\Windows\SysWOW64\AudioEngw.dll Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Connell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp ShortcutWithArgument: C:\Users\Connell\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\c5292fd00b53b4d5\Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" --app-id=knipolnnllmklapflnccelgolnpehhpl ==================== Loaded Modules (Whitelisted) ============== 2014-08-07 19:34 - 2014-10-29 23:53 - 00012104 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll 2014-08-07 19:35 - 2014-10-29 21:10 - 00117064 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-11-25 15:14 - 2014-11-25 15:14 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2012-09-28 13:51 - 2012-09-28 13:51 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-08-07 19:34 - 2014-10-29 23:53 - 00010952 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll 2016-07-28 01:25 - 2016-07-28 01:25 - 00098816 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32api.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00110080 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\pywintypes27.dll 2016-07-28 01:25 - 2016-07-28 01:25 - 00364544 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\pythoncom27.dll 2016-07-28 01:25 - 2016-07-28 01:25 - 00045568 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\_socket.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 01161216 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\_ssl.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00320512 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32com.shell.shell.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00713216 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\_hashlib.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 01175040 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\wx._core_.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00805888 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\wx._gdi_.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00811008 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\wx._windows_.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 01062400 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\wx._controls_.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00735232 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\wx._misc_.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00682496 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\pysqlite2._sqlite.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00087552 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\_ctypes.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00119808 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32file.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00108544 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32security.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00007168 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\hashobjs_ext.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00026624 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\usb_ext.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00167936 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32gui.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00018432 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32event.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00128512 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\_elementtree.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00127488 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\pyexpat.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00013824 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\common.time34.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00036864 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\_psutil_windows.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00038912 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32inet.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00011264 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32crypt.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00070656 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\wx._html2.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00027136 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\_multiprocessing.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00020480 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\_yappi.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00035840 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32process.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00686080 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\unicodedata.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00122368 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\wx._wizard.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00024064 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32pipe.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00010240 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\select.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00025600 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32pdh.