0Lambda0

Members

View Profile See their activity

Posts
2
Joined
October 4, 2016
Last visited
March 5, 2020

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by 0Lambda0

CMD window randomly pops up, not sure if malware or something else.

0Lambda0 replied to 0Lambda0's topic in Resolved Malware Removal Logs

Thanks for the reply, here are the logs. Rkill logs: Rkill 2.8.4 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2016 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 10/04/2016 03:28:09 PM in x64 mode. Windows Version: Windows 7 Professional Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * C:\Users\Finn\AppData\Local\Apps\2.0\M9VY3J50.0TX\Y3GTM0BZ.8V1\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe (PID: 3904) [UP-HEUR] 1 proccess terminated! Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Windows Defender Disabled [HKLM\SOFTWARE\Policies\Microsoft\Windows Defender] "DisableAntiSpyware" = dword:00000001 Checking Windows Service Integrity: * Windows Defender (WinDefend) is not Running. Startup Type set to: Manual * TBS [Missing Service] Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com 127.0.0.1 union.baidu2019.com 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 20 out of 15590 HOSTS entries shown. Please review HOSTS file for further entries. Program finished at: 10/04/2016 03:28:33 PM Execution time: 0 hours(s), 0 minute(s), and 23 seconds(s) Malwarebytes log: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 04/10/2016 Scan Time: 15:31 Logfile: Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.10.04.08 Rootkit Database: v2016.09.26.02 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Finn Scan Type: Threat Scan Result: Completed Objects Scanned: 301419 Time Elapsed: 17 min, 17 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) FRST log: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-10-2016 Ran by Finn (administrator) on THE-AUCHINDOUN (04-10-2016 15:54:38) Running from C:\Users\Finn\Desktop Loaded Profiles: Finn (Available Profiles: Finn) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Spotify Ltd) C:\Users\Finn\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe (MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe (Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe (Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe (Raptr Inc.) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_ep64.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Hammer & Chisel, Inc.) C:\Users\Finn\AppData\Local\Discord\app-0.0.296\Discord.exe (Hammer & Chisel, Inc.) C:\Users\Finn\AppData\Local\Discord\app-0.0.296\Discord.exe (Hammer & Chisel, Inc.) C:\Users\Finn\AppData\Local\Discord\app-0.0.296\Discord.exe (Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.5200\Agent.exe (Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.7963\Battle.net.exe () C:\Program Files (x86)\Battle.net\Battle.net.7963\Battle.net Helper.exe () C:\Program Files (x86)\Battle.net\Battle.net.7963\Battle.net Helper.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-27] (Realtek Semiconductor) HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [6625672 2016-08-11] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation) HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [506864 2013-03-08] (MSI) HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe [14885552 2016-03-23] (Corsair Components, Inc.) HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58640 2016-07-21] (Raptr, Inc) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2858272 2016-09-20] (Valve Corporation) HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29635712 2016-09-12] (Skype Technologies S.A.) HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\Run: [Spotify Web Helper] => C:\Users\Finn\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1529456 2016-09-20] (Spotify Ltd) HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\Run: [FF1C3ZG5AE] => "C:\Program Files (x86)\DPower\4Q1XU0G7PD.exe" HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [5915776 2016-03-21] (Safer-Networking Ltd.) HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\MountPoints2: {40794351-317e-11e6-8456-806e6f6e6963} - F:\RunGame.exe Startup: C:\Users\Finn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2016-08-28] () BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254 Tcpip\..\Interfaces\{EEDACE59-D718-4345-BD09-32191C1F1A21}: [DhcpNameServer] 192.168.1.254 192.168.1.254 Internet Explorer: ================== BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-08-30] (Oracle Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-06-15] (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-30] (Oracle Corporation) BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-06-15] (Google Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-06-15] (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-06-15] (Google Inc.) Toolbar: HKU\S-1-5-21-1386840482-3784922888-1212510007-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-06-15] (Google Inc.) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) FireFox: ======== FF DefaultProfile: dny3nftj.default FF ProfilePath: C:\Users\Finn\AppData\Roaming\Mozilla\Firefox\Profiles\dny3nftj.default [2016-10-04] FF Extension: (Adblock Plus) - C:\Users\Finn\AppData\Roaming\Mozilla\Firefox\Profiles\dny3nftj.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-09-25] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-24] () FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-30] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-30] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-24] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=G9Ozftpbl0cshmoBU,c013be2e-deda-4c01-8a2c-6d1b203a5219, CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shdefault1&prd=smw&pid=s&shr=d&q={searchTerms}&s=G9Ozftpbl0cshmoBU,c013be2e-deda-4c01-8a2c-6d1b203a5219, CHR DefaultSearchKeyword: Default -> www-searching.com CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms} CHR Profile: C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default [2016-09-26] CHR Extension: (Chrome Web Store Payments) - C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-29] CHR Extension: (Chrome Media Router) - C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-22] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-05-04] (Advanced Micro Devices, Inc.) [File not signed] S2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [137584 2014-09-19] () S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1409032 2016-08-09] () U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-09-23] (Hi-Rez Studios) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [161264 2013-02-20] (MSI) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2141192 2016-09-28] (Electronic Arts) S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2206224 2016-09-28] (Electronic Arts) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2011-11-13] (Advanced Micro Devices) R2 AODDriver4.3.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [60104 2014-09-19] (Advanced Micro Devices) R3 CorsairVBusDriver; C:\Windows\System32\DRIVERS\CorsairVBusDriver.sys [47840 2016-01-20] (Corsair) R3 CorsairVHidDriver; C:\Windows\System32\DRIVERS\CorsairVHidDriver.sys [21728 2016-01-20] (Corsair) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-09-26] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-10-04] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation) R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI) R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation) R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation) S3 MSICDSetup; \??