Jump to content

Camstudio download caused issue


nobbyjohn
 Share

Recommended Posts

I just downloaded Camstudio and realised it was a HUGE mistake. I now have websites not showing as encrypted / secure that were before, my desktop flickers occasionally and resets the icons and virgin media even warned me I was now watching via android!!

 

This page even refreshed at random whilst typing this the first time.

 

Here is the FRST.txt

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-12-2015 01
Ran by christopher (administrator) on CHRIS-PC (12-12-2015 17:51:36)
Running from C:\Users\christopher\Downloads
Loaded Profiles: christopher &  (Available Profiles: christopher)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Users\christopher\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(Spotify Ltd) C:\Users\christopher\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Razer USA Ltd) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
 

==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2654512 2015-10-04] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-23] (Apple Inc.)
HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [336304 2012-11-15] (Razer USA Ltd)
HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKU\S-1-5-21-4028257513-4009107-1673031782-1000\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [4288048 2013-04-22] ()
HKU\S-1-5-21-4028257513-4009107-1673031782-1000\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-19] (Piriform Ltd)
HKU\S-1-5-21-4028257513-4009107-1673031782-1000\...\Run: [spotify Web Helper] => C:\Users\christopher\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2344768 2015-12-05] (Spotify Ltd)
HKU\S-1-5-21-4028257513-4009107-1673031782-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-19] (Piriform Ltd)
HKU\S-1-5-21-4028257513-4009107-1673031782-1000\...\RunOnce: [uninstall C:\Users\christopher\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\christopher\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{0da66d58-c520-4b8c-b129-878450b7a1c7}: [DhcpNameServer] 194.168.4.100 194.168.8.100
 
Internet Explorer:
==================
HKU\S-1-5-21-4028257513-4009107-1673031782-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/?gws_rd=cr
HKU\S-1-5-21-4028257513-4009107-1673031782-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-23] (Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-23] (Oracle Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\christopher\AppData\Roaming\Mozilla\Firefox\Profiles\tn320dp0.default
FF Homepage: hxxp:\\\\www.google.co.uk
 hxxp://www.youtube.com/feed/subscriptions/ 
 hxxp://www.twitch.tv/directory/following
 hxxps://www.worldofcorecraft.com/content/status-update-upcoming-test
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn/esnlaunch,version=1.132.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll [No File]
FF Plugin-x32: @esn/esnlaunch,version=2.1.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll [No File]
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-23] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-04-22] (Pando Networks)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4028257513-4009107-1673031782-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\christopher\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-10-13] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-4028257513-4009107-1673031782-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-04-22] (Pando Networks)
FF Extension: Garmin Communicator - C:\Users\christopher\AppData\Roaming\Mozilla\Firefox\Profiles\tn320dp0.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2015-05-31]
FF Extension: Turn Off the Lights - C:\Users\christopher\AppData\Roaming\Mozilla\Firefox\Profiles\tn320dp0.default\extensions\stefanvandamme@stefanvd.net.xpi [2015-06-21]
FF Extension: NoScript - C:\Users\christopher\AppData\Roaming\Mozilla\Firefox\Profiles\tn320dp0.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-12-03]
FF Extension: Flash and Video Download - C:\Users\christopher\AppData\Roaming\Mozilla\Firefox\Profiles\tn320dp0.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2015-12-03]
FF Extension: Better Battlelog (BBLog) - C:\Users\christopher\AppData\Roaming\Mozilla\Firefox\Profiles\tn320dp0.default\Extensions\jid1-qQSMEVsYTOjgYA@jetpack [2015-03-22] [not signed]
FF Extension: Adblock Plus - C:\Users\christopher\AppData\Roaming\Mozilla\Firefox\Profiles\tn320dp0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-30]
 
