Jump to content

I'm infected.


Recommended Posts

I am infected when browsing with chrome of firefox browser. The infection automatically adds an extension with a changing name each time. It has called itself "ready coupon" or "free4u" before. I can remove it but it always comes back even after running malwarebytes scans very thoroughly. Assistance please. I appreciate the help, this is beyond my knowledge. Here are my FRST logs in plain text:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015

Ran by Casey (administrator) on DT1860 on 13-07-2015 15:15:43
Running from C:\Users\Casey\Desktop
Loaded Profiles: Casey & (Available Profiles: Casey)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
() C:\Program Files (x86)\Shiny Significance\Shiny Significance.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKLM-x32\...\Run: [brStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3620651883-1023134675-2200516065-1001\...\Run: [spotify Web Helper] => C:\Users\Casey\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2030648 2015-07-13] (Spotify Ltd)
HKU\S-1-5-21-3620651883-1023134675-2200516065-1001\...\Run: [cdloader] => C:\Users\Casey\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)
HKU\S-1-5-21-3620651883-1023134675-2200516065-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKU\S-1-5-21-3620651883-1023134675-2200516065-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.)
HKU\S-1-5-21-3620651883-1023134675-2200516065-1001\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7800088 2015-07-11] (SUPERAntiSpyware)
HKU\S-1-5-21-3620651883-1023134675-2200516065-1001\...\Run: [GoogleChromeAutoLaunch_AAFCC270D31FADB1D329301E4E8A245A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-06-20] (Google Inc.)
HKU\S-1-5-21-3620651883-1023134675-2200516065-1001\...\Run: [spotify] => C:\Users\Casey\AppData\Roaming\Spotify\Spotify.exe [7504952 2015-07-13] (Spotify Ltd)
HKU\S-1-5-21-3620651883-1023134675-2200516065-1001\...\MountPoints2: {0175ac62-597b-11e2-be65-806e6f6e6963} - "D:\install.exe"
HKU\S-1-5-21-3620651883-1023134675-2200516065-1001\...\MountPoints2: {d0bacd62-7fcd-11e4-bef3-bc5ff4419c2c} - "E:\Setup.exe"
HKU\S-1-5-21-3620651883-1023134675-2200516065-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [spotify Web Helper] => C:\Users\Casey\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2030648 2015-07-13] (Spotify Ltd)
HKU\S-1-5-21-3620651883-1023134675-2200516065-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [cdloader] => C:\Users\Casey\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)
HKU\S-1-5-21-3620651883-1023134675-2200516065-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKU\S-1-5-21-3620651883-1023134675-2200516065-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.)
HKU\S-1-5-21-3620651883-1023134675-2200516065-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7800088 2015-07-11] (SUPERAntiSpyware)
HKU\S-1-5-21-3620651883-1023134675-2200516065-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_AAFCC270D31FADB1D329301E4E8A245A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-06-20] (Google Inc.)
HKU\S-1-5-21-3620651883-1023134675-2200516065-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [spotify] => C:\Users\Casey\AppData\Roaming\Spotify\Spotify.exe [7504952 2015-07-13] (Spotify Ltd)
HKU\S-1-5-21-3620651883-1023134675-2200516065-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {0175ac62-597b-11e2-be65-806e6f6e6963} - "D:\install.exe"
HKU\S-1-5-21-3620651883-1023134675-2200516065-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {d0bacd62-7fcd-11e4-bef3-bc5ff4419c2c} - "E:\Setup.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk [2013-09-18]
ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\Users\Casey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2014-08-11]
ShortcutTarget: Curse.lnk -> C:\Users\Casey\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
Startup: C:\Users\Casey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Five Finger Death Punch Discography (2007-2013) FLAC.lnk [2015-05-05]
ShortcutTarget: Five Finger Death Punch Discography (2007-2013) FLAC.lnk -> C:\ProgramData\{a421b45e-86a5-e956-a421-1b45e86ad17a}\Five Finger Death Punch Discography (2007-2013) FLAC.exe (No File)
ShellIconOverlayIdentifiers: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3620651883-1023134675-2200516065-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKU\S-1-5-21-3620651883-1023134675-2200516065-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://www.asus.com/support/asusTek_sys_ctrl3.cab
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{68EAE06D-EEFA-4B97-A5C3-F3883D710E99}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{9D9796BF-17D3-4305-8F4A-1913F21BCF2E}: [DhcpNameServer] 209.18.47.61 209.18.47.62
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Casey\AppData\Roaming\Mozilla\Firefox\Profiles\0tp4oaos.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_191.dll [2015-07-08] ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2013-03-06] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_191.dll [2015-07-08] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\WINDOWS\SysWOW64\npDeployJava1.dll [2013-03-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-09] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-3620651883-1023134675-2200516065-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-04-19] ()
FF Plugin HKU\S-1-5-21-3620651883-1023134675-2200516065-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-04-19] ()
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-09-15]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-28]
CHR Extension: (Google Docs) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-28]
CHR Extension: (Google Drive) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-28]
CHR Extension: (YouTube) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-28]
CHR Extension: (Google Search) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-28]
CHR Extension: (Google Sheets) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-28]
CHR Extension: (AdBlock) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-06-28]
CHR Extension: (Google Wallet) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-28]
CHR Extension: (Gmail) - C:\Users\Casey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [182248 2013-03-14] ()
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-19] (Electronic Arts)
R2 Shiny Significance; C:\Program Files (x86)\Shiny Significance\Shiny Significance.exe [8016428 2015-07-09] () [File not signed] <==== ATTENTION
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21048 2013-03-14] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21048 2013-03-14] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-01-19] ()
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-07-13] (Malwarebytes Corporation)
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-07-13] ()
S3 avchv; \SystemRoot\system32\DRIVERS\avchv.sys [X]
S3 cpuz138; \??\C:\Users\Casey\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-13 15:16 - 2015-07-13 15:16 - 05632449 _____ (Swearware) C:\Users\Casey\Desktop\ComboFix.exe
2015-07-13 15:15 - 2015-07-13 15:15 - 00018182 _____ C:\Users\Casey\Desktop\FRST.txt
2015-07-13 15:15 - 2015-07-13 15:15 - 00000000 ____D C:\FRST
2015-07-13 15:14 - 2015-07-13 15:14 - 02133504 _____ (Farbar) C:\Users\Casey\Desktop\FRST64.exe
2015-07-13 15:07 - 2015-07-13 15:09 - 00000024 _____ C:\Users\Casey\AppData\Roaming\appdataFr25.bin
2015-07-13 15:03 - 2015-07-13 15:03 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp
2015-07-13 15:01 - 2015-07-13 15:01 - 00000000 ____D C:\Users\Casey\Documents\Bemis walkthroughs
2015-07-13 11:58 - 2015-07-13 15:02 - 00000000 ____D C:\Program Files (x86)\PatternGenerators
2015-07-13 11:58 - 2015-07-13 15:01 - 00000000 ____D C:\Program Files (x86)\Classic Scrollbar Buttons
2015-07-13 11:57 - 2015-07-13 15:03 - 00000368 _____ C:\WINDOWS\Tasks\BackView.job
2015-07-13 11:57 - 2015-07-13 11:57 - 00003254 _____ C:\WINDOWS\System32\Tasks\BackView
2015-07-13 11:57 - 2015-07-13 11:57 - 00000000 ____D C:\ProgramData\{28d98944-086a-ff3d-28d9-989440862510}
2015-07-10 05:59 - 2015-07-11 11:58 - 00000000 ____D C:\Program Files (x86)\LinkProc
2015-07-10 05:58 - 2015-07-11 11:39 - 00000000 ____D C:\Program Files (x86)\Enhanced Steam
2015-07-10 05:57 - 2015-07-13 11:57 - 00000368 _____ C:\WINDOWS\Tasks\MailGuard.job
2015-07-10 05:57 - 2015-07-11 11:39 - 00000000 ____D C:\ProgramData\{a74f174c-9258-d2f8-a74f-f174c9255d32}
2015-07-10 05:57 - 2015-07-10 05:57 - 00003254 _____ C:\WINDOWS\System32\Tasks\MailGuard
2015-07-10 05:57 - 2015-07-10 05:57 - 00000000 _____ C:\A000.tmp
2015-07-09 17:57 - 2015-07-09 17:57 - 08016428 _____ C:\WINDOWS\SysWOW64\1.exe
2015-07-09 17:57 - 2015-07-09 17:57 - 00000000 ____D C:\Program Files (x86)\Shiny Significance
2015-07-09 17:34 - 2015-07-09 17:51 - 00000000 ____D C:\Users\Casey\Downloads\Carol Temp dls
2015-07-09 17:33 - 2015-07-09 17:33 - 15916768 _____ (Ventis Media Inc. ) C:\Users\Casey\Desktop\MediaMonkey_4.1.8.1751.exe
2015-07-01 15:33 - 2015-07-01 15:33 - 00002160 _____ C:\Users\Public\Desktop\Brother Creative Center.lnk
2015-07-01 15:33 - 2015-07-01 15:33 - 00002075 _____ C:\Users\Public\Desktop\Brother Utilities.lnk
2015-07-01 15:33 - 2015-07-01 15:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2015-07-01 15:32 - 2015-07-01 15:32 - 00000000 ____D C:\Brother
2015-07-01 15:29 - 2015-07-01 15:29 - 00000000 ____D C:\Users\Casey\Desktop\install
2015-07-01 15:28 - 2015-07-01 15:28 - 45634784 _____ (A.I.SOFT,INC.) C:\Users\Casey\Desktop\HL-L2340D-inst-C1-US3.EXE
2015-06-28 17:05 - 2015-07-07 19:10 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-28 17:05 - 2015-06-28 17:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-25 17:57 - 2015-07-13 11:57 - 00000368 _____ C:\WINDOWS\Tasks\ViperApp.job
2015-06-25 17:57 - 2015-06-28 16:58 - 00000000 ____D C:\ProgramData\{0a6e258b-97a4-ead8-0a6e-e258b97a962e}
2015-06-25 17:57 - 2015-06-25 17:57 - 00003254 _____ C:\WINDOWS\System32\Tasks\ViperApp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-13 15:06 - 2015-02-21 11:08 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-13 15:05 - 2013-11-01 19:55 - 00000000 ___DO C:\Users\Casey\SkyDrive
2015-07-13 15:03 - 2014-03-26 07:28 - 00034752 _____ C:\WINDOWS\system32\Drivers\WPRO_41_2001.sys
2015-07-13 15:03 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-13 15:02 - 2013-09-29 22:55 - 01082368 _____ C:\WINDOWS\PFRO.log
2015-07-13 15:02 - 2013-08-22 09:46 - 00305098 _____ C:\WINDOWS\setupact.log
2015-07-13 15:02 - 2013-08-22 08:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-07-13 15:02 - 2012-07-26 03:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2015-07-13 15:01 - 2015-03-06 14:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-13 15:00 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-13 14:59 - 2013-06-20 08:16 - 00000000 ____D C:\Users\Casey\AppData\Local\Spotify
2015-07-13 14:55 - 2013-06-20 08:15 - 00000000 ____D C:\Users\Casey\AppData\Roaming\Spotify
2015-07-13 14:27 - 2014-05-06 20:22 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-13 14:14 - 2013-10-24 15:52 - 01146062 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-13 11:58 - 2015-06-04 11:58 - 00000000 ____D C:\ProgramData\7372616952414713209
2015-07-13 11:58 - 2015-06-04 11:57 - 00000366 _____ C:\WINDOWS\Tasks\SoftwareFixer.job
2015-07-13 06:44 - 2013-09-29 23:04 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-11 11:58 - 2015-06-08 15:48 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-07-11 11:58 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\L2Schemas
2015-07-11 11:57 - 2013-10-24 15:36 - 00000000 ____D C:\Users\Casey
2015-07-11 11:40 - 2014-08-11 12:40 - 00000000 ____D C:\Users\Casey\AppData\Roaming\Curse Client
2015-07-11 10:48 - 2013-05-06 08:34 - 00000000 ____D C:\Users\Casey\Desktop\New folder
2015-07-10 03:40 - 2013-03-06 21:41 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3620651883-1023134675-2200516065-1001
2015-07-09 18:00 - 2014-12-18 13:16 - 00000000 ____D C:\Users\Casey\AppData\Roaming\MediaMonkey
2015-07-09 17:50 - 2013-03-08 01:15 - 00000000 ____D C:\Users\Casey\AppData\Roaming\vlc
2015-07-09 17:36 - 2013-09-26 09:08 - 00001086 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-07-09 17:34 - 2014-12-18 13:16 - 00001059 _____ C:\Users\Public\Desktop\MediaMonkey.lnk
2015-07-09 17:34 - 2014-12-18 13:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey
2015-07-09 17:34 - 2014-12-18 13:15 - 00000000 ____D C:\Program Files (x86)\MediaMonkey
2015-07-08 21:44 - 2012-07-26 02:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-08 12:27 - 2014-05-06 20:22 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-07-06 16:24 - 2013-08-22 10:38 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-07-06 16:24 - 2013-08-22 10:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-05 05:08 - 2013-03-10 07:52 - 00300704 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-07-01 22:28 - 2013-10-24 15:59 - 00000000 ____D C:\Users\Casey\AppData\Roaming\ClassicShell
2015-07-01 15:32 - 2015-02-25 14:13 - 00000000 ____D C:\Program Files (x86)\Browny02
2015-07-01 15:32 - 2015-02-25 14:13 - 00000000 ____D C:\Program Files (x86)\Brother
2015-07-01 15:32 - 2013-03-07 09:37 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-28 17:05 - 2013-03-06 21:40 - 00000000 ____D C:\Users\Casey\AppData\Local\Google
2015-06-28 17:05 - 2013-03-06 21:40 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-28 13:53 - 2013-12-19 08:36 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-14 15:07 - 2013-06-06 21:58 - 00000000 ____D C:\Users\Casey\AppData\Roaming\XBMC