\F:\CDriver64.sys [X] S3 NTIOLib_1_0_C; \??\F:\NTIOLib_X64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-10-04 15:54 - 2016-10-04 15:54 - 00014503 _____ C:\Users\Finn\Desktop\FRST.txt 2016-10-04 15:54 - 2016-10-04 15:54 - 00000000 ____D C:\FRST 2016-10-04 15:53 - 2016-10-04 15:53 - 02404864 _____ (Farbar) C:\Users\Finn\Desktop\FRST64.exe 2016-10-04 15:28 - 2016-10-04 15:28 - 00004034 _____ C:\Users\Finn\Desktop\Rkill.txt 2016-10-04 15:27 - 2016-10-04 15:27 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Finn\Desktop\rkill.exe 2016-10-04 03:04 - 2016-10-04 03:04 - 03516080 _____ (Enigma Software Group USA, LLC.) C:\Users\Finn\Downloads\SpyHunter-Installer(1).exe 2016-10-03 14:40 - 2016-10-03 14:41 - 00406114 _____ C:\TDSSKiller.3.1.0.11_03.10.2016_14.40.04_log.txt 2016-10-03 14:39 - 2016-10-03 14:39 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Finn\Downloads\tdsskiller.exe 2016-10-03 13:55 - 2016-10-03 13:55 - 00000000 ____D C:\Users\Finn\Documents\Keysticks 2016-10-03 13:55 - 2016-10-03 13:55 - 00000000 ____D C:\Users\Finn\AppData\Local\Keysticks.net 2016-10-03 13:55 - 2016-10-03 13:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Keysticks 2016-10-03 13:55 - 2016-10-03 13:55 - 00000000 ____D C:\ProgramData\Keysticks.net 2016-10-03 13:55 - 2016-10-03 13:55 - 00000000 ____D C:\Program Files (x86)\Keysticks.net 2016-10-03 13:53 - 2016-10-03 13:54 - 10553493 _____ (T C Brogden Ltd) C:\Users\Finn\Downloads\KeysticksSetup-1.9.0.0.exe 2016-10-03 13:31 - 2016-10-03 13:32 - 00000000 ____D C:\Users\Finn\AppData\Local\NFS Underground 2 2016-10-03 13:30 - 2016-10-03 13:30 - 00000000 ____D C:\Users\Finn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2016-10-03 13:28 - 2016-10-03 13:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES 2016-10-03 13:00 - 2016-10-03 13:00 - 00000000 ____D C:\Program Files (x86)\EA GAMES 2016-10-02 14:01 - 2016-10-02 14:01 - 00003276 _____ C:\Windows\System32\Tasks\{8B27754E-05DC-4466-BBEE-9C9D796416DB} 2016-09-29 21:39 - 2016-09-29 21:39 - 00000000 ____D C:\Users\Finn\AppData\Local\HirezLauncherUI 2016-09-29 21:36 - 2016-09-29 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios 2016-09-28 22:16 - 2016-09-28 22:16 - 00000911 _____ C:\Users\Finn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\osu!.lnk 2016-09-28 21:45 - 2016-09-28 22:16 - 00000000 ____D C:\Users\Finn\AppData\Local\osu! 2016-09-28 21:44 - 2016-09-28 21:44 - 04513336 _____ (ppy) C:\Users\Finn\Downloads\osu!install.exe 2016-09-27 11:51 - 2016-09-27 11:51 - 00000166 _____ C:\Windows\wininit.ini 2016-09-26 22:17 - 2016-09-24 11:34 - 00001006 _____ C:\Windows\system32\Drivers\etc\hosts.20160926-221740.backup 2016-09-26 22:09 - 2016-09-26 22:09 - 00000000 ____D C:\Program Files\Common Files\AV 2016-09-26 17:55 - 2016-09-26 17:55 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking 2016-09-26 17:52 - 2016-09-26 22:14 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2016-09-26 17:52 - 2016-09-26 22:09 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2016-09-26 17:52 - 2016-09-26 17:52 - 00001395 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2016-09-26 17:52 - 2016-09-26 17:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2016-09-26 17:52 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe 2016-09-26 17:46 - 2016-09-26 17:50 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Finn\Downloads\spybot-2.4.exe 2016-09-26 17:31 - 2016-09-26 17:31 - 00004092 _____ C:\Windows\system32\.crusader 2016-09-26 17:27 - 2016-09-26 17:31 - 00000000 ____D C:\ProgramData\HitmanPro 2016-09-26 17:27 - 2016-09-26 17:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2016-09-26 17:27 - 2016-09-26 17:27 - 00000000 ____D C:\Program Files\HitmanPro 2016-09-26 17:04 - 2016-09-26 17:24 - 11579432 _____ (SurfRight B.V.) C:\Users\Finn\Downloads\HitmanPro_x64.exe 2016-09-26 16:17 - 2016-09-26 16:17 - 00000000 _____ C:\autoexec.bat 2016-09-26 16:11 - 2016-09-26 16:11 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys 2016-09-26 16:10 - 2016-09-26 16:10 - 03516080 _____ (Enigma Software Group USA, LLC.) C:\Users\Finn\Downloads\SpyHunter-Installer.exe 2016-09-24 12:18 - 2016-09-24 12:18 - 00000000 ____D C:\Users\Finn\AppData\Local\Macromedia 2016-09-24 12:17 - 2016-10-04 15:55 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-09-24 12:17 - 2016-09-24 12:17 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-09-24 12:17 - 2016-09-24 12:17 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-09-24 12:17 - 2016-09-24 12:17 - 00000000 ____D C:\Windows\system32\Macromed 2016-09-24 12:14 - 2016-09-24 12:17 - 00000000 ____D C:\Users\Finn\AppData\Local\Adobe 2016-09-24 12:10 - 2016-09-24 12:17 - 00000000 ____D C:\Users\Finn\AppData\Local\Mozilla 2016-09-24 12:10 - 2016-09-24 12:11 - 00000000 ____D C:\Users\Finn\AppData\Roaming\Mozilla 2016-09-24 12:10 - 2016-09-24 12:10 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-09-24 12:10 - 2016-09-24 12:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-09-24 12:10 - 2016-09-24 12:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-09-24 11:57 - 2016-09-24 11:57 - 00000218 _____ C:\Users\Finn\AppData\Local\recently-used.xbel 2016-09-24 11:52 - 2016-09-24 11:52 - 07175680 _____ C:\Users\Finn\AppData\Roaming\agent.dat 2016-09-24 11:52 - 2016-09-24 11:52 - 00018432 _____ C:\Users\Finn\AppData\Roaming\Main.dat 2016-09-24 11:51 - 2016-09-24 11:51 - 00140288 _____ C:\Users\Finn\AppData\Roaming\Installer.dat 2016-09-24 11:45 - 2016-09-24 11:45 - 00000000 ____D C:\Program Files (x86)\Jozerentnibas_ 2016-09-24 11:41 - 2016-09-24 12:02 - 00000000 ____D C:\Program Files (x86)\DPower 2016-09-24 11:41 - 2016-09-24 11:48 - 00000000 ____D C:\Program Files (x86)\mpck 2016-09-24 11:39 - 2016-10-04 15:31 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-09-24 11:39 - 2016-09-24 11:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-09-24 11:39 - 2016-09-24 11:39 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-09-24 11:39 - 2016-09-24 11:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-09-24 11:39 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-09-24 11:39 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-09-24 11:39 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-09-24 11:37 - 2016-09-24 11:37 - 00000000 _____ C:\TOSTACK 2016-09-24 11:34 - 2016-09-24 11:34 - 00002560 _____ C:\Users\Finn\AppData\Local\uninstallro.exe 2016-09-24 11:33 - 2016-09-24 11:38 - 22851472 _____ (Malwarebytes ) C:\Users\Finn\Downloads\mbam-setup-2.2.1.1043.exe 2016-09-24 11:23 - 2016-10-04 15:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO 2016-09-24 11:23 - 2016-10-04 15:23 - 00000000 ____D C:\Program Files (x86)\MagicISO 2016-09-24 11:22 - 2016-09-24 11:22 - 03067400 _____ C:\Users\Finn\Downloads\Setup_MagicISO.exe 2016-09-24 11:15 - 2016-09-24 11:57 - 00000000 ____D C:\Users\Finn\AppData\Roaming\deluge 2016-09-24 11:15 - 2016-09-24 11:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge 2016-09-24 11:15 - 2016-09-24 11:15 - 00000000 ____D C:\Program Files (x86)\Deluge 