Chrome:
=======
CHR Profile: C:\Users\christopher\AppData\Local\Google\Chrome\User Data\Default
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1128448 2015-08-09] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155376 2015-10-04] (NVIDIA Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872688 2015-10-04] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568816 2015-10-04] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2078216 2015-10-10] (Electronic Arts)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-12] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19760 2015-10-04] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-12 17:51 - 2015-12-12 17:51 - 02369536 _____ (Farbar) C:\Users\christopher\Downloads\FRST64.exe
2015-12-12 17:51 - 2015-12-12 17:51 - 00015033 _____ C:\Users\christopher\Downloads\FRST.txt
2015-12-12 17:51 - 2015-12-12 17:51 - 00000000 ____D C:\FRST
2015-12-12 17:49 - 2015-12-12 17:49 - 00016148 _____ C:\WINDOWS\system32\CHRIS-PC_christopher_HistoryPrediction.bin
2015-12-09 20:45 - 2015-12-09 19:18 - 290964590 _____ C:\Users\christopher\Desktop\18225100.AVI
2015-12-09 20:42 - 2015-12-09 20:43 - 00000000 ____D C:\Users\christopher\Documents\Sony PMB
2015-12-09 20:40 - 2015-12-09 20:40 - 00000000 ____D C:\Users\christopher\AppData\Roaming\Sony Corporation
2015-12-09 20:40 - 2015-12-09 20:40 - 00000000 ____D C:\Program Files (x86)\Sony
2015-12-09 20:37 - 2015-12-12 17:33 - 00000000 ____D C:\ProgramData\Sony Corporation
2015-12-03 19:56 - 2015-12-04 18:40 - 00000000 ____D C:\Users\christopher\Desktop\pic of alex
2015-12-03 19:54 - 2015-12-04 18:37 - 00000000 ____D C:\Users\christopher\AppData\Local\CaptureOne
2015-12-03 19:54 - 2015-12-03 19:54 - 00000000 ____D C:\Users\christopher\AppData\Local\Phase_One
2015-12-03 19:54 - 2015-12-03 19:54 - 00000000 ____D C:\Users\christopher\AppData\Local\IsolatedStorage
2015-12-03 19:54 - 2015-12-03 19:54 - 00000000 ____D C:\ProgramData\Phase One
2015-12-03 18:15 - 2015-12-03 18:15 - 00001051 _____ C:\Users\christopher\Desktop\Capture One 9.lnk
2015-12-03 18:15 - 2015-12-03 18:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phase One
2015-12-03 18:14 - 2015-12-03 18:14 - 00000000 ____D C:\Program Files\Phase One
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-12 17:51 - 2015-07-10 09:05 - 00000000 ____D C:\Windows
2015-12-12 17:51 - 2013-04-22 16:06 - 00000000 ____D C:\Users\christopher\AppData\Local\PMB Files
2015-12-12 17:50 - 2015-10-28 20:39 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-12 17:50 - 2015-07-10 11:04 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-12 17:50 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-12 17:49 - 2015-07-10 12:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-12 17:40 - 2015-07-10 09:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-12-12 17:37 - 2012-07-06 01:42 - 00000000 ____D C:\Users\christopher\AppData\Roaming\vlc
2015-12-12 17:34 - 2015-09-12 14:56 - 00000000 ____D C:\Users\christopher
2015-12-12 17:34 - 2012-07-06 01:01 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-12 17:33 - 2015-10-04 15:07 - 00000000 ____D C:\Users\pleas
2015-12-12 17:33 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-12-12 17:33 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-12-12 17:33 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\rescache
2015-12-12 17:33 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\registration
2015-12-12 17:33 - 2015-07-10 11:02 - 00000000 ____D C:\WINDOWS\INF
2015-12-12 17:33 - 2015-07-10 09:05 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-12-12 17:33 - 2015-06-28 12:52 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2015-12-12 17:33 - 2014-10-26 16:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-12-12 17:33 - 2014-10-26 16:09 - 00000000 ____D C:\Program Files (x86)\Java
2015-12-12 17:33 - 2014-09-06 13:23 - 00000000 ____D C:\Program Files (x86)\Diablo III
2015-12-12 17:33 - 2014-06-07 12:56 - 00000000 ____D C:\Users\christopher\AppData\Roaming\Spotify
2015-12-12 17:33 - 2014-04-09 19:24 - 00000000 ____D C:\Users\christopher\AppData\Roaming\Battle.net
2015-12-12 17:33 - 2014-04-09 19:24 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-12-12 17:33 - 2013-10-23 20:30 - 00000000 ____D C:\ProgramData\Oracle
2015-12-12 17:33 - 2013-04-22 16:06 - 00000000 ____D C:\ProgramData\PMB Files
2015-12-12 17:32 - 2015-09-12 15:54 - 00000000 ____D C:\Users\christopher\AppData\Local\Packages
2015-12-12 17:32 - 2015-08-18 16:35 - 00000000 ____D C:\Users\christopher\AppData\Roaming\.purple
2015-12-12 17:23 - 2014-06-07 12:56 - 00000000 ____D C:\Users\christopher\AppData\Local\Spotify
2015-12-12 10:52 - 2015-07-10 10:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-10 22:27 - 2014-04-09 19:24 - 00000000 ____D C:\Users\christopher\AppData\Local\Battle.net
2015-12-10 19:37 - 2015-09-13 14:06 - 00000000 ____D C:\Users\christopher\.oracle_jre_usage
2015-12-09 19:25 - 2013-08-14 21:13 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-09 19:16 - 2015-09-12 14:54 - 01005598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-09 03:39 - 2010-11-21 03:27 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-12-03 19:14 - 2015-09-12 23:52 - 00000000 ___DC C:\WINDOWS\Panther
2015-12-03 19:12 - 2015-10-30 09:42 - 00000000 ___HD C:\$WINDOWS.~BT
2015-12-03 18:15 - 2014-07-17 16:02 - 00000000 ____D C:\Program Files\DIFX
2015-12-03 18:15 - 2013-10-05 12:43 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-01 00:32 - 2015-07-10 11:06 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-12-01 00:32 - 2015-07-10 11:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-29 20:15 - 2015-08-11 17:37 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
 