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00525640 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\windows._lib_cacheinvalidation.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00017408 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32profile.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00022528 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32ts.pyd 2016-07-28 01:25 - 2016-07-28 01:25 - 00078336 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\wx._animate.pyd 2014-08-07 20:42 - 2016-04-29 15:10 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2015-01-20 22:42 - 2015-07-03 11:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll 2015-01-20 22:42 - 2015-07-03 11:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2015-01-20 22:42 - 2015-07-03 11:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2014-08-07 20:42 - 2016-07-08 20:06 - 02317904 _____ () C:\Program Files (x86)\Steam\video.dll 2014-09-10 17:43 - 2016-02-08 18:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2014-09-10 17:43 - 2016-02-08 18:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2014-09-10 17:43 - 2016-02-08 18:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2014-09-10 17:43 - 2016-02-08 18:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2014-09-10 17:43 - 2016-02-08 18:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2014-08-07 20:42 - 2016-07-08 20:06 - 00829520 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2016-03-27 17:26 - 2016-07-06 17:00 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll 2014-08-07 20:42 - 2016-06-14 14:14 - 49826080 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll 2015-04-11 12:34 - 2015-03-27 22:45 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2016-06-18 16:21 - 2016-06-15 04:15 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll 2016-06-18 16:21 - 2016-06-15 04:15 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation [63] AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation [63] AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2016-05-21 00:17 - 00001019 ____A C:\Windows\system32\Drivers\etc\hosts 0.0.0.0 pubads.g.doubleclick.net 0.0.0.0 securepubads.g.doubleclick.net 0.0.0.0 www.googletagservices.com 0.0.0.0 gads.pubmatic.com 0.0.0.0 ads.pubmatic.com 0.0.0.0 spclient.wg.spotify.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3462628204-2175220548-686733109-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Connell\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^Users^Connell^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: Spotify => "C:\Users\Connell\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Connell\AppData\Roaming\Spotify\SpotifyWebHelper.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{DA38E8D6-CF8D-4702-90E8-31D3C617A789}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{B288F5A6-F345-4A5A-8BCE-88785C5D325D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{EDCB319F-0BFA-4AB5-A485-4E8C54729D78}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{9822A39C-F817-49B7-B3AA-13BB93EEA7CE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{B5B32267-715D-41FB-8F9C-07EEBD3B753A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{F27EF451-CCEE-4273-9D68-E92073FEDD55}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{DBB4A172-7F23-4200-BEF7-D3F7ED2978FC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{2418F017-3085-4AF6-BC97-BF889CBBB1EA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{5C7F2F81-E4EF-4B9B-BC2A-F2E9EE67274E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{7566B47E-7EB3-42BD-90DE-90C907C6F741}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe FirewallRules: [{68C4B628-E38B-4DE5-BC19-9155CEDAD424}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe FirewallRules: [{B3B7B59A-8151-49B6-9C68-1C91F9425DE8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Binding Of Isaac\Isaac.exe FirewallRules: [{9A2F713C-5D9C-4A75-9EC7-ABE598A97ADD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Binding Of Isaac\Isaac.exe FirewallRules: [{1A585DE8-6B64-4E08-9144-A370E7D5CAB4}] => (Allow) C:\Users\Connell\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{8EC17148-63EA-4088-80AD-BDF1F4956001}] => (Allow) C:\Users\Connell\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [TCP Query User{C503CD3A-C311-49A5-9AF5-9B78A9113D10}C:\users\connell\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\connell\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{1014A946-9336-4DFA-9B0F-F50FD98A2A79}C:\users\connell\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\connell\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{822AD24A-3D7D-4A78-BDE3-C6864D578CFE}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe FirewallRules: [UDP Query User{A10E3EF9-7D96-4A58-B796-C13ED2CD124D}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe FirewallRules: [{FA9B9903-0CFA-47AC-891F-6AF63EDD28ED}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe FirewallRules: [{911FC725-79CA-494B-916D-AC0E82F63A08}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe FirewallRules: [TCP Query User{E0F2606C-710D-43B9-95D9-3EF0F740C55B}C:\users\connell\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\connell\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{C1B1D582-2805-4131-899F-B6D6C1BD3724}C:\users\connell\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\connell\appdata\roaming\spotify\spotify.exe