2016-09-24 11:13 - 2016-09-24 11:15 - 15955676 _____ (Deluge Team) C:\Users\Finn\Downloads\deluge-1.3.13-win32-py2.7-0.exe 2016-09-22 14:45 - 2016-09-22 14:45 - 01048576 ____H C:\Windows\system32\BITC48F.tmp 2016-09-22 14:45 - 2016-09-22 14:45 - 01048576 ____H C:\Windows\system32\BITA338.tmp 2016-09-22 10:59 - 2016-09-22 10:59 - 01378550 _____ (Igor Pavlov) C:\Users\Finn\Downloads\7z1602-x64 (1).exe 2016-09-22 10:57 - 2016-09-22 10:57 - 00821384 _____ C:\Users\Finn\Downloads\the_filthy_frank_pack_fixed_.rar 2016-09-22 10:39 - 2016-09-22 10:40 - 03224630 _____ C:\Users\Finn\Downloads\_MagnumHUD-master.zip 2016-09-22 10:14 - 2016-09-22 10:14 - 06499805 _____ C:\Users\Finn\Downloads\Hudas Iscariote [1.5.6].zip 2016-09-20 17:28 - 2016-09-20 17:28 - 00016874 _____ C:\Users\Finn\Downloads\dealwithit.svg 2016-09-15 05:06 - 2016-09-15 05:06 - 00000000 ____D C:\Users\Finn\.QtWebEngineProcess 2016-09-15 05:06 - 2016-09-15 05:06 - 00000000 ____D C:\Users\Finn\.Origin 2016-09-11 17:04 - 2016-09-11 17:06 - 00007602 _____ C:\Users\Finn\AppData\Local\Resmon.ResmonCfg 2016-09-11 12:04 - 2016-09-11 12:04 - 00000000 ____D C:\Users\Finn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD 2016-09-11 12:04 - 2016-09-11 12:04 - 00000000 ____D C:\Users\Finn\AppData\Local\Downloaded Installations 2016-09-11 12:01 - 2016-09-11 12:03 - 31843088 _____ (Advanced Micro Devices, Inc. ) C:\Users\Finn\Downloads\aod_setup_4.3.1.0698.exe 2016-09-06 19:41 - 2016-09-06 22:22 - 00000000 ____D C:\Users\Finn\Documents\Battlefield 1 Open Beta 2016-09-06 05:55 - 2016-09-06 05:55 - 00000000 ____D C:\Users\Finn\AppData\Local\CrashRpt 2016-09-06 05:55 - 2016-09-06 05:55 - 00000000 ____D C:\Users\Finn\AppData\Local\CallofDuty4MW 2016-09-06 05:15 - 2016-09-06 05:15 - 00000000 ____D C:\Program Files (x86)\Origin Games 2016-09-06 05:13 - 2016-10-04 03:00 - 00000000 ____D C:\Users\Finn\AppData\Roaming\Origin 2016-09-06 05:13 - 2016-09-28 16:06 - 00000000 ____D C:\Users\Finn\AppData\Local\Origin 2016-09-06 05:01 - 2016-10-01 15:45 - 00000000 ____D C:\ProgramData\Origin 2016-09-06 05:01 - 2016-09-28 16:36 - 00000000 ____D C:\Program Files (x86)\Origin 2016-09-06 05:01 - 2016-09-07 20:54 - 00000000 ____D C:\ProgramData\Electronic Arts 2016-09-06 04:42 - 2016-09-06 04:49 - 31395216 _____ (Electronic Arts, Inc.) C:\Users\Finn\Downloads\OriginThinSetup.exe 2016-09-05 20:53 - 2016-09-05 20:53 - 00000000 ____D C:\Users\Finn\AppData\Local\PunkBuster 2016-09-05 20:48 - 2016-09-05 20:50 - 07633777 _____ C:\Users\Finn\Downloads\CoD4 PB.zip 2016-09-05 20:48 - 2016-09-05 20:49 - 03139984 _____ C:\Users\Finn\Downloads\servercache.dat 2016-09-05 17:14 - 2016-09-05 17:14 - 00624000 _____ C:\Users\Finn\Downloads\CoreParkingManager.zip 2016-09-05 17:13 - 2016-09-05 17:13 - 00889416 _____ (Microsoft Corporation) C:\Users\Finn\Downloads\dotNetFx40_Full_setup.exe 2016-09-04 01:43 - 2016-09-04 01:43 - 00000000 ____D C:\Users\Finn\AppData\Roaming\.mono 2016-09-04 01:43 - 2016-09-04 01:43 - 00000000 ____D C:\Users\Finn\AppData\LocalLow\Blizzard Entertainment 2016-09-04 01:43 - 2016-09-04 01:43 - 00000000 ____D C:\Users\Finn\AppData\Local\Blizzard 2016-09-04 01:43 - 2016-09-04 01:43 - 00000000 ____D C:\ProgramData\.mono ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-10-04 15:48 - 2016-06-13 18:34 - 00000000 ____D C:\Users\Finn\AppData\Local\Battle.net 2016-10-04 15:06 - 2016-06-13 17:50 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-10-04 15:03 - 2016-06-13 18:51 - 00000000 ____D C:\Users\Finn\AppData\Roaming\Raptr 2016-10-04 15:02 - 2009-07-14 05:45 - 00016880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-10-04 15:02 - 2009-07-14 05:45 - 00016880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-10-04 04:49 - 2016-09-03 17:24 - 00000000 ____D C:\Program Files (x86)\Hearthstone 2016-10-04 03:27 - 2016-06-13 18:33 - 00000000 ____D C:\Program Files (x86)\Battle.net 2016-10-04 03:08 - 2009-07-14 06:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI 2016-10-04 03:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2016-10-04 03:03 - 2016-06-14 19:21 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-10-04 03:03 - 2016-06-14 19:21 - 00000000 ____D C:\Users\Finn\AppData\Roaming\Skype 2016-10-04 03:03 - 2016-06-13 18:48 - 00000000 ____D C:\ProgramData\Skype 2016-10-04 03:02 - 2016-08-28 14:55 - 00000000 ____D C:\Users\Finn\AppData\Local\Deployment 2016-10-04 03:02 - 2016-06-13 18:15 - 00000000 ____D C:\Program Files (x86)\Steam 2016-10-04 03:02 - 2016-06-13 17:50 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-10-04 03:01 - 2016-07-01 22:52 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios 2016-10-04 03:01 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-10-04 01:59 - 2016-06-13 19:02 - 00000000 ____D C:\Users\Finn\AppData\Local\Spotify 2016-10-04 01:46 - 2016-06-13 19:01 - 00000000 ____D C:\Users\Finn\AppData\Roaming\Spotify 2016-10-03 03:59 - 2016-06-13 20:04 - 00000000 ____D C:\Users\Finn\AppData\Local\Warframe 2016-10-01 23:59 - 2016-06-25 01:54 - 00000000 ____D C:\Users\Finn\AppData\Local\CrashDumps 2016-09-30 22:42 - 2016-06-13 18:58 - 00000000 ____D C:\Program Files (x86)\Overwatch 2016-09-29 21:45 - 2016-07-01 22:52 - 00000000 ____D C:\ProgramData\Hi-Rez Studios 2016-09-29 21:44 - 2016-06-13 22:01 - 00000000 ____D C:\Users\Finn\Documents\My Games 2016-09-29 21:38 - 2016-06-13 18:23 - 00000000 ____D C:\ProgramData\Package Cache 2016-09-29 21:36 - 2016-06-13 17:48 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-09-29 20:13 - 2016-06-13 18:14 - 00000000 ____D C:\Users\Finn\AppData\Roaming\TS3Client 2016-09-26 17:32 - 2016-07-31 10:11 - 00065536 _____ C:\Windows\system32\spu_storage.bin 2016-09-24 12:17 - 2016-07-01 22:55 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-09-24 12:17 - 2016-07-01 22:55 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2016-09-24 12:10 - 2016-06-13 17:50 - 00000000 ____D C:\Program Files (x86)\Google 2016-09-24 12:10 - 2016-06-13 17:15 - 00001417 _____ C:\Users\Finn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-09-24 12:03 - 2016-07-30 18:31 - 00001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk 2016-09-24 12:03 - 2016-06-13 19:02 - 00001768 _____ C:\Users\Finn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2016-09-24 12:03 - 2016-06-13 18:14 - 00000961 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk 2016-09-24 12:03 - 2016-06-13 16:50 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk 2016-09-24 12:03 - 2016-06-13 16:50 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk 2016-09-24 12:03 - 2009-07-14 06:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk 2016-09-24 12:03 - 2009-07-14 05:57 - 00001535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2016-09-24 12:03 - 2009-07-14 05:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk 2016-09-24 12:03 - 2009-07-14 05:57 - 00001318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk 2016-09-24 12:03 - 2009-07-14 05:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk 2016-09-24 12:03 - 2009-07-14 05:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk 2016-09-24 12:03 - 2009-07-14 05:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk 2016-09-24 12:02 - 2016-08-28 14:55 - 00000000 ____D C:\Users\Finn\AppData\Local\Apps\2.0 2016-09-24 11:51 - 2016-07-31 10:24 - 00000000 ____D C:\Program Files (x86)\VulkanRT 2016-09-23 16:57 - 2016-06-13 