CMD window randomly pops up, not sure if malware or something else.

[0Lambda0]

Recently I downloaded something that contained malware but I (seemingly) removed it with Malwarebytes.

but occaisonally a CMD window will pop up and then disappear, not long enough to read what it's doing anyway. Very irritating.

All scans say my PC is clean, have tried multiple different malware/anti-virus scans. Yet this issue still persists.

This seems like a symptom of some sort of malware or something along those lines but I'm really not sure. I'm just not sure how I should diagnose the issue, since all scans yield nothing.

I'm running windows 7.

[kevinf80]

Hello and welcome to Malwarebytes, My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please: Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good... Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop: Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Choose Settings. at the bottom of the screen click the "Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK. Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu. Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen. NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop. Change default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties" In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK" Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location..... Next, Follow the instructions in the following link to show hidden files: http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/ Next, Download RKill from here: http://www.bleepingcomputer.com/download/rkill/ There are three buttons to choose from with different names on, select the first one and save it to your desktop.   Double-click on the Rkill desktop icon to run the tool. If using Vista or Windows 7/8/10, right-click on it and Run As Administrator. A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully. A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply. If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time. If the tool does not run from any of the links provided, please let me know. Next, Please open Malwarebytes Anti-Malware.   On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits". Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button. A Threat Scan will begin. When the scan is complete Apply Actions to any found entries. Wait for the prompt to restart the computer to appear (if applicable), then click on Yes. After the restart once you are back at your desktop, open MBAM once more. To get the log from Malwarebytes do the following:   Click on the History tab > Application Logs. Double click on the scan log which shows the Date and time of the scan just performed. Click Export > From export you have three options: Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply   Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply… If Malwarebytes is not installed follow these instructions first: Download Malwarebytes Anti-Malware to your desktop. Double-click mbam-setup and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following: Launch Malwarebytes Anti-Malware A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program. Click Finish. Follow the instructions above.... Next, Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...   Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach those logs to your reply. Let me see those logs in your reply... Thank you, Kevin...

[0Lambda0]

Thanks for the reply, here are the logs.

Rkill logs:

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/04/2016 03:28:09 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Users\Finn\AppData\Local\Apps\2.0\M9VY3J50.0TX\Y3GTM0BZ.8V1\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe (PID: 3904) [UP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

 * TBS [Missing Service]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1    down.baidu2016.com
  127.0.0.1    123.sogou.com
  127.0.0.1    www.czzsyzgm.com
  127.0.0.1    www.czzsyzxl.com
  127.0.0.1    union.baidu2019.com
  127.0.0.1    www.007guard.com
  127.0.0.1    007guard.com
  127.0.0.1    008i.com
  127.0.0.1    www.008k.com
  127.0.0.1    008k.com
  127.0.0.1    www.00hq.com
  127.0.0.1    00hq.com
  127.0.0.1    010402.com
  127.0.0.1    www.032439.com
  127.0.0.1    032439.com
  127.0.0.1    www.0scan.com
  127.0.0.1    0scan.com
  127.0.0.1    1000gratisproben.com
  127.0.0.1    www.1000gratisproben.com
  127.0.0.1    1001namen.com

  20 out of 15590 HOSTS entries shown.
  Please review HOSTS file for further entries.

Program finished at: 10/04/2016 03:28:33 PM
Execution time: 0 hours(s), 0 minute(s), and 23 seconds(s)

 

Malwarebytes log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 04/10/2016
Scan Time: 15:31
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.10.04.08
Rootkit Database: v2016.09.26.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Finn

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 301419
Time Elapsed: 17 min, 17 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-10-2016
Ran by Finn (administrator) on THE-AUCHINDOUN (04-10-2016 15:54:38)
Running from C:\Users\Finn\Desktop
Loaded Profiles: Finn (Available Profiles: Finn)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Spotify Ltd) C:\Users\Finn\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_ep64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Hammer & Chisel, Inc.) C:\Users\Finn\AppData\Local\Discord\app-0.0.296\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\Finn\AppData\Local\Discord\app-0.0.296\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\Finn\AppData\Local\Discord\app-0.0.296\Discord.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.5200\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.7963\Battle.net.exe
() C:\Program Files (x86)\Battle.net\Battle.net.7963\Battle.net Helper.exe
() C:\Program Files (x86)\Battle.net\Battle.net.7963\Battle.net Helper.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-27] (Realtek Semiconductor)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [6625672 2016-08-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [506864 2013-03-08] (MSI)
HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe [14885552 2016-03-23] (Corsair Components, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58640 2016-07-21] (Raptr, Inc)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2858272 2016-09-20] (Valve Corporation)
HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29635712 2016-09-12] (Skype Technologies S.A.)
HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\Run: [Spotify Web Helper] => C:\Users\Finn\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1529456 2016-09-20] (Spotify Ltd)
HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\Run: [FF1C3ZG5AE] => "C:\Program Files (x86)\DPower\4Q1XU0G7PD.exe"
HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [5915776 2016-03-21] (Safer-Networking Ltd.)
HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\MountPoints2: {40794351-317e-11e6-8456-806e6f6e6963} - F:\RunGame.exe
Startup: C:\Users\Finn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2016-08-28] ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{EEDACE59-D718-4345-BD09-32191C1F1A21}: [DhcpNameServer] 192.168.1.254 192.168.1.254

Internet Explorer:
==================
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-08-30] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-06-15] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-30] (Oracle Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-06-15] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-06-15] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-06-15] (Google Inc.)
Toolbar: HKU\S-1-5-21-1386840482-3784922888-1212510007-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-06-15] (Google Inc.)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