==================== Files in the root of some directories =======
 
2013-06-02 11:15 - 2013-06-02 11:15 - 0001141 _____ () C:\Users\christopher\AppData\Roaming\BreakingPoint_Options.ini
2015-06-06 17:24 - 2015-06-06 17:26 - 0000109 _____ () C:\Users\christopher\AppData\Roaming\Camdata.ini
2015-06-06 17:24 - 2015-06-06 17:26 - 0000408 _____ () C:\Users\christopher\AppData\Roaming\CamLayout.ini
2015-06-06 17:24 - 2015-06-06 17:26 - 0000408 _____ () C:\Users\christopher\AppData\Roaming\CamShapes.ini
2015-06-06 17:24 - 2015-06-06 17:26 - 0004536 _____ () C:\Users\christopher\AppData\Roaming\CamStudio.cfg
2015-06-06 17:21 - 2015-06-06 17:24 - 0000096 _____ () C:\Users\christopher\AppData\Roaming\version2.xml
2013-02-25 16:55 - 2013-02-25 16:56 - 56079904 _____ () C:\Users\christopher\AppData\Local\AdobeSetupUtility.zip.aamdownload
2013-02-25 16:55 - 2013-02-25 16:56 - 0000830 _____ () C:\Users\christopher\AppData\Local\AdobeSetupUtility.zip.aamdownload.aamd
2012-07-03 16:08 - 2012-07-03 16:08 - 0003072 _____ () C:\Users\christopher\AppData\Local\file__0.localstorage
2012-07-03 16:05 - 2013-12-27 12:24 - 0007597 _____ () C:\Users\christopher\AppData\Local\resmon.resmoncfg
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 

LastRegBack: 2015-12-10 20:11
 
==================== End of FRST.txt ============================
 
 
and finally addition.txt
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:12-12-2015 01
Ran by christopher (2015-12-12 17:51:52)
Running from C:\Users\christopher\Downloads
Windows 10 Home (X64) (2015-09-12 15:54:40)
Boot Mode: Normal
==========================================================
 