==================== Files in the root of some directories =======

2015-07-13 15:07 - 2015-07-13 15:09 - 0000024 _____ () C:\Users\Casey\AppData\Roaming\appdataFr25.bin
2015-02-21 10:26 - 2015-02-21 10:26 - 0000046 _____ () C:\Users\Casey\AppData\Roaming\WB.CFG
2014-01-02 08:42 - 2014-01-02 08:42 - 0000037 ___SH () C:\Users\Casey\AppData\Local\70149b02515b3bb20dd492.47983420
2015-02-25 14:17 - 2015-02-25 14:17 - 0003584 _____ () C:\Users\Casey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-12 19:02 - 2014-12-28 15:08 - 0007598 _____ () C:\Users\Casey\AppData\Local\Resmon.ResmonCfg
2013-10-31 15:49 - 2013-10-31 15:49 - 0195649 _____ () C:\ProgramData\1383252356.bdinstall.bin
2013-11-12 17:34 - 2013-11-12 17:34 - 0037723 _____ () C:\ProgramData\1384295681.bdinstall.bin
2013-11-12 17:35 - 2013-11-12 17:35 - 0098575 _____ () C:\ProgramData\1384295682.bdinstall.bin
2014-01-15 08:19 - 2015-01-23 11:02 - 0000785 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-12 03:50

