MickeyM Posted July 26, 2016 ID:1052836 Share Posted July 26, 2016 I recently received a msg through STEAM from someone I used to play counterstike with. It had a link to a vimeo page saying that some of my gameplay was in it, intrigued i clinked the link and it said I needed flash player so proceeded to clink the install button, AVG popped up with a detection and said it was removed but on booting up my pc i get a error named mcrtvclient.exe Can anyone help me remove this problem? Thank you in advance Mick Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted July 26, 2016 ID:1052837 Share Posted July 26, 2016 (edited) Hello and Edited July 26, 2016 by TwinHeadedEagle Link to post Share on other sites More sharing options...
MickeyM Posted July 26, 2016 Author ID:1052846 Share Posted July 26, 2016 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-07-2016 Ran by Mickey's (administrator) on MICKEY (26-07-2016 22:59:49) Running from C:\Users\Mickey's\Downloads Loaded Profiles: Mickey's (Available Profiles: Mickey's) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe () C:\Windows\System32\PnkBstrA.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (GIGABYTE Technology Co.,Ltd.) C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe () C:\Users\Mickey's\Documents\GIGABYTE\AIVIA GHOST\GHOSTOPEN.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (NVIDIA Corporation) C:\Users\Mickey's\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Samsung Electronics.) C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Ubisoft) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe (Ubisoft) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UplayWebCore.exe (Ubisoft) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UplayWebCore.exe (Ubisoft) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UplayWebCore.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3820440 2016-04-21] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-11] (Intel Corporation) HKLM-x32\...\Run: [ghost] => C:\Users\Mickey's\Documents\GIGABYTE\AIVIA GHOST\ghostopen.exe [191488 2012-09-18] () HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24204648 2016-07-06] (Dropbox, Inc.) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2131344 2016-06-20] (Wondershare) HKU\S-1-5-21-747868735-2588589844-2642923601-1000\...\Run: [AVG-Secure-Search-Update_0913b] => C:\Users\Mickey's\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid d065c05b39d947d3b2a66d16b258ebf5-ad1491be2ce6c122f6b66faa90e70c2decf7d34c --CMPID 0913b HKU\S-1-5-21-747868735-2588589844-2642923601-1000\...\Run: [Comrade.exe] => G:\Comrade.exe HKU\S-1-5-21-747868735-2588589844-2642923601-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation) HKU\S-1-5-21-747868735-2588589844-2642923601-1000\...\Run: [AppleWebKit] => C:\Users\Mickey's\AppData\Roaming\lappclimtfldr\mcrtvclient.exe [34808 2011-10-07] (NetSupport Ltd) HKU\S-1-5-21-747868735-2588589844-2642923601-1000\...\MountPoints2: F - F:\AutoRun.exe HKU\S-1-5-21-747868735-2588589844-2642923601-1000\...\MountPoints2: {549729a5-cde7-11e5-9e62-bc5ff4bc0206} - F:\AutoRun.exe HKU\S-1-5-21-747868735-2588589844-2642923601-1000\...\MountPoints2: {549729b3-cde7-11e5-9e62-bc5ff4bc0206} - F:\AutoRun.exe HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [43816 2015-04-26] (Apple Inc.) ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-06] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk [2014-03-23] ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (GIGABYTE Technology Co.,Ltd.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-07-15] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: 5.79.79.150 pagead2.googlesyndication.com Tcpip\Parameters: [DhcpNameServer] 61.9.134.49 61.9.133.193 Tcpip\..\Interfaces\{2E6B0A17-CDB7-4380-B161-B06017E95B55}: [DhcpNameServer] 61.9.134.49 61.9.133.193 Tcpip\..\Interfaces\{46B320FA-D8B4-488E-897D-490E94E0CC3D}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{87FB9865-4B5F-4370-BF86-FAA30749FDA9}: [DhcpNameServer] 61.9.134.49 61.9.133.193 Internet Explorer: ================== HKU\S-1-5-21-747868735-2588589844-2642923601-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE07&ocid=UE07DHP HKU\S-1-5-21-747868735-2588589844-2642923601-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-au/?pc=UE07&ocid=UE07DHP SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-17] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-17] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.) Toolbar: HKU\S-1-5-21-747868735-2588589844-2642923601-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.) FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-13] () FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [No File] FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [No File] FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB) FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-17] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-17] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-13] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] () FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [No File] FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [No File] FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-06-03] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-06-03] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-747868735-2588589844-2642923601-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2016-07-21] () Chrome: ======= CHR HomePage: Default -> hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=AU&userid=08fb83b6-07e3-07d6-2ef5-62ad8acfa5c5&searchtype=hp&installDate=27/08/2013 CHR StartupUrls: Default -> "" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\PepperFlash\pepflashplayer.dll () CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\ppGoogleNaClPluginChrome.dll => No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\pdf.dll => No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Profile: C:\Users\Mickey's\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Adblock Plus) - C:\Users\Mickey's\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-29] CHR Extension: (DayZ Theme) - C:\Users\Mickey's\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghjlgemheiifgmffahbkacgajijlimcc [2013-12-29] CHR Extension: (Chrome Web Store Payments) - C:\Users\Mickey's\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03] CHR Extension: (Gmail) - C:\Users\Mickey's\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3647384 2016-04-21] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [336152 2016-04-21] (AVG Technologies CZ, s.r.o.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1392648 2016-07-09] () S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-02] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-02] (Dropbox, Inc.) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-02] (NVIDIA Corporation) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed] R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation) R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2016-04-03] (Electronic Arts) R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-09-06] () R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-06-27] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [285152 2010-08-26] () S3 WsDrvInst; "E:\MobileTrans\DriverInstall.exe" [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-12-16] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [299440 2016-01-13] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [296368 2015-12-16] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [255920 2016-01-22] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [300464 2015-08-04] (AVG Technologies CZ, s.r.o.) R3 CMUSBDAC; C:\Windows\System32\DRIVERS\CMUSBDAC.sys [594944 2014-09-19] (C-MEDIA) R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-31] (Intel Corporation) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation) S3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2014-08-17] (Echobit, LLC) R3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2010-02-04] () S3 GPUZ; C:\Windows\TEMP\GPUZ.sys [27008 2014-06-09] () R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] () R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation) S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation) S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X] S3 cpuz137; \??\C:\Windows\TEMP\cpuz137\cpuz137_x64.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 sxuptp; system32\DRIVERS\sxuptp.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-07-26 22:59 - 2016-07-26 22:59 - 02394112 _____ (Farbar) C:\Users\Mickey's\Downloads\FRST64.exe 2016-07-26 22:59 - 2016-07-26 22:59 - 00023564 _____ C:\Users\Mickey's\Downloads\FRST.txt 2016-07-26 22:59 - 2016-07-26 22:59 - 00000000 ____D C:\FRST 2016-07-26 22:45 - 2016-07-26 22:48 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-07-26 22:44 - 2016-07-26 22:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-07-26 22:44 - 2016-07-26 22:44 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-07-26 22:44 - 2016-07-26 22:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-07-26 22:44 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-07-26 22:44 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-07-26 22:44 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-07-26 22:42 - 2016-07-26 22:43 - 22851472 _____ (Malwarebytes ) C:\Users\Mickey's\Downloads\mbam-setup-2.2.1.1043.exe 2016-07-22 19:19 - 2016-07-24 03:18 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2016-07-22 19:19 - 2016-07-22 19:19 - 00003888 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2016-07-22 19:16 - 2016-07-22 19:17 - 00000000 _RSHD C:\Users\Mickey's\AppData\Roaming\lappclimtfldr 2016-07-22 19:16 - 2016-07-22 19:17 - 00000000 _RSHD C:\Users\Mickey's\AppData\Roaming\ethpackrs 2016-07-22 19:16 - 2016-07-22 19:16 - 00587776 _____ (Igor Pavlov) C:\Users\Mickey's\AppData\Roaming\77kjf.exe 2016-07-22 19:16 - 2016-07-22 19:16 - 00587776 _____ (Igor Pavlov) C:\Users\Mickey's\AppData\Roaming\66z.exe 2016-07-22 19:16 - 2016-07-22 19:16 - 00118005 _____ (Browser Player) C:\Users\Mickey's\Downloads\install_flаshplayer_x86_x64_vspta_win7_10.exe 2016-07-22 19:16 - 2016-07-22 19:16 - 00000008 _____ C:\Users\Mickey's\AppData\Roaming\mxw.bin 2016-07-20 14:01 - 2016-07-20 14:01 - 00000000 ____D C:\Windows\EOONotify 2016-07-20 11:24 - 2016-07-20 11:24 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys 2016-07-20 11:24 - 2016-07-20 11:24 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf 2016-07-20 11:15 - 2016-07-20 11:15 - 01002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll 2016-07-20 10:38 - 2016-07-20 11:27 - 00000000 ____D C:\Users\Mickey's\AppData\Roaming\Wondershare 2016-07-20 10:38 - 2016-07-20 11:27 - 00000000 ____D C:\Users\Mickey's\.android 2016-07-20 10:38 - 2016-07-20 10:38 - 00000000 ____D C:\Users\Mickey's\AppData\Roaming\HMYGSetting 2016-07-20 10:38 - 2016-07-20 10:38 - 00000000 ____D C:\Users\Mickey's\AppData\Local\Wondershare 2016-07-20 10:38 - 2016-07-20 10:38 - 00000000 ____D C:\ProgramData\Wondershare 2016-07-13 17:54 - 2016-06-26 10:35 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2016-07-13 17:54 - 2016-06-26 10:27 - 01208320 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2016-07-13 17:54 - 2016-06-26 10:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2016-07-13 17:54 - 2016-06-26 10:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2016-07-13 17:54 - 2016-06-26 10:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll 2016-07-13 17:54 - 2016-06-26 10:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll 2016-07-13 17:54 - 2016-06-26 10:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll 2016-07-13 17:54 - 2016-06-26 05:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2016-07-13 17:54 - 2016-06-26 05:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll 2016-07-13 17:54 - 2016-06-26 05:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe 2016-07-13 17:54 - 2016-06-26 05:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe 2016-07-13 17:54 - 2016-06-26 05:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe 2016-07-13 17:54 - 2016-06-22 23:06 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll 2016-07-13 17:54 - 2016-06-18 04:24 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2016-07-13 17:54 - 2016-06-18 04:24 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2016-07-13 17:54 - 2016-06-18 04:24 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2016-07-13 17:54 - 2016-06-18 04:24 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2016-07-13 17:54 - 2016-06-18 04:24 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2016-07-13 17:54 - 2016-06-18 04:24 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2016-07-13 17:54 - 2016-06-15 01:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-07-13 17:54 - 2016-06-11 16:57 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-07-13 17:54 - 2016-06-11 14:48 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-07-13 17:54 - 2016-06-11 07:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-07-13 17:54 - 2016-06-11 07:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-07-13 17:54 - 2016-06-11 07:20 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-07-13 17:54 - 2016-06-11 07:19 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-07-13 17:54 - 2016-06-11 07:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-07-13 17:54 - 2016-06-11 07:18 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-07-13 17:54 - 2016-06-11 07:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-07-13 17:54 - 2016-06-11 07:17 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-07-13 17:54 - 2016-06-11 07:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-07-13 17:54 - 2016-06-11 07:08 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-07-13 17:54 - 2016-06-11 07:05 - 25814016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-07-13 17:54 - 2016-06-11 07:04 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-07-13 17:54 - 2016-06-11 07:03 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-07-13 17:54 - 2016-06-11 07:03 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-07-13 17:54 - 2016-06-11 07:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-07-13 17:54 - 2016-06-11 07:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-07-13 17:54 - 2016-06-11 06:53 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-07-13 17:54 - 2016-06-11 06:50 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-07-13 17:54 - 2016-06-11 06:49 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-07-13 17:54 - 2016-06-11 06:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-07-13 17:54 - 2016-06-11 06:38 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-07-13 17:54 - 2016-06-11 06:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-07-13 17:54 - 2016-06-11 06:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-07-13 17:54 - 2016-06-11 06:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-07-13 17:54 - 2016-06-11 06:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-07-13 17:54 - 2016-06-11 06:15 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-07-13 17:54 - 2016-06-11 06:13 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-07-13 17:54 - 2016-06-11 06:12 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-07-13 17:54 - 2016-06-11 06:11 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-07-13 17:54 - 2016-06-11 06:10 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-07-13 17:54 - 2016-06-11 05:45 - 15409664 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-07-13 17:54 - 2016-06-11 05:44 - 02869248 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-07-13 17:54 - 2016-06-11 05:30 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-07-13 17:54 - 2016-06-11 05:21 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-07-13 17:54 - 2016-06-11 05:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-07-13 17:54 - 2016-06-11 04:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-07-13 17:54 - 2016-06-11 04:53 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-07-13 17:54 - 2016-06-11 04:53 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-07-13 17:54 - 2016-06-11 04:53 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-07-13 17:54 - 2016-06-11 04:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-07-13 17:54 - 2016-06-11 04:47 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-07-13 17:54 - 2016-06-11 04:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-07-13 17:54 - 2016-06-11 04:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-07-13 17:54 - 2016-06-11 04:42 - 20348928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-07-13 17:54 - 2016-06-11 04:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-07-13 17:54 - 2016-06-11 04:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-07-13 17:54 - 2016-06-11 04:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-07-13 17:54 - 2016-06-11 04:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-07-13 17:54 - 2016-06-11 04:32 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-07-13 17:54 - 2016-06-11 04:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-07-13 17:54 - 2016-06-11 04:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2016-07-13 17:54 - 2016-06-11 04:24 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-07-13 17:54 - 2016-06-11 04:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-07-13 17:54 - 2016-06-11 04:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-07-13 17:54 - 2016-06-11 04:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-07-13 17:54 - 2016-06-11 04:14 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-07-13 17:54 - 2016-06-11 04:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-07-13 17:54 - 2016-06-11 04:10 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-07-13 17:54 - 2016-06-11 04:09 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-07-13 17:54 - 2016-06-11 04:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-07-13 17:54 - 2016-06-11 03:58 - 13806080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-07-13 17:54 - 2016-06-11 03:45 - 02392576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-07-13 17:54 - 2016-06-11 03:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-07-13 17:54 - 2016-06-11 03:41 - 01315840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-07-12 19:18 - 2016-07-12 19:18 - 00111373 _____ C:\Users\Mickey's\Downloads\1.7.10-OreSheepMod-v3.1.0.jar 2016-07-12 19:12 - 2016-07-12 19:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-07-07 20:21 - 2016-07-07 20:21 - 00000000 ____D C:\Users\Mickey's\Desktop\Lets Play 2016-07-01 19:01 - 2016-07-01 19:02 - 00000000 ____D C:\Users\Mickey's\Desktop\Modded World ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-07-26 22:57 - 2016-05-02 21:26 - 00000908 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2016-07-26 22:57 - 2014-08-17 20:20 - 00065536 _____ C:\Windows\system32\Ikeext.etl 2016-07-26 22:57 - 2014-03-23 14:58 - 00000000 ____D C:\Users\Mickey's\Documents\temp 2016-07-26 22:57 - 2013-08-01 20:07 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-07-26 22:57 - 2013-08-01 18:00 - 00000000 ____D C:\Windows\Panther 2016-07-26 22:57 - 2013-08-01 02:22 - 00000000 ____D C:\ProgramData\NVIDIA 2016-07-26 22:57 - 2009-07-14 15:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-07-26 22:31 - 2016-05-02 21:26 - 00000912 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2016-07-26 22:17 - 2013-08-01 20:07 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-07-26 21:46 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\tracing 2016-07-26 21:41 - 2009-07-14 14:45 - 00029968 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-07-26 21:41 - 2009-07-14 14:45 - 00029968 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-07-26 15:31 - 2016-06-12 17:08 - 00367629 _____ C:\IFRToolLog.txt 2016-07-26 15:22 - 2009-07-14 15:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI 2016-07-26 15:22 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\inf 2016-07-26 15:20 - 2013-08-18 15:53 - 00000000 ____D C:\ProgramData\MFAData 2016-07-26 02:03 - 2013-08-01 21:59 - 00000000 ____D C:\Users\Mickey's\AppData\Roaming\TS3Client 2016-07-24 19:46 - 2014-03-04 10:37 - 00000000 ____D C:\Users\Mickey's\AppData\Local\Arma 3 2016-07-24 15:04 - 2015-05-31 15:01 - 00000000 ____D C:\Users\Mickey's\AppData\Roaming\Curse Client 2016-07-22 19:19 - 2013-08-01 20:07 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-07-22 19:19 - 2013-08-01 20:07 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-07-22 19:19 - 2013-08-01 20:06 - 00000000 ____D C:\Users\Mickey's\AppData\Local\Adobe 2016-07-20 14:01 - 2015-04-06 03:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2016-07-20 14:01 - 2015-04-06 03:00 - 00000000 ___SD C:\Windows\system32\GWX 2016-07-20 10:38 - 2013-08-01 02:04 - 00000000 ____D C:\Users\Mickey's 2016-07-17 12:22 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\system32\NDF 2016-07-17 00:23 - 2013-08-02 17:39 - 00000000 ____D C:\Users\Mickey's\AppData\Local\ElevatedDiagnostics 2016-07-15 21:44 - 2014-03-04 10:37 - 00000000 ____D C:\Users\Mickey's\Documents\Arma 3 2016-07-14 16:36 - 2016-02-13 12:24 - 00000000 ____D C:\Windows\rescache 2016-07-14 12:32 - 2015-07-15 20:09 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-07-14 12:32 - 2015-07-15 20:09 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-07-14 12:19 - 2009-07-14 14:45 - 00270560 _____ C:\Windows\system32\FNTCACHE.DAT 2016-07-14 05:59 - 2014-12-11 11:31 - 00000000 ____D C:\Windows\system32\appraiser 2016-07-14 05:59 - 2011-04-12 18:28 - 00000000 ____D C:\Program Files\Windows Journal 2016-07-14 03:03 - 2013-08-15 22:25 - 00000000 ____D C:\Windows\system32\MRT 2016-07-14 03:00 - 2013-08-02 18:12 - 144749672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-07-13 16:08 - 2013-08-01 20:07 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2016-07-13 16:08 - 2013-08-01 20:07 - 00000000 ____D C:\Windows\system32\Macromed 2016-07-12 19:12 - 2016-05-02 21:26 - 00000000 ____D C:\Program Files (x86)\Dropbox 2016-07-01 19:00 - 2015-04-01 20:23 - 00000000 ____D C:\Users\Mickey's\AppData\Local\ftblauncher ==================== Files in the root of some directories ======= 2016-07-22 19:16 - 2016-07-22 19:16 - 0587776 _____ (Igor Pavlov) C:\Users\Mickey's\AppData\Roaming\66z.exe 2016-07-22 19:16 - 2016-07-22 19:16 - 0587776 _____ (Igor Pavlov) C:\Users\Mickey's\AppData\Roaming\77kjf.exe 2015-12-28 22:44 - 2015-12-28 22:44 - 0000132 _____ () C:\Users\Mickey's\AppData\Roaming\Adobe GIF Format CS6 Prefs 2014-09-07 11:29 - 2015-12-28 22:41 - 0000132 _____ () C:\Users\Mickey's\AppData\Roaming\Adobe PNG Format CS6 Prefs 2014-03-14 18:17 - 2016-05-04 13:05 - 0000300 _____ () C:\Users\Mickey's\AppData\Roaming\BreakingPoint_Login.ini 2014-03-14 18:19 - 2016-05-04 13:11 - 0001764 _____ () C:\Users\Mickey's\AppData\Roaming\BreakingPoint_Options.ini 2016-07-22 19:16 - 2016-07-22 19:16 - 0000008 _____ () C:\Users\Mickey's\AppData\Roaming\mxw.bin 2014-09-08 17:37 - 2014-09-08 17:37 - 0040448 ___SH () C:\Users\Mickey's\AppData\Roaming\Thumbs.db 2014-09-15 06:01 - 2015-12-29 10:44 - 0001456 _____ () C:\Users\Mickey's\AppData\Local\Adobe Save for Web 13.0 Prefs 2014-06-12 19:11 - 2014-06-12 19:11 - 0000017 _____ () C:\Users\Mickey's\AppData\Local\resmon.resmoncfg 2016-06-12 17:03 - 2016-06-12 17:03 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some files in TEMP: ==================== C:\Users\Mickey's\AppData\Local\Temp\DataCard_Setup64.exe C:\Users\Mickey's\AppData\Local\Temp\ResetDevice.exe C:\Users\Mickey's\AppData\Local\Temp\TsuE80497F6.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-07-17 11:44 ==================== End of FRST.txt ============================ Link to post Share on other sites More sharing options...