FireFox:
========
FF DefaultProfile: dny3nftj.default
FF ProfilePath: C:\Users\Finn\AppData\Roaming\Mozilla\Firefox\Profiles\dny3nftj.default [2016-10-04]
FF Extension: (Adblock Plus) - C:\Users\Finn\AppData\Roaming\Mozilla\Firefox\Profiles\dny3nftj.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-09-25]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-24] ()
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-30] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-24] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=G9Ozftpbl0cshmoBU,c013be2e-deda-4c01-8a2c-6d1b203a5219,
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shdefault1&prd=smw&pid=s&shr=d&q={searchTerms}&s=G9Ozftpbl0cshmoBU,c013be2e-deda-4c01-8a2c-6d1b203a5219,
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
CHR Profile: C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default [2016-09-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-29]
CHR Extension: (Chrome Media Router) - C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-22]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-05-04] (Advanced Micro Devices, Inc.) [File not signed]
S2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [137584 2014-09-19] ()
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1409032 2016-08-09] ()
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-09-23] (Hi-Rez Studios) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [161264 2013-02-20] (MSI)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2141192 2016-09-28] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2206224 2016-09-28] (Electronic Arts)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2011-11-13] (Advanced Micro Devices)
R2 AODDriver4.3.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [60104 2014-09-19] (Advanced Micro Devices)
R3 CorsairVBusDriver; C:\Windows\System32\DRIVERS\CorsairVBusDriver.sys [47840 2016-01-20] (Corsair)
R3 CorsairVHidDriver; C:\Windows\System32\DRIVERS\CorsairVHidDriver.sys [21728 2016-01-20] (Corsair)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-09-26] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-10-04] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation)
S3 MSICDSetup; \??\F:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\F:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-04 15:54 - 2016-10-04 15:54 - 00014503 _____ C:\Users\Finn\Desktop\FRST.txt
2016-10-04 15:54 - 2016-10-04 15:54 - 00000000 ____D C:\FRST
2016-10-04 15:53 - 2016-10-04 15:53 - 02404864 _____ (Farbar) C:\Users\Finn\Desktop\FRST64.exe
2016-10-04 15:28 - 2016-10-04 15:28 - 00004034 _____ C:\Users\Finn\Desktop\Rkill.txt
2016-10-04 15:27 - 2016-10-04 15:27 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Finn\Desktop\rkill.exe
2016-10-04 03:04 - 2016-10-04 03:04 - 03516080 _____ (Enigma Software Group USA, LLC.) C:\Users\Finn\Downloads\SpyHunter-Installer(1).exe
2016-10-03 14:40 - 2016-10-03 14:41 - 00406114 _____ C:\TDSSKiller.3.1.0.11_03.10.2016_14.40.04_log.txt
2016-10-03 14:39 - 2016-10-03 14:39 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Finn\Downloads\tdsskiller.exe
2016-10-03 13:55 - 2016-10-03 13:55 - 00000000 ____D C:\Users\Finn\Documents\Keysticks
2016-10-03 13:55 - 2016-10-03 13:55 - 00000000 ____D C:\Users\Finn\AppData\Local\Keysticks.net
2016-10-03 13:55 - 2016-10-03 13:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Keysticks
2016-10-03 13:55 - 2016-10-03 13:55 - 00000000 ____D C:\ProgramData\Keysticks.net
2016-10-03 13:55 - 2016-10-03 13:55 - 00000000 ____D C:\Program Files (x86)\Keysticks.net
2016-10-03 13:53 - 2016-10-03 13:54 - 10553493 _____ (T C Brogden Ltd) C:\Users\Finn\Downloads\KeysticksSetup-1.9.0.0.exe
2016-10-03 13:31 - 2016-10-03 13:32 - 00000000 ____D C:\Users\Finn\AppData\Local\NFS Underground 2
2016-10-03 13:30 - 2016-10-03 13:30 - 00000000 ____D C:\Users\Finn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-10-03 13:28 - 2016-10-03 13:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
2016-10-03 13:00 - 2016-10-03 13:00 - 00000000 ____D C:\Program Files (x86)\EA GAMES
2016-10-02 14:01 - 2016-10-02 14:01 - 00003276 _____ C:\Windows\System32\Tasks\{8B27754E-05DC-4466-BBEE-9C9D796416DB}
2016-09-29 21:39 - 2016-09-29 21:39 - 00000000 ____D C:\Users\Finn\AppData\Local\HirezLauncherUI
2016-09-29 21:36 - 2016-09-29 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
2016-09-28 22:16 - 2016-09-28 22:16 - 00000911 _____ C:\Users\Finn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\osu!.lnk
2016-09-28 21:45 - 2016-09-28 22:16 - 00000000 ____D C:\Users\Finn\AppData\Local\osu!
2016-09-28 21:44 - 2016-09-28 21:44 - 04513336 _____ (ppy) C:\Users\Finn\Downloads\osu!install.exe
2016-09-27 11:51 - 2016-09-27 11:51 - 00000166 _____ C:\Windows\wininit.ini
2016-09-26 22:17 - 2016-09-24 11:34 - 00001006 _____ C:\Windows\system32\Drivers\etc\hosts.20160926-221740.backup
2016-09-26 22:09 - 2016-09-26 22:09 - 00000000 ____D C:\Program Files\Common Files\AV
2016-09-26 17:55 - 2016-09-26 17:55 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2016-09-26 17:52 - 2016-09-26 22:14 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-09-26 17:52 - 2016-09-26 22:09 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-09-26 17:52 - 2016-09-26 17:52 - 00001395 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-09-26 17:52 - 2016-09-26 17:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-09-26 17:52 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2016-09-26 17:46 - 2016-09-26 17:50 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Finn\Downloads\spybot-2.4.exe
2016-09-26 17:31 - 2016-09-26 17:31 - 00004092 _____ C:\Windows\system32\.crusader
2016-09-26 17:27 - 2016-09-26 17:31 - 00000000 ____D C:\ProgramData\HitmanPro
2016-09-26 17:27 - 2016-09-26 17:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-09-26 17:27 - 2016-09-26 17:27 - 00000000 ____D C:\Program Files\HitmanPro
2016-09-26 17:04 - 2016-09-26 17:24 - 11579432 _____ (SurfRight B.V.) C:\Users\Finn\Downloads\HitmanPro_x64.exe
2016-09-26 16:17 - 2016-09-26 16:17 - 00000000 _____ C:\autoexec.bat
2016-09-26 16:11 - 2016-09-26 16:11 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-09-26 16:10 - 2016-09-26 16:10 - 03516080 _____ (Enigma Software Group USA, LLC.) C:\Users\Finn\Downloads\SpyHunter-Installer.exe