==================== End of log ============================

 

and the addition.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015

Ran by Casey at 2015-07-13 15:17:52Running from C:\Users\Casey\DesktopBoot Mode: Normal============================================================================== Accounts: =============================Administrator (S-1-5-21-3620651883-1023134675-2200516065-500 - Administrator - Disabled)Casey (S-1-5-21-3620651883-1023134675-2200516065-1001 - Administrator - Enabled) => C:\Users\CaseyGuest (S-1-5-21-3620651883-1023134675-2200516065-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-3620651883-1023134675-2200516065-1003 - Limited - Enabled)==================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}==================== Installed Programs ======================(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated)Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.191 - Adobe Systems Incorporated)Age of Mythology: Extended Edition (HKLM-x32\...\Steam App 266840) (Version:  - SkyBox Labs)AMD Catalyst Install Manager (HKLM\...\{5AE0838D-19B1-5D12-5FE8-E6503B2C8716}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)ASUS PCE-N53 WLAN Card Utilities & Driver (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.0.1.0 - ASUS)Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)CPUID CPU-Z 1.71.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )CPUID HWMonitor 1.26 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.0.0.0 - Electronic Arts)Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)Deus Ex: Human Revolution - Director's Cut (HKLM-x32\...\Steam App 238010) (Version:  - Eidos Montreal)Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)ENSLAVED™: Odyssey to the West™ Premium Edition (HKLM-x32\...\Steam App 245280) (Version:  - Ninja Theory)Far Cry (HKLM-x32\...\Steam App 13520) (Version:  - Crytek Studios)Far Cry 2 (HKLM-x32\...\Steam App 19900) (Version:  - Ubisoft Montreal)Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)Far Cry® 3 Blood Dragon (HKLM-x32\...\Steam App 233270) (Version:  - Ubisoft Montreal)Fitbit Connect (HKLM-x32\...\{E54705FB-98A6-4C03-B2DC-D8C3B5486DCD}) (Version: 2.0.0.6512 - Fitbit Inc.)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.132 - Google Inc.)Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) HiddenHL-L2340D series (HKLM-x32\...\{46B58839-2405-48D6-A59D-F8246158A6ED}) (Version: 1.0.1.0 - Brother Industries, Ltd.)Intel(R) Smart Connect Technology 4.1 x64 (HKLM\...\{405EF630-AF8C-4A69-9CAF-6D5B8C1C005B}) (Version: 4.1.40.2143 - Intel)Interstellar Marines (HKLM-x32\...\Steam App 236370) (Version:  - Zero Point Software)iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)KeePass Password Safe 1.25 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.25 - Dominik Reichl)LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)magicJack (HKU\S-1-5-21-3620651883-1023134675-2200516065-1001\...\magicJack) (Version: 2.0.6073.4413 - magicJack L.P.)magicJack (HKU\S-1-5-21-3620651883-1023134675-2200516065-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\magicJack) (Version: 2.0.6073.4413 - magicJack L.P.)Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)METAL GEAR RISING: REVENGEANCE (HKLM-x32\...\Steam App 235460) (Version:  - PlatinumGames)Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation)OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version:  - Obsidian Entertainment)Spotify (HKU\S-1-5-21-3620651883-1023134675-2200516065-1001\...\Spotify) (Version: 1.0.8.59.gee82e7e6 - Spotify AB)Spotify (HKU\S-1-5-21-3620651883-1023134675-2200516065-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Spotify) (Version: 1.0.8.59.gee82e7e6 - Spotify AB)StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1194 - SUPERAntiSpyware.com)The Elder Scrolls IV: Oblivion  (HKLM-x32\...\Steam App 22330) (Version:  - Bethesda Game Studios)The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD Projekt RED)TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)XBMC (HKU\S-1-5-21-3620651883-1023134675-2200516065-1001\...\XBMC) (Version:  - Team XBMC)XBMC (HKU\S-1-5-21-3620651883-1023134675-2200516065-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\XBMC) (Version:  - Team XBMC)==================== Custom CLSID (Whitelisted): ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== Restore Points =========================26-06-2015 07:24:43 Revo Uninstaller's restore point - YTD Video Downloader 4.928-06-2015 13:25:13 Revo Uninstaller's restore point - Google Chrome01-07-2015 15:13:39 Revo Uninstaller's restore point - Far Cry 4 Update v1.508-07-2015 21:43:57 Windows Update==================== Hosts content: ===============================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts==================== Scheduled Tasks (Whitelisted) =============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)Task: {10174473-1D9B-4383-AFA4-7A8785EAE03A} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)Task: {127CBB89-38FB-4D13-80D0-DD8B06F9C333} - \ProPCCleaner_Popup No Task File <==== ATTENTIONTask: {19EED574-3850-4A14-8616-AECF1EA71592} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)Task: {1C1514C3-0F30-4B47-88CC-991E4559295F} - System32\Tasks\{A0777E78-D50F-41C0-8ED2-0450DB643609} => pcalua.exe -a "C:\Riot Games\League of Legends\lol.launcher.exe" -d C:\Users\Casey\DesktopTask: {20D86A08-B114-4740-8D30-7E0F0356374B} - System32\Tasks\BackView => c:\programdata\{28d98944-086a-ff3d-28d9-989440862510}\3840549261773451270b.exe [2014-07-13] () <==== ATTENTIONTask: {34FD36C3-4896-46A7-AD9E-EB91CFFB9799} - \ProPCCleaner_Start No Task File <==== ATTENTIONTask: {35366F8D-F8AD-42B2-9165-AC464A5092B4} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-08] (Adobe Systems Incorporated)Task: {43DF1C6B-C660-4892-A59E-55F8EB1413A6} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)Task: {5906CC11-E7CF-4C47-9BE3-50DFDAC0A350} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)Task: {5B2A0178-52F2-4A89-9AA4-ED565D31EB2A} - System32\Tasks\SoftwareFixer => c:\programdata\{5a05fdab-5724-0d56-5a05-5fdab572f6ad}\837298426196718991b.exe [2014-06-04] () <==== ATTENTIONTask: {695CCDB4-9A5A-4C6B-AFC1-54BD87A37CB3} - System32\Tasks\{CFA036D3-6835-4E5E-9816-53CF82C6D4FD} => pcalua.exe -a "C:\Program Files (x86)\StarCraft II\StarCraft II.exe" -d "C:\Program Files (x86)\StarCraft II\"Task: {763FDBFA-0E28-42FB-B5D2-57BC5C032958} - System32\Tasks\{74B38316-3A2E-46A4-85D8-490A6791E604} => pcalua.exe -a "C:\Riot Games\League of Legends\lol.launcher.exe" -d C:\Users\Casey\DesktopTask: {83479D16-A2E5-4E1F-A671-1095BBF6DD52} - System32\Tasks\MailGuard => c:\programdata\{a74f174c-9258-d2f8-a74f-f174c9255d32}\8114135918310011526b.exe <==== ATTENTIONTask: {86919C8B-6CA0-4AFC-B195-0402725B625B} - System32\Tasks\{08A32537-D9E1-4AFC-9876-63332BA3841D} => pcalua.exe -a "C:\Riot Games\League of Legends\lol.launcher.exe" -d C:\Users\Casey\DesktopTask: {945872ED-34F2-46D8-86B7-205A8D47281A} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)Task: {947DB08E-B6E1-40EB-AFA7-397E681F99D6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-10] (Microsoft Corporation)Task: {A8E997A9-CF6E-4764-A9D3-C50532B1BFE3} - System32\Tasks\ViperApp => c:\programdata\{0a6e258b-97a4-ead8-0a6e-e258b97a962e}\1052088858118393753b.exe <==== ATTENTIONTask: {A9E62908-C824-46EF-B789-F1032E8C4B45} - System32\Tasks\{328A430E-F137-4152-AF88-132920799E26} => pcalua.exe -a "C:\Riot Games\League of Legends\lol.launcher.exe" -d C:\Users\Casey\DesktopTask: {A9FC932E-2598-440E-87C0-4206CECF7C25} - System32\Tasks\{72B69EC2-9A2A-479F-9776-1773490FB764} => pcalua.exe -a "C:\Riot Games\League of Legends\lol.launcher.exe" -d C:\Users\Casey\DesktopTask: {D1D687FF-0E75-45C8-9266-9F2F6F163F41} - System32\Tasks\{98BF5CA6-17D1-4650-BC6D-55DF8349BA56} => pcalua.exe -a "C:\Riot Games\League of Legends\lol.launcher.exe" -d C:\Users\Casey\Desktop(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\WINDOWS\Tasks\BackView.job => c:\programdata\{28d98944-086a-ff3d-28d9-989440862510}\3840549261773451270b.exe <==== ATTENTIONTask: C:\WINDOWS\Tasks\MailGuard.job => c:\programdata\{a74f174c-9258-d2f8-a74f-f174c9255d32}\8114135918310011526b.exe <==== ATTENTIONTask: C:\WINDOWS\Tasks\SoftwareFixer.job => c:\programdata\{5a05fdab-5724-0d56-5a05-5fdab572f6ad}\837298426196718991b.exe <==== ATTENTIONTask: C:\WINDOWS\Tasks\ViperApp.job => c:\programdata\{0a6e258b-97a4-ead8-0a6e-e258b97a962e}\1052088858118393753b.exe <==== ATTENTION==================== Loaded Modules (Whitelisted) ==============2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2013-03-14 