Jump to content

Proxy server Error Getting worse


Recommended Posts

Hey everyone long time Malwarebytes owner here been subbed since the "M" was Red :P

 

Anyhow I am having a very annoying issue with a 100% proxy virus of some sort

It started off slow attacking my Internet Explorer and has now spread to my Opera and Chrome.

I can't launch any page without getting a proxy error of some sort on those browsers.

after much research i was able to find entries in the registy that I cannot keep deleted

even after deleting them in safe mode no networking! they auto apply themselves on boot

and this virus seems to be spreading and infecting new browsers that worked yesterday while IE11 did not.

 

ill provide some useful images of things real quick!

Chrome Proxy settings locked by admin!

 

2229bda420.png

 

Here is a registry key that remakes itself

 

03f151b57f.png

It started off yesterday with Just Internet explorer being the issue!

I posted on reddit and bleeping computer and was unable to recieve complete help to resolve it!

on my reddit post here were the things I stated I tried as a for your information thing!

 

  • System Restore
  • Factory Reset Modem
  • Reset Internet Explorer
  • Uninstalled Internet Explorer 11 and downgraded to IE9, then reinstalled IE11
  • Ran Malwarebytes to check for infection,
    no malware found
  • Cleaned my registry
  • Unchecked 'Proxy' under lan settings
  • Released my IP, Renewed my IP, and Flushed my DNS
  • Properly uninstalled any VPN on my system that I was using for Black Desert (with a reboot, respectively).
  • Many Reboots!
    :(

and here is a link to my bleeping computer assistance with all the logs available!

http://www.bleepingcomputer.com/forums/t/578261/ie-11-proxy-error-1270018080/?p=3724755

 

They told me to make a new thread and I did but I can't wait much longer ill be forced to redo windows all together soon

I understand how accepting help from multiple sources at one time would be detramental to helping the situation so if I recieve help here i'll ask

for my other thread to be closed!

 

If you need anything else from me i'll gladly do whatever it takes to resolve this without pulling out the windows disk!

Thank you very much for looking at this and I hope to hear soon :)

Link to post
Share on other sites

  • Staff

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll try to help your with your issue.
 
     
    
Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 



 
Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Link to post
Share on other sites

Sorry I feel dumb for not reading the to do before posting again sorry!

thanks for the quick response you are so awesome here are the files you requested!

 

Also giving me an error trying to upload as an attatchment sorry!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015
Ran by City wok (administrator) on CITYWOK-PC on 04-06-2015 12:34:20
Running from C:\Users\City wok\Desktop
Loaded Profiles: City wok (Available Profiles: City wok)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files (x86)\puush\puush.exe
(Akamai Technologies, Inc.) C:\Users\City wok\AppData\Local\Akamai\netsession_win.exe
(Spotify Ltd) C:\Users\City wok\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Akamai Technologies, Inc.) C:\Users\City wok\AppData\Local\Akamai\netsession_win.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Tablet Driver) C:\Windows\System32\drivers\WTSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\City wok\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7506136 2013-12-06] (Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-27] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2013-08-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [updReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-25] (Intel Corporation)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-03-12] (Razer Inc.)
HKU\S-1-5-21-3329031094-3307353646-2518575607-1000\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [568904 2015-03-29] ()
HKU\S-1-5-21-3329031094-3307353646-2518575607-1000\...\Run: [Akamai NetSession Interface] => C:\Users\City wok\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3329031094-3307353646-2518575607-1000\...\Run: [spotify Web Helper] => C:\Users\City wok\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2021944 2015-05-30] (Spotify Ltd)
HKU\S-1-5-21-3329031094-3307353646-2518575607-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4471536 2015-05-20] (Disc Soft Ltd)
HKU\S-1-5-21-3329031094-3307353646-2518575607-1000\...\MountPoints2: {592c3f3e-f2f3-11e4-a428-00acf0947de5} - G:\Install.exe
HKU\S-1-5-21-3329031094-3307353646-2518575607-1000\...\MountPoints2: {592c3f46-f2f3-11e4-a428-00acf0947de5} - H:\NoAutorun.exe
HKU\S-1-5-21-3329031094-3307353646-2518575607-1000\...\MountPoints2: {d15a5173-0a65-11e5-9b1f-448a5b64d402} - G:\NoAutorun.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [HKLM-x32] => file://C:\Windows\system32\Drivers\winpacket.pac
AutoConfigURL: [s-1-5-19] => file://C:\Windows\system32\Drivers\winpacket.pac
AutoConfigURL: [s-1-5-20] => file://C:\Windows\system32\Drivers\winpacket.pac
HKU\S-1-5-21-3329031094-3307353646-2518575607-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3329031094-3307353646-2518575607-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-07] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-07] (Oracle Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-08-26] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-08-26] (Oracle Corporation)
DPF: HKLM-x32 {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} http://dist.cdnetworks.co.jp/cdndist/neffy/NeffyLauncher_v1013.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Handler: WSWSVCUchrome - No CLSID Value
Hosts: 127.0.0.1    localhost
Tcpip\Parameters: [DhcpNameServer] 74.211.15.210 74.211.15.211
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\City wok\AppData\Roaming\Mozilla\Firefox\Profiles\90mh6u3r.default-1400386673590
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://google.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-07] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-08-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\City wok\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-03-10] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: pmang.jp/pmangdiagnostic-1 -> C:\GameOn\Common files\nppmangdiagnostic.dll [2015-03-24] (gameon)
FF Plugin-x32: pmang.jp/pmangsupport-1 -> C:\GameOn\Common files\nppmangsupport.dll [2015-03-24] (gameon)
FF Extension: Firefox Security Update - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\jid1-aMet0JAAbFecLw@jetpack.xpi [2015-03-12]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
FF Extension: No Name - C:\Users\City wok\AppData\Roaming\Mozilla\Firefox\Profiles\90mh6u3r.default-1400386673590\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [not found]
FF Extension: No Name - C:\Users\City wok\AppData\Roaming\Mozilla\Firefox\Profiles\90mh6u3r.default-1400386673590\extensions\pageinfobutton@wirble.de.xpi [not found]

Chrome:
=======
CHR Profile: C:\Users\City wok\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\City wok\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-04]
CHR Extension: (Google Drive) - C:\Users\City wok\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-04]
CHR Extension: (YouTube) - C:\Users\City wok\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-04]
CHR Extension: (Google Search) - C:\Users\City wok\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-04]
CHR Extension: (Gmail) - C:\Users\City wok\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-04]
CHR HKU\S-1-5-21-3329031094-3307353646-2518575607-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [akhdblbjebmbllhinponghfmaekhlhob] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3329031094-3307353646-2518575607-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bghejdcdajlenjngcknlkkoakmmjfanb] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3329031094-3307353646-2518575607-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cckdoammdligdedbakcgnmegjljgipjb] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3329031094-3307353646-2518575607-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [clmghkfhfkcfhpccgbafbailibgogkbi] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3329031094-3307353646-2518575607-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [eajjckckolcbgmmenaiiigegbadpeghb] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3329031094-3307353646-2518575607-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [eoepodkgpakekgncgnfnijcippobokhp] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3329031094-3307353646-2518575607-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [iadddcofhgaeeniecnhpopipbhijnphj] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3329031094-3307353646-2518575607-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [iedokolghlgkcnafplkbjeokfamliokd] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3329031094-3307353646-2518575607-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jddmfogomafbmjkfcpfpnjfgecnjffng] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3329031094-3307353646-2518575607-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kpmccjcnkhkgcipodalpmbpighkgiaif] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3329031094-3307353646-2518575607-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lopcjmbilgeapfldddijpgpahphngjdk] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3329031094-3307353646-2518575607-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mhgliccaogcekoldfmachhehepjdfobj] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3329031094-3307353646-2518575607-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nfkbfmjkmioenefhjdonleflegoephgm] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3329031094-3307353646-2518575607-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pedogdjgmjlabbbdhokgdafpglnjinhc] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [akhdblbjebmbllhinponghfmaekhlhob] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bghejdcdajlenjngcknlkkoakmmjfanb] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cckdoammdligdedbakcgnmegjljgipjb] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [clmghkfhfkcfhpccgbafbailibgogkbi] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eajjckckolcbgmmenaiiigegbadpeghb] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eoepodkgpakekgncgnfnijcippobokhp] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iadddcofhgaeeniecnhpopipbhijnphj] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iedokolghlgkcnafplkbjeokfamliokd] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jddmfogomafbmjkfcpfpnjfgecnjffng] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kpmccjcnkhkgcipodalpmbpighkgiaif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
CHR HKLM-x32\...\Chrome\Extension: [lopcjmbilgeapfldddijpgpahphngjdk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mhgliccaogcekoldfmachhehepjdfobj] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nfkbfmjkmioenefhjdonleflegoephgm] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pedogdjgmjlabbbdhokgdafpglnjinhc] - https://clients2.google.com/service/update2/crx