FirewallRules: [{F971ED3F-828C-4075-ADAB-2E3E028CFD7D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{4961EE55-1CB6-45C0-BC06-B07D52908FDA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{99200F14-6421-49FF-ADF9-AE37D736D634}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe FirewallRules: [{3E24DE2F-3FDF-4D65-8699-52DE675D6DE5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe FirewallRules: [{9143D219-C571-4419-93D7-DDC8EAF79420}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bioshock\Builds\Release\Bioshock.exe FirewallRules: [{F649E9AC-E628-49CA-9B32-56DF03EA4A3B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bioshock\Builds\Release\Bioshock.exe FirewallRules: [{397EFBFC-22CD-4DCA-BE71-97342FCBFF7B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock 2\SP\Builds\Binaries\Bioshock2Launcher.exe FirewallRules: [{70D9EFDF-4037-4B8A-A0F1-FA85569D0F5D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock 2\SP\Builds\Binaries\Bioshock2Launcher.exe FirewallRules: [{E53F3298-38CF-4CF6-AF8D-CEB2402ACE08}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock 2\MP\Builds\Binaries\Bioshock2Launcher.exe FirewallRules: [{3B0E0A43-A444-4A9B-94C7-C65A1B30EB1D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock 2\MP\Builds\Binaries\Bioshock2Launcher.exe FirewallRules: [{26993953-8EC3-4827-B668-25BC645DF6E0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands\Binaries\Borderlands.exe FirewallRules: [{2DEC0395-6E0A-4475-B685-0C41D5968678}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands\Binaries\Borderlands.exe FirewallRules: [{5759A086-36C5-4E04-AC81-3C0549322FAC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe FirewallRules: [{1FC76D11-08EC-444D-B68E-6339279C1447}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe FirewallRules: [TCP Query User{9E05A0E4-85FD-49C5-B683-72569836FE7E}C:\program files (x86)\dsdcs\ds4tool\ds4tool.exe] => (Allow) C:\program files (x86)\dsdcs\ds4tool\ds4tool.exe FirewallRules: [UDP Query User{13DEAB03-E9A0-476E-864E-763EB96D75DD}C:\program files (x86)\dsdcs\ds4tool\ds4tool.exe] => (Allow) C:\program files (x86)\dsdcs\ds4tool\ds4tool.exe FirewallRules: [{AA206736-7B00-4D06-BF07-7D0ACDC641C1}] => (Allow) D:\RouterSetup\QISWizard.exe FirewallRules: [{DE9E6FE8-6DDB-44B3-9F4E-BCD092E2E896}] => (Allow) D:\RouterSetup\QISWizard.exe FirewallRules: [{1EF06C8A-7D49-4A21-BD7B-B799FC959945}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Crash Time II\BurningWheels.exe FirewallRules: [{8256509E-B95C-452F-A5E3-95B7A2E4783F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Crash Time II\BurningWheels.exe FirewallRules: [{87D1289C-6035-405B-9811-44B05E30914A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RaceTheSun\RaceTheSun.exe FirewallRules: [{10152DB8-1D73-40A5-BB75-D567B377463B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RaceTheSun\RaceTheSun.exe FirewallRules: [{DCE5AD3B-9077-4D80-A6C5-6CE0948B01F6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY The Heist\payday_win32_release.exe FirewallRules: [{B28F2A1D-A2F0-49C7-98D2-B1538D042EB0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY The Heist\payday_win32_release.exe FirewallRules: [{401F5FB0-3CA0-4896-BD7F-3A54509A51F4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{A57A9E6D-A09F-4E6E-8D4C-CA583FCB6AE7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty World at War\CoDWaW.exe FirewallRules: [{6873FA36-3AF4-48A9-BF7A-E817E1FA6FE9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty World at War\CoDWaW.exe FirewallRules: [{2DC76630-8811-410E-8BB4-CEEB2B9819CD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty World at War\CoDWaWmp.exe FirewallRules: [{28648D93-F59A-4267-BBAD-2B9A90E51578}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty World at War\CoDWaWmp.exe FirewallRules: [{1DC656EA-0E91-457E-8E98-3CB369E63D39}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{9E3CE783-FA67-4D59-9D19-6BB1198F29CA}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{E58B98D2-4953-4F0D-A4D1-36DEA7AFD4C8}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{8F67A79D-1983-4BA0-87B4-8445423DE972}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{05B1767F-0C9E-40A5-A23A-2D36615C59FA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe FirewallRules: [{75E43D68-0CC9-46DC-A971-D0635E0CA8E4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe FirewallRules: [{7802756D-469A-438B-BB61-D0E6A269B1E5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Metro 2033\metro2033.exe FirewallRules: [{00FF530E-9827-4F40-B6DB-28B79F786EA1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Metro 2033\metro2033.exe FirewallRules: [TCP Query User{989366AF-4887-468F-A13F-27DDF65BCB95}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{E206568E-7EA8-4861-9CBA-53B33C116215}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [TCP Query User{C503F79C-AD27-4F77-BC98-2FB18F9D9CF2}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{07979529-45B3-4C5E-9C0C-DDB169DE5FF5}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [{E13E22A0-E8F2-4D11-BD3F-7DBC2B85AB75}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Just Cause\JustCause.exe FirewallRules: [{6D01B396-DCDE-4878-8B7D-01D013E8C5B8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Just