2016-09-24 12:18 - 2016-09-24 12:18 - 00000000 ____D C:\Users\Finn\AppData\Local\Macromedia
2016-09-24 12:17 - 2016-10-04 15:55 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-24 12:17 - 2016-09-24 12:17 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-09-24 12:17 - 2016-09-24 12:17 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-09-24 12:17 - 2016-09-24 12:17 - 00000000 ____D C:\Windows\system32\Macromed
2016-09-24 12:14 - 2016-09-24 12:17 - 00000000 ____D C:\Users\Finn\AppData\Local\Adobe
2016-09-24 12:10 - 2016-09-24 12:17 - 00000000 ____D C:\Users\Finn\AppData\Local\Mozilla
2016-09-24 12:10 - 2016-09-24 12:11 - 00000000 ____D C:\Users\Finn\AppData\Roaming\Mozilla
2016-09-24 12:10 - 2016-09-24 12:10 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-09-24 12:10 - 2016-09-24 12:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-24 12:10 - 2016-09-24 12:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-09-24 11:57 - 2016-09-24 11:57 - 00000218 _____ C:\Users\Finn\AppData\Local\recently-used.xbel
2016-09-24 11:52 - 2016-09-24 11:52 - 07175680 _____ C:\Users\Finn\AppData\Roaming\agent.dat
2016-09-24 11:52 - 2016-09-24 11:52 - 00018432 _____ C:\Users\Finn\AppData\Roaming\Main.dat
2016-09-24 11:51 - 2016-09-24 11:51 - 00140288 _____ C:\Users\Finn\AppData\Roaming\Installer.dat
2016-09-24 11:45 - 2016-09-24 11:45 - 00000000 ____D C:\Program Files (x86)\Jozerentnibas_
2016-09-24 11:41 - 2016-09-24 12:02 - 00000000 ____D C:\Program Files (x86)\DPower
2016-09-24 11:41 - 2016-09-24 11:48 - 00000000 ____D C:\Program Files (x86)\mpck
2016-09-24 11:39 - 2016-10-04 15:31 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-24 11:39 - 2016-09-24 11:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-24 11:39 - 2016-09-24 11:39 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-09-24 11:39 - 2016-09-24 11:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-24 11:39 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-09-24 11:39 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-09-24 11:39 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-09-24 11:37 - 2016-09-24 11:37 - 00000000 _____ C:\TOSTACK
2016-09-24 11:34 - 2016-09-24 11:34 - 00002560 _____ C:\Users\Finn\AppData\Local\uninstallro.exe
2016-09-24 11:33 - 2016-09-24 11:38 - 22851472 _____ (Malwarebytes ) C:\Users\Finn\Downloads\mbam-setup-2.2.1.1043.exe
2016-09-24 11:23 - 2016-10-04 15:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
2016-09-24 11:23 - 2016-10-04 15:23 - 00000000 ____D C:\Program Files (x86)\MagicISO
2016-09-24 11:22 - 2016-09-24 11:22 - 03067400 _____ C:\Users\Finn\Downloads\Setup_MagicISO.exe
2016-09-24 11:15 - 2016-09-24 11:57 - 00000000 ____D C:\Users\Finn\AppData\Roaming\deluge
2016-09-24 11:15 - 2016-09-24 11:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge
2016-09-24 11:15 - 2016-09-24 11:15 - 00000000 ____D C:\Program Files (x86)\Deluge
2016-09-24 11:13 - 2016-09-24 11:15 - 15955676 _____ (Deluge Team) C:\Users\Finn\Downloads\deluge-1.3.13-win32-py2.7-0.exe
2016-09-22 14:45 - 2016-09-22 14:45 - 01048576 ____H C:\Windows\system32\BITC48F.tmp
2016-09-22 14:45 - 2016-09-22 14:45 - 01048576 ____H C:\Windows\system32\BITA338.tmp
2016-09-22 10:59 - 2016-09-22 10:59 - 01378550 _____ (Igor Pavlov) C:\Users\Finn\Downloads\7z1602-x64 (1).exe
2016-09-22 10:57 - 2016-09-22 10:57 - 00821384 _____ C:\Users\Finn\Downloads\the_filthy_frank_pack_fixed_.rar
2016-09-22 10:39 - 2016-09-22 10:40 - 03224630 _____ C:\Users\Finn\Downloads\_MagnumHUD-master.zip
2016-09-22 10:14 - 2016-09-22 10:14 - 06499805 _____ C:\Users\Finn\Downloads\Hudas Iscariote [1.5.6].zip
2016-09-20 17:28 - 2016-09-20 17:28 - 00016874 _____ C:\Users\Finn\Downloads\dealwithit.svg
2016-09-15 05:06 - 2016-09-15 05:06 - 00000000 ____D C:\Users\Finn\.QtWebEngineProcess
2016-09-15 05:06 - 2016-09-15 05:06 - 00000000 ____D C:\Users\Finn\.Origin
2016-09-11 17:04 - 2016-09-11 17:06 - 00007602 _____ C:\Users\Finn\AppData\Local\Resmon.ResmonCfg
2016-09-11 12:04 - 2016-09-11 12:04 - 00000000 ____D C:\Users\Finn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD
2016-09-11 12:04 - 2016-09-11 12:04 - 00000000 ____D C:\Users\Finn\AppData\Local\Downloaded Installations
2016-09-11 12:01 - 2016-09-11 12:03 - 31843088 _____ (Advanced Micro Devices, Inc. ) C:\Users\Finn\Downloads\aod_setup_4.3.1.0698.exe
2016-09-06 19:41 - 2016-09-06 22:22 - 00000000 ____D C:\Users\Finn\Documents\Battlefield 1 Open Beta
2016-09-06 05:55 - 2016-09-06 05:55 - 00000000 ____D C:\Users\Finn\AppData\Local\CrashRpt
2016-09-06 05:55 - 2016-09-06 05:55 - 00000000 ____D C:\Users\Finn\AppData\Local\CallofDuty4MW
2016-09-06 05:15 - 2016-09-06 05:15 - 00000000 ____D C:\Program Files (x86)\Origin Games
2016-09-06 05:13 - 2016-10-04 03:00 - 00000000 ____D C:\Users\Finn\AppData\Roaming\Origin
2016-09-06 05:13 - 2016-09-28 16:06 - 00000000 ____D C:\Users\Finn\AppData\Local\Origin
2016-09-06 05:01 - 2016-10-01 15:45 - 00000000 ____D C:\ProgramData\Origin
2016-09-06 05:01 - 2016-09-28 16:36 - 00000000 ____D C:\Program Files (x86)\Origin
2016-09-06 05:01 - 2016-09-07 20:54 - 00000000 ____D C:\ProgramData\Electronic Arts
2016-09-06 04:42 - 2016-09-06 04:49 - 31395216 _____ (Electronic Arts, Inc.) C:\Users\Finn\Downloads\OriginThinSetup.exe
2016-09-05 20:53 - 2016-09-05 20:53 - 00000000 ____D C:\Users\Finn\AppData\Local\PunkBuster
2016-09-05 20:48 - 2016-09-05 20:50 - 07633777 _____ C:\Users\Finn\Downloads\CoD4 PB.zip
2016-09-05 20:48 - 2016-09-05 20:49 - 03139984 _____ C:\Users\Finn\Downloads\servercache.dat
2016-09-05 17:14 - 2016-09-05 17:14 - 00624000 _____ C:\Users\Finn\Downloads\CoreParkingManager.zip
2016-09-05 17:13 - 2016-09-05 17:13 - 00889416 _____ (Microsoft Corporation) C:\Users\Finn\Downloads\dotNetFx40_Full_setup.exe
2016-09-04 01:43 - 2016-09-04 01:43 - 00000000 ____D C:\Users\Finn\AppData\Roaming\.mono
2016-09-04 01:43 - 2016-09-04 01:43 - 00000000 ____D C:\Users\Finn\AppData\LocalLow\Blizzard Entertainment
2016-09-04 01:43 - 2016-09-04 01:43 - 00000000 ____D C:\Users\Finn\AppData\Local\Blizzard
2016-09-04 01:43 - 2016-09-04 01:43 - 00000000 ____D C:\ProgramData\.mono