==================== Accounts: =============================
 
Administrator (S-1-5-21-4028257513-4009107-1673031782-500 - Administrator - Disabled)
christopher (S-1-5-21-4028257513-4009107-1673031782-1000 - Administrator - Enabled) => C:\Users\christopher
DefaultAccount (S-1-5-21-4028257513-4009107-1673031782-503 - Limited - Disabled)
Guest (S-1-5-21-4028257513-4009107-1673031782-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4028257513-4009107-1673031782-1005 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{A50679D9-6CBD-4FCD-BACB-62EF3894F6F3}) (Version: 4.0.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{1F72FDD5-A069-45B4-928F-D0F16492DC69}) (Version: 4.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Aslain's XVM WoT Modpack version 4.6.30 (HKLM-x32\...\ZRwTINhSZfduKONYrSCTiCiGPggQZdcLRvoAVxyCOXXpkHeC~1DC3968F_is1) (Version: 4.6.30 - Aslain)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.4.4 - Atheros Communications Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Capture One 9.0 (HKLM\...\CaptureOne9_is1) (Version: 9.0.0.263 - Phase One A/S)
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
Conquest of the New World Deluxe (HKLM-x32\...\Conquest of the New World Deluxe_is1) (Version:  - GOG.com)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Etron USB3.0 Host Controller (x32 Version: 0.109 - Etron Technology) Hidden
EVE Online (remove only) (HKLM-x32\...\EVE) (Version:  - CCP Games Ltd.)
EveHQ (HKLM-x32\...\EveHQ) (Version:  - )
EVEMon (HKLM-x32\...\EVEMon) (Version: 2.1.0 - battleclinic.com)
GARPA Topographical Survey (HKLM-x32\...\{7AA8FB7A-433B-4479-9ADD-0EF777FFAB59}) (Version: 3.1.0.0 - GARPA)
GOG.com Heroes of Might and Magic 3 (HKLM\...\{1d3c859c-1028-4822-b0a7-da4f7bbc18bc}.sdb) (Version:  - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of Might and Magic 3 Complete (HKLM-x32\...\GOGPACKHOMM3COMPLETE_is1) (Version: 2.0.0.16 - GOG.com)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2618 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
iTunes (HKLM\...\{96984DE8-1DB8-425C-AC8C-3098BC696F04}) (Version: 12.3.0.44 - Apple Inc.)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Mad Max (HKLM-x32\...\Steam App 234140) (Version:  - Avalanche Studios)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 x64 ENU (HKLM\...\{8424B163-D1E0-48B7-88A2-C7A61767B3D7}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.2.8 (HKLM-x32\...\{A9DBD31A-A09F-4C7E-86D1-3B21C59000D1}) (Version: 1.2.8 - Thorvald Natvig)
NVIDIA GeForce Experience 2.5.15.46 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.15.46 - NVIDIA Corporation)
NVIDIA Graphics Driver 355.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.82 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.12.2807 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.9 - Pando Networks Inc.)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.11 - )
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.6.1.1 - Razer USA Ltd.)
SHIELD Streaming (Version: 4.1.500 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.15.46 - NVIDIA Corporation) Hidden
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-4028257513-4009107-1673031782-1000\...\Spotify) (Version: 1.0.18.60.g5fe0413d - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
System Requirements Lab (HKLM-x32\...\{F89CDED6-B1F1-489F-BA44-698BF6A737C2}) (Version: 6.1.6.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Unity Web Player (HKU\S-1-5-21-4028257513-4009107-1673031782-1000\...\UnityWebPlayer) (Version: 4.5.4f1 - Unity Technologies ApS)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Virtual DJ - Atomix Productions (HKLM-x32\...\Virtual DJ - Atomix Productions) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Leaf Imaging Ltd. Image  (12/03/2014 1.2.0.0) (HKLM\...\B758007C752D28F7C3542875CEEBDADCAE5941AE) (Version: 12/03/2014 1.2.0.0 - Leaf Imaging Ltd.)
Windows Driver Package - Phase One / Mamiya V-Grip USB Driver (12/03/2014 1.2.0.0) (HKLM\...\3F504CC0B024052107934E093CC26DA720256A7A) (Version: 12/03/2014 1.2.0.0 - Phase One / Mamiya)
Windows Driver Package - Phase One A/S (WinUSB) USBDevice  (12/03/2014 1.13.0.0) (HKLM\...\7C6570ABBEB2F08EFBC23ED7925AE72DA6167BD8) (Version: 12/03/2014 1.13.0.0 - Phase One A/S)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Tanks (HKU\S-1-5-21-4028257513-4009107-1673031782-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version:  - Wargaming.net)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

==================== Restore Points =========================
 
15-11-2015 19:06:32 Windows Update
30-11-2015 17:22:54 Scheduled Checkpoint
03-12-2015 18:15:11 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
03-12-2015 18:15:17 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
09-12-2015 19:22:59 Windows Update
09-12-2015 19:23:15 Windows Update
12-12-2015 17:32:05 Restore Operation
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 02:34 - 2015-08-31 19:30 - 00450712 ___RA C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123moviedownload.com
127.0.0.1 123moviedownload.com
 
There are 15460 more lines.
 