Cause\JustCause.exe FirewallRules: [{F175529B-4187-4338-9248-88126DD40050}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Just Cause\JCSetup.exe FirewallRules: [{D2F070E2-BCFA-49A4-90C9-62D1010662CE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Just Cause\JCSetup.exe FirewallRules: [{33389AAC-C64D-4787-B856-356ABB02346F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Just Cause 2\JustCause2.exe FirewallRules: [{E8104FBB-1A91-46DD-B00B-2096210E277B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Just Cause 2\JustCause2.exe FirewallRules: [{916CA019-4E68-4175-9C3D-454F126FD86A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{DF0D5935-EB0F-4D70-9F58-CF073100BB27}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{CF343B15-678C-4985-85CD-507E769FF9CB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{4627C0BD-B1AE-44EB-9507-7AF1D94C701B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{09C7426A-BDD9-44BB-B3CA-0A34A1FE1B64}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [{3931894C-7C2D-4350-BE89-DD09E005074C}] => (Allow) C:\Users\Connell\AppData\Local\Temp\nsd2BC9.tmp\CnetInstaller-75337986.exe FirewallRules: [{DE998420-D7BB-478B-AB0D-69852DB7CE70}] => (Allow) C:\Users\Connell\AppData\Local\Temp\nsd2BC9.tmp\CnetInstaller-75337986.exe FirewallRules: [{622B5D74-BBB3-4AED-8724-5F4C2550923D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Black Ops\BlackOpsMP.exe FirewallRules: [{78E54645-9C95-4296-8E00-E0E7DDC73F13}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Black Ops\BlackOpsMP.exe FirewallRules: [{1E2B4075-7E51-4ECC-8649-1266EAC99D44}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Black Ops\BlackOps.exe FirewallRules: [{C13BA585-3636-48B5-9350-5AEE5D6E1866}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Black Ops\BlackOps.exe FirewallRules: [{FB4D899D-41D7-4E0A-B139-470963D6D1F8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{2E8BD465-1C82-406F-B2B4-52820F545CBA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{3E765821-FF82-4AC9-B506-55A71E3E0AF1}] => (Allow) C:\Program Files (x86)\Isoplex\Isoplex.exe FirewallRules: [{1AA21B0D-CB3C-4C44-9CBE-BB7DB7442F64}] => (Allow) C:\Program Files (x86)\Isoplex\Isoplex.exe FirewallRules: [{5909D34A-6914-4702-AE0A-6CAB057B324E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Racer 8\Racer8.exe FirewallRules: [{FB2170E4-E22F-48D3-ACD9-5B0C21E7B854}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Racer 8\Racer8.exe FirewallRules: [{7D3E41B9-52B7-4AC9-84EE-08795F36569E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Canyon Capers\CanyonCapers.exe FirewallRules: [{7A28065C-5931-440A-90FE-2E184D2DB216}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Canyon Capers\CanyonCapers.exe FirewallRules: [{E10B8A30-4E1B-4DBA-874F-40CB3D4AFB82}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite Nazi Zombie Army 2\bin\NZA2.exe FirewallRules: [{222BE021-0FD1-4EDF-8C62-68FFBA11BA36}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite Nazi Zombie Army 2\bin\NZA2.exe FirewallRules: [{A225856B-26CD-426A-BEC7-8D8D67A0E918}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe FirewallRules: [{264725EB-3E68-417A-891F-F59B28D98661}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe FirewallRules: [{497DFB50-ACE7-430C-8275-45A781462A6E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe FirewallRules: [{C51E1C5E-C12F-48C2-9B61-637932945C9B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe FirewallRules: [TCP Query User{745CA023-D195-48BB-B07F-1FE743F3AAE3}C:\users\connell\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\connell\appdata\local\google\chrome\application\chrome.exe FirewallRules: [UDP Query User{B98FF422-B68F-4E25-86B8-726AC1BD656C}C:\users\connell\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\connell\appdata\local\google\chrome\application\chrome.exe FirewallRules: [TCP Query User{95ED4F95-E045-48C7-9818-B00C3AD3C6E2}C:\users\connell\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\connell\appdata\local\google\chrome\application\chrome.exe FirewallRules: [UDP Query User{3EB31DAB-522D-4BD2-9582-2A8200FF0EA1}C:\users\connell\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\connell\appdata\local\google\chrome\application\chrome.exe FirewallRules: [TCP Query User{78C3627E-9651-481A-9936-B683E8B65464}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe FirewallRules: [UDP Query User{81CD46D1-9ADD-43A7-97DA-64D9570A8BF7}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe FirewallRules: [TCP Query User{5A5D4654-F2BB-436D-984F-E65159CB2A4D}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe FirewallRules: [UDP Query User{3A1AE821-4F63-4DBF-B571-2EB8F1252B2E}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe FirewallRules: [{64A1241C-6E72-45B9-9C3D-A62509E687CF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Chess\Chess.exe FirewallRules: [{B82C31CC-9A4A-4317-B111-4ABB415A9F08}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Chess\Chess.exe FirewallRules: [{0EBA18E6-EBAF-40E7-AA76-7E8EF3E055DA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cry of Fear\CoFLaunchApp.exe FirewallRules: [{8B421FC0-B0F1-489A-94EC-9BF07F225D93}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cry of Fear\CoFLaunchApp.exe FirewallRules: [TCP Query User{262BE0E5-C3A4-4119-8BC2-1F393555432D}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe FirewallRules: [UDP Query User{EA545A1E-BBC4-44DD-BBA0-A8E614BD96F6}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe FirewallRules: [{100B6A78-1994-4A9B-B1C9-5378C571B1EC}] => (Allow) C:\Windows\explorer.exe FirewallRules: [{9BFCD5FF-B020-4235-84AC-AD4C4E86155E}] => (Allow) C:\Windows\system32\rundll32.exe FirewallRules: [{908714A8-67DB-4FA8-858D-ED61BF9F9010}] => (Allow) C:\Windows\SysWOW64\rundll32.exe FirewallRules: [{6CC9702F-CB0B-4A80-AB60-DC32518B5BC4}] => (Allow) C:\Windows\SysWOW64\rundll32.exe FirewallRules: [{3A8F07B5-DA4E-4D93-B67C-ADD9F70E7778}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Duck Game\DuckGame.exe FirewallRules: [{A60DF1C7-0D87-478A-AC7D-5BA284D3672F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Duck Game\DuckGame.exe FirewallRules: [{1595350D-03C8-40B9-AEA0-3B48301B1242}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩敷畢敳睜湩敷畢敳攮數 FirewallRules: [{EE2E7BC6-3850-4757-8CC3-4A4A7C5621F6}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩敷畢敳睜湩敷畢敳⹟硥e FirewallRules: [{E8F3DC98-64AA-4FCE-9501-A5A5F1DC67F9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mitos.is The Game\Mitosis.exe FirewallRules: [{9123BBD7-9EC3-40C0-976C-DAFD9F179DFA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mitos.is The Game\Mitosis.exe FirewallRules: [TCP Query User{2CE70EBE-7CD4-4B16-95E7-FCA52A123AB4}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\javaw.exe FirewallRules: [UDP Query User{33407C7F-A238-4788-86F2-58715DF4995A}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\javaw.exe FirewallRules: [TCP Query User{0E8FE513-2CFF-4064-9A9E-A5DB74F4003B}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\javaw.exe FirewallRules: [UDP Query User{2C031B8D-989C-44F4-90D4-AF9664E8FC90}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\javaw.exe FirewallRules: [{E72CF3FB-19F4-4061-B438-01BA85C75FAA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{02F9B5A5-7A81-40C2-9122-196F93B7C986}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{CCD8DDA2-1F37-4AD6-BA18-C4D0FDF03A23}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{02E0149A-2CC8-4139-AD49-DC2F7E42D9D2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe FirewallRules: [{23A826FA-CB27-4DA4-A3CF-7384F91811D9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe FirewallRules: [{4A24FFDC-0F52-4AE9-9240-556B6BCF9CF0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Urban Trial Freestyle\UrbanTrialFreestyle.exe FirewallRules: [{E4351C2C-5FF3-44FB-A9C7-DB8D979E422D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Urban Trial Freestyle\UrbanTrialFreestyle.exe FirewallRules: [{56BCEFE1-38C1-404D-97A6-5E11338691AB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Limbo\limbo.exe FirewallRules: [{45E67988-1D53-4BB1-979D-7ED14E3D0081}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Limbo\limbo.exe FirewallRules: [{DBD15F69-B23E-4E69-BE15-4B96CCBA753D}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe FirewallRules: [{776DBFF3-C482-4101-AE6E-0FB92E12790A}] => (Allow) C:\Windows\SysWOW64\rundll32.exe FirewallRules: [{582C442C-73A5-487D-B2E1-EC3191CF1066}] => (Allow) C:\Windows\SysWOW64\rundll32.exe ==================== Restore Points ========================= ATTENTION: System Restore is disabled ==================== Faulty Device Manager Devices ============= Name: PCI Device Description: PCI Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (07/30/2016 04:12:26 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: ) Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code: 0x80040154 Error: (07/30/2016 03:49:39 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 124629 Error: (07/30/2016 03:49:39 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 124629 Error: (07/30/2016 03:49:36 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/30/2016 03:49:36 PM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: NvStreamSvcFailed continue stopping. [0] Error: (07/30/2016 03:10:38 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: ) Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code: 0x80040154 Error: (07/30/2016 02:10:38 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: ) Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code: 0x80040154 Error: (07/30/2016 01:10:38 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: ) Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code: 0x80040154 Error: (07/30/2016 12:34:54 PM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: NvStreamSvcFailed continue stopping. [0] Error: (07/29/2016 11:33:35 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: ) Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code: 0x80040154 System errors: ============= Error: (07/30/2016 04:36:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The TrustedInstaller service failed to start due to the following error: %%2 = The system cannot find the file specified. Error: (07/30/2016 04:36:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The TrustedInstaller service failed to start due to the following error: %%2 = The system cannot find the file specified. Error: (07/30/2016 04:36:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The TrustedInstaller service failed to start due to the following error: %%2 = The system cannot find the file