Opera:
=======
OPR Extension: (iWebar) - C:\Users\City wok\AppData\Roaming\Opera Software\Opera Stable\Extensions\hdhmofnopkgkpgnpggloijpbnaonhplc [2015-05-31]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272560 2015-05-20] (Disc Soft Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-27] (NVIDIA Corporation)
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2015-03-12] (Hi-Rez Studios) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3650024 2015-04-09] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-27] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-27] (NVIDIA Corporation)
S4 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [999152 2015-05-04] (Overwolf LTD)
S4 PingzapperSvc; C:\Program Files (x86)\Pingzapper\PZService.exe [679424 2012-06-11] () [File not signed]
S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-04] ()
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WNDA6200; C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe [18944 2014-03-14] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 A6200; C:\Windows\System32\DRIVERS\bcmwlhigh664.sys [2567984 2013-02-28] (Broadcom Corporation)
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [67888 2013-02-13] (Qualcomm Atheros, Inc.)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-06-03] (Emsisoft GmbH)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-05-31] (Disc Soft Ltd)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-06-03] ()
S3 hxsyol; C:\Windows\system32\hxsy64.sys [86352 2015-03-07] ()
R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [154320 2013-03-20] (Qualcomm Atheros, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 Neo_BD; C:\Windows\System32\DRIVERS\Neo_0032.sys [28640 2015-05-14] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0068.sys [28640 2015-05-14] (SoftEther VPN Project at University of Tsukuba, Japan.)
R1 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-26] (CACE Technologies, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-27] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-10] (Razer, Inc.)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-10] (Razer, Inc.)
R3 rzmpos; C:\Windows\System32\DRIVERS\rzmpos.sys [35496 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-04] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2015-02-04] (Razer, Inc.)
S3 SEE; C:\Windows\System32\drivers\see.sys [38240 2015-05-14] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 tap0901cn; C:\Windows\System32\DRIVERS\tap0901cn.sys [39616 2014-12-29] (Connectify)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-06-03] ()
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
R4 eamonm; system32\DRIVERS\eamonm.sys [X]
R4 ehdrv; system32\DRIVERS\ehdrv.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-04 12:34 - 2015-06-04 12:34 - 00025535 _____ C:\Users\City wok\Desktop\FRST.txt
2015-06-04 12:33 - 2015-06-04 12:33 - 02108928 _____ (Farbar) C:\Users\City wok\Desktop\FRST64.exe
2015-06-04 12:33 - 2015-06-04 12:33 - 01147392 _____ (Farbar) C:\Users\City wok\Downloads\FRST.exe
2015-06-04 10:58 - 2015-06-04 11:34 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-04 10:56 - 2015-06-04 11:34 - 00000000 ____D C:\Users\City wok\Desktop\mbar
2015-06-04 10:40 - 2015-06-04 10:40 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-04 10:40 - 2015-06-04 10:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-04 10:39 - 2015-06-04 11:44 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-04 10:39 - 2015-06-04 10:44 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-04 10:39 - 2015-06-04 10:39 - 00003898 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-06-04 10:39 - 2015-06-04 10:39 - 00003646 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-06-04 00:31 - 2015-06-04 00:39 - 00001129 _____ C:\Windows\IE9_main.log
2015-06-03 23:48 - 2015-06-03 23:48 - 00000000 ____D C:\Users\City wok\AppData\Local\ESET
2015-06-03 23:02 - 2015-06-03 23:16 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-06-03 23:02 - 2015-06-03 23:03 - 00000000 ____D C:\ProgramData\RogueKiller
2015-06-03 23:01 - 2015-06-03 23:01 - 17637624 _____ C:\Users\City wok\Desktop\RogueKiller.exe
2015-06-03 22:07 - 2015-06-03 22:07 - 00000598 _____ C:\Windows\PFRO.log
2015-06-03 21:38 - 2015-06-03 21:38 - 00001063 _____ C:\Users\City wok\Desktop\Notepad++.lnk
2015-06-03 21:38 - 2015-06-03 21:38 - 00000000 ____D C:\Users\City wok\AppData\Roaming\Notepad++
2015-06-03 21:38 - 2015-06-03 21:38 - 00000000 ____D C:\Users\City wok\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-06-03 21:38 - 2015-06-03 21:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-06-03 21:38 - 2015-06-03 21:38 - 00000000 ____D C:\Program Files (x86)\Notepad++
2015-06-03 21:27 - 2015-06-03 21:27 - 00000000 ____D C:\Users\City wok\Desktop\New folder (2)
2015-06-03 21:24 - 2015-06-03 21:24 - 00001773 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2015-06-03 21:24 - 2015-06-03 21:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2015-06-03 21:24 - 2015-06-03 21:24 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2015-06-03 19:15 - 2015-06-03 19:15 - 00188758 _____ C:\Users\City wok\Desktop\gbf.txt
2015-06-03 18:00 - 2015-06-03 23:15 - 00002520 _____ C:\Windows\setupact.log
2015-06-03 18:00 - 2015-06-03 18:00 - 00000000 _____ C:\Windows\setuperr.log
2015-06-03 17:47 - 2015-06-03 17:58 - 00000000 _____ C:\Windows\SysWOW64\w32apiw.dll
2015-06-03 17:47 - 2015-06-03 17:47 - 00001149 _____ C:\Users\City wok\Desktop\nCleaner.lnk
2015-06-03 17:47 - 2015-06-03 17:47 - 00000000 ____D C:\Users\City wok\AppData\Roaming\nCleaner
2015-06-03 17:47 - 2015-06-03 17:47 - 00000000 ____D C:\Users\City wok\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\nCleaner
2015-06-03 17:47 - 2015-06-03 17:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\nCleaner
2015-06-03 17:47 - 2015-06-03 17:47 - 00000000 ____D C:\Program Files (x86)\NKProds
2015-06-03 16:13 - 2015-06-03 16:13 - 00003168 _____ C:\Windows\System32\Tasks\Private Internet Access Startup
2015-06-03 16:13 - 2015-06-03 16:13 - 00000000 ____D C:\Users\City wok\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access
2015-06-03 16:00 - 2015-06-03 16:00 - 00000000 ____D C:\Windows\ERDNT
2015-06-03 14:20 - 2015-06-04 12:34 - 00000000 ____D C:\FRST
2015-06-03 13:32 - 2015-06-03 13:32 - 00000000 ____D C:\Program Files (x86)\ESET
2015-06-03 11:54 - 2015-06-03 11:54 - 00000743 _____ C:\Users\City wok\Desktop\Start Emsisoft Emergency Kit.lnk
2015-06-03 11:54 - 2015-06-03 11:54 - 00000000 ____D C:\EEK
2015-06-03 03:36 - 2015-06-03 03:36 - 00019346 _____ C:\Windows\system32\.crusader
2015-06-03 03:34 - 2015-06-03 03:37 - 00043664 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2015-06-03 03:34 - 2015-06-03 03:34 - 00001897 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-06-03 03:34 - 2015-06-03 03:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-06-03 03:34 - 2015-06-03 03:34 - 00000000 ____D C:\Program Files\HitmanPro