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-04 15:48 - 2016-06-13 18:34 - 00000000 ____D C:\Users\Finn\AppData\Local\Battle.net
2016-10-04 15:06 - 2016-06-13 17:50 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-04 15:03 - 2016-06-13 18:51 - 00000000 ____D C:\Users\Finn\AppData\Roaming\Raptr
2016-10-04 15:02 - 2009-07-14 05:45 - 00016880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-04 15:02 - 2009-07-14 05:45 - 00016880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-04 04:49 - 2016-09-03 17:24 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2016-10-04 03:27 - 2016-06-13 18:33 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-10-04 03:08 - 2009-07-14 06:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-04 03:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-10-04 03:03 - 2016-06-14 19:21 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-10-04 03:03 - 2016-06-14 19:21 - 00000000 ____D C:\Users\Finn\AppData\Roaming\Skype
2016-10-04 03:03 - 2016-06-13 18:48 - 00000000 ____D C:\ProgramData\Skype
2016-10-04 03:02 - 2016-08-28 14:55 - 00000000 ____D C:\Users\Finn\AppData\Local\Deployment
2016-10-04 03:02 - 2016-06-13 18:15 - 00000000 ____D C:\Program Files (x86)\Steam
2016-10-04 03:02 - 2016-06-13 17:50 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-04 03:01 - 2016-07-01 22:52 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2016-10-04 03:01 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-04 01:59 - 2016-06-13 19:02 - 00000000 ____D C:\Users\Finn\AppData\Local\Spotify
2016-10-04 01:46 - 2016-06-13 19:01 - 00000000 ____D C:\Users\Finn\AppData\Roaming\Spotify
2016-10-03 03:59 - 2016-06-13 20:04 - 00000000 ____D C:\Users\Finn\AppData\Local\Warframe
2016-10-01 23:59 - 2016-06-25 01:54 - 00000000 ____D C:\Users\Finn\AppData\Local\CrashDumps
2016-09-30 22:42 - 2016-06-13 18:58 - 00000000 ____D C:\Program Files (x86)\Overwatch
2016-09-29 21:45 - 2016-07-01 22:52 - 00000000 ____D C:\ProgramData\Hi-Rez Studios
2016-09-29 21:44 - 2016-06-13 22:01 - 00000000 ____D C:\Users\Finn\Documents\My Games
2016-09-29 21:38 - 2016-06-13 18:23 - 00000000 ____D C:\ProgramData\Package Cache
2016-09-29 21:36 - 2016-06-13 17:48 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-09-29 20:13 - 2016-06-13 18:14 - 00000000 ____D C:\Users\Finn\AppData\Roaming\TS3Client
2016-09-26 17:32 - 2016-07-31 10:11 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2016-09-24 12:17 - 2016-07-01 22:55 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-24 12:17 - 2016-07-01 22:55 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-09-24 12:10 - 2016-06-13 17:50 - 00000000 ____D C:\Program Files (x86)\Google
2016-09-24 12:10 - 2016-06-13 17:15 - 00001417 _____ C:\Users\Finn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-09-24 12:03 - 2016-07-30 18:31 - 00001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2016-09-24 12:03 - 2016-06-13 19:02 - 00001768 _____ C:\Users\Finn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-09-24 12:03 - 2016-06-13 18:14 - 00000961 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2016-09-24 12:03 - 2016-06-13 16:50 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-09-24 12:03 - 2016-06-13 16:50 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-09-24 12:03 - 2009-07-14 06:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-09-24 12:03 - 2009-07-14 05:57 - 00001535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-09-24 12:03 - 2009-07-14 05:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-09-24 12:03 - 2009-07-14 05:57 - 00001318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-09-24 12:03 - 2009-07-14 05:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-09-24 12:03 - 2009-07-14 05:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-09-24 12:03 - 2009-07-14 05:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-09-24 12:02 - 2016-08-28 14:55 - 00000000 ____D C:\Users\Finn\AppData\Local\Apps\2.0
2016-09-24 11:51 - 2016-07-31 10:24 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-09-23 16:57 - 2016-06-13 18:14 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2016-09-22 17:03 - 2016-08-06 21:04 - 00000000 ____D C:\Users\Finn\AppData\Local\Ubisoft Game Launcher
2016-09-22 11:00 - 2016-06-13 18:12 - 00000000 ____D C:\Program Files\7-Zip
2016-09-17 09:50 - 2016-08-13 14:44 - 00000000 ____D C:\Users\Finn\AppData\Local\ElevatedDiagnostics
2016-09-15 05:06 - 2016-06-13 17:14 - 00000000 ____D C:\Users\Finn
2016-09-11 12:04 - 2016-06-13 18:51 - 00000000 ____D C:\Program Files (x86)\AMD
2016-09-07 19:43 - 2016-06-17 16:24 - 00000000 ____D C:\Users\Finn\AppData\Roaming\discord
2016-09-05 17:17 - 2009-07-14 06:08 - 00032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2016-09-24 11:52 - 2016-09-24 11:52 - 7175680 _____ () C:\Users\Finn\AppData\Roaming\agent.dat
2016-09-24 11:51 - 2016-09-24 11:51 - 0140288 _____ () C:\Users\Finn\AppData\Roaming\Installer.dat
2016-09-24 11:52 - 2016-09-24 11:52 - 0018432 _____ () C:\Users\Finn\AppData\Roaming\Main.dat
2016-09-24 11:57 - 2016-09-24 11:57 - 0000218 _____ () C:\Users\Finn\AppData\Local\recently-used.xbel
2016-09-11 17:04 - 2016-09-11 17:06 - 0007602 _____ () C:\Users\Finn\AppData\Local\Resmon.ResmonCfg
2016-09-24 11:34 - 2016-09-24 11:34 - 0002560 _____ () C:\Users\Finn\AppData\Local\uninstallro.exe