specified. Error: (07/30/2016 04:36:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The TrustedInstaller service failed to start due to the following error: %%2 = The system cannot find the file specified. Error: (07/30/2016 04:36:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The TrustedInstaller service failed to start due to the following error: %%2 = The system cannot find the file specified. Error: (07/30/2016 04:36:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The TrustedInstaller service failed to start due to the following error: %%2 = The system cannot find the file specified. Error: (07/30/2016 04:36:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The TrustedInstaller service failed to start due to the following error: %%2 = The system cannot find the file specified. Error: (07/30/2016 04:36:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The TrustedInstaller service failed to start due to the following error: %%2 = The system cannot find the file specified. Error: (07/30/2016 04:36:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The TrustedInstaller service failed to start due to the following error: %%2 = The system cannot find the file specified. Error: (07/30/2016 04:36:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The TrustedInstaller service failed to start due to the following error: %%2 = The system cannot find the file specified. CodeIntegrity: =================================== Date: 2015-04-23 18:49:22.458 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-23 18:49:22.404 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-21 19:46:07.652 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-21 19:46:07.572 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-20 21:11:08.740 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-20 21:11:08.677 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-20 21:09:32.739 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-20 21:09:32.672 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-16 20:48:38.905 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-16 20:48:38.849 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz Percentage of memory in use: 34% Total physical RAM: 11426.75 MB Available physical RAM: 7457.82 MB Total Virtual: 22851.71 MB Available Virtual: 18335.8 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:687.61 GB) (Free:356.08 GB) NTFS Drive e: (Sims3) (CDROM) (Total:5.56 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: E0305439) Partition 1: (Not Active) - (Size=10.9 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=27) Partition 3: (Not Active) - (Size=687.6 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  12. Malwarebytes got nothing, however notifications continue to come up saying "malicious website blocked" domain is l.mediaadserver.org and the port varies with each block. Log from scan is: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 7/30/2016 Scan Time: 4:07 PM Logfile: Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.07.30.13 Rootkit Database: v2016.05.27.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Connell Scan Type: Threat Scan Result: Completed Objects Scanned: 311100 Time Elapsed: 22 min, 35 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  13. I am currently scanning but I will post the rkill log because that is done. The registry backup is also done (but obviously no log is required). Rkill 2.8.4 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2016 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 07/30/2016 03:55:31 PM in x64 mode. Windows Version: Windows 7 Ultimate Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Windows Defender Disabled [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware" = dword:00000001 * Reparse Point/Junctions Found (Most likely legitimate)! * C:\Windows\AppPatch\spbin => C:\PROGRA~2\SearchProtect\SearchProtect\bin [Dir] Checking Windows Service Integrity: * Security Center (wscsvc) is not Running. Startup Type set to: Disabled * WinDefend [Missing Service] Searching for Missing Digital Signatures: * C:\Windows\System32\user32.dll : 1,008,640 : 04/25/2015 08:35 PM : 2c353b6ce0c8d03225caa2af33b68d79 [NoSig] +-> C:\Windows\SysWOW64\user32.dll : 833,024 : 04/25/2015 08:35 PM : 861c4346f9281dc0380de72c8d55d6be [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll : 1,008,128 : 11/20/2010 08:27 AM : fe70103391a64039a921dbfff9c7ab1b [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll : 833,024 : 11/20/2010 07:08 AM : 5e0db2d8b2750543cd2ebb9ea8e6cdd3 [Pos Repl] Checking HOSTS File: * HOSTS file entries found: 0.0.0.0 pubads.g.doubleclick.net 0.0.0.0 securepubads.g.doubleclick.net 0.0.0.0 www.googletagservices.com 0.0.0.0 gads.pubmatic.com 0.0.0.0 ads.pubmatic.com 0.0.0.0 spclient.wg.spotify.com Program finished at: 07/30/2016 03:56:42 PM Execution time: 0 hours(s), 1 minute(s), and 10 seconds(s)
  14. A site named l.mediaaserver.org continues to be blocked by Malwarebytes, and it is a site which I believe has been causing me problems anyway. However, the notifications that it has been blocked are getting annoying and I would like to block or remove it from my computer completely. I was wondering how to do this or what I should do in this situation.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.