==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {031C04C0-F26C-446E-B72A-408B5E9D5F1E} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {06634525-4889-44D3-9028-27067DACF4EF} - System32\Tasks\{5E692228-98E5-4F5C-995F-BFDAD72DABCC} => pcalua.exe -a "C:\Program Files (x86)\Steam\SteamApps\common\Murdered Soul Suspect\_CommonRedist\vcredist\2010\vcredist_x64.exe" -d "C:\Program Files (x86)\Steam\SteamApps\common\Murdered Soul Suspect\_CommonRedist\vcredist\2010"
Task: {0A59DE6D-EE4F-45B3-A6D4-8EE982BA8A61} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {0D40B96D-809B-44B0-A9D2-01D769462CD8} - System32\Tasks\{4FC7D3D4-0083-4352-9DF9-1CC945901FB3} => pcalua.exe -a "C:\Program Files (x86)\Steam\steamapps\common\Watch_Dogs\_CommonRedist\vcredist\2008\vcredist_x86.exe" -d "C:\Program Files (x86)\Steam\steamapps\common\Watch_Dogs\_CommonRedist\vcredist\2008"
Task: {0E0AA20D-5ECB-4DCC-9391-9A3A8737BCE4} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {1A19CC46-1A21-4EFA-8C94-5BEAD0BE21D8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {2213E8D8-A4C2-48AA-81D0-785D1FC255EF} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {280A205F-193E-4443-B22B-3EFB1039315C} - System32\Tasks\{A09893A3-9C81-41F4-B1B1-A1336B01E65C} => pcalua.exe -a "F:\Chris (Storage)\Downloaded\setup.exe" -d "F:\Chris (Storage)\Downloaded"
Task: {29E19DD9-B737-42B8-B89C-723F60C05E70} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {2A23786E-10C1-4354-949B-5FEEB8D70D2F} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {3F89D43C-2DF7-475E-9328-94FA2A9E9D1E} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {45032587-83D9-4920-9913-B0AA2EB01F7A} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {4B9BAEE6-7004-48BF-A9F9-A6F7DF7EE983} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {509724AB-FF6E-4CC0-BBAC-D2E8491580B8} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {55CD46D1-8985-4014-8D17-F9767C00CBEA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-11] (Microsoft Corporation)
Task: {5EDEDFCF-AB79-4D65-B869-1FD66BF6A34C} - System32\Tasks\{BB6C0786-2B06-46F4-8B37-98DD5C1B8DE9} => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
Task: {63918E2B-4A7D-4DDA-84ED-40CDDF020DE1} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {6D3451BA-32FB-45B0-94A3-01DDBCD4C235} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {6F07ED05-19BF-4F45-8898-E887438C2F74} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {7685AE5B-59FF-4219-A6EF-0AAD6AA1FDCC} - System32\Tasks\{0E885E9B-9CD2-44B2-92F3-17851560A272} => pcalua.exe -a "C:\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/226700
Task: {7A078D08-2E3C-432F-8E49-7253307681DD} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {7ACDD98C-70FA-4E52-829C-561F6C0CF6CB} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {7F51E087-707F-4B85-BB79-7F52B03C944C} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {854D259C-A8C7-4611-AB20-B5683D883315} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {8651FD09-3F04-4707-B1C1-33BE9058E2F0} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {8790B9DA-76A4-4B82-976F-361C99A43A39} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {888AE246-71E5-4A92-A44C-1E26F3428968} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-09] (Adobe Systems Incorporated)
Task: {8BA0549E-2D26-452D-A995-E8A51CC6E843} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-10-06] (Oracle Corporation)
Task: {8F040A61-AB74-4FAB-B099-5134A274D224} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {9405BBCD-C6FA-4FDB-B4DF-82A21BE9E681} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {9733EFDA-6FD0-4814-8ABF-BC9BEB0D913C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {9741A8DF-F3F8-48B9-8BB1-DD66363180B5} - System32\Tasks\{434C251B-CB9D-4356-A5D0-CCAA53DF437C} => pcalua.exe -a "C:\Program Files\Steam\SteamApps\common\The Vanishing of Ethan Carter\Binaries\Launcher.exe" -d "C:\Program Files\Steam\SteamApps\common\The Vanishing of Ethan Carter\Binaries"
Task: {A38FEC52-110C-476C-B5DC-17464DC6E45A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {A531E49D-0E61-49E7-A65C-3DE280002C38} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {A594B174-1D21-40F3-B308-0FA7B59DE840} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {A8EF4AAA-AA18-427B-9A77-E17CB93588D5} - System32\Tasks\{E255DBEA-BAA2-4193-A3A1-AA5563C6E177} => pcalua.exe -a "C:\Program Files (x86)\Steam\steamapps\common\Watch_Dogs\_CommonRedist\vcredist\2010\vcredist_x64.exe" -d "C:\Program Files (x86)\Steam\steamapps\common\Watch_Dogs\_CommonRedist\vcredist\2010"
Task: {B3515306-68D6-4FA4-BAEF-B78B6F97BE15} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {BDF725AC-BE1E-44C9-AAAC-442A8AAD5935} - System32\Tasks\{1546BBA2-EDEE-47F0-8AED-ABD1E511ADCB} => pcalua.exe -a "C:\Program Files (x86)\Steam\steamapps\common\Watch_Dogs\_CommonRedist\vcredist\2010\vcredist_x86.exe" -d "C:\Program Files (x86)\Steam\steamapps\common\Watch_Dogs\_CommonRedist\vcredist\2010"
Task: {C18A40C8-A4F1-4FBB-B139-8BDC8000F646} - System32\Tasks\{08D1F56A-A68D-4720-A4A4-0C6C7C0061A9} => pcalua.exe -a "C:\Program Files (x86)\Steam\steamapps\common\Watch_Dogs\_CommonRedist\vcredist\2008\vcredist_x64.exe" -d "C:\Program Files (x86)\Steam\steamapps\common\Watch_Dogs\_CommonRedist\vcredist\2008"
Task: {C6B0900D-FC46-4F03-94A4-BC78C7325985} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {CDB161C1-5C7E-4079-8755-B3A08E63DE7D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {D2629AFC-EF7C-4A60-8050-AB9500B69197} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd)
Task: {DF946251-BE2E-43F4-A1F6-F73FCA56803B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E0D6575D-51E2-4548-8A0C-246CFD4B8A83} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {E129471E-7CF7-4646-BB29-276D80C3C062} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {F14F7457-521C-4EFB-B4C7-41FE97E4BFF8} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {F25350E8-0B3F-4E7C-A608-E17BCF435B39} - System32\Tasks\{457C40BC-82C4-43EF-A8AD-C47866C27E2F} => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
Task: {F61F927A-DC99-4756-9884-7D09838358AB} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {FACC34DC-CE98-4958-98B3-E765ECAC5C5E} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {FDD85658-EC46-4690-A8DB-7CAEDDF80121} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-09-12 23:50 - 2015-09-12 23:50 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-09-12 14:53 - 2015-08-25 15:57 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-09-23 15:47 - 2015-09-23 15:47 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-23 15:47 - 2015-09-23 15:47 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-10-01 12:46 - 2015-09-17 06:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 12:46 - 2015-09-17 06:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-12-03 18:15 - 2015-11-26 03:48 - 00271872 _____ () C:\Program Files\Phase One\Capture One 9\WIC\WIC64\P1.WIC.NativeComWrapper.dll
2015-12-03 18:15 - 2015-11-24 17:26 - 51810304 _____ () C:\Program Files\Phase One\Capture One 9\WIC\WIC64\ImgCoreDll.dll
2015-12-03 18:15 - 2015-11-24 17:26 - 00854016 _____ () C:\Program Files\Phase One\Capture One 9\WIC\WIC64\OpenCoreDll.dll
2015-10-01 12:46 - 2015-09-17 05:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-10-01 12:47 - 2015-09-17 05:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-01 12:46 - 2015-09-17 05:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-01 12:46 - 2015-09-17 05:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 12:46 - 2015-09-17 05:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2013-04-22 16:05 - 2013-04-22 16:06 - 04288048 _____ () C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
2015-04-02 17:42 - 2015-10-04 08:24 - 00012080 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 