Some files in TEMP:
====================
C:\Users\Finn\AppData\Local\Temp\AutoRun.exe
C:\Users\Finn\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Finn\AppData\Local\Temp\devcon64.exe
C:\Users\Finn\AppData\Local\Temp\GLB1A2B.EXE

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-09-16 18:45

==================== End of FRST.txt ============================

 

Addition Log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-10-2016
Ran by Finn (04-10-2016 15:55:19)
Running from C:\Users\Finn\Desktop
Windows 7 Professional Service Pack 1 (X64) (2016-06-13 16:14:51)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1386840482-3784922888-1212510007-500 - Administrator - Disabled)
Finn (S-1-5-21-1386840482-3784922888-1212510007-1000 - Administrator - Enabled) => C:\Users\Finn
Guest (S-1-5-21-1386840482-3784922888-1212510007-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
AMD OverDrive (HKLM-x32\...\{EEB605FD-C5F5-4946-90F3-D65C604A9187}) (Version: 4.3.1.0698 - Advanced Micro Devices, Inc.)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.031 - ASUSTek Computer Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Bandicam (HKLM-x32\...\Bandicam) (Version: 3.1.1.1073 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version:  - )
Besiege (HKLM\...\Steam App 346010) (Version:  - Spiderling Studios)
BioShock Infinite (HKLM\...\Steam App 8870) (Version:  - Irrational Games)
Call of Duty 4: Modern Warfare (HKLM\...\Steam App 7940) (Version:  - Infinity Ward)
Call of Duty: Black Ops II - Multiplayer (HKLM\...\Steam App 202990) (Version:  - Treyarch)
Castle Crashers (HKLM\...\Steam App 204360) (Version:  - The Behemoth)
Catalyst Control Center Next Localization BR (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Corsair Utility Engine (HKLM-x32\...\{46A3EEB3-8F6F-4BC4-9A53-CDE33D089D08}) (Version: 1.16.42 - Corsair)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM\...\Steam App 240) (Version:  - Valve)
Curse Client (HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
DARK SOULS III (HKLM\...\Steam App 374320) (Version:  - FromSoftware, Inc.)
Deluge 1.3.13 (HKLM-x32\...\Deluge) (Version:  - )
Discord (HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Duck Game (HKLM\...\Steam App 312530) (Version:  - Landon Podbielski)
Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Facepunch Studios)
Golf With Your Friends (HKLM\...\Steam App 431240) (Version:  - Blacklight Interactive)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.21.99 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.280 - SurfRight B.V.)
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Keysticks (HKLM-x32\...\{0CA309CD-E575-4066-9DB5-EDCB331F32EF}) (Version: 1.9 - Keysticks.net)
Left 4 Dead 2 (HKLM\...\Steam App 550) (Version:  - Valve)
Magicka (HKLM\...\Steam App 42910) (Version:  - Arrowhead Game Studios)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 49.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 49.0.1 (x86 en-GB)) (Version: 49.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.1 - Mozilla)
Need for Speed Underground 2 (HKLM-x32\...\{909F8EBC-EC7F-48FF-0085-475D818F0F31}) (Version:  - )
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.0.2.33129 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{2e898357-fa35-4e45-95f1-6513c9177147}) (Version: latest - ppy Pty Ltd)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Overwatch Test (HKLM-x32\...\Overwatch Test) (Version:  - Blizzard Entertainment)
PAYDAY 2 (HKLM\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
Portal 2 (HKLM\...\Steam App 620) (Version:  - Valve)
PowerLine Utility (HKLM-x32\...\{1A5E91E0-20BD-423B-ABD4-7683A30D3C2F}) (Version: 2.0.1431 - TP-LINK)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.3-r114633-release - Raptr, Inc)
Ratz Instagib 2.0 (HKLM\...\Steam App 338170) (Version:  - Lino Slahuschek)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6959 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.23.0 - Renesas Electronics Corporation) Hidden
Rocket League (HKLM\...\Steam App 252950) (Version:  - Psyonix, Inc.)
Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version:  - Firaxis Games)
Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version:  - 2K Games, Inc.)
Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.)
SlimDX Runtime .NET 4.0 x86 (January 2012) (HKLM-x32\...\{7EBD0E43-6AC0-4CA8-9990-00E50069AD29}) (Version: 2.0.13.43 - SlimDX Group)
SMITE (HKLM\...\Steam App 386360) (Version:  - Hi-Rez Studios)
Spotify (HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\Spotify) (Version: 1.0.38.171.g5e1cd7b2 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Super Meat Boy (HKLM\...\Steam App 40800) (Version:  - Team Meat)
Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.018 - MSI)
Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
Terraria (HKLM\...\Steam App 105600) (Version:  - Re-Logic)
Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Uplay Install 635) (Version:  - Ubisoft Montreal)
Uplay (HKLM-x32\...\Uplay) (Version: 21.1 - Ubisoft)
Warframe (HKLM\...\Steam App 230410) (Version:  - Digital Extremes)
Winki (HKLM-x32\...\{81CF5153-38CF-41e2-AC3C-3D477C987D96}_is1) (Version: 3.2.131 - MSI)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
XSplit Gamecaster (HKLM-x32\...\{8915913F-E4AF-46C5-B4EF-3535D83BFFDE}) (Version: 2.5.1507.3018 - SplitmediaLabs)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1221140F-5FB7-4A3F-8276-8DDDABB2282A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {6985C5EA-5AE7-4AE3-A963-31F3A9C3A91E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-13] (Google Inc.)
Task: {71E74573-6867-4CB9-98FA-A5022D422995} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-08-11] (Advanced Micro Devices, Inc.)
Task: {7B53E6F3-A3A6-47E0-A473-3BF791734305} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2015-05-18] ()
Task: {8A698CD7-98CB-4710-8EB8-FEAA3369E8AB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-24] (Adobe Systems Incorporated)
Task: {96198EBA-0903-480F-9BB1-34A38B011195} - System32\Tasks\{8B27754E-05DC-4466-BBEE-9C9D796416DB} => pcalua.exe -a "D:\SteamLibrary\steamapps\common\Left 4 Dead 2\bin\addoninstaller.exe" -d "D:\SteamLibrary\steamapps\common\Left 4 Dead 2" -c /register
Task: {F56D109C-3F5B-4EC2-BA85-31CE73C95467} - System32\Tasks\{6DB2B7A6-CB4B-4D7E-B8F5-56C74A5CD320} => Chrome.exe hxxp://ui.skype.com/ui/0/7.24.0.104/en/go/help.faq.installer?source=lightinstaller&LastError=1618
Task: {F976F8BF-0D1C-465C-903C-31E5467A2504} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-13] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2012-05-04 15:41 - 2012-05-04 15:41 - 00211968 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2011-11-13 14:30 - 2011-11-13 14:30 - 00676864 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2011-11-13 14:31 - 2011-11-13 14:31 - 03643392 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2015-06-25 17:34 - 2015-06-25 17:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 17:37 - 2015-06-25 17:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 17:35 - 2015-06-25 17:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 17:38 - 2015-06-25 17:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 16:53 - 2015-06-25 16:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 16:51 - 2015-06-25 16:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-07 19:39 - 2016-09-07 19:39 - 01484776 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7963\Battle.net Helper.exe
2016-09-26 17:52 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-09-26 17:52 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-09-26 17:52 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-09-26 17:52 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-09-26 17:52 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-03-21 14:49 - 2016-08-11 09:22 - 00223744 _____ () C:\Windows\SysWOW64\GameManager32.dll
2016-06-13 18:20 - 2016-09-08 04:14 - 00784672 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-06-13 18:20 - 2016-09-01 02:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-06-13 18:20 - 2016-09-01 02:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-06-13 18:20 - 2016-09-01 02:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-06-13 18:20 - 2016-09-20 20:28 - 02321696 _____ () C:\Program Files (x86)\Steam\video.dll