MickeyM Posted July 26, 2016 Author ID:1052848 Share Posted July 26, 2016 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-07-2016 Ran by Mickey's (2016-07-26 23:00:03) Running from C:\Users\Mickey's\Downloads Windows 7 Home Premium Service Pack 1 (X64) (2013-07-31 16:04:32) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-747868735-2588589844-2642923601-500 - Administrator - Disabled) Guest (S-1-5-21-747868735-2588589844-2642923601-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-747868735-2588589844-2642923601-1003 - Limited - Enabled) Mickey's (S-1-5-21-747868735-2588589844-2642923601-1000 - Administrator - Enabled) => C:\Users\Mickey's ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) A3Launcher version 0.0.0.9 (HKLM-x32\...\{E31045B4-9DB5-9EBD-44DF-BD4CFDE640DF}_is1) (Version: 0.0.0.9 - Maca134) Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated) Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20050 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.) Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated) Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated) Adobe Flash Player 22 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated) Adobe Photoshop CS6 (HKLM-x32\...\Adobe Photoshop CS6) (Version: 13.0.0.0 - © The Computer Guy Tony) AIVIA GHOST (HKLM-x32\...\{4E711815-5F4E-47F2-B1E1-C0B43A8D57F3}) (Version: 1.06.0000 - GIGABYTE) Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Arma 2 (HKLM-x32\...\Steam App 33910) (Version: - Bohemia Interactive) Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version: - Bohemia Interactive) Arma 3 (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive) AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6201 - AVG Technologies) AVG 2015 (Version: 15.0.4627 - AVG Technologies) Hidden AVG 2015 (Version: 15.0.6201 - AVG Technologies) Hidden Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.7.2.45672 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.1 - EA Digital Illusions CE AB) BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - ) BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version: - ) BigPond Broadband Cable (HKLM-x32\...\{9C2D6495-AB6C-4f71-9A15-BB69329C1663}) (Version: 7.1 - Inteweave Pty Limited) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Breaking Point (HKLM-x32\...\Breaking Point 5.0.2.9) (Version: 5.0.2.9 - The Zombie Infection) Breaking Point (x32 Version: 5.0.2.9 - The Zombie Infection) Hidden CM Storm Havoc Gaming Mouse (HKLM-x32\...\{A9C8E687-9371-4283-A4D4-96E07C0A3597}) (Version: 1.1.3 - Cooler Master) Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse) DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive) DayZLauncher version 0.0.0.7 (HKLM-x32\...\{E31045B4-9DB5-44DF-9EBD-BD4CFDE640FD}_is1) (Version: 0.0.0.7 - Maca134) Dota 2 (HKLM\...\Steam App 570) (Version: - Valve) Drift Streets Japan (HKLM\...\Steam App 412880) (Version: - JDM4iK) Dropbox (HKLM-x32\...\Dropbox) (Version: 6.4.14 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.39.1 - Dropbox, Inc.) Hidden Far Cry 4 (HKLM-x32\...\Steam App 298110) (Version: - Ubisoft Montreal, Red Storm, Shanghai, Toronto, Kiev) Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version: - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai) FileParade Bundle (HKLM-x32\...\FileParade Bundle) (Version: 1.0.0.0 - FileParade Bundle) <==== ATTENTION GameSpy Comrade (HKLM-x32\...\{894084B6-BC69-43B7-BF06-B93AECFEA520}) (Version: 2.1.1.214 - GameSpy) GIGABYTE OC_GURU II (HKLM-x32\...\InstallShield_{5588D686-D23B-4C9D-BDFA-2A7875CD3722}) (Version: 1.67.0000 - GIGABYTE Technology Co.,Ltd.) GIGABYTE OC_GURU II (x32 Version: 1.67.0000 - GIGABYTE Technology Co.,Ltd.) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games) iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.) Insurgency (HKLM-x32\...\Steam App 222880) (Version: - New World Interactive) Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation) Intel(R) Network Connections 18.4.59.0 (HKLM\...\PROSetDX) (Version: 18.4.59.0 - Intel) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.0.0.102 - Intel Corporation) iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.) Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation) Java SE Development Kit 8 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.15 - Oracle Corporation) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) NBTExplorer (HKLM-x32\...\{70417A42-7BA4-4801-BE5E-2C095BDC3048}) (Version: 2.7.1.0 - Justin Aquadro) NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM-x32\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 1.01.206 - NETGEAR) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team) NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation) NVIDIA 3D Vision Driver 368.39 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.39 - NVIDIA Corporation) NVIDIA GeForce Experience 2.11.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.3.5 - NVIDIA Corporation) NVIDIA Graphics Driver 368.39 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.39 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.34.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.14 - NVIDIA Corporation) NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) Origin (HKLM-x32\...\Origin) (Version: 9.3.10.4710 - Electronic Arts, Inc.) Play withSIX Windows client (HKU\S-1-5-21-747868735-2588589844-2642923601-1000\...\PlaywithSIX) (Version: 1.66.1166.5 - SIX Networks GmbH) Project Reality: BF2 (HKLM\...\Project Reality: BF2 (pr)_is1) (Version: v1.2 - Project Reality) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.0 - Rockstar Games) Rust (HKLM-x32\...\Steam App 252490) (Version: - Facepunch Studios) Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics) SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.11.3.5 - NVIDIA Corporation) Hidden SketchUp 2015 (HKLM\...\{350488A4-1540-4103-8F01-B27503891EB0}) (Version: 15.3.331 - Trimble Navigation Limited) SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH) Tom Clancy's The Division (HKLM-x32\...\Uplay Install 568) (Version: - Ubisoft) TP-LINK TL-WDN3800 Driver (HKLM-x32\...\{D2FAC054-7623-436B-9239-E4C8E752FA14}) (Version: 1.3.1 - TP-LINK) Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft) VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.) Warframe (HKLM-x32\...\Steam App 230410) (Version: - Digital Extremes) Windows Driver Package - Atheros Communications Inc. (arusb_lhx) Net (09/25/2008 3.1.0.101) (HKLM\...\B090418E214D6BD6EE18A512A8EE609225AC9279) (Version: 09/25/2008 3.1.0.101 - Atheros Communications Inc.) Windows Driver Package - NETGEAR Inc. (RTL8187) Net (12/01/2006 6.1258.1201.2006) (HKLM\...\5AF8BE22A56B38B1816F36BAC6A71F1277E45440) (Version: 12/01/2006 6.1258.1201.2006 - NETGEAR Inc.) Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation) WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) Wolfenstein: The New Order (HKLM-x32\...\Steam App 201810) (Version: - Machine Games) Wondershare Helper Compact 2.5.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.0 - Wondershare) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0BB649AA-A53D-4B49-B797-72FC5462A12E} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-02] (Dropbox, Inc.) Task: {1607B6BF-4A8D-4B96-8BD2-37A324EC1896} - System32\Tasks\{2DB5145A-54BE-4E13-B1C7-4BF4E3B73428} => pcalua.exe -a C:\Users\Mickey's\Desktop\ARMA2_OA_Build_108074.exe -d C:\Users\Mickey's\Desktop Task: {1F23F22B-09EE-4CCE-A6D9-6D839852A209} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {1F3F3ECE-42DC-401E-9B07-05B4751CC3B1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {240C930D-0D70-4641-ACB9-A5178D3FE7C8} - System32\Tasks\{643C4896-1902-4689-BA4F-53CF443C989F} => pcalua.exe -a "C:\Users\Mickey's\Downloads\BP_Installer (1).exe" -d C:\Users\Mickey's\Downloads Task: {3EA0F619-9349-4AFE-82CE-A3877A4EB5DB} - System32\Tasks\{4FC6FF96-2048-4044-B82B-D47292E7C4BE} => pcalua.exe -a "C:\Program Files (x86)\GIGABYTE\OC_GURU II V1.67_B140605.exe" -d "C:\Program Files (x86)\GIGABYTE" Task: {46C94F91-8403-453C-B846-921D6385C784} - System32\Tasks\Microsoft\Windows\Setup\EOONotify => C:\Windows\EOONotify\EOONotify.exe [2016-07-09] (Microsoft Corporation) Task: {4D9C2FEA-60FC-4633-B1FC-D4466E65B0F9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {755C810D-A3D9-4F6A-96AD-57ACBAE05B5A} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation) Task: {82B4CC78-8FCC-43E9-BAD7-D36AC757619C} - System32\Tasks\{DB6A1DE8-3987-490F-91A4-6AACE5E385AE} => pcalua.exe -a "C:\Program Files (x86)\Steam\SteamApps\common\Arma 2 Operation Arrowhead\Expansion\beta\Setup_BattlEyeARMA2OA.exe" -d "C:\Program Files (x86)\Steam\SteamApps\common\Arma 2 Operation Arrowhead\Expansion\beta" Task: {8D3EB9F8-373D-4B6D-8540-FCFC7499B9A4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe [2016-07-22] (Adobe Systems Incorporated) Task: {8E1ECC68-6DC8-4DD6-9EFF-8A79D8FD7432} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated) Task: {8EFD0C74-FADE-45B4-819A-648704C27DEC} - System32\Tasks\{D86429CB-784D-4FA0-A02E-C7B15A1D6952} => pcalua.exe -a "G:\Steam\SteamApps\common\Arma 2 Operation Arrowhead\BEsetup\Setup_BattlEyeARMA2OA.exe" -d "G:\Steam\SteamApps\common\Arma 2 Operation Arrowhead\BEsetup" Task: {99C67B95-FFE5-45FA-AF1F-0F476DB54E07} - System32\Tasks\{FD636239-C63B-4466-B5A0-888E3EFE1177} => pcalua.exe -a "C:\Program Files (x86)\Adobe\Adobe Photoshop CS6\Microsoft\vcredist_x86.exe" -d "C:\Program Files (x86)\Adobe\Adobe Photoshop CS6\Microsoft\" -c /q Task: {9E52475C-799B-415D-85D8-0F1BFB617C80} - System32\Tasks\{1F449F21-FAFF-4457-B4F5-A9D155354639} => pcalua.exe -a "C:\Program Files (x86)\Steam\SteamApps\common\Arma 2 Operation Arrowhead\ARMA2_OA_Build_112555.exe" -d "C:\Program Files (x86)\Steam\SteamApps\common\Arma 2 Operation Arrowhead" Task: {B52284F3-3256-4F28-8CEC-C13F8DD3DD94} - System32\Tasks\{611A7BC4-50E6-42A3-B2C7-961E35731964} => pcalua.exe -a "C:\Users\Mickey's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9BYOAD7O\JavaSetup8u91.exe" -d C:\Users\Mickey's\Desktop Task: {C3399A15-822B-41DA-A8F5-0CD3B78115CB} - System32\Tasks\{08825A08-E24C-4BBC-8762-458599E245F6} => pcalua.exe -a "C:\Program Files (x86)\Steam\SteamApps\common\Arma 2 Operation Arrowhead\BEsetup\setup_BattlEyeARMA2.exe" -d "C:\Program Files (x86)\Steam\SteamApps\common\Arma 2 Operation Arrowhead\BEsetup" Task: {D4CC7FC0-355D-4286-93A6-C033CAAD2C98} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-02] (Dropbox, Inc.) Task: {DCFC237E-F232-47DD-80A7-CAF9A5BEAB34} - System32\Tasks\{A6962FF3-0FE8-4378-A1E9-D5521181CAC7} => pcalua.exe -a "C:\Program Files (x86)\Adobe\Adobe Photoshop CS6\Microsoft\vcredist_x64.exe" -d "C:\Program Files (x86)\Adobe\Adobe Photoshop CS6\Microsoft" Task: {E06E03CB-42A7-4032-BB7B-BF8BE4C55FC3} - System32\Tasks\{06A989AB-B644-46AD-A352-917DA0D2D955} => pcalua.exe -a "C:\Program Files (x86)\Steam\SteamApps\common\Arma 2 Operation Arrowhead\BEsetup\Setup_BattlEyeARMA2OA.exe" -d "C:\Program Files (x86)\Steam\SteamApps\common\Arma 2 Operation Arrowhead\BEsetup" Task: {E475D3F0-DD09-403E-A400-D6736FE167B4} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.) Task: {F8FB96AA-D0B4-4A1F-AFD6-3EF06EF4497E} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Mickey's\AppData\Local\Microsoft\Windows\GameExplorer\{FBF16FE5-B78B-4C17-903F-B65BDAC79E8F}\SupportTasks\0\Support.lnk -> hxxp://techsupport.ea.com/ ==================== Loaded Modules (Whitelisted) ============== 2013-08-01 02:22 - 2016-06-03 13:26 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-02-13 03:20 - 2015-02-13 03:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2016-05-04 20:25 - 2016-05-02 15:54 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll 2016-05-04 20:25 - 2016-05-02 15:54 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll 2016-05-04 20:25 - 2016-05-02 15:55 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll 2016-01-15 22:00 - 2016-05-02 15:55 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll 2014-07-05 00:05 - 2015-09-06 23:12 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe 2014-11-25 13:05 - 2010-08-26 16:48 - 00285152 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe 2016-05-04 20:25 - 2016-05-02 15:55 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll 2016-05-04 20:25 - 2016-05-02 15:55 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll 2016-05-04 20:25 - 2016-05-02 15:55 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll 2016-01-15 22:00 - 2016-05-02 15:55 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll 2016-05-04 20:25 - 2016-05-02 15:54 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll 2016-05-04 20:25 - 2016-05-02 15:54 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll 2012-09-18 15:41 - 2012-09-18 15:41 - 00191488 _____ () C:\Users\Mickey's\Documents\GIGABYTE\AIVIA GHOST\GHOSTOPEN.exe 2013-12-20 14:54 - 2016-05-02 16:00 - 00167480 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\gamecaster64.dll 2013-12-20 14:54 - 2016-05-02 16:01 - 00862776 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\twitchsdk64.dll 2014-11-25 13:05 - 2010-10-28 10:37 - 00368640 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiLib.dll 2015-03-31 21:28 - 2016-05-02 16:02 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2016-07-20 10:38 - 2016-06-20 14:48 - 01506304 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll 2016-07-20 10:38 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll 2014-06-12 18:14 - 2014-09-28 16:59 - 00019872 _____ () C:\Program Files (x86)\Samsung Magician\SAMSUNG_SSD.dll 2012-11-16 20:43 - 2016-06-11 02:08 - 50601984 _____ () C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\libcef.dll 2014-08-17 14:12 - 2014-02-10 11:44 - 04592128 _____ () C:\Users\Mickey's\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll 2014-08-17 14:12 - 2014-02-10 11:44 - 00112128 _____ () C:\Users\Mickey's\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll 2016-06-12 17:07 - 2013-09-03 16:52 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com IE trusted site: HKU\S-1-5-21-747868735-2588589844-2642923601-1000\...\clonewarsadventures.com -> clonewarsadventures.com IE trusted site: HKU\S-1-5-21-747868735-2588589844-2642923601-1000\...\freerealms.com -> freerealms.com IE trusted site: HKU\S-1-5-21-747868735-2588589844-2642923601-1000\...\soe.com -> soe.com IE trusted site: HKU\S-1-5-21-747868735-2588589844-2642923601-1000\...\sony.com -> sony.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 12:34 - 2014-09-07 10:03 - 00000869 ____A C:\Windows\system32\Drivers\etc\hosts 5.79.79.150 pagead2.googlesyndication.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-747868735-2588589844-2642923601-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Mickey's\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 61.9.134.49 - 61.9.133.193 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup MSCONFIG\startupreg: iCloudDrive => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{2738E9F3-DB34-4065-BF92-6F76AA63B16B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{A3D7D93A-5EED-4373-AF98-65E32E433A36}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{8D5D5DB0-6395-4DB4-9A82-2B1F25AF300B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{4F3127F0-F92C-4937-86D3-1603F5904E32}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{E3372992-E164-4CB0-82D5-45F14DC9F1DD}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe FirewallRules: [{3D396B1E-D177-4012-B8C8-659BA3851E00}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe FirewallRules: [TCP Query User{7DDD1019-9533-491E-89EE-9A18EE22323C}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oaold.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oaold.exe FirewallRules: [UDP Query User{EBBCB406-B699-4ADB-A30A-95327089DDB4}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oaold.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oaold.exe FirewallRules: [TCP Query User{FC80FB76-950C-4B3A-A835-BF58BF2417E9}C:\program files (x86)\steam\steamapps\common\arma2oa.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma2oa.exe FirewallRules: [UDP Query User{73A68530-06B8-4AA1-9217-0B4046D46F4C}C:\program files (x86)\steam\steamapps\common\arma2oa.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma2oa.exe FirewallRules: [TCP Query User{9C300027-D67E-4DC0-B264-0C6514160CA8}E:\steamlibrary\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe] => (Allow) E:\steamlibrary\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe FirewallRules: [UDP Query User{EF430DDD-9AA4-4043-ABEF-BE35F714965F}E:\steamlibrary\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe] => (Allow) E:\steamlibrary\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe FirewallRules: [TCP Query User{12C73A90-AE35-493C-AF71-8F1375D752EF}C:\users\mickey's\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\mickey's\appdata\roaming\bittorrent\bittorrent.exe FirewallRules: [UDP Query User{B0FEC943-A752-4F49-AE14-47D0E2890E1B}C:\users\mickey's\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\mickey's\appdata\roaming\bittorrent\bittorrent.exe FirewallRules: [{42286D87-6681-4876-BF34-20399F299D40}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\War Thunder\launcher.exe FirewallRules: [{FD709B68-6D6C-4BDD-B466-4B5EBA4EB59E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\War Thunder\launcher.exe FirewallRules: [TCP Query User{BB4DEB8B-ACE3-4C5D-8F16-9575CB388600}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe FirewallRules: [UDP Query User{538425F8-0A0F-41E0-9A22-E302B7DE2656}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe FirewallRules: [TCP Query User{A06B494E-EA92-4CB9-A0DC-A7EF253A50E3}E:\steamlibrary\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) E:\steamlibrary\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe FirewallRules: [UDP Query User{2FE2468F-5462-44BE-A174-B7F156FAD9B2}E:\steamlibrary\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) E:\steamlibrary\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe FirewallRules: [{ED54B522-01AB-4629-B4EF-FE4191CF46B4}] => (Allow) E:\SteamLibrary\SteamApps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{8ECA4682-942A-4C6E-BBF6-ED686B9D9E99}] => (Allow) E:\SteamLibrary\SteamApps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{5D582AB9-7606-4E9E-836F-0A0AEDD398C1}] => (Allow) E:\SteamLibrary\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe FirewallRules: [{CFE00A03-E5E2-408E-ACD7-AA75291CC0A0}] => (Allow) E:\SteamLibrary\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe FirewallRules: [{9656C4CF-73FB-44E7-BBC9-BF0EA42CAFDB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{AEC69670-7380-4C83-A6F0-7592FCF7D441}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{917095C6-5EE0-4B9A-BF0C-6287AA7BC4B7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ.exe FirewallRules: [{82437509-9381-46F3-BEBC-EDA0F31646E7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ.exe FirewallRules: [{E7375E64-5D7C-4E80-9253-D2C2C90EA422}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ.exe FirewallRules: [{8EFD9360-AB5E-4CD1-9D5C-8D29392D6DDB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ.exe FirewallRules: [TCP Query User{78F6EEB3-83BE-417C-ADCA-CD4FB7192317}C:\users\mickey's\appdata\roaming\bittorrent\bittorrent.exe] => (Block) C:\users\mickey's\appdata\roaming\bittorrent\bittorrent.exe FirewallRules: [UDP Query User{BAEF75B8-74C0-4BC7-9748-B0D8CB4606A4}C:\users\mickey's\appdata\roaming\bittorrent\bittorrent.exe] => (Block) C:\users\mickey's\appdata\roaming\bittorrent\bittorrent.exe FirewallRules: [{621A655F-F340-41E8-A86C-6196A7047F2F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ.exe FirewallRules: [{FE410510-ADD1-4293-BBF5-999D77113B04}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ.exe FirewallRules: [{34BAB9FB-BAB9-4014-9060-CDB40CEAD046}] => (Allow) E:\SteamLibrary\SteamApps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{6299089C-9574-4FEB-8023-1F31814AB683}] => (Allow) E:\SteamLibrary\SteamApps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [TCP Query User{75ABC8C3-F7B1-4EE0-9EB5-8FF6C8E6B57C}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe FirewallRules: [UDP Query User{D8763035-24A7-41F7-B1A8-95E2C9BCD60F}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe FirewallRules: [{43509B76-1027-46FC-9308-0E71031E2500}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{E357D3D9-53F1-444E-AF8C-B73BC5133450}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{265875D6-D291-4CB2-8B60-3BF47EA83293}] => (Allow) E:\SteamLibrary\SteamApps\common\NZA\bin\NZA.exe FirewallRules: [{FAAD4D52-B2F6-4BE6-B474-CC676790E83A}] => (Allow) E:\SteamLibrary\SteamApps\common\NZA\bin\NZA.exe FirewallRules: [{17D75D6A-87C2-46E3-A4DE-587954E3CDC1}] => (Allow) E:\SteamLibrary\SteamApps\common\Arma 3\arma3.exe FirewallRules: [{D3F26D99-580A-4C5C-8EBE-88FCDC864D1E}] => (Allow) E:\SteamLibrary\SteamApps\common\Arma 3\arma3.exe FirewallRules: [TCP Query User{F62288FA-898A-43F1-AC55-2A52383888EC}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oaserver.exe FirewallRules: [UDP Query User{F8086582-E9EB-4114-B994-18209A292C48}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oaserver.exe FirewallRules: [{3DE9E11F-3507-4180-A67C-A2583162383E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 2\arma2.exe FirewallRules: [{4410F531-C469-4892-8F77-7FAACB89E4C2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 2\arma2.exe FirewallRules: [{BBEAC0F0-48E4-4253-9627-7BBD59CC299C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe FirewallRules: [{8AB1A307-AAD1-4453-8EB6-C3DCCBE0B943}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe FirewallRules: [{624B1A4E-EFC1-43B0-808A-1C033552F755}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 2 Operation Arrowhead\Expansion\beta\Arma2OA.exe FirewallRules: [{F16AAC9D-846C-4F21-B521-CABB2FB8B636}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 2 Operation Arrowhead\Expansion\beta\Arma2OA.exe FirewallRules: [TCP Query User{3931C20A-FA31-4943-A275-B2A89E429EE1}E:\steamlibrary\steamapps\common\arma 3\breakingpoint.exe] => (Allow) E:\steamlibrary\steamapps\common\arma 3\breakingpoint.exe FirewallRules: [UDP Query User{1E4B3D07-205E-445A-B90E-DEDCEF91EAE2}E:\steamlibrary\steamapps\common\arma 3\breakingpoint.exe] => (Allow) E:\steamlibrary\steamapps\common\arma 3\breakingpoint.exe FirewallRules: [{765F0398-005C-47F2-B70D-62F7DE2A5ABD}] => (Allow) E:\SteamLibrary\SteamApps\common\DayZ\DayZ.exe FirewallRules: [{72D9E1FC-AE01-47E9-9D89-02D3BD030A2C}] => (Allow) E:\SteamLibrary\SteamApps\common\DayZ\DayZ.exe FirewallRules: [{96EDBB2F-CFF3-41F2-887C-4646F373C6CC}] => (Allow) E:\SteamLibrary\SteamApps\common\Wolfenstein.The.New.Order\WolfNewOrder_x64.exe FirewallRules: [{508EA1C3-2FCD-43A0-A0A7-2EE5C3069021}] => (Allow) E:\SteamLibrary\SteamApps\common\Wolfenstein.The.New.Order\WolfNewOrder_x64.exe FirewallRules: [{5B2F56BE-DB47-4B8B-8760-CBBB1A54968E}] => (Allow) G:\Steam\Steam.exe FirewallRules: [{08AC0E1F-3D50-4783-92AD-500B157A3D26}] => (Allow) G:\Steam\Steam.exe FirewallRules: [TCP Query User{A2D07216-09D5-4FAC-8ACC-16AF15BF1330}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{528B2906-B8C5-4E63-B96B-11C92804A80C}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [TCP Query User{08D45945-1660-4794-B383-738F5CC2BBCF}C:\program files (x86)\pfportchecker\pfportchecker.exe] => (Allow) C:\program files (x86)\pfportchecker\pfportchecker.exe FirewallRules: [UDP Query User{1873E8AE-F718-4C5D-89E5-A8C9ADE37AA5}C:\program files (x86)\pfportchecker\pfportchecker.exe] => (Allow) C:\program files (x86)\pfportchecker\pfportchecker.exe FirewallRules: [{6A26EE5A-8394-4BEC-B516-F940DCC90F52}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe FirewallRules: [{8CD78A6D-D8FC-4B9D-B971-0F3F8D9776E7}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe FirewallRules: [{8B6C5C64-42D1-47D5-B7B2-0560BAF43A41}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe FirewallRules: [{12AAB8F9-A47E-4210-B4DC-E21F59091F78}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe FirewallRules: [{C6642247-3197-4C77-B479-5835E1F1FEE4}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe FirewallRules: [{7720C86B-94FD-4A81-8B27-2D067C034B93}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe FirewallRules: [{E2C5F88A-3E0F-4311-8E0D-19BFDAA85AB2}] => (Allow) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe FirewallRules: [{1DBF13EE-3404-40F2-9B84-E4DFDAA62523}] => (Allow) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe FirewallRules: [{BFE95083-CD26-4481-A77E-23720CC069B3}] => (Allow) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe FirewallRules: [{4A401563-20A7-477B-BC27-C3A71F50C12A}] => (Allow) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe FirewallRules: [{F10AB20C-B45F-4EEE-AAB0-F20AC1EB6517}] => (Allow) LPort=25565 FirewallRules: [{A583D44C-145A-4901-97EE-8D7C8B61F05C}] => (Allow) E:\SteamLibrary\SteamApps\common\Arma 3\arma3launcher.exe FirewallRules: [{F776AB1F-3D36-40A2-99D7-01689B1C68DA}] => (Allow) E:\SteamLibrary\SteamApps\common\Arma 3\arma3launcher.exe FirewallRules: [{465F379A-F699-4335-9226-D5BE574B2CF5}] => (Allow) G:\Steam\SteamApps\common\Rust\legacy\rust.exe FirewallRules: [{81D32C48-1071-4D2E-9C70-FFD38A2ACE7C}] => (Allow) G:\Steam\SteamApps\common\Rust\legacy\rust.exe FirewallRules: [{854F58F8-87F1-4EE5-ACD3-E7B25A78F049}] => (Allow) G:\Steam\SteamApps\common\Rust\experimental\Rust.exe FirewallRules: [{529F0128-FF8C-4FA3-B329-3D9191DCA651}] => (Allow) G:\Steam\SteamApps\common\Rust\experimental\Rust.exe FirewallRules: [{E8A92C74-3C2B-47E7-859B-0F723D4CE64F}] => (Allow) C:\Program Files\Echobit\Evolve\EvoSvc.exe FirewallRules: [{64EAC77F-15B1-4D82-AD26-A1AAF4E85FA2}] => (Allow) C:\Program Files\Echobit\Evolve\EvolveClient.exe FirewallRules: [{64274327-63A0-4CFB-AE58-FAEB1208CED2}] => (Allow) G:\Steam\bin\steamwebhelper.exe FirewallRules: [{EAA4213B-908B-439C-973F-BFF8FC45251C}] => (Allow) G:\Steam\bin\steamwebhelper.exe FirewallRules: [TCP Query User{B582BFA6-02BC-4996-8250-2D121E719891}C:\program files (x86)\dayzlauncher\dayzlauncher.exe] => (Block) C:\program files (x86)\dayzlauncher\dayzlauncher.exe FirewallRules: [UDP Query User{34A604F5-C540-4D0A-A5E1-EB4514C7BCE4}C:\program files (x86)\dayzlauncher\dayzlauncher.exe] => (Block) C:\program files (x86)\dayzlauncher\dayzlauncher.exe FirewallRules: [{C941722E-E5CF-46DC-8D71-D46503B03B10}] => (Allow) G:\Steam\SteamApps\common\Arma 2\arma2.exe FirewallRules: [{67313E7A-7D2C-4EB0-84BC-700D5D435E8B}] => (Allow) G:\Steam\SteamApps\common\Arma 2\arma2.exe FirewallRules: [{C7C42599-DF8D-47AF-9E54-406538186F42}] => (Allow) G:\Steam\SteamApps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe FirewallRules: [{94FF6182-5EDD-427C-A36C-968F59C8C27B}] => (Allow) G:\Steam\SteamApps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe FirewallRules: [{82E54798-315C-4FB2-ADE1-B83CE044AABD}] => (Allow) G:\Steam\SteamApps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe FirewallRules: [{A03CA4E3-448E-49DB-B8C4-4F6578B4DAA5}] => (Allow) G:\Steam\SteamApps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe FirewallRules: [{6C3B6FBC-702D-47E6-8395-7E618F51DE20}] => (Allow) G:\Steam\SteamApps\common\Rust\experimental\Rust.exe FirewallRules: [{7BD08635-63CB-4C7F-9FFA-CA824CD8ACDA}] => (Allow) G:\Steam\SteamApps\common\Rust\experimental\Rust.exe FirewallRules: [{A360867C-355C-4D58-B88B-6C24BFC14812}] => (Allow) G:\Steam\SteamApps\common\Rust\Rust.exe FirewallRules: [{2151CBE1-F64D-4410-8B47-6865B132DCB8}] => (Allow) G:\Steam\SteamApps\common\Rust\Rust.exe FirewallRules: [{79BC0840-79E5-45B5-B3BD-7611E5B60523}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe FirewallRules: [{42FB3AB1-DEAA-41DC-AEF6-BE5C86E89AF3}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe FirewallRules: [{0DBD04E2-5E3C-4C6E-9261-05FC105892FC}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe FirewallRules: [{F84AE906-CEEF-409C-90F8-A202ED818DCB}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe FirewallRules: [{4BBDD4F1-9726-4637-8BCD-CC26749FB214}] => (Allow) G:\Steam\steamapps\common\Battlefield 2\prbf2.exe FirewallRules: [{87E7B053-1B49-4559-81BF-893D899F4AB8}] => (Allow) G:\Steam\steamapps\common\Battlefield 2\mods\pr\bin\PRLauncher.exe FirewallRules: [{C98E8E0E-FD73-46FE-9B70-3E2E22DD7CFD}] => (Allow) G:\Steam\steamapps\common\Battlefield 2\mods\pr\bin\PRUpdater.exe FirewallRules: [{8981F6FD-5C5E-4B25-958E-BF2CFEA29168}] => (Allow) G:\Steam\steamapps\common\Battlefield 2\mods\pr\bin\PRMumble\PRMumble.exe FirewallRules: [TCP Query User{AD35E902-1080-419E-A742-F6F9E58E9A22}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{85E7D8FD-B5FF-465B-967A-306CE8DCC9FF}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe FirewallRules: [{B11E963E-E271-49D7-95F8-D5F22C04781F}] => (Allow) E:\SteamLibrary\SteamApps\common\DayZ\DayZ_BE.exe FirewallRules: [{9561222C-41DE-4DEB-8DBD-CF48C76B4CEE}] => (Allow) E:\SteamLibrary\SteamApps\common\DayZ\DayZ_BE.exe FirewallRules: [{F226F778-4DC0-4CAF-AE46-05C93AE4BAC4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{1DF629A0-4820-4C77-8A72-6A9EB16853DF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{424B62CE-3023-4844-90CD-05F6004D52EA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{32288AE5-9960-4BBE-A671-66E3C5F81B2A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{22789FAC-5005-4C81-8373-8C5D1B184926}] => (Allow) E:\SteamLibrary\SteamApps\common\insurgency2\insurgency.exe FirewallRules: [{6F2A580D-4EEF-4B85-A9DE-1C6C09905791}] => (Allow) E:\SteamLibrary\SteamApps\common\insurgency2\insurgency.exe FirewallRules: [{717BC5F3-4FA6-4442-B3FE-A22016408336}] => (Allow) G:\Steam\SteamApps\common\Rust\legacy\rust.exe FirewallRules: [{0C646020-6EBF-498B-BC12-A6D81D8D6BC6}] => (Allow) G:\Steam\SteamApps\common\Rust\legacy\rust.exe FirewallRules: [{75E04179-7F22-4D27-998A-51AFD6941F1A}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Warframe.exe FirewallRules: [{E4629D44-9E42-49F4-B246-2CD97E4294B6}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{7B705E52-69AB-471E-91FD-D200CC0EACEE}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Warframe.exe FirewallRules: [{B9D63D9A-256A-475B-B5AD-EA7703D092FB}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{E6D470E6-472A-4CAE-9ED9-F1554985CD09}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe FirewallRules: [{DD41FBAA-0CBC-4D89-ACE4-250E6932D1E9}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Tools\RemoteCrashSender.exe FirewallRules: [{387BE08F-8211-405F-91DE-6965D3433F5D}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Warframe.exe FirewallRules: [{09EA1AE2-1FCD-4CE3-80ED-F44EEFA03802}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{2872E8DA-F149-4A88-A75B-6CDA1736ACEF}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Warframe.exe FirewallRules: [{3F23DC5A-A753-4E9C-BC46-BA0663EB9963}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{F60104BB-C67F-4A14-8BBD-14828368E517}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe FirewallRules: [{B98E9265-C498-448A-94F3-254DD0059FBA}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Tools\RemoteCrashSender.exe FirewallRules: [TCP Query User{55381C6D-9124-4070-8048-62690EF14130}C:\program files (x86)\a3launcher\a3launcher.exe] => (Allow) C:\program files (x86)\a3launcher\a3launcher.exe FirewallRules: [UDP Query User{74306AE9-AD21-4B06-A9E6-531BDE4601E2}C:\program files (x86)\a3launcher\a3launcher.exe] => (Allow) C:\program files (x86)\a3launcher\a3launcher.exe FirewallRules: [{A094F1D2-D45B-4336-906C-DB0FC5962698}] => (Allow) G:\Steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe FirewallRules: [{03843268-61D1-4AE2-943D-EC1B44637301}] => (Allow) G:\Steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe FirewallRules: [TCP Query User{3D7040B1-2A2D-4D7A-9CF5-5589FE77B4D0}C:\users\mickey's\appdata\local\playwithsix\app-1.66.1166.5\play.exe] => (Allow) C:\users\mickey's\appdata\local\playwithsix\app-1.66.1166.5\play.exe FirewallRules: [UDP Query User{FC44BA1C-8000-495E-914E-8F04B4818DAB}C:\users\mickey's\appdata\local\playwithsix\app-1.66.1166.5\play.exe] => (Allow) C:\users\mickey's\appdata\local\playwithsix\app-1.66.1166.5\play.exe FirewallRules: [TCP Query User{271B5193-2B82-4A1E-9EAD-417EAA3C4EA9}G:\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) G:\steam\steamapps\common\h1z1\h1z1.exe FirewallRules: [UDP Query User{C160009A-13F7-450C-A98D-AF40054BA8B4}G:\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) G:\steam\steamapps\common\h1z1\h1z1.exe FirewallRules: [TCP Query User{5750BD67-90E2-4A5E-855C-CCDFF0FFBE51}E:\gta5.exe] => (Allow) E:\gta5.exe FirewallRules: [UDP Query User{7FAD7B62-1A8B-4BC0-B3FE-DFD5A73E39BC}E:\gta5.exe] => (Allow) E:\gta5.exe FirewallRules: [{543B1960-3003-4A45-8807-64298A808A29}] => (Allow) G:\Origin Games\Battlefield 4\bf4_x86.exe FirewallRules: [{7118A09F-C7F9-49F7-9B0F-4884A51C8CF4}] => (Allow) G:\Origin Games\Battlefield 4\bf4_x86.exe FirewallRules: [{E35AF8B7-FB65-452F-9008-41E920E24B4B}] => (Allow) G:\Origin Games\Battlefield 4\bf4.exe FirewallRules: [{3E67DB22-2405-4A7F-8290-6FB36BA3E29D}] => (Allow) G:\Origin Games\Battlefield 4\bf4.exe FirewallRules: [TCP Query User{015435B0-C81C-47E4-A158-AE48DEBEAE34}C:\users\mickey's\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\mickey's\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{B5B7D1B7-A89B-4A59-9F62-97B6EE7DB9E5}C:\users\mickey's\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\mickey's\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [{7ECBC869-7BC5-4DB3-826F-3A8058A659AB}] => (Allow) G:\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGameServer.exe FirewallRules: [{7D5C1E21-404D-4133-8FCB-75D31FBE38CB}] => (Allow) G:\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGameServer.exe FirewallRules: [{E8F07D27-CFCE-4E06-9C5A-4FA42AD91834}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{A3E01D39-0CA4-402C-9492-ADA92DE0AE4A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{59369058-C236-491B-BBAA-26783932F825}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{DDDAD1FD-3057-46C1-B4F2-71EACA94D4CA}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{7D8F4887-269C-40F3-8A97-6CE66932C3F9}] => (Allow) G:\Steam\SteamApps\common\Far Cry 3\bin\farcry3.exe FirewallRules: [{81A315B6-3A44-4F5F-9317-E8678BBAF560}] => (Allow) G:\Steam\SteamApps\common\Far Cry 3\bin\farcry3.exe FirewallRules: [{3572194B-8EAE-4CA3-8769-BDFF2D6B6292}] => (Allow) G:\Steam\SteamApps\common\Far Cry 3\bin\farcry3_d3d11.exe FirewallRules: [{D32A526F-0954-49FB-8B1D-15DC8D61A665}] => (Allow) G:\Steam\SteamApps\common\Far Cry 3\bin\farcry3_d3d11.exe FirewallRules: [{785FC34D-BE03-4BE3-8355-205DF4E72C3F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{CEA166C0-A505-40FE-8A4C-41B0DA7C42BA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{D77ABF3C-0970-4A5D-9935-A7ECB98E9498}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{70B042C5-6B36-4059-B910-F94018AC161C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{2BCA368F-7201-413B-BA2A-1CF1985E2198}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{C3E3EAD8-D4DF-4483-80F2-455D24B9523C}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{226B6084-7052-4066-8BC0-88A8C6FC51B5}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{F0D67C78-735B-4907-8F87-A020D293ECE8}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [TCP Query User{2D3318E9-2BDA-4912-916D-738141361F75}C:\program files\java\jre1.8.0_51\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_51\bin\javaw.exe FirewallRules: [UDP Query User{48BE801D-187B-4E53-A740-C2A9E5A3129E}C:\program files\java\jre1.8.0_51\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_51\bin\javaw.exe FirewallRules: [TCP Query User{8AF6F4D8-A879-4E55-B3F2-91526948BC12}C:\program files\java\jre1.8.0_60\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_60\bin\javaw.exe FirewallRules: [UDP Query User{307578A1-424B-4FFC-BA6A-3A6657301F51}C:\program files\java\jre1.8.0_60\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_60\bin\javaw.exe FirewallRules: [TCP Query User{C0795940-F9D6-496F-A506-6085860C0415}C:\program files\java\jre1.8.0_65\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_65\bin\javaw.exe FirewallRules: [UDP Query User{E959F464-E6F1-4CFA-8235-11B3CD66654E}C:\program files\java\jre1.8.0_65\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_65\bin\javaw.exe FirewallRules: [TCP Query User{BAE544E8-CEC2-4EE6-B9D2-D9DC8C5DB076}C:\program files\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_66\bin\javaw.exe FirewallRules: [UDP Query User{A01B657C-C235-498F-AF98-966023F8884C}C:\program files\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_66\bin\javaw.exe FirewallRules: [{C61B9DBE-2789-4A54-ADB1-16DE9F5A5CEB}] => (Allow) E:\SteamLibrary\SteamApps\common\Far Cry 4\bin\FarCry4.exe FirewallRules: [{B2922266-AD7A-4C2A-B9AE-96033EBFCAC5}] => (Allow) E:\SteamLibrary\SteamApps\common\Far