==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 

==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 

==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-4028257513-4009107-1673031782-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-4028257513-4009107-1673031782-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-4028257513-4009107-1673031782-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-4028257513-4009107-1673031782-1000\...\sony.com -> sony.com
IE restricted site: HKU\S-1-5-21-4028257513-4009107-1673031782-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4028257513-4009107-1673031782-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4028257513-4009107-1673031782-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4028257513-4009107-1673031782-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4028257513-4009107-1673031782-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4028257513-4009107-1673031782-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4028257513-4009107-1673031782-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4028257513-4009107-1673031782-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4028257513-4009107-1673031782-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4028257513-4009107-1673031782-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4028257513-4009107-1673031782-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4028257513-4009107-1673031782-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4028257513-4009107-1673031782-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4028257513-4009107-1673031782-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4028257513-4009107-1673031782-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4028257513-4009107-1673031782-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4028257513-4009107-1673031782-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4028257513-4009107-1673031782-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4028257513-4009107-1673031782-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4028257513-4009107-1673031782-1000\...\123simsen.com -> www.123simsen.com
 
There are 7865 more sites.
 

==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4028257513-4009107-1673031782-1000\Control Panel\Desktop\\Wallpaper -> f:\chris (storage)\alex\camera new\dsc05957.jpg
HKU\S-1-5-21-4028257513-4009107-1673031782-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: Intel® Capability Licensing Service Interface => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: VIAKaraokeService => 2
MSCONFIG\startupfolder: C:^Users^christopher^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Prime95 => C:\Users\christopher\Desktop\prime95.exe
MSCONFIG\startupreg: Spotify => "C:\Users\christopher\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\christopher\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{8725F192-4734-4D79-986F-2BBE33F33AA4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mad Max\MadMax.exe
FirewallRules: [{BB9B0A64-F2B1-4F37-9ECD-84E8E1909923}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mad Max\MadMax.exe
FirewallRules: [{14DDCF1D-5E6D-4BD6-964A-02D8A2D504B0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B368E8BB-5048-4BC9-A73A-756B126687C7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9B9CDDB4-122F-461F-9557-B16438F3B21C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{4C05A580-7060-417C-93C8-B6A01FE162A7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{36C8AF29-366E-4E9D-9ABF-5570FF06AF34}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [uDP Query User{C0FAB8F0-0810-4A8A-82EB-A0A1B93CCC18}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [TCP Query User{14B62F82-4453-4E31-B9A2-D135517F04F8}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [{75E8E10D-EE17-48C7-AB32-A889F7668172}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{68099FAC-13A5-496E-9518-E966531D6D18}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [uDP Query User{007F349B-28FF-44EF-8263-C9F21CC4CEBD}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{36B7DE46-A5E1-4220-8839-81F232A659F9}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [uDP Query User{8B60C836-D301-4400-97F7-C14680D9B1EB}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{2FB1DCCA-AB9B-4CCD-A1A6-BC79C21CB684}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [uDP Query User{262E45A3-3101-4684-9041-B0F0A3942BBA}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{57C217E3-4A37-4FAB-B034-0DEFCA4A8A32}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [uDP Query User{B306AF5E-8139-4A34-A766-23AAC1BFF0F2}C:\program files (x86)\ccp - copy\eve\bin\exefile.exe] => (Allow) C:\program files (x86)\ccp - copy\eve\bin\exefile.exe
FirewallRules: [TCP Query User{A2A564FB-4423-47CE-924A-3B91E155712B}C:\program files (x86)\ccp - copy\eve\bin\exefile.exe] => (Allow) C:\program files (x86)\ccp - copy\eve\bin\exefile.exe