14:42 - 2013-03-14 14:42 - 00182248 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe2013-03-14 14:42 - 2013-03-14 14:42 - 00059880 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll2015-07-09 17:57 - 2015-07-09 17:57 - 08016428 _____ () C:\Program Files (x86)\Shiny Significance\Shiny Significance.exe2014-10-28 12:22 - 2014-10-28 12:22 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll2015-07-01 15:32 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll2014-08-13 09:27 - 2014-08-13 09:27 - 00988160 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll2014-07-29 13:34 - 2014-07-29 13:34 - 00170496 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll2015-06-28 17:05 - 2015-06-20 00:46 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libglesv2.dll2015-06-28 17:05 - 2015-06-20 00:46 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libegl.dll2015-06-28 17:05 - 2015-06-20 00:46 - 15003976 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\PepperFlash\pepflashplayer.dll==================== Alternate Data Streams (Whitelisted) =========(If an entry is included in the fixlist, only the ADS will be removed.)AlternateDataStreams: C:\Users\Casey\SkyDrive:ms-properties==================== Safe Mode (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)==================== EXE Association (Whitelisted) ===============(If an entry is included in the fixlist, the registry item will be restored to default or removed.)==================== Internet Explorer trusted/restricted ===============(If an entry is included in the fixlist, it will be removed from the registry.)==================== Other Areas ============================(Currently there is no automatic fix for this section.)HKU\S-1-5-21-3620651883-1023134675-2200516065-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Casey\Desktop\y4KJ5oG.jpgHKU\S-1-5-21-3620651883-1023134675-2200516065-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Casey\Desktop\y4KJ5oG.jpgDNS Servers: 209.18.47.61 - 209.18.47.62==================== MSCONFIG/TASK MANAGER disabled items ==(Currently there is no automatic fix for this section.)HKLM\...\StartupApproved\StartupFolder: => "ASUS PCE-N53 WLAN Control Center.lnk"HKLM\...\StartupApproved\StartupFolder: => "iSCTsysTray.lnk"HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"HKLM\...\StartupApproved\Run32: => "APSDaemon"HKLM\...\StartupApproved\Run32: => "iTunesHelper"HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"HKLM\...\StartupApproved\Run32: => "Fitbit Connect"HKU\S-1-5-21-3620651883-1023134675-2200516065-1001\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk"HKU\S-1-5-21-3620651883-1023134675-2200516065-1001\...\StartupApproved\StartupFolder: => "Curse.lnk"HKU\S-1-5-21-3620651883-1023134675-2200516065-1001\...\StartupApproved\StartupFolder: => "Five Finger Death Punch Discography (2007-2013) FLAC.lnk"HKU\S-1-5-21-3620651883-1023134675-2200516065-1001\...\StartupApproved\Run: => "Akamai NetSession Interface"HKU\S-1-5-21-3620651883-1023134675-2200516065-1001\...\StartupApproved\Run: => "cdloader"HKU\S-1-5-21-3620651883-1023134675-2200516065-1001\...\StartupApproved\Run: => "Spotify Web Helper"HKU\S-1-5-21-3620651883-1023134675-2200516065-1001\...\StartupApproved\Run: => "uTorrent"HKU\S-1-5-21-3620651883-1023134675-2200516065-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"HKU\S-1-5-21-3620651883-1023134675-2200516065-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_AAFCC270D31FADB1D329301E4E8A245A"HKU\S-1-5-21-3620651883-1023134675-2200516065-1001\...\StartupApproved\Run: => "Spotify"HKU\S-1-5-21-3620651883-1023134675-2200516065-1001\...\StartupApproved\Run: => "Skype"HKU\S-1-5-21-3620651883-1023134675-2200516065-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk"HKU\S-1-5-21-3620651883-1023134675-2200516065-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "Curse.lnk"HKU\S-1-5-21-3620651883-1023134675-2200516065-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "Five Finger Death Punch Discography (2007-2013) FLAC.lnk"HKU\S-1-5-21-3620651883-1023134675-2200516065-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Akamai NetSession Interface"HKU\S-1-5-21-3620651883-1023134675-2200516065-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "cdloader"HKU\S-1-5-21-3620651883-1023134675-2200516065-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Spotify Web Helper"HKU\S-1-5-21-3620651883-1023134675-2200516065-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "uTorrent"HKU\S-1-5-21-3620651883-1023134675-2200516065-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "DAEMON Tools Lite"HKU\S-1-5-21-3620651883-1023134675-2200516065-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_AAFCC270D31FADB1D329301E4E8A245A"HKU\S-1-5-21-3620651883-1023134675-2200516065-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Spotify"HKU\S-1-5-21-3620651883-1023134675-2200516065-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Skype"==================== FirewallRules (Whitelisted) ===============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139FirewallRules: [UDP Query User{E1E81278-79B0-44E8-AB35-BC2D7C7CFE08}C:\users\casey\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\casey\appdata\roaming\spotify\spotify.exeFirewallRules: [TCP Query User{2802E719-A803-4A6B-9A75-1B13C50416D7}C:\users\casey\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\casey\appdata\roaming\spotify\spotify.exeFirewallRules: [UDP Query User{6A9DD149-76CC-4A29-80F7-34AC2053BC11}C:\users\casey\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\casey\appdata\roaming\mjusbsp\magicjack.exeFirewallRules: [TCP Query User{1244BD1B-F631-4884-89E9-A451224A1F18}C:\users\casey\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\casey\appdata\roaming\mjusbsp\magicjack.exeFirewallRules: [UDP Query User{1AF6FDD2-C9C0-44CD-8F8F-4FB9B1744404}C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base26490\sc2.exeFirewallRules: [TCP Query User{2E02959C-CC00-4D36-A136-F74F8BAB90F5}C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base26490\sc2.exeFirewallRules: [{B28026E1-1142-4BEF-BD0D-D554741DBA9B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exeFirewallRules: [{D844EB44-3A10-42F1-A487-13448F11C852}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exeFirewallRules: [{BCA497A9-6043-49CE-B078-BD84B33FED49}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exeFirewallRules: [{06A70995-CF8A-411D-8812-261EFD7F0A5A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exeFirewallRules: [UDP Query User{C55D0264-BC99-4282-A513-FE6544EEF9F1}C:\programdata\battle.net\agent\agent.2000\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.2000\agent.exeFirewallRules: [TCP Query User{FF5682B7-7AC2-4A30-8D01-632D138CA722}C:\programdata\battle.net\agent\agent.2000\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.2000\agent.exeFirewallRules: [UDP Query User{F4AFDF85-ADE8-4286-A4EE-58EF49D877DD}C:\users\casey\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\casey\appdata\roaming\spotify\spotify.exeFirewallRules: [TCP Query User{6E5C66A4-ECC9-4A7E-BF34-C4676A8C65B5}C:\users\casey\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\casey\appdata\roaming\spotify\spotify.exeFirewallRules: [UDP Query User{53C88E36-5000-4742-A099-CD4184DE8FF6}C:\program files (x86)\xbmc\xbmc.exe] => (Allow) C:\program files (x86)\xbmc\xbmc.exeFirewallRules: [TCP Query User{8D5F7791-CA0B-4EAA-8810-812301F0B3B0}C:\program files (x86)\xbmc\xbmc.exe] => (Allow) C:\program files (x86)\xbmc\xbmc.exeFirewallRules: [{D05193E4-D49E-4090-BBC8-CA657ABF4908}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exeFirewallRules: [{FF41676C-0C97-43F7-9C6A-74ED89616DD6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exeFirewallRules: [{A2C97044-2CB4-4C59-893D-510491171F6E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exeFirewallRules: [{7B70A048-B5D7-4DCC-8910-F11336A4B608}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exeFirewallRules: [{3F0470C0-24A4-4482-8335-FEFA5F139356}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exeFirewallRules: [{DE1D2E3F-7E9D-435B-9F3F-8FA8B759C155}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exeFirewallRules: [UDP Query User{D57A86E9-A065-4CF6-A6D8-E725BE1AE3C5}C:\users\casey\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\casey\appdata\local\akamai\netsession_win.exeFirewallRules: [TCP Query User{64907222-A80F-4722-99D3-E3FF41C1E57F}C:\users\casey\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\casey\appdata\local\akamai\netsession_win.exeFirewallRules: [UDP Query