2015-06-03 03:33 - 2015-06-03 03:36 - 00000000 ____D C:\ProgramData\HitmanPro
2015-06-03 03:28 - 2015-06-03 03:28 - 00000207 _____ C:\Windows\tweaking.com-regbackup-CITYWOK-PC-Windows-7-Home-Premium-(64-bit).dat
2015-06-03 03:28 - 2015-06-03 03:28 - 00000000 ____D C:\RegBackup
2015-06-03 01:27 - 2015-06-03 11:47 - 00000000 ____D C:\AdwCleaner
2015-06-03 00:59 - 2015-06-03 00:59 - 00001604 _____ C:\Users\City wok\Desktop\Echo of Soul.lnk
2015-06-03 00:55 - 2015-06-03 00:55 - 00002028 _____ C:\Users\Public\Desktop\Aeria Ignite.lnk
2015-06-03 00:55 - 2015-06-03 00:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames
2015-06-03 00:55 - 2015-06-03 00:55 - 00000000 ____D C:\Program Files (x86)\Aeria Games
2015-06-03 00:38 - 2015-06-03 00:55 - 00000000 ____D C:\AeriaGames
2015-06-02 21:17 - 2015-06-02 21:17 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-06-02 20:27 - 2015-06-03 02:24 - 00000000 ___HD C:\Windows\msdownld.tmp
2015-06-02 19:35 - 2015-06-02 19:35 - 00002760 _____ C:\ProgramData\HirezPipeError.txt
2015-06-01 00:47 - 2015-06-01 00:46 - 04857932 _____ C:\Users\City wok\Documents\P99Files36 (2).zip
2015-05-31 17:56 - 2015-06-02 21:12 - 00000000 ____D C:\Users\City wok\AppData\Local\Disc_Soft_Ltd
2015-05-31 17:55 - 2015-06-02 21:12 - 00000000 ____D C:\Program Files (x86)\Sony
2015-05-31 17:46 - 2015-05-31 17:46 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2015-05-31 17:44 - 2015-06-01 01:55 - 00000258 __RSH C:\Users\City wok\ntuser.pol
2015-05-31 17:44 - 2015-05-31 17:44 - 00000258 __RSH C:\ProgramData\ntuser.pol
2015-05-31 17:44 - 2015-05-31 17:44 - 00000000 ____D C:\Windows\Lists
2015-05-31 17:44 - 2015-05-31 17:44 - 00000000 ____D C:\Program Files (x86)\66cdc8ce-1d36-42bf-a2a7-4125e69c04d1
2015-05-31 17:44 - 2015-05-31 17:44 - 00000000 ____D C:\Program Files (x86)\25f304f4-b036-4247-9aba-99149c2cd9c3
2015-05-31 17:44 - 2015-04-25 03:18 - 00295424 _____ (Groom-A-Zebu ) C:\Windows\system32\ysxja.exe
2015-05-31 17:44 - 2015-04-25 03:18 - 00295424 _____ (Groom-A-Zebu ) C:\Windows\cygavb.exe
2015-05-31 17:44 - 2015-04-25 03:18 - 00053248 _____ C:\Windows\zlib.dll
2015-05-31 17:44 - 2013-01-06 05:43 - 00000074 _____ C:\Windows\system32\Drivers\winpacket.pac
2015-05-31 17:44 - 2013-01-06 05:43 - 00000074 _____ C:\Windows\system32\Drivers\healusb.sys
2015-05-31 17:44 - 2013-01-06 05:43 - 00000074 _____ C:\Windows\system32\cygwin.sys
2015-05-31 17:44 - 2012-12-17 05:45 - 00018559 _____ C:\Windows\default.cfg
2015-05-31 17:44 - 2012-07-09 09:02 - 00279552 _____ (Eric Lawrence) C:\Windows\FiddlerCore4.dll
2015-05-31 17:43 - 2015-05-31 17:45 - 00000000 ____D C:\ProgramData\TEMP
2015-05-31 17:43 - 2015-05-31 17:43 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2015-05-31 17:43 - 2013-12-05 05:36 - 00003542 _____ C:\Windows\mstdcvtr.bat
2015-05-31 17:43 - 2013-06-05 06:38 - 00004122 _____ C:\Windows\plofgye
2015-05-31 17:43 - 2013-06-05 06:37 - 00004194 _____ C:\Windows\soxe
2015-05-31 17:43 - 2013-06-05 06:36 - 00000038 _____ C:\Windows\initcvtr.bat
2015-05-31 17:39 - 2015-05-31 17:39 - 00000000 ____D C:\Users\City wok\Desktop\EverQuest Titanium
2015-05-30 11:04 - 2015-05-30 11:04 - 00324639 _____ C:\Users\Apps\local-files-desktop.spa
2015-05-28 19:35 - 2015-05-28 19:35 - 00001134 _____ C:\Users\City wok\Desktop\TeamSpeak 3 Client.lnk
2015-05-22 20:36 - 2015-06-03 17:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-05-22 05:14 - 2015-05-30 11:04 - 00145701 _____ C:\Users\Apps\hub.spa
2015-05-16 13:14 - 2015-06-02 21:12 - 00000000 ____D C:\Users\City wok\AppData\Local\rekty.com
2015-05-16 13:13 - 2015-05-31 21:25 - 00000106 _____ C:\Users\City wok\Desktop\Get_Song_by_soeew.txt
2015-05-16 13:13 - 2015-05-16 13:17 - 00000000 ____D C:\Users\City wok\Desktop\New folder
2015-05-16 12:57 - 2015-05-16 12:57 - 00000000 ____D C:\Users\City wok\AppData\Local\SMD
2015-05-16 00:50 - 2015-05-16 00:50 - 00000102 _____ C:\ProgramData\Microsoft\Windows\Start Menu\검은사막.url
2015-05-16 00:50 - 2015-05-16 00:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum Games
2015-05-15 23:57 - 2015-06-03 16:13 - 00000000 ____D C:\Program Files\pia_manager
2015-05-15 23:57 - 2015-05-15 23:57 - 00031232 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2015-05-15 23:57 - 2015-05-15 23:57 - 00000000 ____D C:\Users\City wok\AppData\Roaming\Titanium
2015-05-15 23:57 - 2015-05-15 23:57 - 00000000 ____D C:\Users\City wok\AppData\Roaming\Apple Computer
2015-05-15 23:57 - 2015-05-15 23:57 - 00000000 ____D C:\Users\City wok\AppData\Local\Apple Computer
2015-05-15 21:57 - 2015-05-15 21:57 - 00000000 ____D C:\Users\City wok\AppData\Local\Golden_Frog,_GmbH
2015-05-15 21:57 - 2015-05-15 21:57 - 00000000 ____D C:\Users\City wok\AppData\Local\Golden Frog, GmbH
2015-05-15 21:57 - 2015-05-15 21:57 - 00000000 ____D C:\ProgramData\Golden Frog, GmbH
2015-05-14 18:52 - 2015-05-24 15:44 - 00000000 ____D C:\Program Files (x86)\VyprVPN
2015-05-14 17:29 - 2015-05-14 17:29 - 00003308 _____ C:\Windows\System32\Tasks\{BC903E37-771E-4A96-B9F3-B649DF77BC01}
2015-05-14 16:56 - 2015-05-19 01:18 - 00000000 ____D C:\Users\City wok\Documents\Black Desert
2015-05-14 16:53 - 2015-05-27 18:17 - 01705960 _____ (GameOn) C:\Windows\PmangDownloader.exe
2015-05-14 16:52 - 2015-05-14 16:52 - 00000000 ____D C:\GameOn
2015-05-14 15:53 - 2015-05-14 15:53 - 00002573 _____ C:\Users\Public\Desktop\Black Desert Patcher - Japan.lnk
2015-05-14 15:47 - 2015-05-14 15:47 - 00000215 _____ C:\Users\Public\Desktop\•‚¢»”™.url
2015-05-14 15:44 - 2015-05-14 15:44 - 00028640 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Windows\system32\Drivers\Neo_0068.sys
2015-05-14 15:14 - 2015-05-14 15:52 - 00000000 ____D C:\Users\City wok\Desktop\BD
2015-05-14 11:32 - 2015-05-14 11:32 - 00028640 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Windows\system32\Drivers\Neo_0028.sys
2015-05-14 11:24 - 2015-05-14 11:24 - 00038240 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Windows\system32\Drivers\see.sys
2015-05-14 11:14 - 2015-05-14 11:14 - 00028640 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Windows\system32\Drivers\Neo_0032.sys
2015-05-14 11:13 - 2015-05-24 15:45 - 00000000 ____D C:\Program Files\SoftEther VPN Client
2015-05-14 11:13 - 2015-05-14 11:13 - 00135736 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Windows\system32\vpncmd.exe
2015-05-13 15:03 - 2015-05-13 20:42 - 00000000 ____D C:\Users\City wok\AppData\Local\FF3_Win32
2015-05-13 15:03 - 2015-05-13 15:03 - 00000000 ____D C:\Users\City wok\Documents\Square Enix
2015-05-13 15:00 - 2015-06-03 23:44 - 00000000 ____D C:\Program Files (x86)\Final Fantasy III
2015-05-10 00:32 - 2015-05-10 00:32 - 00000000 ____D C:\Users\City wok\AppData\Local\BNSUpdater
2015-05-08 16:56 - 2015-05-14 15:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LokiReborn
2015-05-08 16:56 - 2015-05-14 15:53 - 00000000 ____D C:\Program Files (x86)\LokiReborn
2015-05-08 16:56 - 2015-05-08 16:56 - 00000000 ____D C:\Users\City wok\AppData\Local\Downloaded Installations