Cry 4\bin\FarCry4.exe FirewallRules: [{4079328E-2884-43F5-8C82-AE6CAC5AE304}] => (Allow) E:\SteamLibrary\SteamApps\common\Far Cry 4\bin\IGE_WPF64.exe FirewallRules: [{13CF9708-3C2B-4768-9198-5CEA220DAE0B}] => (Allow) E:\SteamLibrary\SteamApps\common\Far Cry 4\bin\IGE_WPF64.exe FirewallRules: [TCP Query User{FE7B5ABB-59F3-47D0-A3BD-380B52587157}C:\program files\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_66\bin\javaw.exe FirewallRules: [UDP Query User{487496F1-330D-4C75-9FFA-5B428E36BBC5}C:\program files\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_66\bin\javaw.exe FirewallRules: [TCP Query User{DC2A4682-D0BC-4CD3-9817-ADF3343F37A5}C:\users\mickey's\appdata\local\temp\rar$exa0.428\teamspeak3-server_win64\ts3server_win64.exe] => (Allow) C:\users\mickey's\appdata\local\temp\rar$exa0.428\teamspeak3-server_win64\ts3server_win64.exe FirewallRules: [UDP Query User{19BD6817-EE67-4851-B164-9AF35BCB6187}C:\users\mickey's\appdata\local\temp\rar$exa0.428\teamspeak3-server_win64\ts3server_win64.exe] => (Allow) C:\users\mickey's\appdata\local\temp\rar$exa0.428\teamspeak3-server_win64\ts3server_win64.exe FirewallRules: [TCP Query User{A62CAA13-B507-4284-BF85-41D42B03B8FB}C:\users\mickey's\desktop\ts server\ts3server_win64.exe] => (Allow) C:\users\mickey's\desktop\ts server\ts3server_win64.exe FirewallRules: [UDP Query User{8474E6EF-6DEA-4E79-9987-A1C5FE9A72CB}C:\users\mickey's\desktop\ts server\ts3server_win64.exe] => (Allow) C:\users\mickey's\desktop\ts server\ts3server_win64.exe FirewallRules: [TCP Query User{54073EDF-ABE1-4BBA-B120-B57A0884B0CF}C:\users\mickey's\desktop\teamspeak\ts3server_win64.exe] => (Allow) C:\users\mickey's\desktop\teamspeak\ts3server_win64.exe FirewallRules: [UDP Query User{C8FA0632-41ED-4CCD-8EA1-243A8A93A04F}C:\users\mickey's\desktop\teamspeak\ts3server_win64.exe] => (Allow) C:\users\mickey's\desktop\teamspeak\ts3server_win64.exe FirewallRules: [{1C123DF0-4929-4F89-8A6E-DC9E4580C108}] => (Allow) G:\Origin Games\Battlefield 4\BF4WebHelper.exe FirewallRules: [{3F277DE7-0ACE-49B7-A1F8-3C539320FA3D}] => (Allow) G:\Origin Games\Battlefield 4\BF4WebHelper.exe FirewallRules: [{308243B3-2060-4F93-B8BD-D893BD4CD4E6}] => (Allow) G:\Origin Games\Battlefield 4\BF4X86WebHelper.exe FirewallRules: [{8F347A17-F46B-4748-B901-744BF30F2392}] => (Allow) G:\Origin Games\Battlefield 4\BF4X86WebHelper.exe FirewallRules: [{206D884D-5F99-45AB-84EC-E442DFBD2ECF}] => (Allow) G:\Steam\SteamApps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe FirewallRules: [{11FE57DA-EF69-4D47-A669-0A2D87C0EEF4}] => (Allow) G:\Steam\SteamApps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe FirewallRules: [TCP Query User{0D1EB2B2-951B-412B-9BBF-7B3F81C8B5CF}C:\program files\java\jre1.8.0_66\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_66\bin\java.exe FirewallRules: [UDP Query User{7C0FF78D-DA95-4C1D-A18A-3E175824A354}C:\program files\java\jre1.8.0_66\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_66\bin\java.exe FirewallRules: [TCP Query User{A48C2A75-7984-494A-B6D5-A56A863B2497}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\javaw.exe FirewallRules: [UDP Query User{627FDFC5-B4C4-41DB-BCFD-CE17360D1F57}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\javaw.exe FirewallRules: [{E0B21540-C1DB-44F4-9D82-27B6E4CC5D5A}] => (Allow) E:\SteamLibrary\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{04392BB3-14AA-4383-A280-457E84D4D94F}] => (Allow) E:\SteamLibrary\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [TCP Query User{34C232B9-34A1-4116-9E53-9D14EE45F628}C:\program files\java\jre1.8.0_73\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\java.exe FirewallRules: [UDP Query User{692D5399-BC53-459B-9021-22B95FA36D24}C:\program files\java\jre1.8.0_73\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\java.exe FirewallRules: [{968ECDED-7806-42BB-9B6F-79E57870D83A}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe FirewallRules: [{C58BDE83-85E0-4AD6-8244-26157C318062}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe FirewallRules: [{525764FB-F02C-4285-8781-53F5CFABF0C0}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe FirewallRules: [{2A3AFF3B-FB03-45E4-89EA-DC41BC324144}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe FirewallRules: [{3BCD1B87-BE5B-4A28-9C5C-50539D961001}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe FirewallRules: [{87DF8710-F422-48F4-AEFF-A9FC0595FD1F}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe FirewallRules: [TCP Query User{42FC8F1A-6177-4D8B-8474-B32EA845920D}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_91\bin\javaw.exe FirewallRules: [UDP Query User{34C40F76-C6DE-4FF1-8777-080B7A45998E}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_91\bin\javaw.exe FirewallRules: [{BCA70B40-9FE5-455D-8EAC-68303DC5D244}] => (Allow) E:\SteamLibrary\SteamApps\common\Drift Streets Japan Windows\Drift Streets Japan.exe FirewallRules: [{6552FBD4-DF4F-4697-BEDA-1F17CE2B6DF8}] => (Allow) E:\SteamLibrary\SteamApps\common\Drift Streets Japan Windows\Drift Streets Japan.exe FirewallRules: [{434F143E-7AE2-4044-ACAB-571085841301}] => (Allow) G:\Tom Clancy's The Division\TheDivision.exe FirewallRules: [{8F0655A9-EB59-4688-8EDC-1A8078F39C2C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{C18F1899-8CD2-4E1A-90AF-2E0F90C754E7}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe FirewallRules: [TCP Query User{DB65C02D-FF36-4F7D-B8B2-2215E08D1DD6}C:\users\mickey's\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\mickey's\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{1A80874D-4543-4CF5-BA11-2DD2F8FE6255}C:\users\mickey's\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\mickey's\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [{1DFB6DF6-DB7F-446A-BA26-637329BD31F9}] => (Allow) C:\Users\Mickey's\AppData\Roaming\lappclimtfldr\mcrtvclient.exe FirewallRules: [{07AD26F7-0F4E-4A39-A384-7638ADB6B629}] => (Allow) C:\Users\Mickey's\AppData\Roaming\lappclimtfldr\mcrtvclient.exe FirewallRules: [{AAFCD13A-C8FA-4D5E-97C4-07805D773CB0}] => (Allow) C:\Users\Mickey's\AppData\Roaming\ethpackrs\str.exe FirewallRules: [{6EB81F9E-2671-4805-B526-817A815145D0}] => (Allow) C:\Users\Mickey's\AppData\Roaming\ethpackrs\str.exe ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============= Name: N600 Wireless Dual Band PCI Express Adapter Description: N600 Wireless Dual Band PCI Express Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: TP-LINK Service: athr Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (07/26/2016 10:59:18 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/26/2016 03:17:24 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/25/2016 07:32:42 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/24/2016 01:57:58 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/23/2016 11:39:34 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/21/2016 06:43:00 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/21/2016 10:25:37 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/20/2016 02:29:23 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/20/2016 09:51:41 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/19/2016 12:00:20 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (07/26/2016 07:05:48 PM) (Source: volsnap) (EventID: 36) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error: (07/26/2016 03:15:35 PM) (Source: volsnap) (EventID: 36) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error: (07/24/2016 03:45:38 PM) (Source: volsnap) (EventID: 36) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error: (07/22/2016 04:48:50 PM) (Source: volsnap) (EventID: 36) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error: (07/21/2016 02:50:38 AM) (Source: volsnap) (EventID: 36) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error: (07/20/2016 11:40:06 AM) (Source: volsnap) (EventID: 36) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error: (07/20/2016 02:47:16 AM) (Source: volsnap) (EventID: 36) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error: (07/17/2016 07:19:27 PM) (Source: volsnap) (EventID: 36) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error: (07/16/2016 06:20:37 PM) (Source: volsnap) (EventID: 36) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error: (07/16/2016 03:14:02 AM) (Source: volsnap) (EventID: 36) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4670K CPU @ 3.40GHz Percentage of memory in use: 19% Total physical RAM: 16314.69 MB Available physical RAM: 13054.45 MB Total Virtual: 16508.16 MB Available Virtual: 13057.37 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:111.69 GB) (Free:6.23 GB) NTFS Drive e: (Storage) (Fixed) (Total:1863.01 GB) (Free:1364.06 GB) NTFS Drive g: (Games) (Fixed) (Total:232.88 GB) (Free:66.35 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: EA7F85AB) Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: B0DAA8A6) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: E0715B8B) Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 5, 2016 Root Admin ID:1054824 Share Posted August 5, 2016 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 6, 2016 Root Admin ID:1054878 Share Posted August 6, 2016 Topic reopened per request Link to post Share on other sites More sharing options...