User{19B6EDF6-3257-4A03-930E-E0430F5F5B2A}C:\users\casey\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\casey\appdata\local\akamai\netsession_win.exeFirewallRules: [TCP Query User{AB8AE32C-F2A0-4905-8C73-C05723913297}C:\users\casey\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\casey\appdata\local\akamai\netsession_win.exeFirewallRules: [UDP Query User{04C487A0-ED40-4C94-AD97-8F5328D28FB1}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base24944\sc2.exeFirewallRules: [TCP Query User{46A83096-970A-4719-91C4-A6E472FF01D0}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base24944\sc2.exeFirewallRules: [{C0911BA1-8FF3-490F-B14C-9D8B1190C645}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exeFirewallRules: [{6DE3E4B4-A60F-4822-A4A9-80BF91CEE44D}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exeFirewallRules: [{6E73DFC9-EE1B-4B58-A5B2-19A4D79712B5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exeFirewallRules: [{E9A4FA89-4528-4F2D-9F89-0E8958A24958}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exeFirewallRules: [{0A2E1997-DE06-4BCE-8BEC-90418B4E6442}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exeFirewallRules: [{CBA58DB0-F5C6-4E13-9F45-F6DA68B37D7F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exeFirewallRules: [UDP Query User{09BA37B8-3571-46F8-83A4-35142C440F1C}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe] => (Allow) C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exeFirewallRules: [TCP Query User{28CF0046-151E-41B3-AE92-0AC4BBEFC906}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe] => (Allow) C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exeFirewallRules: [{9CFAE653-0093-4984-A03D-DCD13AAAB057}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exeFirewallRules: [{09104251-4B29-4592-A32E-AAC1ABD4FB20}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exeFirewallRules: [{E4BE805A-444A-4277-9F17-6F5D3C0B833D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeFirewallRules: [{503FB701-AAA9-437E-947F-03FEE623AA5A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeFirewallRules: [{67949671-DDE7-4D2B-86FE-8529F9BC3900}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{F3802E1B-7C24-46D5-A7D8-CC48D1330C70}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{C1096077-5556-449D-9AE4-6472CA4E7B21}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{41E66E3A-F08F-428D-9A60-D021A8F57B39}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [TCP Query User{6363329E-DA65-4DED-BB26-408AE28C9BA9}C:\program files (x86)\xbmc\xbmc.exe] => (Allow) C:\program files (x86)\xbmc\xbmc.exeFirewallRules: [UDP Query User{42777478-BA44-44F7-BC22-BEE1094EB20C}C:\program files (x86)\xbmc\xbmc.exe] => (Allow) C:\program files (x86)\xbmc\xbmc.exeFirewallRules: [{258489B3-3836-4AB3-8BB0-DF7FA4019F36}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exeFirewallRules: [{4A5EC384-2749-497F-B66A-C3CBB599DCA6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exeFirewallRules: [{ACC830B7-1EAE-4829-806E-03B888AF503D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exeFirewallRules: [{6880BBBE-757D-4CF9-A73C-73BFD5AC701D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exeFirewallRules: [TCP Query User{410BE386-57E4-4948-B0BB-A42B9378ADCF}C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base26490\sc2.exeFirewallRules: [UDP Query User{FE35AC6B-6DAB-49BC-9628-493F3BC44054}C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base26490\sc2.exeFirewallRules: [{4AF1CF92-E87C-479C-AC16-4E5631119838}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exeFirewallRules: [{6514C4A1-AE34-45A2-8DDF-3D3CFBF627A7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exeFirewallRules: [{67796F3D-A7AC-4532-A910-16A0BE4427D7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exeFirewallRules: [{3A14B4C2-E892-4E1A-810B-A46AC721A692}] => (Allow) C:\Program Files (x86)\Steam\Steam.exeFirewallRules: [{F5C84849-DB5A-4C9D-B62F-C9D3C5432DD2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Oblivion\OblivionLauncher.exeFirewallRules: [{630D36D5-FB9B-4D19-BE18-EB64B93FB4EB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Oblivion\OblivionLauncher.exeFirewallRules: [{47280A90-A931-488A-9879-83ED9326FF48}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exeFirewallRules: [{E2AF9CBD-EC2C-4835-8AE7-1C2C8E7F7768}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exeFirewallRules: [{7F9ECE83-F97A-4133-8FE7-C7F20C02CDE8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\the witcher 2\Launcher.exeFirewallRules: [{FAE7BA18-52A1-496E-9388-A1E6AF920346}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\the witcher 2\Launcher.exeFirewallRules: [TCP Query User{21ECC079-A787-4197-A025-915CD9787024}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exeFirewallRules: [UDP Query User{49F25F6E-3D4C-424D-9D04-2ABD77DC94AD}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exeFirewallRules: [{51A1A49B-9BB7-4587-ACBE-B7A32800114E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Deus Ex Human Revolution Director's Cut\DXHRDC.exeFirewallRules: [{09C6AD5F-F7FB-4974-9F61-A179ED83C19B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Deus Ex Human Revolution Director's Cut\DXHRDC.exeFirewallRules: [{6A398032-5585-45DA-BF7C-0D5B53D5C6AE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exeFirewallRules: [{B7D61732-A907-465B-B47A-37968237ADB3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exeFirewallRules: [TCP Query User{16195DFE-BB00-4190-A6DA-5974581B23DD}C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base28667\sc2.exeFirewallRules: [UDP Query User{7A81F6CA-7457-44F5-B7CF-B64458C0AA69}C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base28667\sc2.exeFirewallRules: [{1B3E7E72-DA9C-4240-B222-98924332461D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exeFirewallRules: [{AD20D734-F2D4-4DCC-B005-3B45462E41EE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exeFirewallRules: [{8C637C2A-2BCD-4D5C-BB8B-54655EAAC58C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exeFirewallRules: [{E0FC39FC-DE59-4406-9088-A26EECD39BB5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exeFirewallRules: [{07FA3D31-D5FC-44BF-BBB7-609A0D387E05}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exeFirewallRules: [{80EEF6A9-0226-4E80-BB0E-B62278F8BDF9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exeFirewallRules: [{5182A73F-5AAA-40C1-AC2F-CCCBF569E8F8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exeFirewallRules: [{E16401EB-A310-4235-A6ED-181D413017F2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exeFirewallRules: [{18CDF7B7-8865-4A33-B2A1-DF95B4D09836}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exeFirewallRules: [{14A9EB12-7C78-4C1C-9417-B4D18A56A209}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exeFirewallRules: [{0CF6E5E1-5CC6-441D-AD95-7512F147EA05}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exeFirewallRules: [{13ADB86B-3D2B-4903-BEE8-F1E2521F689D}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exeFirewallRules: [{38FA9EA3-41D1-4EFD-A613-89710FF6012B}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exeFirewallRules: [{BDC8FB25-4E91-49B4-A17F-0E6CCECA5DC1}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exeFirewallRules: [{BF79517D-E5C1-4ADB-BBE2-8D9530653079}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exeFirewallRules: [{78F48EE6-25AE-46FF-A2D2-D25E58B2DED8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exeFirewallRules: [{737161A1-E190-4EF3-B7F6-238B668C32B0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exeFirewallRules: [{0BB33DF3-F94A-400F-A7A5-1ECE20B238B4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exeFirewallRules: [{10DE6F3B-8E43-4B79-A944-100ECD787B12}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3332\Agent.exeFirewallRules: [{78E44803-3809-4185-931B-ACB6AB654E21}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3332\Agent.exeFirewallRules: [{2C2E7ACE-153B-4001-9E7D-BAB5014C12FB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exeFirewallRules: [{526C41FE-FE88-4A66-848D-747505A94A80}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exeFirewallRules: [{1341A119-451E-411B-83CD-4D57B65177AD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exeFirewallRules: [{5CB03A6E-AA8D-4F4F-B41E-0B31FB946C21}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exeFirewallRules: [{6F09A5DE-26BF-4307-9E76-08F4C998E193}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exeFirewallRules: [{373B7A3A-449C-4BBE-A870-A3E18E52702D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exeFirewallRules: [{655C11D0-321B-4617-8B7C-6D47306A177A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exeFirewallRules: [{0FDBA7B6-22B4-460D-BC6A-CA4D1FCF9879}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exeFirewallRules: [{A0ACD738-36D0-40D5-925C-ECD5F3A067AF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exeFirewallRules: [{2E032A22-D182-4264-A5B1-6488331CA2ED}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exeFirewallRules: [{4D2DBD72-0042-4BF1-BEC4-4DB5CA0A6636}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exeFirewallRules: [{E4B8D995-B645-46CF-8288-8A23DF2642FB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exeFirewallRules: [TCP Query User{E5DFF260-96C1-4831-8B31-879FCE573BDE}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exeFirewallRules: [UDP Query User{31C252EA-0E62-4627-BF64-0DA1C61B7547}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exeFirewallRules: [{44E72EEA-53A8-4015-A0B1-45B9CB4A280B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exeFirewallRules: [{2AF2AF69-05B8-4F67-A2E1-0CCBFDCF0CA1}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exeFirewallRules: [{B5A9CAE1-2B41-4AE9-AC6B-8C52055CBC02}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exeFirewallRules: [{AD19F236-085B-4757-8735-D1DBAD207E67}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exeFirewallRules: [{7F813424-7745-4A8F-B3AE-80878F5EC6DE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exeFirewallRules: [{215302FD-3F6C-4E0C-A57F-BD14CA03FDCA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exeFirewallRules: [{5C2BCB33-C636-435F-BD82-F0D49B63E96B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3 Blood Dragon\bin\FC3BDUpdaterSteam.exeFirewallRules: [{3D68E2AC-34FE-42C6-8578-81039238664F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3 Blood Dragon\bin\FC3BDUpdaterSteam.exeFirewallRules: [{20A55108-5D6C-4DF5-B7CC-ABBFC6F4486C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FarCry\Bin32\FarCry.exeFirewallRules: [{8C78D371-9BD0-4881-A820-23820AFF3FEB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FarCry\Bin32\FarCry.exeFirewallRules: [{8ADCB177-5446-438B-8654-278C3176C8C0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FarCry\Bin32\FarCryConfigurator.exeFirewallRules: [{395DB284-AD47-47C6-87E2-3A731F7D0843}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FarCry\Bin32\FarCryConfigurator.exeFirewallRules: [{82F4DEF1-C59B-4274-8BB4-526AE2CA259D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 2\bin\FarCry2.exeFirewallRules: [{5DCC4A9E-4EB3-4872-B2F5-F3968A7BE2E7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 2\bin\FarCry2.exeFirewallRules: [{FFCF878B-9FA5-4376-8CCD-7B3E206E9230}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 2\bin\FC2Editor.exeFirewallRules: [{2557F5C9-EFDB-460F-AB1A-B56530A054EB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 2\bin\FC2Editor.exeFirewallRules: [{16D23F44-4C71-44B6-B68B-D29D3E04D3BA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 2\bin\FC2BenchmarkTool.exeFirewallRules: [{1FE62825-3998-4DE9-8DBD-988DF8E82B2D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 2\bin\FC2BenchmarkTool.exeFirewallRules: [{960F02A8-A1C2-470B-B9E8-0FAD917D973B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 2\bin\FC2ServerLauncher.exeFirewallRules: [{A273B0C8-2A28-4BE8-8928-1D5D6FFA8B02}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 2\bin\FC2ServerLauncher.exeFirewallRules: [{517F5E83-BE2A-4C49-A6D0-51B3B19FE9E4}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exeFirewallRules: [{D62935B9-B3E4-4651-A37C-725E8BDC7F1B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exeFirewallRules: [{1B225443-90F2-4C3A-9F1C-5EEBD9EBFADC}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exeFirewallRules: [{40B5CA24-D7A8-4C11-AF08-C809D59AF1F7}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exeFirewallRules: [{E7C8E534-B821-43D9-A17C-E18801588646}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\farcry3.exeFirewallRules: [{6025191F-1DD5-4A02-BCF2-1BF713901DE7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\farcry3.exeFirewallRules: [{99B9AD7C-1567-4F25-A4FC-6F86E9CC567B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\farcry3_d3d11.exeFirewallRules: [{86652E3B-4E05-434D-A898-A3BC491CCD92}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\farcry3_d3d11.exeFirewallRules: [{B7D10977-AD77-4148-9CE8-A8E8982040B0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exeFirewallRules: [{56A85430-4908-4691-830B-58223DE3A5EE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exeFirewallRules: [{FB916D47-A023-4D8E-90D4-2128C54DD1A8}] => (Allow) C:\Users\Casey\AppData\Local\Temp\nsr3BE9.tmp\CnetInstaller-10050423.exeFirewallRules: [{0AF11690-EEF5-4BEA-BEF2-A2FBC3DC1D5C}] => (Allow) C:\Users\Casey\AppData\Local\Temp\nsr3BE9.tmp\CnetInstaller-10050423.exeFirewallRules: [{AAD3F1FF-3F0C-49B9-AD42-D5AFF73BE00F}] => (Allow) C:\Users\Casey\AppData\Local\Temp\nsoD8B6.tmp\CnetInstaller-10788513.exeFirewallRules: [{F2248A16-30A5-4AC7-9968-CDB783EAB84B}] => (Allow) C:\Users\Casey\AppData\Local\Temp\nsoD8B6.tmp\CnetInstaller-10788513.exeFirewallRules: [TCP Query User{594E4DE7-3C65-4C06-99F7-95579B48CF96}C:\users\casey\desktop\utorrent pro v3.4.2 build 36615 stable + crack\setup\utorrent stable(3.4.2 build 36615).exe] => (Allow) C:\users\casey\desktop\utorrent pro v3.4.2 build 36615 stable + crack\setup\utorrent stable(3.4.2 build 36615).exeFirewallRules: [UDP Query User{9DA1DDBD-8447-42CE-B0CE-547851E3DE9A}C:\users\casey\desktop\utorrent pro v3.4.2 build 36615 stable + crack\setup\utorrent stable(3.4.2 build 36615).exe] => (Allow) C:\users\casey\desktop\utorrent pro v3.4.2 build 36615 stable + crack\setup\utorrent stable(3.4.2 build 36615).exeFirewallRules: [{5D459F26-40F3-4986-9614-E3F9967F71D8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exeFirewallRules: [{079F43AC-0D53-4A68-A49B-CDC4ABFEAF4C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exeFirewallRules: [{4BEDE27F-9DF8-41FE-9EBF-6EFB1BC10BC2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exeFirewallRules: [{AEB6E5A2-9F4F-47B8-9146-A2A7F1DD4449}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exeFirewallRules: [TCP Query User{BCEF7CC7-2F91-4399-AC3A-4622A8A3D1B7}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exeFirewallRules: [UDP Query User{9A03ED19-96E1-47B1-98D0-17340710701F}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exeFirewallRules: [TCP Query User{E2FB054E-CD74-4249-AAAA-18311CB0229D}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exeFirewallRules: [UDP Query User{226F1EBD-831A-4BFC-947A-0CF6C4933C36}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exeFirewallRules: [{DFDC57C5-8A1D-46DE-B1CA-4D5A83632D34}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{228416D5-86F6-4D17-A653-AE829A21B593}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{630554C8-A757-4EEA-A21B-5BAFCF6D4C8F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{CDA4DAAE-0830-464B-99F3-4D9B11D63C8E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [TCP Query User{D86A1A50-51FF-4AE3-8EC0-8CDF534F3A87}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exeFirewallRules: [UDP Query User{FE1BA4BE-A9A4-4919-9856-0D04F1D462EE}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exeFirewallRules: [{DECA1F79-667E-4567-BA2F-85BB1325CC42}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exeFirewallRules: [{01036017-A411-4BFD-A3C9-2BC7D3C72036}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exeFirewallRules: [{690F72D2-B211-4AA4-AA21-E6C027D4FEF3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exeFirewallRules: [{975EEDC5-7192-49DF-B663-4DC90F0F9ED8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exeFirewallRules: [{3371264B-9AFA-4B5C-BDD7-67753AAFBE61}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age of Mythology\Launcher.exeFirewallRules: [{04CB5B98-0889-4CF6-967D-D084DC6D24BB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age of Mythology\Launcher.exeFirewallRules: [{88A8225E-AE6B-4652-8383-1A67C11B87DE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\METAL GEAR RISING REVENGEANCE\METAL GEAR RISING REVENGEANCE.exeFirewallRules: [{35E9015E-275E-49C5-A597-7BA4C95ACEF0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\METAL GEAR RISING REVENGEANCE\METAL GEAR RISING REVENGEANCE.exeFirewallRules: [{C7A15596-8698-468B-9CD5-D49F5B485EDE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Enslaved\Binaries\Win32\Enslaved.exeFirewallRules: [{564FCB86-A152-4A96-B858-6AC5DA3D0BB1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Enslaved\Binaries\Win32\Enslaved.exeFirewallRules: [{44D2D317-5B3F-4C3F-A4E7-949706C9AB5F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exeFirewallRules: [{244253C9-631F-4571-BFDF-5D80B0770A48}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exeFirewallRules: [{2EBDBDDC-5BD7-4BFE-8F85-6DA07A9B20CA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exeFirewallRules: [{7AB2987C-AFD6-4677-806A-E538A5AD9110}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exeFirewallRules: [{A236A117-D8A5-4551-A98E-DE9BAC801C36}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exeFirewallRules: [{BBF6BF6E-CDB2-4E38-9EF4-F71C4A8F0C51}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exeFirewallRules: [{591DA718-503E-4FF3-A2BE-364F91CE3883}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exeFirewallRules: [{597CA74E-FA13-46B5-B461-CD27405FAE89}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exeFirewallRules: [{A41C0636-E428-4105-AE96-DF6CE908F734}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exeFirewallRules: [{3E54F041-F51B-43BC-B18E-1D4D21315A0B}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exeFirewallRules: [{9DF4DAA2-D0EB-42DF-A8EE-586345C29E78}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exeFirewallRules: [{E1A1D0E9-8D4D-490F-BE8C-3FA17DA7B9CC}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exeFirewallRules: [{8EE45836-4268-490F-98D6-72AFFB5D28B2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Interstellar Marines\InterstellarMarines.exeFirewallRules: [{D3457A12-58DB-42FF-88D7-30DFFC2FFB45}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Interstellar Marines\InterstellarMarines.exeFirewallRules: [{EA2BBC25-59AF-46AF-86FB-35BAB7FA934E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exeFirewallRules: [{4A5AD324-229D-418B-BBE8-F9016AC6549A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exeFirewallRules: [TCP Query User{DE530B67-921C-496C-B701-A56F41EAE6ED}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exeFirewallRules: [UDP Query User{E08B0FC8-AD4B-4A94-973C-9ABFF5720A9D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exeFirewallRules: [TCP Query User{AF6F6D44-25DB-49CC-AF72-B092846529A9}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exeFirewallRules: [UDP Query User{63BB1E54-DB13-420D-B8F1-DAF56A899B2F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exeFirewallRules: [TCP Query User{B95F18EB-695C-41A4-8AB3-06A0D39DAF05}C:\users\casey\appdata\local\temp\i1429452403\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\casey\appdata\local\temp\i1429452403\windows\resource\jre\bin\javaw.exeFirewallRules: [UDP Query User{A2A491C8-D69C-4A9B-93C7-1DABF8C250D2}C:\users\casey\appdata\local\temp\i1429452403\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\casey\appdata\local\temp\i1429452403\windows\resource\jre\bin\javaw.exeFirewallRules: [{1DD58A02-E306-4DB9-B992-08117371A4C0}] => (Allow) C:\Program Files (x86)\Origin Games\Crysis 3\Bin32\Crysis3.exeFirewallRules: [{99DB2B15-21C2-4A69-A6F7-561DA629485D}] => (Allow) C:\Program Files (x86)\Origin Games\Crysis 3\Bin32\Crysis3.exeFirewallRules: [{4C50889E-B44B-4BE0-97F8-461AEB9F7227}] => (Allow) C:\Program Files\iTunes\iTunes.exeFirewallRules: [{374B837F-A97C-41E0-A19C-6910670DE0F6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe==================== Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================Error: (07/13/2015 03:03:16 PM) (Source: ISCTAgent) (EventID: 1000) (User: )Description: ISCT - CAgentState::ResetBIOS   	Reset SASD failed, error=0Error: (07/11/2015 11:59:26 AM) (Source: ISCTAgent) (EventID: 1000) (User: )Description: ISCT - CAgentState::ResetBIOS   	Reset SASD failed, error=0Error: (07/11/2015 11:40:10 AM) (Source: .NET Runtime) (EventID: 1026) (User: )Description: Application: Curse.exeFramework Version: v4.0.30319Description: The process was terminated due to an unhandled exception.Exception Info: exception code c0020001, exception address 76174598Stack:Error: (07/07/2015 11:39:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 1062Error: (07/07/2015 11:39:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 1062Error: (07/07/2015 11:39:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a secondError: (07/05/2015 02:10:30 PM) (Source: ISCTAgent) (EventID: 1000) (User: )Description: ISCT - CAgentState::ResetBIOS   	Reset SASD failed, error=0Error: (07/04/2015 11:40:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 4125Error: (07/04/2015 11:40:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 4125Error: (07/04/2015 11:40:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a secondSystem errors:=============Error: (07/13/2015 03:07:58 PM) (Source: DCOM) (EventID: 10010) (User: DT1860)Description: {ABC01078-F197-4B0B-ADBC-CFE684B39C82}Error: (07/13/2015 03:07:21 PM) (Source: DCOM) (EventID: 10010) (User: DT1860)Description: {ABC01078-F197-4B0B-ADBC-CFE684B39C82}Error: (07/13/2015 03:05:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Google Update Service (gupdate) service failed to start due to the following error: %%2Error: (07/13/2015 02:44:09 PM) (Source: DCOM) (EventID: 10010) (User: DT1860)Description: {ABC01078-F197-4B0B-ADBC-CFE684B39C82}Error: (07/13/2015 02:43:38 PM) (Source: DCOM) (EventID: 10010) (User: DT1860)Description: {ABC01078-F197-4B0B-ADBC-CFE684B39C82}Error: (07/13/2015 02:43:08 PM) (Source: DCOM) (EventID: 10010) (User: DT1860)Description: {ABC01078-F197-4B0B-ADBC-CFE684B39C82}Error: (07/13/2015 02:42:38 PM) (Source: DCOM) (EventID: 10010) (User: DT1860)Description: {ABC01078-F197-4B0B-ADBC-CFE684B39C82}Error: (07/13/2015 02:42:08 PM) (Source: DCOM) (EventID: 10010) (User: DT1860)Description: {ABC01078-F197-4B0B-ADBC-CFE684B39C82}Error: (07/12/2015 02:05:58 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )Description: 4Error: (07/11/2015 03:04:38 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )Description: 4Microsoft Office:=========================Error: (07/13/2015 03:03:16 PM) (Source: ISCTAgent) (EventID: 1000) (User: )Description: ISCT - CAgentState::ResetBIOS   	Reset SASD failed, error=0Error: (07/11/2015 11:59:26 AM) (Source: ISCTAgent) (EventID: 1000) (User: )Description: ISCT - CAgentState::ResetBIOS   	Reset SASD failed, error=0Error: (07/11/2015 11:40:10 AM) (Source: .NET Runtime) (EventID: 1026) (User: )Description: Application: Curse.exeFramework Version: v4.0.30319Description: The process was terminated due to an unhandled exception.Exception Info: exception code c0020001, exception address 76174598Stack:Error: (07/07/2015 11:39:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 1062Error: (07/07/2015 11:39:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 1062Error: (07/07/2015 11:39:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a secondError: (07/05/2015 02:10:30 PM) (Source: ISCTAgent) (EventID: 1000) (User: )Description: ISCT - CAgentState::ResetBIOS   	Reset SASD failed, error=0Error: (07/04/2015 11:40:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 4125Error: (07/04/2015 11:40:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 4125Error: (07/04/2015 11:40:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a secondCodeIntegrity Errors:===================================  Date: 2015-07-13 12:03:01.355  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.  Date: 2015-07-13 12:03:01.168  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.  Date: 2015-07-13 12:03:00.980  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.  Date: 2015-07-13 12:03:00.777  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.  Date: 2015-07-13 12:03:00.496  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.  Date: 2015-07-13 12:03:00.089  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.  Date: 2015-07-13 12:02:59.902  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.  Date: 2015-07-13 12:02:59.714  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.  Date: 2015-07-13 12:02:59.527  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.  Date: 2015-07-13 12:02:59.230  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.==================== Memory info =========================== Processor: Intel(R) Pentium(R) CPU G860 @ 3.00GHzPercentage of memory in use: 66%Total physical RAM: 4061.2 MBAvailable physical RAM: 1348.81 MBTotal Virtual: 5533.2 MBAvailable Virtual: 2775.61 MB==================== Drives ================================Drive c: () (Fixed) (Total:931.17 GB) (Free:314.24 GB) NTFSDrive d: (ESO Install) (CDROM) (Total:7.72 GB) (Free:0 GB) UDF==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 9F5A8F5A)Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS)==================== End of log ============================