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-04 12:29 - 2014-04-26 20:08 - 00000000 ____D C:\Users\City wok\AppData\Roaming\Skype
2015-06-04 12:02 - 2014-04-27 12:30 - 00000000 ____D C:\Users\City wok\Documents\My Games
2015-06-04 11:39 - 2014-05-11 00:27 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-04 10:57 - 2014-04-26 20:16 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-04 10:48 - 2014-04-26 11:52 - 01708937 _____ C:\Windows\WindowsUpdate.log
2015-06-04 10:40 - 2014-04-26 12:13 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-04 09:54 - 2014-04-26 20:16 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-03 23:21 - 2009-07-13 23:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-03 23:15 - 2014-04-25 21:33 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-03 23:15 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-03 23:05 - 2009-07-13 21:20 - 00000000 __RHD C:\Users\Default
2015-06-03 21:45 - 2015-03-10 06:41 - 00000000 ____D C:\Users\City wok\Documents\Visual Studio 2013
2015-06-03 20:59 - 2009-07-13 22:45 - 00024288 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-03 20:59 - 2009-07-13 22:45 - 00024288 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-03 18:43 - 2015-03-01 23:32 - 00000000 ____D C:\Windows\pss
2015-06-03 18:42 - 2015-05-02 19:24 - 00000000 ____D C:\Users\City wok\AppData\Roaming\Spotify
2015-06-03 18:37 - 2015-05-02 19:24 - 00000000 ____D C:\Users\City wok\AppData\Local\Spotify
2015-06-03 17:58 - 2015-03-09 22:33 - 00000000 ____D C:\Windows\Minidump
2015-06-03 17:54 - 2015-05-03 00:18 - 00000000 ____D C:\Program Files (x86)\Neffy
2015-06-03 17:54 - 2015-01-20 20:07 - 00000000 ____D C:\Program Files (x86)\Smoothping Elite
2015-06-03 17:54 - 2014-05-05 04:47 - 00000000 ____D C:\Program Files (x86)\RaidCall
2015-06-03 17:54 - 2014-04-28 03:07 - 00000000 ____D C:\Program Files (x86)\TABLET
2015-06-03 17:54 - 2014-04-25 21:42 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-03 16:03 - 2014-04-26 11:52 - 00000000 ____D C:\Users\City wok\AppData\Local\VirtualStore
2015-06-03 10:41 - 2014-05-02 19:39 - 00000000 ____D C:\Users\City wok\AppData\Roaming\uTorrent
2015-06-03 03:13 - 2014-04-26 11:52 - 00000000 ____D C:\Users\City wok
2015-06-03 03:12 - 2015-03-07 15:47 - 00000000 ____D C:\Users\City wok\AppData\Local\Akamai
2015-06-03 03:12 - 2014-07-17 09:27 - 00000000 ____D C:\Users\City wok\AppData\Roaming\puush
2015-06-03 03:12 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\Offline Web Pages
2015-06-03 03:12 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
2015-06-03 03:12 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
2015-06-03 03:12 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-03 03:12 - 2009-07-13 21:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-06-03 01:15 - 2014-04-27 15:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-03 00:59 - 2015-03-07 16:51 - 00000000 ____D C:\Users\City wok\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
2015-06-02 21:17 - 2014-11-04 10:27 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-02 21:12 - 2014-10-01 06:13 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-06-02 21:12 - 2014-04-26 20:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-02 21:12 - 2014-04-26 20:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-02 21:12 - 2014-04-26 20:08 - 00000000 ____D C:\ProgramData\Skype
2015-06-02 21:12 - 2014-04-26 12:09 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-02 21:12 - 2014-04-26 01:11 - 00000000 ____D C:\Users\City wok\AppData\Roaming\OBS
2015-06-02 21:12 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\AppCompat
2015-06-02 21:07 - 2011-04-12 02:28 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-06-01 02:05 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\TAPI
2015-06-01 01:55 - 2014-05-20 19:55 - 00000000 ____D C:\Users\City wok\AppData\Roaming\TS3Client
2015-06-01 01:55 - 2009-07-13 22:45 - 00277880 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-01 01:51 - 2014-04-26 20:16 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-31 17:44 - 2015-03-30 07:26 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2015-05-31 17:44 - 2014-05-26 20:51 - 00000000 ____D C:\Program Files (x86)\Advanced Combat Tracker
2015-05-31 17:43 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\GroupPolicy
2015-05-30 11:04 - 2015-04-25 13:41 - 41287224 _____ C:\Users\libcef.dll
2015-05-30 11:04 - 2015-04-25 13:41 - 10457856 _____ C:\Users\icudtl.dat
2015-05-30 11:04 - 2015-04-25 13:41 - 07323192 _____ (Spotify Ltd) C:\Users\Spotify.exe
2015-05-30 11:04 - 2015-04-25 13:41 - 04253463 _____ C:\Users\devtools_resources.pak
2015-05-30 11:04 - 2015-04-25 13:41 - 03457592 _____ (Microsoft Corporation) C:\Users\d3dcompiler_47.dll
2015-05-30 11:04 - 2015-04-25 13:41 - 02314260 _____ C:\Users\Apps\musixmatch-lyrics.spa
2015-05-30 11:04 - 2015-04-25 13:41 - 02157552 _____ C:\Users\Apps\glue-resources.spa
2015-05-30 11:04 - 2015-04-25 13:41 - 02106424 _____ (Microsoft Corporation) C:\Users\d3dcompiler_43.dll
2015-05-30 11:04 - 2015-04-25 13:41 - 02021944 _____ (Spotify Ltd) C:\Users\SpotifyWebHelper.exe
2015-05-30 11:04 - 2015-04-25 13:41 - 02018406 _____ C:\Users\cef.pak
2015-05-30 11:04 - 2015-04-25 13:41 - 01488440 _____ C:\Users\libGLESv2.dll
2015-05-30 11:04 - 2015-04-25 13:41 - 00968248 _____ (The Chromium Authors) C:\Users\ffmpegsumo.dll
2015-05-30 11:04 - 2015-04-25 13:41 - 00828468 _____ C:\Users\Apps\zlink.spa
2015-05-30 11:04 - 2015-04-25 13:41 - 00777272 _____ (Spotify Ltd) C:\Users\SpotifyCrashService.exe
2015-05-30 11:04 - 2015-04-25 13:41 - 00713882 _____ C:\Users\Apps\browse.spa
2015-05-30 11:04 - 2015-04-25 13:41 - 00598403 _____ C:\Users\cef_200_percent.pak
2015-05-30 11:04 - 2015-04-25 13:41 - 00532827 _____ C:\Users\Apps\notification-center.spa
2015-05-30 11:04 - 2015-04-25 13:41 - 00523578 _____ C:\Users\Apps\collection.spa
2015-05-30 11:04 - 2015-04-25 13:41 - 00505562 _____ C:\Users\Apps\genre.spa
2015-05-30 11:04 - 2015-04-25 13:41 - 00502734 _____ C:\Users\Apps\collection-artist.spa
2015-05-30 11:04 - 2015-04-25 13:41 - 00489222 _____ C:\Users\Apps\discover.spa
2015-05-30 11:04 - 2015-04-25 13:41 - 00463102 _____ C:\Users\Apps\collection-album.spa
2015-05-30 11:04 - 2015-04-25 13:41 - 00444515 _____ C:\Users\cef_100_percent.pak
2015-05-30 11:04 - 2015-04-25 13:41 - 00436638 _____ C:\Users\Apps\article.spa
2015-05-30 11:04 - 2015-04-25 13:41 - 00419994 _____ C:\Users\Apps\messages.spa
2015-05-30 11:04 - 2015-04-25 13:41 - 00408845 _____ C:\Users\Apps\album.spa
2015-05-30 11:04 - 2015-04-25 13:41 - 00385462 _____ C:\Users\Apps\social-feed.spa
2015-05-30 11:04 - 2015-04-25 13:41 - 00363379 _____ C:\Users\Apps\collection-songs.spa
2015-05-30 11:04 - 2015-04-25 13:41 - 00361920 _____ C:\Users\Apps\charts.spa
2015-05-30 11:04 - 2015-04-25 13:41 - 00357199 _____ C:\Users\Apps\artist.spa
2015-05-30 11:04 - 2015-04-25 13:41 - 00345753 _____ C:\Users\Apps\social-chart.spa
2015-05-30 11:04 - 2015-04-25 13:41 - 00344387 _____ C:\Users\Apps\buddy-list.spa
2015-05-30 11:04 - 2015-04-25 13:41 - 00331084 _____ C:\Users\Apps\playlist-desktop.spa
2015-05-30 11:04 - 2015-04-25 13:41 - 00299819 _____ C:\Users\Apps\radio.spa
2015-05-30 11:04 - 2015-04-25 13:41 - 00285287 _____ C:\Users\Apps\folder.spa
2015-05-30 11:04 - 2015-04-25 13:41 - 00251227 _____ C:\Users\Apps\profile.spa
2015-05-30 11:04 - 2015-04-25 13:41 - 00246374 _____ C:\Users\Apps\share.spa
2015-05-30 11:04 - 2015-04-25 13:41 - 00233679 _____ C:\Users\Apps\chart.spa
2015-05-30 11:04 - 2015-04-25 13:41 - 00209721 _____ C:\Users\Apps\findfriends.spa
2015-05-30 11:04 - 2015-04-25 13:41 - 00191376 _____ C:\Users\Apps\search.spa
2015-05-30 11:04 - 2015-04-25 13:41 - 00178608 _____ C:\Users\Apps\settings.spa
2015-05-30 11:04 - 2015-04-25 13:41 - 00177470 _____ C:\Users\Apps\suggest.spa
2015-05-30 11:04 - 2015-04-25 13:41 - 00162516 _____ C:\Users\Apps\zlink-queue.spa
2015-05-30 11:04 - 2015-04-25 13:41 - 00158229 _____ C:\Users\Apps\follow.spa
2015-05-30 11:04 - 2015-04-25 13:41 - 00124472 _____ (Spotify Ltd) C:\Users\SpotifyLauncher.exe
2015-05-30 11:04 - 2015-04-25 13:41 - 00112424 _____ C:\Users\Apps\zlogin.spa
2015-05-30 11:04 - 2015-04-25 13:41 - 00086386 _____ C:\Users\Apps\about.spa
2015-05-30 11:04 - 2015-04-25 13:41 - 00079928 _____ C:\Users\libEGL.dll
2015-05-30 11:04 - 2015-04-25 13:41 - 00073272 _____ C:\Users\wow_helper.exe
2015-05-30 11:04 - 2015-04-25 13:41 - 00053462 _____ C:\Users\Apps\ad.spa
2015-05-30 11:04 - 2015-04-25 13:41 - 00040253 _____ C:\Users\Apps\licenses.spa
2015-05-30 11:04 - 2015-04-25 13:41 - 00038320 _____ C:\Users\Apps\error.spa
2015-05-30 11:04 - 2015-04-25 13:41 - 00013506 _____ C:\Users\locales\en-US.pak
2015-05-30 11:04 - 2015-04-25 13:41 - 00007047 _____ C:\Users\locales\el.mo
2015-05-30 11:04 - 2015-04-25 13:41 - 00006945 _____ C:\Users\locales\ru.mo
2015-05-30 11:04 - 2015-04-25 13:41 - 00006203 _____ C:\Users\locales\ja.mo
2015-05-30 11:04 - 2015-04-25 13:41 - 00006086 _____ C:\Users\locales\fr-CA.mo
2015-05-30 11:04 - 2015-04-25 13:41 - 00006079 _____ C:\Users\locales\hu.mo
2015-05-30 11:04 - 2015-04-25 13:41 - 00006022 _____ C:\Users\locales\fr.mo
2015-05-30 11:04 - 2015-04-25 13:41 - 00006007 _____ C:\Users\locales\fi.mo
2015-05-30 11:04 - 2015-04-25 13:41 - 00006006 _____ C:\Users\locales\pl.mo
2015-05-30 11:04 - 2015-04-25 13:41 - 00005947 _____ C:\Users\locales\es-419.mo
2015-05-30 11:04 - 2015-04-25 13:41 - 00005914 _____ C:\Users\locales\nl.mo
2015-05-30 11:04 - 2015-04-25 13:41 - 00005872 _____ C:\Users\locales\es.mo
2015-05-30 11:04 - 2015-04-25 13:41 - 00005868 _____ C:\Users\locales\zsm.mo
2015-05-30 11:04 - 2015-04-25 13:41 - 00005868 _____ C:\Users\locales\de.mo
2015-05-30 11:04 - 2015-04-25 13:41 - 00005859 _____ C:\Users\locales\tr.mo
2015-05-30 11:04 - 2015-04-25 13:41 - 00005859 _____ C:\Users\locales\it.mo
2015-05-30 11:04 - 2015-04-25 13:41 - 00005858 _____ C:\Users\locales\zh-Hant.mo
2015-05-30 11:04 - 2015-04-25 13:41 - 00005852 _____ C:\Users\locales\pt-BR.mo
2015-05-30 11:04 - 2015-04-25 13:41 - 00005808 _____ C:\Users\locales\sv.mo
2015-05-30 11:04 - 2015-04-25 13:41 - 00005694 _____ C:\Users\locales\arb.mo
2015-05-30 11:04 - 2015-04-25 13:41 - 00005623 _____ C:\Users\locales\en.mo
2015-05-30 11:04 - 2015-04-25 13:41 - 00000020 _____ C:\Users\inst_ver.dat
2015-05-30 11:04 - 2015-04-25 13:41 - 00000000 ____D C:\Users\locales
2015-05-30 11:04 - 2015-04-25 13:41 - 00000000 _____ C:\Users\City.redir
2015-05-28 19:35 - 2014-04-26 22:50 - 00000000 ____D C:\Program Files (x86)\TERA
2015-05-28 00:47 - 2015-04-01 03:07 - 00000000 ____D C:\Users\City wok\Desktop\Minion
2015-05-27 01:25 - 2014-05-26 20:52 - 00000000 ____D C:\Users\City wok\AppData\Roaming\Advanced Combat Tracker
2015-05-24 15:47 - 2014-05-02 16:34 - 00000000 ____D C:\Users\City wok\AppData\Roaming\Equalify
2015-05-23 20:14 - 2014-05-02 16:42 - 00012155 _____ C:\Users\City wok\Desktop\IP.txt
2015-05-20 06:28 - 2015-03-24 06:27 - 00003834 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1427200071
2015-05-20 06:28 - 2015-03-24 06:27 - 00000000 ____D C:\Program Files (x86)\Opera
2015-05-16 00:50 - 2015-03-07 16:51 - 00000000 ____D C:\Windows\SysWOW64\directx
2015-05-14 21:42 - 2014-04-26 12:12 - 00062600 _____ C:\Users\City wok\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-14 15:34 - 2014-04-27 04:52 - 00000000 ____D C:\Users\City wok\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-05-14 11:50 - 2009-07-13 23:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-05-14 11:25 - 2014-04-27 17:54 - 00000000 ____D C:\Users\City wok\AppData\Roaming\Mumble
2015-05-14 11:25 - 2009-07-13 21:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-05-05 15:37 - 2015-04-25 21:36 - 00000000 ____D C:\Program Files (x86)\Overwolf
2015-05-05 00:54 - 2014-04-26 12:13 - 00000000 ____D C:\Users\City wok\AppData\Local\Deployment
2015-05-05 00:53 - 2015-04-25 21:35 - 00000000 ____D C:\Users\City wok\AppData\Local\Overwolf