2016-06-13 18:20 - 2016-01-27 08:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-06-13 18:20 - 2016-01-27 08:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-06-13 18:20 - 2016-01-27 08:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-06-13 18:20 - 2016-01-27 08:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-06-13 18:20 - 2016-01-27 08:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-06-13 18:20 - 2016-09-20 20:28 - 00835360 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-06-13 18:20 - 2016-07-04 23:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-03-23 11:04 - 2016-03-23 11:04 - 00091136 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\LuaQtWrapperLibrary.dll
2016-03-23 11:02 - 2016-03-23 11:02 - 00200704 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\lua52.dll
2016-03-23 11:02 - 2016-03-23 11:02 - 00224256 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\quazip.dll
2016-06-13 18:20 - 2016-08-04 21:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00087040 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ctypes.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00043008 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_socket.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00805376 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ssl.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 05812736 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtGui.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 00067584 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sip.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 01662464 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtCore.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 00494592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00096256 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32api.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00110592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pywintypes26.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00010240 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\select.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00356864 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_hashlib.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00036352 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32process.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00111104 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32file.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00044544 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_sqlite3.pyd
2011-02-15 19:17 - 2011-02-15 19:17 - 00417501 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sqlite3.dll
2010-11-22 23:57 - 2010-11-22 23:57 - 00167936 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32gui.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 00313856 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00127488 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pyexpat.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00009216 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\winsound.pyd
2015-10-21 21:29 - 2015-10-21 21:29 - 00113171 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlc.dll
2015-10-21 21:29 - 2015-10-21 21:29 - 02396691 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlccore.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00583680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\unicodedata.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00324608 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PIL._imaging.pyd
2015-06-27 00:09 - 2015-06-27 00:09 - 00271872 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\amd_ags.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00354304 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pythoncom26.dll
2010-11-22 23:57 - 2010-11-22 23:57 - 00263168 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32com.shell.shell.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00141312 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\gobject._gobject.pyd
2016-04-19 18:08 - 2016-04-19 18:08 - 02717595 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\heliotrope._purple.pyd
2011-02-15 19:17 - 2011-02-15 19:17 - 01213633 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libxml2-2.dll
2010-11-23 00:06 - 2010-11-23 00:06 - 00055808 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\zlib1.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 00495680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libaim.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 01183699 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\liboscar.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 00483306 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libicq.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00655356 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libirc.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 01306387 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libmsn.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 00565461 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libxmpp.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 01640221 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libjabber.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 00506276 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoo.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 01053730 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libymsg.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00497782 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoojp.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00603326 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl-nss.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00474199 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl.dll
2016-06-13 18:20 - 2015-09-25 00:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2016-08-25 21:15 - 2016-08-24 17:49 - 01950392 _____ () C:\Users\Finn\AppData\Local\Discord\app-0.0.296\ffmpeg.dll
2016-08-25 21:15 - 2016-08-25 21:15 - 01050296 _____ () \\?\C:\Users\Finn\AppData\Roaming\discord\0.0.296\modules\discord_voice\discord_voice.node
2016-08-25 21:15 - 2016-08-25 21:15 - 03793080 _____ () \\?\C:\Users\Finn\AppData\Roaming\discord\0.0.296\modules\discord_voice\libdiscord.dll
2016-08-25 21:15 - 2016-08-25 21:15 - 00894136 _____ () \\?\C:\Users\Finn\AppData\Roaming\discord\0.0.296\modules\discord_utils\discord_utils.node
2016-08-25 21:15 - 2016-08-24 17:49 - 02230456 _____ () C:\Users\Finn\AppData\Local\Discord\app-0.0.296\libglesv2.dll
2016-08-25 21:15 - 2016-08-24 17:49 - 00088760 _____ () C:\Users\Finn\AppData\Local\Discord\app-0.0.296\libegl.dll
2016-10-04 03:16 - 2016-10-04 03:16 - 00170496 _____ () \\?\C:\Users\Finn\AppData\Local\Temp\BFA6.tmp.node
2016-09-02 17:43 - 2016-09-09 20:31 - 02022072 _____ () \\?\C:\Users\Finn\AppData\Roaming\discord\0.0.296\modules\discord_contact_import\discord_contact_import.node
2016-09-07 19:42 - 2016-09-07 19:42 - 00540336 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7963\ortp.dll
2016-09-07 19:40 - 2016-09-07 19:42 - 37247976 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7963\libcef.dll
2016-09-07 19:39 - 2016-09-07 19:39 - 00194024 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7963\BZRECORD.dll
2016-09-07 19:39 - 2016-09-07 19:39 - 06402560 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7963\battle.net.dll
2016-09-07 19:42 - 2016-09-07 19:42 - 00133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7963\libEGL.dll
2016-09-07 19:42 - 2016-09-07 19:42 - 03384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7963\libGLESv2.dll
2016-09-07 19:42 - 2016-09-07 19:42 - 03384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7963\libglesv2.dll
2016-09-07 19:42 - 2016-09-07 19:42 - 00133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7963\libegl.dll
2016-09-07 19:40 - 2016-09-07 19:40 - 00990696 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7963\ffmpegsumo.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7914 more sites.