18:14 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client 2016-09-22 17:03 - 2016-08-06 21:04 - 00000000 ____D C:\Users\Finn\AppData\Local\Ubisoft Game Launcher 2016-09-22 11:00 - 2016-06-13 18:12 - 00000000 ____D C:\Program Files\7-Zip 2016-09-17 09:50 - 2016-08-13 14:44 - 00000000 ____D C:\Users\Finn\AppData\Local\ElevatedDiagnostics 2016-09-15 05:06 - 2016-06-13 17:14 - 00000000 ____D C:\Users\Finn 2016-09-11 12:04 - 2016-06-13 18:51 - 00000000 ____D C:\Program Files (x86)\AMD 2016-09-07 19:43 - 2016-06-17 16:24 - 00000000 ____D C:\Users\Finn\AppData\Roaming\discord 2016-09-05 17:17 - 2009-07-14 06:08 - 00032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT ==================== Files in the root of some directories ======= 2016-09-24 11:52 - 2016-09-24 11:52 - 7175680 _____ () C:\Users\Finn\AppData\Roaming\agent.dat 2016-09-24 11:51 - 2016-09-24 11:51 - 0140288 _____ () C:\Users\Finn\AppData\Roaming\Installer.dat 2016-09-24 11:52 - 2016-09-24 11:52 - 0018432 _____ () C:\Users\Finn\AppData\Roaming\Main.dat 2016-09-24 11:57 - 2016-09-24 11:57 - 0000218 _____ () C:\Users\Finn\AppData\Local\recently-used.xbel 2016-09-11 17:04 - 2016-09-11 17:06 - 0007602 _____ () C:\Users\Finn\AppData\Local\Resmon.ResmonCfg 2016-09-24 11:34 - 2016-09-24 11:34 - 0002560 _____ () C:\Users\Finn\AppData\Local\uninstallro.exe Some files in TEMP: ==================== C:\Users\Finn\AppData\Local\Temp\AutoRun.exe C:\Users\Finn\AppData\Local\Temp\AutoRunGUI.dll C:\Users\Finn\AppData\Local\Temp\devcon64.exe C:\Users\Finn\AppData\Local\Temp\GLB1A2B.EXE ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-09-16 18:45 ==================== End of FRST.txt ============================ Addition Log: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-10-2016 Ran by Finn (04-10-2016 15:55:19) Running from C:\Users\Finn\Desktop Windows 7 Professional Service Pack 1 (X64) (2016-06-13 16:14:51) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1386840482-3784922888-1212510007-500 - Administrator - Disabled) Finn (S-1-5-21-1386840482-3784922888-1212510007-1000 - Administrator - Enabled) => C:\Users\Finn Guest (S-1-5-21-1386840482-3784922888-1212510007-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov) Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated) AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.) AMD OverDrive (HKLM-x32\...\{EEB605FD-C5F5-4946-90F3-D65C604A9187}) (Version: 4.3.1.0698 - Advanced Micro Devices, Inc.) ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.031 - ASUSTek Computer Inc.) Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team) Bandicam (HKLM-x32\...\Bandicam) (Version: 3.1.1.1073 - Bandisoft.com) Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - ) BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version: - ) Besiege (HKLM\...\Steam App 346010) (Version: - Spiderling Studios) BioShock Infinite (HKLM\...\Steam App 8870) (Version: - Irrational Games) Call of Duty 4: Modern Warfare (HKLM\...\Steam App 7940) (Version: - Infinity Ward) Call of Duty: Black Ops II - Multiplayer (HKLM\...\Steam App 202990) (Version: - Treyarch) Castle Crashers (HKLM\...\Steam App 204360) (Version: - The Behemoth) Catalyst Control Center Next Localization BR (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CS (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden Corsair Utility Engine (HKLM-x32\...\{46A3EEB3-8F6F-4BC4-9A53-CDE33D089D08}) (Version: 1.16.42 - Corsair) Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve) Counter-Strike: Source (HKLM\...\Steam App 240) (Version: - Valve) Curse Client (HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse) DARK SOULS III (HKLM\...\Steam App 374320) (Version: - FromSoftware, Inc.) Deluge 1.3.13 (HKLM-x32\...\Deluge) (Version: - ) Discord (HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.) Duck Game (HKLM\...\Steam App 312530) (Version: - Landon Podbielski) Garry's Mod (HKLM\...\Steam App 4000) (Version: - Facepunch Studios) Golf With Your Friends (HKLM\...\Steam App 431240) (Version: - Blacklight Interactive) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.21.99 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios) HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.280 - SurfRight B.V.) Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation) Keysticks (HKLM-x32\...\{0CA309CD-E575-4066-9DB5-EDCB331F32EF}) (Version: 1.9 - Keysticks.net) Left 4 Dead 2 (HKLM\...\Steam App 550) (Version: - Valve) Magicka (HKLM\...\Steam App 42910) (Version: - Arrowhead Game Studios) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) Mozilla Firefox 49.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 49.0.1 (x86 en-GB)) (Version: 49.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.1 - Mozilla) Need for Speed Underground 2 (HKLM-x32\...\{909F8EBC-EC7F-48FF-0085-475D818F0F31}) (Version: - ) NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation) Origin (HKLM-x32\...\Origin) (Version: 10.0.2.33129 - Electronic Arts, Inc.) osu! (HKLM-x32\...\{2e898357-fa35-4e45-95f1-6513c9177147}) (Version: latest - ppy Pty Ltd) Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment) Overwatch Test (HKLM-x32\...\Overwatch Test) (Version: - Blizzard Entertainment) PAYDAY 2 (HKLM\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.) Portal 2 (HKLM\...\Steam App 620) (Version: - Valve) PowerLine Utility (HKLM-x32\...\{1A5E91E0-20BD-423B-ABD4-7683A30D3C2F}) (Version: 2.0.1431 - TP-LINK) Raptr (HKLM-x32\...\Raptr) (Version: 5.2.3-r114633-release - Raptr, Inc) Ratz Instagib 2.0 (HKLM\...\Steam App 338170) (Version: - Lino Slahuschek) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6959 - Realtek Semiconductor Corp.) Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.23.0 - Renesas Electronics Corporation) Hidden Rocket League (HKLM\...\Steam App 252950) (Version: - Psyonix, Inc.) Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version: - Firaxis Games) Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version: - 2K Games, Inc.) Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.) SlimDX Runtime .NET 4.0 x86 (January 2012) (HKLM-x32\...\{7EBD0E43-6AC0-4CA8-9990-00E50069AD29}) (Version: 2.0.13.43 - SlimDX Group) SMITE (HKLM\...\Steam App 386360) (Version: - Hi-Rez Studios) Spotify (HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\Spotify) (Version: 1.0.38.171.g5e1cd7b2 - Spotify AB) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Super Meat Boy (HKLM\...\Steam App 40800) (Version: - Team Meat) Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.018 - MSI) Team Fortress 2 (HKLM\...\Steam App 440) (Version: - Valve) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH) Terraria (HKLM\...\Steam App 105600) (Version: - Re-Logic) Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Uplay Install 635) (Version: - Ubisoft Montreal) Uplay (HKLM-x32\...\Uplay) (Version: 21.1 - Ubisoft) Warframe (HKLM\...\Steam App 230410) (Version: - Digital Extremes) Winki (HKLM-x32\...\{81CF5153-38CF-41e2-AC3C-3D477C987D96}_is1) (Version: 3.2.131 - MSI) World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment) XSplit Gamecaster (HKLM-x32\...