==================== Files in the root of some directories =======

2015-04-01 22:10 - 2015-04-01 22:10 - 103476992 _____ () C:\Program Files (x86)\Advanced Combat Tracker.rar
2015-03-01 23:59 - 2015-03-03 12:59 - 0000125 _____ () C:\Users\City wok\AppData\Roaming\WB.CFG
2015-01-20 19:31 - 2015-01-20 19:31 - 0000038 ___SH () C:\Users\City wok\AppData\Local\1754111884ee9ab5277ca00.95260103
2014-04-26 12:04 - 2014-04-26 12:04 - 0000000 _____ () C:\Users\City wok\AppData\Local\Driver_LOM_8161Present.flag
2015-03-03 12:59 - 2015-03-03 12:59 - 0000010 _____ () C:\Users\City wok\AppData\Local\DSI.DAT
2014-07-09 22:54 - 2014-07-09 22:54 - 0000000 _____ () C:\ProgramData\1004018751
2014-07-13 18:17 - 2014-07-13 18:17 - 0000000 _____ () C:\ProgramData\1041865501
2014-07-09 22:59 - 2014-07-09 22:59 - 0000000 _____ () C:\ProgramData\1078690784
2014-07-11 22:25 - 2014-07-11 22:25 - 0000000 _____ () C:\ProgramData\1191945156
2014-07-07 11:54 - 2014-07-07 11:54 - 0000000 _____ () C:\ProgramData\1406002563
2014-07-06 22:10 - 2014-07-06 22:10 - 0000000 _____ () C:\ProgramData\1684319627
2014-07-09 17:03 - 2014-07-09 17:03 - 0000000 _____ () C:\ProgramData\1836197505
2014-07-12 08:18 - 2014-07-12 08:18 - 0000000 _____ () C:\ProgramData\2161121016
2014-07-15 19:59 - 2014-07-15 19:59 - 0000000 _____ () C:\ProgramData\330426891
2014-07-13 21:46 - 2014-07-13 21:46 - 0000000 _____ () C:\ProgramData\3754688948
2014-07-11 11:51 - 2014-07-11 11:51 - 0000000 _____ () C:\ProgramData\401797354
2014-07-10 15:33 - 2014-07-10 15:33 - 0000000 _____ () C:\ProgramData\4044265060
2014-07-17 19:32 - 2014-07-17 19:32 - 0000000 _____ () C:\ProgramData\686954657
2015-06-02 19:35 - 2015-06-02 19:35 - 0002760 _____ () C:\ProgramData\HirezPipeError.txt
2014-07-06 22:05 - 2014-07-06 22:05 - 0005014 _____ () C:\ProgramData\zrmjlmea.zpl
2014-07-06 22:10 - 2014-07-06 22:10 - 0005077 _____ () C:\ProgramData\{rmjlmea.zpl

Some files in TEMP:
====================
C:\Users\City wok\AppData\Local\Temp\54039f9a9dde71e10ec3c27236c19401.dll
C:\Users\City wok\AppData\Local\Temp\d4f5d244a0909d75573750c06e9db24d.dll
C:\Users\City wok\AppData\Local\Temp\devcon64.exe
C:\Users\City wok\AppData\Local\Temp\dllnt_dump.dll
C:\Users\City wok\AppData\Local\Temp\InstHelper.exe
C:\Users\City wok\AppData\Local\Temp\xmlUpdater.exe


Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\w32apiw.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-04 03:12