MickeyM Posted August 7, 2016 Author ID:1054948 Share Posted August 7, 2016 Can anyone help with this one? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 7, 2016 Root Admin ID:1055035 Share Posted August 7, 2016 It is the weekend. Your helper @TwinHeadedEagle should be back around on Monday. Thank you Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted August 8, 2016 ID:1055112 Share Posted August 8, 2016 Sorry for delay. Fix with AdwCleaner Please download AdwCleaner by Xplode and save the file to your Desktop. Right-click on icon and select Run as Administrator to start the tool. Accept the Terms of use. Wait until the database is updated. Click Scan. When finished, please click Cleaning. Your PC should reboot now. After reboot, logfile will be opened. Copy its content into your next reply. Note: Reports will be saved in your system partition, usually at C:\Adwcleaner Link to post Share on other sites More sharing options...
MickeyM Posted August 10, 2016 Author ID:1055529 Share Posted August 10, 2016 # AdwCleaner v5.201 - Logfile created 10/08/2016 at 17:06:47 # Updated 30/06/2016 by ToolsLib # Database : 2016-08-09.1 [Server] # Operating system : Windows 7 Home Premium Service Pack 1 (X64) # Username : Mickey's - MICKEY # Running from : C:\Users\Mickey's\Desktop\AdwCleaner.exe # Option : Clean # Support : https://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** ***** [ Files ] ***** [-] File Deleted : C:\Users\Mickey's\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_australia.trovit.com_0.localstorage [-] File Deleted : C:\Users\Mickey's\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_australia.trovit.com_0.localstorage-journal [-] File Deleted : C:\Users\Mickey's\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage [-] File Deleted : C:\Users\Mickey's\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal [-] File Deleted : C:\Users\Mickey's\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_translator.babylon.com_0.localstorage [-] File Deleted : C:\Users\Mickey's\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_translator.babylon.com_0.localstorage-journal [-] File Deleted : C:\Users\Mickey's\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage [-] File Deleted : C:\Users\Mickey's\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal ***** [ DLLs ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** [-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E} [-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24} [-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6} [-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9} [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} [-] Key Deleted : HKCU\Software\AVG Nation toolbar [-] Key Deleted : HKCU\Software\Conduit [-] Key Deleted : HKCU\Software\IM [-] Key Deleted : HKCU\Software\Softonic [-] Key Deleted : HKLM\SOFTWARE\AVG Nation toolbar [-] Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar [-] Key Deleted : HKLM\SOFTWARE\Conduit [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467 [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\search.sidecubes.com ***** [ Web browsers ] ***** [-] [C:\Users\Mickey's\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : amfclgbdpgndipgoegfpkkgobahigbcl [-] [C:\Users\Mickey's\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : flpcjncodpafbgdpnkljologafpionhb ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [3859 bytes] - [10/08/2016 17:06:47] C:\AdwCleaner\AdwCleaner[S1].txt - [4059 bytes] - [10/08/2016 17:05:39] ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4005 bytes] ########## Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted August 10, 2016 ID:1055537 Share Posted August 10, 2016 Your computer seems clean. How is it behaving now? Link to post Share on other sites More sharing options...
MickeyM Posted August 10, 2016 Author ID:1055556 Share Posted August 10, 2016 I still get this message on start up Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted August 11, 2016 ID:1055845 Share Posted August 11, 2016 Okay, this will remove remaining malware. Fix with Farbar Recovery Scan Tool This fix was created for this user for use on that particular machine. Running it on another one may cause damage and render the system unstable. Download attached fixlist.txt file and save it to the Desktop: Both files, FRST and fixlist.txt have to be in the same location or the fix will not work! Right-click on icon and select Run as Administrator to start the tool. (XP users click run after receipt of Windows Security Warning - Open File). Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finishes FRST will generate a log on the Desktop, called Fixlog.txt. Please attach it to your reply. fixlist.txt Link to post Share on other sites More sharing options...
MickeyM Posted August 12, 2016 Author ID:1055997 Share Posted August 12, 2016 Fix result of Farbar Recovery Scan Tool (x64) Version: 11-08-2016 01 Ran by Mickey's (2016-08-12 15:57:47) Run:1 Running from C:\Users\Mickey's\Desktop Loaded Profiles: Mickey's (Available Profiles: Mickey's) Boot Mode: Normal ============================================== fixlist content: ***************** emptytemp: Reboot: HKU\S-1-5-21-747868735-2588589844-2642923601-1000\...\Run: [AppleWebKit] => C:\Users\Mickey's\AppData\Roaming\lappclimtfldr\mcrtvclient.exe [34808 2011-10-07] (NetSupport Ltd) C:\Users\Mickey's\AppData\Roaming\lappclimtfldr FirewallRules: [{1DFB6DF6-DB7F-446A-BA26-637329BD31F9}] => (Allow) C:\Users\Mickey's\AppData\Roaming\lappclimtfldr\mcrtvclient.exe FirewallRules: [{07AD26F7-0F4E-4A39-A384-7638ADB6B629}] => (Allow) C:\Users\Mickey's\AppData\Roaming\lappclimtfldr\mcrtvclient.exe FirewallRules: [{AAFCD13A-C8FA-4D5E-97C4-07805D773CB0}] => (Allow) C:\Users\Mickey's\AppData\Roaming\ethpackrs\str.exe FirewallRules: [{6EB81F9E-2671-4805-B526-817A815145D0}] => (Allow) C:\Users\Mickey's\AppData\Roaming\ethpackrs\str.exe C:\Users\Mickey's\AppData\Roaming\ethpackrs 2016-07-22 19:16 - 2016-07-22 19:16 - 00587776 _____ (Igor Pavlov) C:\Users\Mickey's\AppData\Roaming\77kjf.exe 2016-07-22 19:16 - 2016-07-22 19:16 - 00587776 _____ (Igor Pavlov) C:\Users\Mickey's\AppData\Roaming\66z.exe 2016-07-22 19:16 - 2016-07-22 19:16 - 00000008 _____ C:\Users\Mickey's\AppData\Roaming\mxw.bin 2016-07-20 10:38 - 2016-07-20 10:38 - 00000000 ____D C:\Users\Mickey's\AppData\Roaming\HMYGSetting ***************** HKU\S-1-5-21-747868735-2588589844-2642923601-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AppleWebKit => value removed successfully C:\Users\Mickey's\AppData\Roaming\lappclimtfldr => moved successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1DFB6DF6-DB7F-446A-BA26-637329BD31F9} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{07AD26F7-0F4E-4A39-A384-7638ADB6B629} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AAFCD13A-C8FA-4D5E-97C4-07805D773CB0} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6EB81F9E-2671-4805-B526-817A815145D0} => value removed successfully C:\Users\Mickey's\AppData\Roaming\ethpackrs => moved successfully C:\Users\Mickey's\AppData\Roaming\77kjf.exe => moved successfully C:\Users\Mickey's\AppData\Roaming\66z.exe => moved successfully C:\Users\Mickey's\AppData\Roaming\mxw.bin => moved successfully C:\Users\Mickey's\AppData\Roaming\HMYGSetting => moved successfully =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 18104012 B Java, Flash, Steam htmlcache => 284821873 B Windows/system/drivers => 585612044 B Edge => 0 B Chrome => 455598684 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 66228 B Public => 0 B ProgramData => 0 B systemprofile => 42321889 B systemprofile32 => 78022 B LocalService => 66228 B NetworkService => 86532 B Mickey's => 423042566 B UpdatusUser => 0 B RecycleBin => 0 B EmptyTemp: => 1.7 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 15:57:56 ==== Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted August 16, 2016 ID:1056720 Share Posted August 16, 2016 How is your PC behaving now? Link to post Share on other sites More sharing options...
Recommended Posts