\{8915913F-E4AF-46C5-B4EF-3535D83BFFDE}) (Version: 2.5.1507.3018 - SplitmediaLabs) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1221140F-5FB7-4A3F-8276-8DDDABB2282A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.) Task: {6985C5EA-5AE7-4AE3-A963-31F3A9C3A91E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-13] (Google Inc.) Task: {71E74573-6867-4CB9-98FA-A5022D422995} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-08-11] (Advanced Micro Devices, Inc.) Task: {7B53E6F3-A3A6-47E0-A473-3BF791734305} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2015-05-18] () Task: {8A698CD7-98CB-4710-8EB8-FEAA3369E8AB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-24] (Adobe Systems Incorporated) Task: {96198EBA-0903-480F-9BB1-34A38B011195} - System32\Tasks\{8B27754E-05DC-4466-BBEE-9C9D796416DB} => pcalua.exe -a "D:\SteamLibrary\steamapps\common\Left 4 Dead 2\bin\addoninstaller.exe" -d "D:\SteamLibrary\steamapps\common\Left 4 Dead 2" -c /register Task: {F56D109C-3F5B-4EC2-BA85-31CE73C95467} - System32\Tasks\{6DB2B7A6-CB4B-4D7E-B8F5-56C74A5CD320} => Chrome.exe hxxp://ui.skype.com/ui/0/7.24.0.104/en/go/help.faq.installer?source=lightinstaller&LastError=1618 Task: {F976F8BF-0D1C-465C-903C-31E5467A2504} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-13] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2012-05-04 15:41 - 2012-05-04 15:41 - 00211968 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2011-11-13 14:30 - 2011-11-13 14:30 - 00676864 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll 2011-11-13 14:31 - 2011-11-13 14:31 - 03643392 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll 2015-06-25 17:34 - 2015-06-25 17:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll 2015-06-25 17:37 - 2015-06-25 17:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll 2015-06-25 17:35 - 2015-06-25 17:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll 2015-06-25 17:38 - 2015-06-25 17:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll 2015-06-25 16:53 - 2015-06-25 16:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll 2015-06-25 16:51 - 2015-06-25 16:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll 2016-09-07 19:39 - 2016-09-07 19:39 - 01484776 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7963\Battle.net Helper.exe 2016-09-26 17:52 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2016-09-26 17:52 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2016-09-26 17:52 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2016-09-26 17:52 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2016-09-26 17:52 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2016-03-21 14:49 - 2016-08-11 09:22 - 00223744 _____ () C:\Windows\SysWOW64\GameManager32.dll 2016-06-13 18:20 - 2016-09-08 04:14 - 00784672 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2016-06-13 18:20 - 2016-09-01 02:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll 2016-06-13 18:20 - 2016-09-01 02:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2016-06-13 18:20 - 2016-09-01 02:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2016-06-13 18:20 - 2016-09-20 20:28 - 02321696 _____ () C:\Program Files (x86)\Steam\video.dll 2016-06-13 18:20 - 2016-01-27 08:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2016-06-13 18:20 - 2016-01-27 08:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2016-06-13 18:20 - 2016-01-27 08:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2016-06-13 18:20 - 2016-01-27 08:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2016-06-13 18:20 - 2016-01-27 08:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2016-06-13 18:20 - 2016-09-20 20:28 - 00835360 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2016-06-13 18:20 - 2016-07-04 23:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll 2016-03-23 11:04 - 2016-03-23 11:04 - 00091136 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\LuaQtWrapperLibrary.dll 2016-03-23 11:02 - 2016-03-23 11:02 - 00200704 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\lua52.dll 2016-03-23 11:02 - 2016-03-23 11:02 - 00224256 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\quazip.dll 2016-06-13 18:20 - 2016-08-04 21:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll 2010-11-22 23:56 - 2010-11-22 23:56 - 00087040 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ctypes.pyd 2010-11-22 23:56 - 2010-11-22 23:56 - 00043008 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_socket.pyd 2010-11-22 23:56 - 2010-11-22 23:56 - 00805376 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ssl.pyd 2014-05-14 00:26 - 2014-05-14 00:26 - 05812736 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtGui.pyd 2014-05-14 00:26 - 2014-05-14 00:26 - 00067584 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sip.pyd 2014-05-14 00:26 - 2014-05-14 00:26 - 01662464 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtCore.pyd 2014-05-14 00:26 - 2014-05-14 00:26 - 00494592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtNetwork.pyd 2010-11-22 23:57 - 2010-11-22 23:57 - 00096256 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32api.pyd 2010-11-22 23:56 - 2010-11-22 23:56 - 00110592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pywintypes26.dll 2010-11-22 23:56 - 2010-11-22 23:56 - 00010240 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\select.pyd 2010-11-22 23:56 - 2010-11-22 23:56 - 00356864 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_hashlib.pyd 2010-11-22 23:57 - 2010-11-22 23:57 - 00036352 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32process.pyd 2010-11-22 23:57 - 2010-11-22 23:57 - 00111104 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32file.pyd 2010-11-22 23:56 - 2010-11-22 23:56 - 00044544 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_sqlite3.pyd 2011-02-15 19:17 - 2011-02-15 19:17 - 00417501 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sqlite3.dll 2010-11-22 23:57 - 2010-11-22 23:57 - 00167936 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32gui.pyd 2014-05-14 00:26 - 2014-05-14 00:26 - 00313856 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtWebKit.pyd 2010-11-22 23:56 - 2010-11-22 23:56 - 00127488 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pyexpat.pyd 2010-11-22 23:56 - 2010-11-22 23:56 - 00009216 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\winsound.pyd 2015-10-21 21:29 - 2015-10-21 21:29 - 00113171 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlc.dll 2015-10-21 21:29 - 2015-10-21 21:29 - 02396691 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlccore.dll 2010-11-22 23:56 - 2010-11-22 23:56 - 00583680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\unicodedata.pyd 2010-11-22 23:56 - 2010-11-22 23:56 - 00324608 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PIL._imaging.pyd 2015-06-27 00:09 - 2015-06-27 00:09 - 00271872 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\amd_ags.dll 2010-11-22 23:56 - 2010-11-22 23:56 - 00354304 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pythoncom26.dll 2010-11-22 23:57 - 2010-11-22 23:57 - 00263168 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32com.shell.shell.pyd 2010-11-22 23:57 - 2010-11-22 23:57 - 00141312 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\gobject._gobject.pyd 2016-04-19 18:08 - 2016-04-19 18:08 - 02717595 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\heliotrope._purple.pyd 2011-02-15 19:17 - 2011-02-15 19:17 - 01213633 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libxml2-2.dll 2010-11-23 00:06 - 2010-11-23 00:06 - 00055808 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\zlib1.dll 