IE restricted site: HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\...\123simsen.com -> www.123simsen.com

There are 7914 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2016-09-26 22:17 - 00453416 ____N C:\Windows\system32\Drivers\etc\hosts

127.0.0.1    down.baidu2016.com
127.0.0.1    123.sogou.com
127.0.0.1    www.czzsyzgm.com
127.0.0.1    www.czzsyzxl.com
127.0.0.1    union.baidu2019.com127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info

There are 15558 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1386840482-3784922888-1212510007-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{BB0B4B58-A437-4A00-9A14-1761DAF45141}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E46DFE2F-BC80-4921-8E3D-23BEF4FD661F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{ED71228B-D213-4C8B-84EA-53425FACF084}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E518473E-ACBC-44D2-885A-260E11DC0646}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{973D6FF2-BE65-41B8-ABC3-A799CF34CBD3}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{BF5A29B8-43F2-4CC5-9ECE-1D0A11034B79}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [TCP Query User{F19C8024-94BD-4AC8-9C02-D2C0D26E64A0}C:\users\finn\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\finn\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{37642873-B5FA-4402-B50B-261961522743}C:\users\finn\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\finn\appdata\roaming\spotify\spotify.exe
FirewallRules: [{33C5AAB0-365E-41DD-A1DE-8AD6FD72CBD7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{3F6D2018-9E25-4BEA-B4E1-F6D94D9CC3EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{0F2EF65B-A484-42F8-9BB2-F4CFD0D14C70}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{1BEB1884-C20E-45C4-90D5-7AF7C759489B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{48D770B9-7199-47D1-85C2-F79930D494FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{6CF726AC-C59A-42ED-AC77-ACB159F4141C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{EDF7C486-7682-4CD1-B4D7-D8382C0136BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{827E685F-3855-4955-ABB1-2BC4766ECFEA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{16A28016-5CA2-4732-9189-A2C790438C97}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{75FF6FDD-A2BE-4006-982A-F6217EA517EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{BFA54FC5-DBE5-456F-99E0-4894F13FF892}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{A1E0A0A9-B69D-4791-B0F7-DF204FC246A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{28356709-4E33-4D26-A0CE-618EC6E9869D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{0ED2F2DC-54A9-4877-AF36-51B33E1BC16E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{31EEBA25-0D26-472A-86D9-69066C4C2E3F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duck Game\DuckGame.exe
FirewallRules: [{56F39A75-A496-42B1-88F7-E35C3A79B7F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duck Game\DuckGame.exe
FirewallRules: [TCP Query User{AD63B9A6-39B0-4975-9507-209E2BBDB2DD}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{82FB25DB-4389-414F-9137-40B5E8A77851}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{327A7A23-0FF4-4958-BD13-8979D86DE7A9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{65E9BD5B-4A01-41E5-9B0C-6CA88BDEBF1C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{8E91DFC6-11D5-41E1-B549-9D94D6792784}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [TCP Query User{E3D6F627-86AE-4FCA-8DD1-CED91DAFDC54}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{3453BB04-4DC7-4FBF-A9C6-75179530EA9C}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{FCC94C90-B928-4FD8-94F9-3C69E6CBD40E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{14FF2B35-5609-4393-B0F2-0C026A467FD5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{629F5406-EB1B-48E1-9700-D0552D40B7FE}] => (Allow) E:\SteamLibrary\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{F6FEEE43-6F4B-4CF5-AC70-069F4772BB55}] => (Allow) E:\SteamLibrary\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [TCP Query User{09D47A86-BE77-4A1D-ABFE-E645B4E96DD7}E:\steamlibrary\steamapps\common\arma 3\arma3.exe] => (Allow) E:\steamlibrary\steamapps\common\arma 3\arma3.exe
FirewallRules: [UDP Query User{5BBD918C-7FA4-4EC0-8DEB-222324F01095}E:\steamlibrary\steamapps\common\arma 3\arma3.exe] => (Allow) E:\steamlibrary\steamapps\common\arma 3\arma3.exe
FirewallRules: [{1C67FB0D-9B8C-4584-A591-975236B64FE4}] => (Allow) E:\SteamLibrary\steamapps\common\Ratz Instagib\RatzInstagib.exe
FirewallRules: [{8CA9E2D3-91ED-4464-A36C-8EA7A4E9C395}] => (Allow) E:\SteamLibrary\steamapps\common\Ratz Instagib\RatzInstagib.exe
FirewallRules: [{62026810-4791-4E8B-A41B-2D2D646BB132}] => (Allow) E:\SteamLibrary\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{1E3A4499-7259-4646-8637-5E3DEF8E8D6A}] => (Allow) E:\SteamLibrary\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [TCP Query User{B3986EF4-9B07-4EB6-BD5D-B1F60729E041}C:\program files (x86)\overwatch test\overwatch.exe] => (Allow) C:\program files (x86)\overwatch test\overwatch.exe
FirewallRules: [UDP Query User{B26F6D37-C7D4-4C22-840A-61C44C8EC864}C:\program files (x86)\overwatch test\overwatch.exe] => (Allow) C:\program files (x86)\overwatch test\overwatch.exe
FirewallRules: [{94DC9776-CCB0-4B32-B8FE-F25B54E9CAC4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magicka\Magicka.exe
FirewallRules: [{B2928684-AC05-412F-B84B-5919E308EDF2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magicka\Magicka.exe
FirewallRules: [{018A46B7-DD06-46FA-A1CD-45D010B746DA}] => (Allow) D:\SteamLibrary\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{44E8AA7A-AFB6-4400-995B-2B3E71870F09}] => (Allow) D:\SteamLibrary\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{3426F2B8-5CB2-4DFF-B1B5-D3A3CBD451A0}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{B9FC23A8-1866-4BE1-A0C3-8C5FE4D2128D}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{CC5D50D3-D241-40B9-B33F-EF0A4429D002}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{7D2B44FE-DCA3-4BDC-9BA7-42CBDA282220}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{A5C6BFB8-6E0F-475C-9B40-953B380F6EED}] => (Allow) D:\Uplay@D\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{1AF2F6DC-2CE8-4BCA-AA1E-17203B85F186}] => (Allow) D:\Uplay@D\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{F8986523-A9D8-4DB9-A698-0DA26F923B0E}] => (Allow) D:\Uplay@D\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [{154347E5-9CCA-4461-BB6B-C009A33F41B3}] => (Allow) D:\Uplay@D\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [{21D58F8C-ACD6-465B-91C2-CD1B6DC60372}] => (Allow) D:\SteamLibrary\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{11A66270-D0F5-4D36-ACAA-777706316099}] => (Allow) D:\SteamLibrary\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [TCP Query User{B6D594A5-39DD-424A-A36C-82B8B22132C9}C:\program files\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [UDP Query User{55444B15-105D-4347-9C03-95B2B8841C23}C:\program files\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [TCP Query User{D25103CA-082D-4CBA-8AE6-B038FC9EB4FF}C:\program files\java\jre1.8.0_101\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_101\bin\java.exe
FirewallRules: [UDP Query User{EA388F72-FABE-4DF3-A82C-C9B02F1BEE00}C:\program files\java\jre1.8.0_101\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_101\bin\java.exe
FirewallRules: [TCP Query User{9C0971EE-F74E-4D59-B59B-6D60839D3D67}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{8F6A156E-3CF9-40A2-B26F-FEED8C882871}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{7BB003DE-6398-4AAD-B096-3CC3E315FA47}] => (Allow) D:\SteamLibrary\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{2D4C67E8-FD86-48DB-9FBB-F741EC541C50}] => (Allow) D:\SteamLibrary\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{5BDB29B7-4F35-4343-96C8-8C31D42F7238}] => (Allow) E:\SteamLibrary\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{C3FB2897-027C-4C55-A6B6-28499A323325}] => (Allow) E:\SteamLibrary\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{0D7FA4AA-85EE-486C-B4E7-6EA999FD495F}] => (Allow) D:\SteamLibrary\steamapps\common\Call of Duty 4\iw3sp.exe
FirewallRules: [{849281B6-41B0-4B53-8B31-C4A1675BAE52}] => (Allow) D:\SteamLibrary\steamapps\common\Call of Duty 4\iw3sp.exe
FirewallRules: [{85C4B1D4-8FA0-4906-8A17-F5E8B1765343}] => (Allow) D:\SteamLibrary\steamapps\common\Call of Duty 4\iw3mp.exe
FirewallRules: [{A6B3928C-DB08-4B82-BEB1-723C43E68AE9}] => (Allow) D:\SteamLibrary\steamapps\common\Call of Duty 4\iw3mp.exe
FirewallRules: [{46A03BE0-0811-4A51-A57D-BC777E9BB164}] => (Allow) D:\SteamLibrary\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [{AB28FB7C-D91E-4AA2-8312-31F390FA15E6}] => (Allow) D:\SteamLibrary\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [TCP Query User{17430ACF-513B-4DC0-BA96-48D1C54F4895}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{2D2D909D-C2DD-47AF-982B-2FB22BC0782E}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{BC93DF40-96F7-4CFD-9CDA-85CCDD384748}] => (Allow) D:\SteamLibrary\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{1B92DDA1-7056-4252-93B7-73DAF978FD8F}] => (Allow) D:\SteamLibrary\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{900FA3AA-D480-4625-9736-DD5665720A8F}] => (Allow) D:\SteamLibrary\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{4AC39721-A03E-47BE-845B-9DF061D85ABC}] => (Allow) D:\SteamLibrary\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{A9A68FD6-58E0-4D52-ACD6-074FCD137FEC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{3058BBBD-DF12-431B-A5EE-377DAAEEFF5B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{E55D19A0-6280-4B41-ABB3-41281AE42A8F}] => (Allow) D:\SteamLibrary\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{8660765A-6275-48F6-AB64-043D4858A73B}] => (Allow) D:\SteamLibrary\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{2CCC4F01-C238-4017-90EE-E7E87A7B6D45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{90F16D32-8125-4E32-B2AD-1F0A38172C53}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{5411E273-49A7-4ABD-93EB-1C134511BC55}] => (Allow) D:\SteamLibrary\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{B3CA8443-7A61-44F9-B43D-4AC76C037004}] => (Allow) D:\SteamLibrary\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{7AD5DBE4-9ABE-418E-AB5A-FC2B2D9979CB}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{BA307C14-F732-4D7A-A86B-46A32FB336B7}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{6D2B5CA4-A85E-44DD-BEC3-BB45D5BD937A}] => (Allow) D:\SteamLibrary\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{3F2FB5C1-F746-4DC3-9655-1808103707C1}] => (Allow) D:\SteamLibrary\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [TCP Query User{954AD68B-3FE9-4D11-8693-A0E64A3C1250}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [UDP Query User{EEAC11E7-F419-4CC5-ABD7-5578F9557CFE}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [{A11F961C-1F26-4C6F-A590-6C957A784AF0}] => (Block) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [{0524F8D8-B9B3-4D51-924F-1E04746E5812}] => (Block) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [{8A594F0F-E9BF-4FF3-92C8-D9C61098707C}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{08777247-014C-4CB5-91D8-E94D245B7668}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3D407414-7565-4818-B7E5-512F94C005AF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{729CAEF4-AC45-48F9-8F86-9E509964DD08}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Besiege\Besiege.exe
FirewallRules: [{A203D0BB-3967-45F0-8F78-6C22EFB799D8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Besiege\Besiege.exe
FirewallRules: [{F226BBDC-BDA7-4EDB-928F-FF67E0B93293}] => (Allow) D:\SteamLibrary\steamapps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [{04AD33D4-F2EC-4E92-AE99-9258B1FE70A1}] => (Allow) D:\SteamLibrary\steamapps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [TCP Query User{4090A57B-140B-4BD6-8749-A6C0898ADFAA}D:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) D:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{F21D0401-0F14-4322-B544-68DCBEB1DC6D}D:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) D:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [{FCF634DA-9335-4375-B025-58811705C438}] => (Allow) D:\SteamLibrary\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{CBB425F3-130E-4E6F-91E7-65A29BED7F66}] => (Allow) D:\SteamLibrary\steamapps\common\Left 4 Dead 2\left4dead2.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/04/2016 03:02:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/04/2016 12:40:24 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (10/03/2016 05:56:19 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (10/02/2016 10:43:48 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (10/01/2016 11:58:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PowerLine Utility.exe, version: 2.0.1431.5, time stamp: 0x529be6e4
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x2570
Faulting application start time: 0x01d21c3752996492
Faulting application path: C:\Program Files (x86)\TP-LINK\PowerLine Utility\PowerLine Utility.exe
Faulting module path: unknown
Report Id: 9ca571cd-882a-11e6-85e1-d8cb8a50fc69