==================== End of log ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
Ran by City wok at 2015-06-04 12:34:36
Running from C:\Users\City wok\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3329031094-3307353646-2518575607-500 - Administrator - Disabled)
City wok (S-1-5-21-3329031094-3307353646-2518575607-1000 - Administrator - Enabled) => C:\Users\City wok
Guest (S-1-5-21-3329031094-3307353646-2518575607-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3329031094-3307353646-2518575607-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Advanced Combat Tracker (remove only) (HKLM-x32\...\Advanced Combat Tracker) (Version:  - )
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-3329031094-3307353646-2518575607-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
AutoHotkey 1.1.22.00 (HKLM\...\AutoHotkey) (Version: 1.1.22.00 - Lexikos)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Black Desert (HKLM-x32\...\Pmang_BlackDesert_live) (Version: 14951208 - GameOn)
Black Desert Patcher Japan (HKLM-x32\...\{39655020-2B5A-4E36-8BE0-C69331AA7210}) (Version: 1.0.0.4 - LokiReborn)
Build Tools - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
China Localization Patcher (HKLM-x32\...\{49C5170D-08A3-4FA8-A644-FB95E56859EA}) (Version: 2.0.4.2 - LokiReborn)
Common (HKLM-x32\...\Pmang_common) (Version: 12385632 - GameOn)
Core FTP LE (HKLM-x32\...\CoreFTP) (Version:  - )
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Curse Client (HKU\S-1-5-21-3329031094-3307353646-2518575607-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.0.0.0054 - Disc Soft Ltd)
Echo of Soul (HKLM-x32\...\Echo of Soul) (Version:  - )
Entity Framework 6.1.1 Tools  for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.241 - SurfRight B.V.)
Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java SE Development Kit 8 Update 31 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180310}) (Version: 8.0.310.13 - Oracle Corporation)
LocalESPC (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 for Windows Desktop - ENU with Update 4 (HKLM-x32\...\{b8a9dbc1-1fd4-4103-a83b-a2896f193ea0}) (Version: 12.0.31101.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)
Mumble 1.2.7 (HKLM-x32\...\{CF8BBFA2-5502-4904-A9E9-8D5CAA8DF785}) (Version: 1.2.7 - Thorvald Natvig)
nCleaner second 2.3.4.0 (HKLM-x32\...\nCleaner) (Version: 2.3.4.0 - )
NETGEAR A6200 Genie (HKLM-x32\...\{48E61F3E-61D4-42A3-9D29-D0CF40838779}) (Version: 26.0.0.0 - NETGEAR)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.8.2 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Opera Stable 29.0.1795.60 (HKLM-x32\...\Opera 29.0.1795.60) (Version: 29.0.1795.60 - Opera Software ASA)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.85.190.0 - Overwolf Ltd.)
Pingzapper version 2.0.1 (HKLM-x32\...\{7FD61982-5436-439B-B5D0-36F0536FF8BF}_is1) (Version: 2.0.1 - Pingzapper)
Pmangインストールマネージャー (HKLM-x32\...\Pmang) (Version: 1.0.1.1 - GameOn,Pmang)
PowreShellIntegration.Notifications (x32 Version: 2.5.21003.1603 - Microsoft Corporation) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Project Kryptonite version 1.0.4 (HKLM-x32\...\{2C0DDC2F-29FF-4FCC-8B3A-A935287D078C}_is1) (Version: 1.0.4 - Rohrbacher Development)
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
Python Tools Redirection Template (x32 Version: 1.1 - Microsoft Corporation) Hidden
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.0.34.1015 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.0.34.1015 - Qualcomm Atheros) Hidden
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.4-1.0.12786.82 - raidcall.com)
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.66 - Razer Inc)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.24735 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7111 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)
SlimDX Runtime .NET 4.0 x86 (January 2012) (HKLM-x32\...\{7EBD0E43-6AC0-4CA8-9990-00E50069AD29}) (Version: 2.0.13.43 - SlimDX Group)
SmartClose 1.1 (HKLM-x32\...\SmartClose.{7F22CBCB-92B5-4F5D-9A34-BB690215BEF2}_is1) (Version: 1.1 - BM-productions)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 2.7.2766.1 - Hi-Rez Studios)
Sound Blaster Cinema (HKLM-x32\...\{8801CA65-921A-4CCC-9D63-879D1D0BAA97}) (Version: 1.00.05 - Creative Technology Limited)
Spotify (HKU\S-1-5-21-3329031094-3307353646-2518575607-1000\...\Spotify) (Version: 1.0.6.80.g2a801a53 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Tablet Driver V7.0 (HKLM-x32\...\TabletDriver) (Version:  - )
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Translator Fun Voice Pack (HKLM-x32\...\{602A1471-063B-4E03-9DCE-0210B914EFF5}) (Version: 1.5.0 - Screaming Bee)
TypeScript Power Tool (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Visual Studio 2013 Update 4 (KB2829760) (HKLM-x32\...\{53d408db-eb91-43fb-9d8f-167681c19763}) (Version: 12.0.31101 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VS Update core components (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.20 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.4 - win.rar GmbH)
검은사막 클라이언트 (HKLM-x32\...\검은사막_is1) (Version:  - Daum Games)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3329031094-3307353646-2518575607-1000_Classes\CLSID\{feda4990-bcfd-4a05-853d-1fab15a25f1c}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)

==================== Restore Points =========================

03-06-2015 21:02:00 Removed EverQuest Titanium
04-06-2015 12:01:13 Removed Translator Fun Voice Pack
04-06-2015 12:01:44 Removed Translator Fun Voice Pack

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2015-06-03 23:18 - 00000768 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {088F4051-5F3C-44DC-848A-E605D9D18C88} - \ShopperPro No Task File <==== ATTENTION
Task: {10D34E01-2DF1-44B9-A695-267239BF8B60} - System32\Tasks\{BC903E37-771E-4A96-B9F3-B649DF77BC01} => pcalua.exe -a "C:\Users\City wok\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2KKI3J6D\pmang_common_module.exe" -d "C:\Users\City wok\Desktop"
Task: {1195BDFD-3D2A-4AA8-A69E-884BF6428328} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2015-06-03] ()
Task: {49B532BC-7AD1-4E64-94B9-80779D12EA25} - \SPBIW_UpdateTask_Time_323538363930373139362d3437415a556c2a3223346c41 No Task File <==== ATTENTION
Task: {5AB3B737-22B7-4AF2-AE90-D0C704A33F1F} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2014-04-26] (Microsoft Corporation)
Task: {5AE05F71-1428-494E-BD90-54F0F13054EB} - \Winupdate No Task File <==== ATTENTION
Task: {60363DF3-73A0-4ADB-BBDD-4F18FD056E6B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {66546AA1-4772-440C-AB74-3EFB77506A30} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2015-05-04] (Overwolf LTD)
Task: {68AB3381-7C24-4D76-8D2A-4A7C370D17D2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-04] (Google Inc.)
Task: {7E047802-6907-4613-8741-C33FCC2C001F} - System32\Tasks\{7610404F-E951-4F84-8854-8718F7404450} => pcalua.exe -a "C:\Users\City wok\Downloads\setup.exe" -d "C:\Users\City wok\Downloads"
Task: {9C946AFB-128D-4BF6-B1AD-AB52DDD1D4C8} - \SPDriver No Task File <==== ATTENTION
Task: {9E923AA5-53BF-4474-99E3-42D6A5FBB826} - System32\Tasks\Opera scheduled Autoupdate 1427200071 => C:\Program Files (x86)\Opera\launcher.exe [2015-05-18] (Opera Software)
Task: {BAD64A6A-24D6-47B6-93F9-790384D71171} - \EssentialUpdateMachine No Task File <==== ATTENTION
Task: {E5712805-5C31-42F4-A89C-A2D31640CF30} - \ShopperProJSUpd No Task File <==== ATTENTION
Task: {F4621BEA-EE61-4899-9971-0F36B39D2DB6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-04] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-04-25 21:33 - 2015-03-13 10:16 - 00118472 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-04-15 14:13 - 2015-04-15 14:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-04-26 12:11 - 2012-11-01 12:23 - 00089600 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2014-04-26 12:11 - 2012-11-01 12:21 - 00325120 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2012-01-10 14:41 - 2015-03-29 21:31 - 00568904 _____ () C:\Program Files (x86)\puush\puush.exe
2015-05-01 10:57 - 2014-03-14 16:31 - 00018944 _____ () C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe
2014-04-25 21:33 - 2015-03-27 21:45 - 00721552 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\gamecaster64.dll
2014-04-25 21:33 - 2015-03-27 21:45 - 00854160 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\twitchsdk64.dll
2015-03-13 23:49 - 2015-03-13 23:49 - 00291840 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2015-03-31 13:11 - 2015-03-27 21:45 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-02-05 03:20 - 2015-02-05 03:20 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2012-05-30 04:09 - 2012-05-30 04:09 - 00301888 _____ () C:\Windows\system32\WinTab32.DLL
2015-03-06 16:42 - 2014-11-25 20:12 - 40622592 _____ () C:\Users\City wok\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2015-03-06 16:42 - 2014-11-25 20:12 - 00911360 _____ () C:\Users\City wok\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
2015-03-06 16:42 - 2014-11-25 20:12 - 00134144 _____ () C:\Users\City wok\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll
2014-04-30 15:27 - 2013-09-16 13:20 - 01242584 ____R () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2012-05-30 04:09 - 2012-05-30 04:09 - 00301888 _____ () C:\Windows\system32\wintab32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:56E2E879