2013-05-10 00:52 - 2013-05-10 00:52 - 00495680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libaim.dll 2013-05-10 00:52 - 2013-05-10 00:52 - 01183699 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\liboscar.dll 2013-05-10 00:52 - 2013-05-10 00:52 - 00483306 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libicq.dll 2013-05-03 19:57 - 2013-05-03 19:57 - 00655356 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libirc.dll 2013-05-03 19:56 - 2013-05-03 19:56 - 01306387 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libmsn.dll 2013-05-03 19:56 - 2013-05-03 19:56 - 00565461 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libxmpp.dll 2013-05-03 19:57 - 2013-05-03 19:57 - 01640221 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libjabber.dll 2013-05-03 19:56 - 2013-05-03 19:56 - 00506276 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoo.dll 2013-05-03 19:57 - 2013-05-03 19:57 - 01053730 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libymsg.dll 2013-05-03 19:57 - 2013-05-03 19:57 - 00497782 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoojp.dll 2013-05-03 19:57 - 2013-05-03 19:57 - 00603326 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl-nss.dll 2013-05-03 19:57 - 2013-05-03 19:57 - 00474199 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl.dll 2016-06-13 18:20 - 2015-09-25 00:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll 2016-08-25 21:15 - 2016-08-24 17:49 - 01950392 _____ () C:\Users\Finn\AppData\Local\Discord\app-0.0.296\ffmpeg.dll 2016-08-25 21:15 - 2016-08-25 21:15 - 01050296 _____ () \\?\C:\Users\Finn\AppData\Roaming\discord\0.0.296\modules\discord_voice\discord_voice.node 2016-08-25 21:15 - 2016-08-25 21:15 - 03793080 _____ () \\?\C:\Users\Finn\AppData\Roaming\discord\0.0.296\modules\discord_voice\libdiscord.dll 2016-08-25 21:15 - 2016-08-25 21:15 - 00894136 _____ () \\?\C:\Users\Finn\AppData\Roaming\discord\0.0.296\modules\discord_utils\discord_utils.node 2016-08-25 21:15 - 2016-08-24 17:49 - 02230456 _____ () C:\Users\Finn\AppData\Local\Discord\app-0.0.296\libglesv2.dll 2016-08-25 21:15 - 2016-08-24 17:49 - 00088760 _____ () C:\Users\Finn\AppData\Local\Discord\app-0.0.296\libegl.dll 2016-10-04 03:16 - 2016-10-04 03:16 - 00170496 _____ () \\?\C:\Users\Finn\AppData\Local\Temp\BFA6.tmp.node 2016-09-02 17:43 - 2016-09-09 20:31 - 02022072 _____ () \\?\C:\Users\Finn\AppData\Roaming\discord\0.0.296\modules\discord_contact_import\discord_contact_import.node 2016-09-07 19:42 - 2016-09-07 19:42 - 00540336 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7963\ortp.dll 2016-09-07 19:40 - 2016-09-07 19:42 - 37247976 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7963\libcef.dll 2016-09-07 19:39 - 2016-09-07 19:39 - 00194024 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7963\BZRECORD.dll 2016-09-07 19:39 - 2016-09-07 19:39 - 06402560 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7963\battle.net.dll 2016-09-07 19:42 - 2016-09-07 19:42 - 00133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7963\libEGL.dll 2016-09-07 19:42 - 2016-09-07 19:42 - 03384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7963\libGLESv2.dll 2016-09-07 19:42 - 2016-09-07 19:42 - 03384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7963\libglesv2.dll 2016-09-07 19:42 - 2016-09-07 19:42 - 00133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7963\libegl.dll 2016-09-07 19:40 - 2016-09-07 19:40 - 00990696 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7963\ffmpegsumo.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com There are 7914 more sites. IE restricted site: HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\123simsen.com -> www.123simsen.com There are 7914 more sites. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2016-09-26 22:17 - 00453416 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com 127.0.0.1 union.baidu2019.com127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info There are 15558 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{BB0B4B58-A437-4A00-9A14-1761DAF45141}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{E46DFE2F-BC80-4921-8E3D-23BEF4FD661F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{ED71228B-D213-4C8B-84EA-53425FACF084}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{E518473E-ACBC-44D2-885A-260E11DC0646}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{973D6FF2-BE65-41B8-ABC3-A799CF34CBD3}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe FirewallRules: [{BF5A29B8-43F2-4CC5-9ECE-1D0A11034B79}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe FirewallRules: [TCP Query User{F19C8024-94BD-4AC8-9C02-D2C0D26E64A0}C:\users\finn\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\finn\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{37642873-B5FA-4402-B50B-261961522743}C:\users\finn\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\finn\appdata\roaming\spotify\spotify.exe FirewallRules: [{33C5AAB0-365E-41DD-A1DE-8AD6FD72CBD7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{3F6D2018-9E25-4BEA-B4E1-F6D94D9CC3EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{0F2EF65B-A484-42F8-9BB2-F4CFD0D14C70}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{1BEB1884-C20E-45C4-90D5-7AF7C759489B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{48D770B9-7199-47D1-85C2-F79930D494FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe FirewallRules: [{6CF726AC-C59A-42ED-AC77-ACB159F4141C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe FirewallRules: [{EDF7C486-7682-4CD1-B4D7-D8382C0136BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{827E685F-3855-4955-ABB1-2BC4766ECFEA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{16A28016-5CA2-4732-9189-A2C790438C97}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{75FF6FDD-A2BE-4006-982A-F6217EA517EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{BFA54FC5-DBE5-456F-99E0-4894F13FF892}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe FirewallRules: [{A1E0A0A9-B69D-4791-B0F7-DF204FC246A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe FirewallRules: [{28356709-4E33-4D26-A0CE-618EC6E9869D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe FirewallRules: [{0ED2F2DC-54A9-4877-AF36-51B33E1BC16E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe FirewallRules: [{31EEBA25-0D26-472A-86D9-69066C4C2E3F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duck Game\DuckGame.exe FirewallRules: [{56F39A75-A496-42B1-88F7-E35C3A79B7F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duck Game\DuckGame.exe FirewallRules: [TCP Query User{AD63B9A6-39B0-4975-9507-209E2BBDB2DD}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe FirewallRules: [UDP Query User{82FB25DB-4389-414F-9137-40B5E8A77851}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe FirewallRules: [{327A7A23-0FF4-4958-BD13-8979D86DE7A9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{65E9BD5B-4A01-41E5-9B0C-6CA88BDEBF1C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe FirewallRules: [{8E91DFC6-11D5-41E1-B549-9D94D6792784}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe FirewallRules: [TCP Query User{E3D6F627-86AE-4FCA-8DD1-CED91DAFDC54}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe FirewallRules: [UDP Query User{3453BB04-4DC7-4FBF-A9C6-75179530EA9C}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe FirewallRules: [{FCC94C90-B928-4FD8-94F9-3C69E6CBD40E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{14FF2B35-5609-4393-B0F2-0C026A467FD5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{629F5406-EB1B-48E1-9700-D0552D40B7FE}] => (Allow) E:\SteamLibrary\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe FirewallRules: [{F6FEEE43-6F4B-4CF5-AC70-069F4772BB55}] => (Allow) E:\SteamLibrary\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe FirewallRules: [TCP Query User{09D47A86-BE77-4A1D-ABFE-E645B4E96DD7}E:\steamlibrary\steamapps\common\arma 3\arma3.exe] => (Allow) E:\steamlibrary\steamapps\common\arma 3\arma3.exe FirewallRules: [UDP Query User{5BBD918C-7FA4-4EC0-8DEB-222324F01095}E:\steamlibrary\steamapps\common\arma 3\arma3.exe] => (Allow) E:\steamlibrary\steamapps\common\arma 3\arma3.exe FirewallRules: [{1C67FB0D-9B8C-4584-A591-975236B64FE4}] => (Allow) E:\SteamLibrary\steamapps\common\Ratz Instagib\RatzInstagib.exe FirewallRules: [{8CA9E2D3-91ED-4464-A36C-8EA7A4E9C395}] => (Allow) E:\SteamLibrary\steamapps\common\Ratz Instagib\RatzInstagib.exe FirewallRules: [{62026810-4791-4E8B-A41B-2D2D646BB132}] => (Allow) E:\SteamLibrary\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe FirewallRules: [{1E3A4499-7259-4646-8637-5E3DEF8E8D6A}] => (Allow) E:\SteamLibrary\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe FirewallRules: [TCP Query User{B3986EF4-9B07-4EB6-BD5D-B1F60729E041}C:\program files (x86)\overwatch test\overwatch.exe] => (Allow) C:\program files (x86)\overwatch test\overwatch.exe FirewallRules: [UDP Query User{B26F6D37-C7D4-4C22-840A-61C44C8EC864}C:\program files (x86)\overwatch test\overwatch.exe] => (Allow) C:\program files (x86)\overwatch test\overwatch.exe FirewallRules: [{94DC9776-CCB0-4B32-B8FE-F25B54E9CAC4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magicka\Magicka.exe FirewallRules: [{B2928684-AC05-412F-B84B-5919E308EDF2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magicka\Magicka.exe FirewallRules: [{018A46B7-DD06-46FA-A1CD-45D010B746DA}] => (Allow) D:\SteamLibrary\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe FirewallRules: [{44E8AA7A-AFB6-4400-995B-2B3E71870F09}] => (Allow) D:\SteamLibrary\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe FirewallRules: [{3426F2B8-5CB2-4DFF-B1B5-D3A3CBD451A0}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{B9FC23A8-1866-4BE1-A0C3-8C5FE4D2128D}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{CC5D50D3-D241-40B9-B33F-EF0A4429D002}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{7D2B44FE-DCA3-4BDC-9BA7-42CBDA282220}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{A5C6BFB8-6E0F-475C-9B40-953B380F6EED}] => (Allow) D:\Uplay@D\Tom Clancy's Rainbow Six Siege\RainbowSix.exe FirewallRules: [{1AF2F6DC-2CE8-4BCA-AA1E-17203B85F186}] => (Allow) D:\Uplay@D\Tom Clancy's Rainbow Six Siege\RainbowSix.exe FirewallRules: [{F8986523-A9D8-4DB9-A698-0DA26F923B0E}] => (Allow) D:\Uplay@D\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe FirewallRules: [{154347E5-9CCA-4461-BB6B-C009A33F41B3}] => (Allow) D:\Uplay@D\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe FirewallRules: [{21D58F8C-ACD6-465B-91C2-CD1B6DC60372}] => (Allow) D:\SteamLibrary\steamapps\common\PAYDAY 2\payday2_win32_release.exe FirewallRules: [{11A66270-D0F5-4D36-ACAA-777706316099}] => (Allow) D:\SteamLibrary\steamapps\common\PAYDAY 2\payday2_win32_release.exe FirewallRules: [TCP Query User{B6D594A5-39DD-424A-A36C-82B8B22132C9}C:\program files\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_101\bin\javaw.exe FirewallRules: [UDP Query User{55444B15-105D-4347-9C03-95B2B8841C23}C:\program files\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_101\bin\javaw.exe FirewallRules: [TCP Query User{D25103CA-082D-4CBA-8AE6-B038FC9EB4FF}C:\program files\java\jre1.8.0_101\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_101\bin\java.exe FirewallRules: [UDP Query User{EA388F72-FABE-4DF3-A82C-C9B02F1BEE00}C:\program files\java\jre1.8.0_101\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_101\bin\java.exe FirewallRules: [TCP Query User{9C0971EE-F74E-4D59-B59B-6D60839D3D67}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{8F6A156E-3CF9-40A2-B26F-FEED8C882871}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [{7BB003DE-6398-4AAD-B096-3CC3E315FA47}] => (Allow) D:\SteamLibrary\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe FirewallRules: [{2D4C67E8-FD86-48DB-9FBB-F741EC541C50}] => (Allow) D:\SteamLibrary\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe FirewallRules: [{5BDB29B7-4F35-4343-96C8-8C31D42F7238}] => (Allow) E:\SteamLibrary\steamapps\common\GarrysMod\hl2.exe FirewallRules: [{C3FB2897-027C-4C55-A6B6-28499A323325}] => (Allow) E:\SteamLibrary\steamapps\common\GarrysMod\hl2.exe FirewallRules: [{0D7FA4AA-85EE-486C-B4E7-6EA999FD495F}] => (Allow) D:\SteamLibrary\steamapps\common\Call of Duty 4\iw3sp.exe FirewallRules: [{849281B6-41B0-4B53-8B31-C4A1675BAE52}] => (Allow) D:\SteamLibrary\steamapps\common\Call of Duty 4\iw3sp.exe FirewallRules: [{85C4B1D4-8FA0-4906-8A17-F5E8B1765343}] => (Allow) D:\SteamLibrary\steamapps\common\Call of Duty 4\iw3mp.exe FirewallRules: [{A6B3928C-DB08-4B82-BEB1-723C43E68AE9}] => (Allow) D:\SteamLibrary\steamapps\common\Call of Duty 4\iw3mp.exe FirewallRules: [{46A03BE0-0811-4A51-A57D-BC777E9BB164}] => (Allow) D:\SteamLibrary\steamapps\common\CastleCrashers\castle.exe FirewallRules: [{AB28FB7C-D91E-4AA2-8312-31F390FA15E6}] => (Allow) D:\SteamLibrary\steamapps\common\CastleCrashers\castle.exe FirewallRules: [TCP Query User{17430ACF-513B-4DC0-BA96-48D1C54F4895}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe FirewallRules: [UDP Query User{2D2D909D-C2DD-47AF-982B-2FB22BC0782E}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe FirewallRules: [{BC93DF40-96F7-4CFD-9CDA-85CCDD384748}] => (Allow) D:\SteamLibrary\steamapps\common\Portal 2\portal2.exe FirewallRules: [{1B92DDA1-7056-4252-93B7-73DAF978FD8F}] => (Allow) D:\SteamLibrary\steamapps\common\Portal 2\portal2.exe FirewallRules: [{900FA3AA-D480-4625-9736-DD5665720A8F}] => (Allow) D:\SteamLibrary\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe FirewallRules: [{4AC39721-A03E-47BE-845B-9DF061D85ABC}] => (Allow) D:\SteamLibrary\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe FirewallRules: [{A9A68FD6-58E0-4D52-ACD6-074FCD137FEC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6mp.exe FirewallRules: [{3058BBBD-DF12-431B-A5EE-377DAAEEFF5B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6mp.exe FirewallRules: [{E55D19A0-6280-4B41-ABB3-41281AE42A8F}] => (Allow) D:\SteamLibrary\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe FirewallRules: [{8660765A-6275-48F6-AB64-043D4858A73B}] => (Allow) D:\SteamLibrary\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe FirewallRules: [{2CCC4F01-C238-4017-90EE-E7E87A7B6D45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe FirewallRules: [{90F16D32-8125-4E32-B2AD-1F0A38172C53}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe FirewallRules: [{5411E273-49A7-4ABD-93EB-1C134511BC55}] => (Allow) D:\SteamLibrary\steamapps\common\Team Fortress 2\hl2.exe FirewallRules: [{B3CA8443-7A61-44F9-B43D-4AC76C037004}] => (Allow) D:\SteamLibrary\steamapps\common\Team Fortress 2\hl2.exe FirewallRules: [{7AD5DBE4-9ABE-418E-AB5A-FC2B2D9979CB}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Source\hl2.exe FirewallRules: [{BA307C14-F732-4D7A-A86B-46A32FB336B7}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Source\hl2.exe FirewallRules: [{6D2B5CA4-A85E-44DD-BEC3-BB45D5BD937A}] => (Allow) D:\SteamLibrary\steamapps\common\Super Meat Boy\SuperMeatBoy.exe FirewallRules: [{3F2FB5C1-F746-4DC3-9655-1808103707C1}] => (Allow) D:\SteamLibrary\steamapps\common\Super Meat Boy\SuperMeatBoy.exe FirewallRules: [TCP Query User{954AD68B-3FE9-4D11-8693-A0E64A3C1250}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe FirewallRules: [UDP Query User{EEAC11E7-F419-4CC5-ABD7-5578F9557CFE}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe FirewallRules: [{A11F961C-1F26-4C6F-A590-6C957A784AF0}] => (Block) C:\program files (x86)\deluge\deluge.exe FirewallRules: [{0524F8D8-B9B3-4D51-924F-1E04746E5812}] => (Block) C:\program files (x86)\deluge\deluge.exe FirewallRules: [{8A594F0F-E9BF-4FF3-92C8-D9C61098707C}] => (Allow) C:\Windows\system32\rundll32.exe FirewallRules: [{08777247-014C-4CB5-91D8-E94D245B7668}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{3D407414-7565-4818-B7E5-512F94C005AF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{729CAEF4-AC45-48F9-8F86-9E509964DD08}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Besiege\Besiege.exe FirewallRules: [{A203D0BB-3967-45F0-8F78-6C22EFB799D8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Besiege\Besiege.exe FirewallRules: [{F226BBDC-BDA7-4EDB-928F-FF67E0B93293}] => (Allow) D:\SteamLibrary\steamapps\common\SMITE\Binaries\Win32\HirezBridge.exe FirewallRules: [{04AD33D4-F2EC-4E92-AE99-9258B1FE70A1}] => (Allow) D:\SteamLibrary\steamapps\common\SMITE\Binaries\Win32\HirezBridge.exe FirewallRules: [TCP Query User{4090A57B-140B-4BD6-8749-A6C0898ADFAA}D:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) D:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe FirewallRules: [UDP Query User{F21D0401-0F14-4322-B544-68DCBEB1DC6D}D:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) D:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe FirewallRules: [{FCF634DA-9335-4375-B025-58811705C438}] => (Allow) D:\SteamLibrary\steamapps\common\Left 4 Dead 2\left4dead2.exe FirewallRules: [{CBB425F3-130E-4E6F-91E7-65A29BED7F66}] => (Allow) D:\SteamLibrary\steamapps\common\Left 4 Dead 2\left4dead2.exe StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============= Name: Microsoft PS/2 Mouse Description: Microsoft PS/2 Mouse Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Standard PS/2 Keyboard Description: Standard PS/2 Keyboard Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard keyboards) Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (10/04/2016 03:02:33 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/04/2016 12:40:24 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005). Error: (10/03/2016 05:56:19 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005). Error: (10/02/2016 10:43:48 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005). Error: (10/01/2016 11:58:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: PowerLine Utility.exe, version: 2.0.1431.5, time stamp: 0x529be6e4 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x2570 Faulting application start time: 0x01d21c3752996492 Faulting application path: C:\Program Files (x86)\TP-LINK\PowerLine Utility\PowerLine Utility.exe Faulting module path: unknown Report Id: 9ca571cd-882a-11e6-85e1-d8cb8a50fc69 Error: (10/01/2016 05:06:31 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: PowerLine Utility.exe, version: 2.0.1431.5, time stamp: 0x529be6e4 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x2054 Faulting application start time: 0x01d21bfdc34bb0ea Faulting application path: C:\Program Files (x86)\TP-LINK\PowerLine Utility\PowerLine Utility.exe Faulting module path: unknown Report Id: 03b94a86-87f1-11e6-85e1-d8cb8a50fc69 Error: (10/01/2016 03:19:39 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005). Error: (09/30/2016 08:34:18 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005). Error: (09/30/2016 01:25:47 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005). Error: (09/29/2016 09:51:08 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program SteamLauncherUI.exe version 5.0.5.9 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: e24 Start Time: 01d21a9184bb2b97 Termination Time: 4 Application Path: C:\Program Files (x86)\Hi-Rez Studios\SteamLauncherUI.exe Report Id: 645a1d28-8686-11e6-85e1-d8cb8a50fc69 System errors: ============= Error: (10/04/2016 03:02:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Origin Web Helper Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (10/04/2016 03:02:28 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect. Error: (10/03/2016 03:10:16 PM) (Source: volsnap) (EventID: 36) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error: (09/30/2016 10:40:48 PM) (Source: volsnap) (EventID: 36) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error: (09/26/2016 06:24:00 PM) (Source: volsnap) (EventID: 36) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error: (09/26/2016 05:33:45 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (09/26/2016 05:33:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Origin Web Helper Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (09/26/2016 05:33:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect. Error: (09/26/2016 05:33:18 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error The operation completed successfully. . Error: (09/25/2016 11:45:05 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom ==================== Memory info =========================== Processor: AMD FX(tm)-4300 Quad-Core Processor Percentage of memory in use: 40% Total physical RAM: 8140.03 MB Available physical RAM: 4875.29 MB Total Virtual: 16278.24 MB Available Virtual: 11605.79 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:111.69 GB) (Free:1.4 GB) NTFS Drive d: (Drive2) (Fixed) (Total:232.83 GB) (Free:39.73 GB) NTFS Drive e: (New Volume) (Fixed) (Total:223.57 GB) (Free:9.7 GB) NTFS Drive f: (NFSUG2_DISK2) (CDROM) (Total:0.66 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 90909090) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.8 GB) (Disk ID: 8937096C) Partition 1: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 3BA65977) Partition 1: (Not Active) - (Size=223.6 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
- October 4, 2016
- 4 replies
CMD window randomly pops up, not sure if malware or something else.

0Lambda0 posted a topic in Resolved Malware Removal Logs

Recently I downloaded something that contained malware but I (seemingly) removed it with Malwarebytes. but occaisonally a CMD window will pop up and then disappear, not long enough to read what it's doing anyway. Very irritating. All scans say my PC is clean, have tried multiple different malware/anti-virus scans. Yet this issue still persists. This seems like a symptom of some sort of malware or something along those lines but I'm really not sure. I'm just not sure how I should diagnose the issue, since all scans yield nothing. I'm running windows 7.
- October 4, 2016
- 4 replies

Sign In

0Lambda0

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by 0Lambda0

CMD window randomly pops up, not sure if malware or something else.

CMD window randomly pops up, not sure if malware or something else.

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information