Error: (10/01/2016 05:06:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PowerLine Utility.exe, version: 2.0.1431.5, time stamp: 0x529be6e4
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x2054
Faulting application start time: 0x01d21bfdc34bb0ea
Faulting application path: C:\Program Files (x86)\TP-LINK\PowerLine Utility\PowerLine Utility.exe
Faulting module path: unknown
Report Id: 03b94a86-87f1-11e6-85e1-d8cb8a50fc69

Error: (10/01/2016 03:19:39 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (09/30/2016 08:34:18 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (09/30/2016 01:25:47 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (09/29/2016 09:51:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SteamLauncherUI.exe version 5.0.5.9 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e24

Start Time: 01d21a9184bb2b97

Termination Time: 4

Application Path: C:\Program Files (x86)\Hi-Rez Studios\SteamLauncherUI.exe

Report Id: 645a1d28-8686-11e6-85e1-d8cb8a50fc69

System errors:
=============
Error: (10/04/2016 03:02:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (10/04/2016 03:02:28 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (10/03/2016 03:10:16 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (09/30/2016 10:40:48 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (09/26/2016 06:24:00 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (09/26/2016 05:33:45 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (09/26/2016 05:33:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (09/26/2016 05:33:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (09/26/2016 05:33:18 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error The operation completed successfully.
.

Error: (09/25/2016 11:45:05 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

==================== Memory info ===========================

Processor: AMD FX(tm)-4300 Quad-Core Processor
Percentage of memory in use: 40%
Total physical RAM: 8140.03 MB
Available physical RAM: 4875.29 MB
Total Virtual: 16278.24 MB
Available Virtual: 11605.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:1.4 GB) NTFS
Drive d: (Drive2) (Fixed) (Total:232.83 GB) (Free:39.73 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:223.57 GB) (Free:9.7 GB) NTFS
Drive f: (NFSUG2_DISK2) (CDROM) (Total:0.66 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 90909090)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.8 GB) (Disk ID: 8937096C)
Partition 1: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 3BA65977)
Partition 1: (Not Active) - (Size=223.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

[kevinf80]

Thanks for those logs, continue as follows: Uninstall Spybot s&d it will probably interfere with tools we try to run... https://www.safer-networking.org/faq/how-to-uninstall-2/ Next, Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Download AdwCleaner by Xplode onto your Desktop.   Double click on Adwcleaner.exe to run the tool. Click on the Scan in the Actions box Please wait fot the scan to finish.. When "Waiting for action.Please uncheck elements you want to keep" shows in top line.. Click on the Cleaning box. Next click OK on the "Closing Programs" pop up box. Click OK on the Information box & again OK to allow the necessary reboot After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed... Next, Download Sophos Free Virus Removal Tool and save it to your desktop. If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....   Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View log file... (bottom left hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found please confirm that result.... Let me see those logs, also tell me if there are any remaining issues or concerns.... One other point, I did not see a resident anti-virus program installed, is that correct? Thank you, Kevin...

Fixlist.txt

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!