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3329031094-3307353646-2518575607-1000\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-3329031094-3307353646-2518575607-1000\...\aeriagames.com -> hxxp://aeriagames.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3329031094-3307353646-2518575607-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\City wok\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 74.211.15.210 - 74.211.15.211

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: OverwolfUpdater => 3
MSCONFIG\Services: PingzapperSvc => 2
MSCONFIG\Services: Razer Game Scanner Service => 2
MSCONFIG\Services: SEVPNCLIENT => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: VyprVPN => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SoftEther VPN Client Manager Startup.lnk => C:\Windows\pss\SoftEther VPN Client Manager Startup.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^City wok^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Curse.lnk => C:\Windows\pss\Curse.lnk.Startup
MSCONFIG\startupfolder: C:^Users^City wok^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\Windows\pss\CurseClientStartup.ccip.Startup
MSCONFIG\startupfolder: C:^Users^City wok^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk => C:\Windows\pss\ERUNT AutoBackup.lnk.Startup
MSCONFIG\startupfolder: C:^Users^City wok^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OptimizerPro.lnk => C:\Windows\pss\OptimizerPro.lnk.Startup
MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DelaypluginInstall => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
MSCONFIG\startupreg: LanuchApp => C:\Program Files (x86)\NETGEAR\A6200\LanuchApp.exe -s
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
MSCONFIG\startupreg: SoftEther VPN Client UI Helper => "C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe" /uihelp
MSCONFIG\startupreg: Spotify => "C:\Users\City wok\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\City wok\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\City wok\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
MSCONFIG\startupreg: WTClient => WTClient.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{4CE71398-1D90-48EB-8387-8B12E7B9AE7D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C6C44E40-83B4-4E7C-BB4C-167AA293A403}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{40DB5CA3-BC02-42A0-842C-7CA03725097D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{434FF953-51D4-40A8-9CF7-E9B01533769C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{0C56FC44-7B54-438A-9497-49BFA63E1E1A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{97316A90-016E-4385-9644-E92FD4907A33}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{38FA4F5E-2F06-4AB9-A3C1-F1D55FE99FB7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CB01CF4A-B4B0-44A4-A208-7B8B95394568}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3565AD21-DFB4-4169-B5C6-C972A8D3C885}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{42993FDC-4513-4EF4-9E2B-F6093937EC44}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{2B35E32B-9F93-4B20-8DFC-6AB25F88BDD2}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{414C0927-1785-492E-A426-076F46F3F45F}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{F360AE7C-75B6-4333-ABC9-A77152BBCD4F}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{03243F97-B809-471E-95B1-7F3A3A0424E5}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [TCP Query User{F3235E6E-26D8-4133-BBD0-7883DED6A7B3}F:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) F:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [uDP Query User{8CD7BAF5-1881-4E5D-A25A-1056D098595A}F:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) F:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{9EE94A64-6548-48CE-8F81-DDADC423AB1F}C:\users\city wok\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\city wok\appdata\roaming\spotify\spotify.exe
FirewallRules: [uDP Query User{028B6FD4-B03D-48D8-ADC3-4B6130F57867}C:\users\city wok\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\city wok\appdata\roaming\spotify\spotify.exe
FirewallRules: [{6A4B7659-B17A-4BBC-A6B6-5A16EF8FF87D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{ACB6A1BE-C12B-4251-9FBC-CF14940B1FEF}C:\program files (x86)\steam\steamapps\common\daylight\limagame\binaries\win64\daylight.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\daylight\limagame\binaries\win64\daylight.exe
FirewallRules: [uDP Query User{4AF3988D-D6F1-4F43-9812-176C7E85A687}C:\program files (x86)\steam\steamapps\common\daylight\limagame\binaries\win64\daylight.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\daylight\limagame\binaries\win64\daylight.exe
FirewallRules: [{B0771A13-7A75-42D1-B0C0-F1301CD7A53F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{0F8B856A-952C-4D75-9377-032CEF933F7F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{E30D72AB-3C0C-4704-9801-4E3B7797BFF8}] => (Allow) C:\Program Files (x86)\Project Blackout\PBlackout.exe
FirewallRules: [{35602524-3A45-43EE-98A1-99E105A71CD8}] => (Allow) C:\Program Files (x86)\Project Blackout\PBlackout.exe
FirewallRules: [TCP Query User{C0A70009-9E1F-4680-95E5-FB5BB3BBDC46}C:\program files (x86)\kraven manor demo\binaries\win32\udk.exe] => (Allow) C:\program files (x86)\kraven manor demo\binaries\win32\udk.exe
FirewallRules: [uDP Query User{C3109D33-4F32-49B6-88A8-2932081756D5}C:\program files (x86)\kraven manor demo\binaries\win32\udk.exe] => (Allow) C:\program files (x86)\kraven manor demo\binaries\win32\udk.exe
FirewallRules: [{EDF02F02-86EE-4E1F-BCE7-020632FBC0FC}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{47DBB8F5-8E35-4C87-A620-05DC0721D9A2}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{FDAFDEF8-9FF2-4185-A429-94782245C5CC}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{9CFAEF9C-801F-4377-BD29-414E6A446985}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [TCP Query User{6A5E38F9-8E9B-4D6C-9633-CE13B686E1B6}C:\users\city wok\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\city wok\appdata\roaming\spotify\spotify.exe
FirewallRules: [uDP Query User{F6DB9C9E-6C92-48CF-9563-5A1424DC22D5}C:\users\city wok\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\city wok\appdata\roaming\spotify\spotify.exe
FirewallRules: [{FC615BFF-5B80-4426-92B8-C00233E5DAF9}] => (Allow) C:\Program Files\Ubisoft\WATCH_DOGS\bin\Watch_Dogs.exe
FirewallRules: [{5BFD3CA3-C272-4D70-B83F-F720FB201A32}] => (Allow) C:\Program Files\Ubisoft\WATCH_DOGS\bin\Watch_Dogs.exe
FirewallRules: [{83E0F557-C30F-45FA-B1C8-D72B0EE126BF}] => (Allow) C:\Program Files (x86)\Project Kryptonite\data\OverlayLoader_win32.exe
FirewallRules: [{3EDAB019-EAA7-45F2-8650-9FDCDA12272E}] => (Allow) C:\Program Files (x86)\Project Kryptonite\data\OverlayLoader_win64.exe
FirewallRules: [{12137FF3-033F-4287-BC48-38C4653017E2}] => (Allow) C:\Program Files (x86)\Project Kryptonite\data\browser\Offscreen_Browser.exe
FirewallRules: [{794557BB-89A2-4249-A01F-FB8C5A647EAE}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{217F831E-10CF-4CB4-9682-B501B0259093}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{A31BEE37-3E77-497C-A36C-6606A268C561}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{49D43F89-8275-4240-A56D-4E17F41704CE}] => (Allow) LPort=2869
FirewallRules: [{4CCBC95A-1D96-4317-A305-4822E6D71F7C}] => (Allow) LPort=1900
FirewallRules: [{0A54CEAC-8EC1-4953-B26F-46FF99FF1083}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{77D48BD0-BCB1-4AD0-B83A-724BE68E1E7B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{AE466C45-D9B9-41E3-B17F-5BC718B26C30}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{FA14DBBE-F7B5-4190-8D9E-6980ABAC94A8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [TCP Query User{81D83158-6930-4BF2-B996-DB25CEC58342}F:\diablo iii\diablo iii.exe] => (Allow) F:\diablo iii\diablo iii.exe
FirewallRules: [uDP Query User{A5D119EC-00D6-4060-94A2-A32659D71488}F:\diablo iii\diablo iii.exe] => (Allow) F:\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{482F6ACB-9C69-4216-A845-0C422972D27C}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [uDP Query User{AFBDED0D-EF13-4072-87D6-88071EEDBC34}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [{39CC876C-673C-4B94-B0D7-58A9841DF538}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{0845B39B-F029-4223-9DF5-91D13FE9EEAF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{992FCA88-6931-49EE-A289-AFB69AB8ECDB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B5F8D8FD-F2E4-4D65-AFC4-5847F3ECBFE0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D5C6130D-558A-4454-93FD-221C17A833E6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{008A982C-7CD1-4654-BED2-81290939D1C8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{E8EB380A-F986-4449-AED9-A8A1002DEA23}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\WDExpress.exe
FirewallRules: [{7D4089A6-3875-4A2D-9C3C-095C544CE25E}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{68DE0E19-80F6-461B-A868-9770FD100A80}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{F80E5890-B208-42B1-84A8-04FE19CE2B45}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [{EEF5CEC0-F634-42F8-A02F-AE6AC2119AE9}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{D9D9BB10-0280-4C68-AB6A-CE2488A1A29F}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{0A543FEC-23EC-4333-A3E6-9BA935AAAA44}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{000D9EBF-BE70-4462-85A3-58059F51CA8F}] => (Allow) F:\Black Desert\bin\BlackDesert32.exe
FirewallRules: [{F897A09E-183D-4205-88C3-F04418D93716}] => (Allow) F:\Black Desert\bin64\BlackDesert64.exe
FirewallRules: [{582F2852-A131-48C6-82B1-59970467B10E}] => (Allow) F:\Black Desert\BlackDesert_Launcher.exe
FirewallRules: [{859F2DFD-153D-46A0-A1CB-546C60480ED3}] => (Allow) F:\Black Desert\BlackDesert_Downloader.exe
FirewallRules: [{AE5B3A56-B0B3-4A79-B831-5FA5E582967F}] => (Allow) F:\Black Desert\BlackDesert_Launcher.exe
FirewallRules: [{AA691033-8A66-4853-8E33-0135DC3F7464}] => (Allow) F:\Black Desert\BlackDesert_Launcher.exe
FirewallRules: [{B3684E29-D39D-4C61-872D-25E3B29FE9C5}] => (Allow) F:\Black Desert\BlackDesert_Downloader.exe
FirewallRules: [{3377F9A2-8151-48F0-B555-29B670583FB8}] => (Allow) F:\Black Desert\BlackDesert_Downloader.exe
FirewallRules: [{90C0AC52-5764-4B55-9F37-B7F95FFCB092}] => (Allow) F:\Black Desert\BlackDesert_Downloader.exe
FirewallRules: [{4642C1B4-5E81-4E84-BFEB-C44DFDF70FF7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/04/2015 00:34:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 3.6.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2f90