Thank you again for any assistance with this. I really do appreciate it.

Link to post
Share on other sites

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • I volunteer to help you, so please, do not ask for help for your company/business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

:excl: There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  warning.gif Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 


JRTbythisisu.png Fix with Junkware Removal Tool

Please download JRT by Thisisu and save the file to your desktop.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on JRTbythisisu.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.
Please include the contents of that file in your reply.

Do not forget to re-enable your previously switched off protection software!

Please also manually reboot your machine after this procedure.

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 7.4.9 (07.14.2015:2)

OS: Windows 8.1 x64

Ran by Casey on Wed 07/15/2015 at 11:29:21.26

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Tasks

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update Clock Hand

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util Clock Hand

 

 

 

~~~ Files

 

Successfully deleted: [File] C:\Users\Casey\AppData\Roaming\appdataFr25.bin

Successfully deleted: [File] C:\ProgramData\{28d98944-086a-ff3d-28d9-989440862510}\3840549261773451270b.exe

Successfully deleted: [File] C:\ProgramData\{c7f45363-6781-4f44-c7f4-453636784d8d}\1398736943188117075s.exe

Successfully deleted: [File] C:\ProgramData\{c7f45363-6781-4f44-c7f4-453636784d8d}\3840549261773451270b.exe

Successfully deleted: [File] C:\ProgramData\1383252356.bdinstall.bin

Successfully deleted: [File] C:\ProgramData\1384295681.bdinstall.bin

Successfully deleted: [File] C:\ProgramData\1384295682.bdinstall.bin

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] C:\Program Files (x86)\linkproc

Successfully deleted: [Folder] C:\Program Files (x86)\patterngenerators

Successfully deleted: [Folder] C:\WINDOWS\syswow64\ai_recyclebin

Successfully deleted: [Folder] C:\ProgramData\7372616952414713209

 

 

 

~~~ Chrome

 

 

[C:\Users\Casey\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

 

[C:\Users\Casey\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

 

[C:\Users\Casey\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

 

[C:\Users\Casey\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:

[]

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Wed 07/15/2015 at 11:32:24.59

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 Done and done thank you.

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.