FirewallRules: [{C889B044-421C-4EB7-B7B5-B64AAF10B8F6}] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{D1116D66-86DD-45BA-A194-83CB8498FA4C}] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [uDP Query User{D1E4B784-24C5-4F72-A92C-4AC1E4402101}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{EC7130C0-0888-4B0D-B713-EF34FE579F87}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{9627B720-62D9-457B-BAE0-63FAE9F02608}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{3198913E-2777-458A-92B5-EEFD83270B29}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{6BD6E380-291B-431D-B4D0-7F203936981A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{642F69AB-B3DD-4AA8-89AC-3BA3D8D3F109}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C773EA2A-4F0D-467D-8AEE-05AFEB738AD5}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{0F5D00F4-3B4F-4877-8812-FB73D9438933}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{E5AF1295-F40D-4425-884C-597E192A60D7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{121B9E38-DDDD-4028-ABE1-572E1F1038D6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D9A0B78A-EDB1-4420-980F-E39C00EE6779}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E25B7DB3-4C75-4B9D-BE2B-A5238828FBD5}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{8004B484-D019-45ED-87EC-C163B76720FD}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{E07B824F-4F11-45FF-8360-F016487EBE7E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{5C205BE9-6F86-4A29-AD3F-9A5C3BC142DF}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{595456AD-05EB-45B2-B01A-100890339714}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{D887A38A-5D9B-4BF1-87C2-0820A0C04D9C}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{4C7FE7E1-7925-4A2B-8B03-9AE970E73512}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{67245537-08F9-46BD-8520-AC453DCB5EC1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [uDP Query User{5B5E3A09-C1A1-474D-A6E2-AF3CA753E9B7}C:\program files (x86)\ccp\eve\bin\exefile.exe] => (Allow) C:\program files (x86)\ccp\eve\bin\exefile.exe
FirewallRules: [TCP Query User{A435C946-9CB3-43AE-B0F4-71EB2E6D7C79}C:\program files (x86)\ccp\eve\bin\exefile.exe] => (Allow) C:\program files (x86)\ccp\eve\bin\exefile.exe
FirewallRules: [{3773262B-28B0-4D1D-9DF9-A1F13E2021AE}] => (Allow) C:\Users\christopher\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7225985B-FF3A-4391-A3A7-BD63100C860F}] => (Allow) C:\Users\christopher\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8C136EEA-B981-407E-85F8-E2B0682E78FB}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{06617862-CFF9-4783-AD5F-48C88DFBDC8C}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{053AD011-D984-4B69-922E-B1660D6E6AEA}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{00AC5B0B-64FF-4E1B-A252-1F22D75B0B55}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{DBB9B79D-CAB0-4446-A223-B76DB8DDF339}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [uDP Query User{4CAA909E-F014-422E-A3F7-6CAA27CD5FE1}C:\users\christopher\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\christopher\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{DA99D977-10D7-4810-8172-B845252C3A7A}C:\users\christopher\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\christopher\appdata\roaming\spotify\spotify.exe
FirewallRules: [{EC5C67D1-9F51-4C9A-94AC-9AD8FB5FD770}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{E837A1E7-2547-446A-8CB9-27E9AA7F2E31}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{19DFA080-792A-4E20-BA63-CBBF5E90A8B1}] => (Allow) LPort=1900
FirewallRules: [{8EC4D99D-8732-4868-B1D8-8DFBAF65DFA6}] => (Allow) LPort=2869
FirewallRules: [{B9B0EC4A-3450-405E-B147-5F3FA8F41CF1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [uDP Query User{387F1EA7-6164-4F05-B0CF-5B32ECD980DF}L:\new pc install files\diablo-iii-setup-engb.exe] => (Allow) L:\new pc install files\diablo-iii-setup-engb.exe
FirewallRules: [TCP Query User{D2984A88-32D3-42F1-A57E-23E931975C46}L:\new pc install files\diablo-iii-setup-engb.exe] => (Allow) L:\new pc install files\diablo-iii-setup-engb.exe
FirewallRules: [uDP Query User{F1DBC538-CB33-46DB-B08B-95A91B6E6E2F}C:\users\christopher\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\christopher\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{D13E55A1-8BC9-43D1-94BD-31B1532BAAE5}C:\users\christopher\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\christopher\appdata\roaming\spotify\spotify.exe
FirewallRules: [{0056D44C-8B51-4071-8324-6731B2B21123}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D7190A97-DB37-439C-B74E-B64BF7A3E8CF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{65684E78-3B5D-47EA-A6EA-2BAAEDB6F438}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D0F9374A-214C-4D71-AFEB-164C5A241DE0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B440C24B-7731-48A6-B81A-38F1DD4E946C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D4CD1174-2EAD-48DA-9D52-8B9E30331D1A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E2B855C5-290E-4E72-9477-CFC01095C6D8}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{5AEC81A5-6139-4166-BFEC-A9BD6F4D8F8A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8E80A26C-B241-4460-B108-082EB60EF18C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
==================== Faulty Device Manager Devices =============
 