Start Time: 01d09ef4fb20970d

Termination Time: 5

Application Path: C:\Users\City wok\Downloads\FRST64.exe

Report Id: 44055e06-0ae8-11e5-bd94-448a5b64d402

Error: (06/04/2015 00:01:51 PM) (Source: MsiInstaller) (EventID: 11001) (User: Citywok-PC)
Description: Product: Translator Fun Voice Pack -- Error 1001. Error 1001. Exception occurred while initializing the installation:
System.IO.FileNotFoundException: Could not load file or assembly 'file:///C:\Program Files (x86)\Screaming Bee\Translator Fun Voice Pack\MorphVOXCheck.dll' or one of its dependencies. The system cannot find the file specified..(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/04/2015 00:01:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

System Error:
The system cannot find the file specified.
.

Error: (06/04/2015 00:01:35 PM) (Source: MsiInstaller) (EventID: 11001) (User: Citywok-PC)
Description: Product: Translator Fun Voice Pack -- Error 1001. Error 1001. Exception occurred while initializing the installation:
System.IO.FileNotFoundException: Could not load file or assembly 'file:///C:\Program Files (x86)\Screaming Bee\Translator Fun Voice Pack\MorphVOXCheck.dll' or one of its dependencies. The system cannot find the file specified..(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/04/2015 00:01:14 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

System Error:
The system cannot find the file specified.
.

Error: (06/04/2015 11:58:15 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/03/2015 11:29:08 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/03/2015 11:29:05 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/03/2015 11:17:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/03/2015 11:03:20 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (06/03/2015 11:31:15 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The ESET Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (06/03/2015 11:16:19 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/03/2015 11:16:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BCM42RLY service failed to start due to the following error:
%%2

Error: (06/03/2015 11:16:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BCM42RLY service failed to start due to the following error:
%%2

Error: (06/03/2015 11:15:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BCM42RLY service failed to start due to the following error:
%%2

Error: (06/03/2015 11:15:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BCM42RLY service failed to start due to the following error:
%%2

Error: (06/03/2015 11:14:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BCM42RLY service failed to start due to the following error:
%%2

Error: (06/03/2015 11:14:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BCM42RLY service failed to start due to the following error:
%%2

Error: (06/03/2015 11:14:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (06/03/2015 11:14:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BCM42RLY service failed to start due to the following error:
%%2


Microsoft Office:
=========================
Error: (06/04/2015 00:34:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe3.6.2015.02f9001d09ef4fb20970d5C:\Users\City wok\Downloads\FRST64.exe44055e06-0ae8-11e5-bd94-448a5b64d402

Error: (06/04/2015 00:01:51 PM) (Source: MsiInstaller) (EventID: 11001) (User: Citywok-PC)
Description: Product: Translator Fun Voice Pack -- Error 1001. Error 1001. Exception occurred while initializing the installation:
System.IO.FileNotFoundException: Could not load file or assembly 'file:///C:\Program Files (x86)\Screaming Bee\Translator Fun Voice Pack\MorphVOXCheck.dll' or one of its dependencies. The system cannot find the file specified..(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/04/2015 00:01:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

System Error:
The system cannot find the file specified.

Error: (06/04/2015 00:01:35 PM) (Source: MsiInstaller) (EventID: 11001) (User: Citywok-PC)
Description: Product: Translator Fun Voice Pack -- Error 1001. Error 1001. Exception occurred while initializing the installation:
System.IO.FileNotFoundException: Could not load file or assembly 'file:///C:\Program Files (x86)\Screaming Bee\Translator Fun Voice Pack\MorphVOXCheck.dll' or one of its dependencies. The system cannot find the file specified..(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/04/2015 00:01:14 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

System Error:
The system cannot find the file specified.

Error: (06/04/2015 11:58:15 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\City wok\Downloads\esetsmartinstaller_enu(1).exe

Error: (06/03/2015 11:29:08 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\City wok\Downloads\esetsmartinstaller_enu(1).exe

Error: (06/03/2015 11:29:05 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\City wok\Downloads\esetsmartinstaller_enu(1).exe

Error: (06/03/2015 11:17:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/03/2015 11:03:20 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\City wok\Downloads\esetsmartinstaller_enu.exe


==================== Memory info ===========================

Processor: Intel® Core i7-4770S CPU @ 3.10GHz
Percentage of memory in use: 25%
Total physical RAM: 16327.91 MB
Available physical RAM: 12207.14 MB
Total Pagefile: 32654.01 MB
Available Pagefile: 28784.15 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.47 GB) (Free:41.63 GB) NTFS
Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: () (Fixed) (Total:1862.92 GB) (Free:1742.44 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 788F3BC1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: E621BC2B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS)

==================== End of log ============================

Link to post
Share on other sites

Hey yes I posted this!

 

and here is a link to my bleeping computer assistance with all the logs available!

http://www.bleepingc...8080/?p=3724755

 

They told me to make a new thread and I did but I can't wait much longer ill be forced to redo windows all together soon

I understand how accepting help from multiple sources at one time would be detramental to helping the situation so if I recieve help here i'll ask

for my other thread to be closed!

 

If you need anything else from me i'll gladly do whatever it takes to resolve this without pulling out the windows disk!

Thank you very much for looking at this and I hope to hear soon :)

 

Like I said I will close that thread and take no instruction there if I recieve help here

Link to post
Share on other sites

  • Staff

FRST.gif Fix with Farbar Recovery Scan Tool
 



icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 
 
 
51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware
 
Please re-run 51a46ae42d560-malwarebytes_anti_malware. Malwarebytes' Anti-Malware.

  • First of all, select update.
  • Once updated, click the Settings tab, in the left panel choose Detection & Protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the newest Scan Log.
  • At the bottom click Export and choose Text file.
  • Save the file to your desktop and include its content in your next reply.

fixlist.txt

Link to post
Share on other sites

Hello! thank you for the response again. as promised ill ask for closed thread at other site and only follow your instructions!

so I have followed everything and have good news but I dont think im 100% safe yet still. anyhow lemme provide you with the needed logs now then ill make another post with the other details.

Fixlog.txt

MBAM.txt

Link to post
Share on other sites

Okay so when I first rebooted from the FRST64 I was able to connect to Internet Explorer 11 and Chrome!

After running the Malwarebytes scan and after restarting from that chrome is getting the proxy error.

I also tested Opera and its getting the same problem.

Here are some screen shots of them.

 

Chrome After the FRST64 Restart  Proxy settings are no longer locked to.

4655d9a379.png879696fc0c.png99a910085f.png

Link to post
Share on other sites

  • Staff

FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

Link to post
Share on other sites

  • Staff

FRST.gif Fix with Farbar Recovery Scan Tool
 


icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

fixlist.txt

Link to post
Share on other sites

  • Staff

FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

Link to post
Share on other sites

  • Staff

FRST.gif Fix with Farbar Recovery Scan Tool
 


icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

fixlist.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.