==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/12/2015 05:40:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CHRIS-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/12/2015 05:34:44 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1888) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\WINDOWS\system32\SRU\SRU00300.log.
 
Error: (12/12/2015 05:32:06 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (12/12/2015 05:19:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 42.0.0.5780 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 1d34
 
Start Time: 01d13500ed20f2e0
 
Termination Time: 4294967295
 
Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
Report Id: 7bdad2ca-a0f4-11e5-9c2a-902b3433e50d
 
Faulting package full name:
 
Faulting package-relative application ID:
 
Error: (12/12/2015 11:30:46 AM) (Source: ESENT) (EventID: 455) (User: )
Description: CCleaner64 (480) testing: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\christopher\AppData\Local\Microsoft\Windows\WebCache\V01.log.
 
Error: (12/12/2015 11:30:46 AM) (Source: ESENT) (EventID: 489) (User: )
Description: CCleaner64 (480) testing: An attempt to open the file "C:\Users\christopher\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (12/12/2015 11:30:36 AM) (Source: ESENT) (EventID: 455) (User: )
Description: CCleaner64 (480) testing: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\christopher\AppData\Local\Microsoft\Windows\WebCache\V01.log.
 
Error: (12/12/2015 11:30:36 AM) (Source: ESENT) (EventID: 489) (User: )
Description: CCleaner64 (480) testing: An attempt to open the file "C:\Users\christopher\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (12/10/2015 10:36:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CHRIS-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/10/2015 07:11:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ExeFile.exe, version: 2015.10.97.5536, time stamp: 0x563220b8
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x2ba086d8
Faulting process id: 0xdac
Faulting application start time: 0xExeFile.exe0
Faulting application path: ExeFile.exe1
Faulting module path: ExeFile.exe2
Report Id: ExeFile.exe3
Faulting package full name: ExeFile.exe4
Faulting package-relative application ID: ExeFile.exe5
 

System errors:
=============
Error: (12/12/2015 05:49:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
%%1058
 
Error: (12/12/2015 05:40:49 PM) (Source: DCOM) (EventID: 10010) (User: CHRIS-PC)
Description: CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca
 
Error: (12/12/2015 05:40:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (12/12/2015 05:39:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (12/12/2015 05:34:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
%%1058
 
Error: (12/12/2015 05:32:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (12/12/2015 05:24:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
%%1058
 
Error: (12/12/2015 05:24:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_Session1 service to connect.
 
Error: (12/12/2015 05:23:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (12/12/2015 11:32:38 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 

CodeIntegrity:
===================================
  Date: 2015-11-08 17:34:04.282
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-08 17:34:04.276
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-08 17:34:04.267
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-08 17:34:04.208
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-05 23:27:17.780
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-05 23:27:17.772
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-05 23:27:17.763
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-05 23:27:17.701
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-05 21:38:12.038
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-05 21:38:11.976
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 

==================== Memory info ===========================
 
Processor: Intel® Core i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 26%
Total physical RAM: 8154.3 MB
Available physical RAM: 5958.82 MB
Total Virtual: 16346.3 MB
Available Virtual: 14053.63 MB
 
==================== Drives ================================
 
Drive c: (OS/Programs) (Fixed) (Total:238.37 GB) (Free:65.08 GB) NTFS
Drive f: (Data Storage) (Fixed) (Total:1863.01 GB) (Free:1605.21 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: BC6DB291)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 4854FBD6)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
Link to post
Share on other sites

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

:excl: There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  warning.gif Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 


FRST.gif Scan with Farbar Recovery Scan Tool

 

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content into your next reply.
Link to post
Share on other sites

  • 3 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.