Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google Analytics Virus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Google Analytics Virus

Unread postby ihateviruses423 » June 2nd, 2015, 3:46 pm

Apparently a Google Analytics Virus has prevented me from being able to play some of my games and has been redirecting me to various websites. I tried to run some anti-virus programs but got no luck.


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17801 BrowserJavaVersion: 11.25.2
Run by John at 15:42:59 on 2015-06-02
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8087.2844 [GMT -4:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\igfxCUIService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\igfxEM.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Users\John\AppData\Local\TeamSpeak 3 Client\ts3client_win64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\mspaint.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/27/2013 8:36:38 PM
System Uptime: 6/2/2015 11:44:47 AM (4 hours ago)
.
Motherboard: ASRock | | Z77 Pro3
Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz | CPUSocket | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 465 GiB total, 8.333 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Hosts File Hijack ======================
.
Hosts: 146.0.75.221 www.google-analytics.com.
Hosts: 146.0.75.221 google-analytics.com.
Hosts: 146.0.75.221 connect.facebook.net.
Hosts: 146.0.75.221 bing.com.
Hosts: 146.0.75.221 www.bing.com.
Hosts: 79.142.66.242 www.google-analytics.com.
Hosts: 79.142.66.242 google-analytics.com.
Hosts: 79.142.66.242 connect.facebook.net.
Hosts: 79.142.66.242 bing.com.
Hosts: 79.142.66.242 www.bing.com.
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 17 ActiveX
Adobe Flash Player 17 NPAPI
Adobe Reader 9
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASRock App Charger v1.0.5
ASRock eXtreme Tuner v0.1.248
ASRock InstantBoot v1.29
ASRock SmartConnect v1.0.6
ASRock XFast RAM v2.0.9
Battle.net
BattlEye for OA Uninstall
Bonjour
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help English
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Clownfish for Skype
Counter-Strike: Global Offensive
Counter-Strike: Source
CyberLink MediaEspresso
DayZ
Divinity: Original Sin
DivX Setup
Dota 2
EasyBoost
Endless Space
EVE Isk per Hour
EVE Online
EVEMon
FileParade bundle uninstaller
FTL: Faster Than Light
GameRanger
GameSpy Arcade
GCFScape 1.8.5
Glyph
Google Chrome
Google Update Helper
Happy Wars
Hearthstone
Heroes & Generals
Hi-Rez Studios Authenticate and Update Service
Intel(R) Control Center
Intel(R) Manageability Engine Firmware Recovery Agent
Intel(R) Management Engine Components
Intel(R) OpenCL CPU Runtime
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) Smart Connect Technology 2.0 x64
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
iTunes
Java 8 Update 25
Java Auto Updater
League of Legends
LG United Mobile Drivers
Linksys Wireless-G PCI Adapter
Malwarebytes Anti-Malware version 2.0.2.1012
McAfee Security Scan Plus
Microsoft .NET Framework 4.5.1 RC
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Office 365 ProPlus - en-us
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Mount & Blade: Warband
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML4 Parser
Notepad++
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
PlanetSide 2
PunkBuster Services
Ralink RT6x Wireless LAN Card
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Rise of Nations: Extended Edition
Rising Storm/Red Orchestra 2 Multiplayer
Risk of Rain
Sid Meier's Civilization V
Skype Click to Call
Skype™ 7.4
SmartView for IE
SmartView Software Updater
Smite
Spybot - Search & Destroy
Star Wars Battlefront II
Steam
Strife
System Requirements Lab Detection
TeamSpeak 3 Client
TeamViewer 9
THX TruStudio
Total War: ROME II - Emperor Edition
Unity Web Player
Unturned
VC80CRTRedist - 8.0.50727.6195
VIRTU MVP 2.1.111
War Thunder
WinRAR 5.01 (32-bit)
XFast LAN v6.61
XFastUSB
.
==== Event Viewer Messages From Past Week ========
.
6/2/2015 11:45:26 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
5/29/2015 1:48:10 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
.
==== End Of File ===========================
ihateviruses423
Active Member
 
Posts: 7
Joined: June 2nd, 2015, 3:40 pm
Advertisement
Register to Remove

Re: Google Analytics Virus

Unread postby Gary R » June 3rd, 2015, 1:01 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Infected? Virus, malware, adware, ransomware, oh my!" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi ihateviruses423

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

As an added safety precaution, before we start removing anything, I'd like you to make a backup of your Registry, which we can restore to if necessary.

Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Please observe these rules while we work:
  • Do not edit your logs in any way whatsoever.
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Windows 7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Please download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan.
  • A logfile will automatically open after the scan has finished.
  • Close the adwCleaner window, click ok to the prompt.
  • Please post the contents of that logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[R1].txt.

AT THIS POINT, DO NOT ATTEMPT TO CLEAN ANYTHING THAT MAY BE FOUND

Next ...

  • Download FRST64 to your Desktop.
  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.

Summary of the logs I need from you in your next post:
  • ADWCleaner log
  • FRST.txt
  • Addition.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21863
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Google Analytics Virus

Unread postby ihateviruses423 » June 4th, 2015, 11:55 am

# AdwCleaner v4.206 - Logfile created 04/06/2015 at 11:50:34
# Updated 01/06/2015 by Xplode
# Database : 2015-06-01.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : John - JOHN-PC
# Running from : C:\Users\John\Downloads\adwcleaner_4.206.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.veoh.com_0.localstorage
File Found : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.veoh.com_0.localstorage-journal
Folder Found : C:\DeviceVM
Folder Found : C:\Program Files (x86)\DeviceVM
Folder Found : C:\ProgramData\DeviceVM
Folder Found : C:\ProgramData\Websteroids
Folder Found : C:\Users\DEMON JOHN\AppData\Roaming\DeviceVM
Folder Found : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Folder Found : C:\Users\John\AppData\Roaming\DeviceVM
Folder Found : C:\Users\John\AppData\Roaming\Systweak

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{226587C4-F1BE-4B1F-ACED-0516A65922B8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Key Found : HKCU\Software\systweak
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{226587C4-F1BE-4B1F-ACED-0516A65922B8}
Key Found : [x64] HKCU\Software\systweak
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
Key Found : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
Key Found : HKLM\SOFTWARE\Classes\AppID\{82A5CE4D-AF0C-45B6-8AF8-75625BE6A08D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B2B7E0CD-E169-43B3-A233-E129610EE314}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0DEC13F0-5C8C-4147-8329-6CDFAD9755B7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0F3DC9E0-C459-4A40-BCF8-747BD9322E10}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5E97F0FA-3B44-4634-A87E-8B0D5CFD6365}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{951F5841-FD1E-4F1D-8607-67B174DBD753}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D1CCB0CC-DA45-4797-93D3-DEE7A13F8177}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DCE24E28-D8EF-49BE-BC01-A1DD3B58FCE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E4F7F1A5-490E-4884-A9E3-CBD6A25749E1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFE66D00-A56A-4F7F-81D7-4A28C5816D6C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E8E0178-00EF-413D-9324-E7B3E31572E3}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A1A533A8-E106-422B-AE29-D0025269AF83}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B1759D04-0EF9-472A-B5C3-C774997B5321}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80ED3EBC-CC05-4336-ABCC-295798855718}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileParade bundle uninstaller
Key Found : HKLM\SOFTWARE\systweak
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0F3DC9E0-C459-4A40-BCF8-747BD9322E10}]

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Google Chrome v43.0.2357.81


*************************

AdwCleaner[R0].txt - [4548 bytes] - [04/06/2015 11:50:34]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4607 bytes] ##########
ihateviruses423
Active Member
 
Posts: 7
Joined: June 2nd, 2015, 3:40 pm

Re: Google Analytics Virus

Unread postby ihateviruses423 » June 4th, 2015, 11:56 am

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015
Ran by John (administrator) on JOHN-PC on 04-06-2015 11:51:11
Running from C:\Users\John\Downloads
Loaded Profiles: John (Available Profiles: John)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\slui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\files\vss_start.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Program Files (x86)\Tweaking.com\Registry Backup\files\vss_7_8_2008_2012_64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\files\vss_pause.exe
() C:\Users\John\Downloads\adwcleaner_4.206.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2270263200-2199008938-408583840-1000\...\Run: [ASRockXTU] => [X]
HKU\S-1-5-21-2270263200-2199008938-408583840-1000\...\Run: [zASRockInstantBoot] => [X]
HKU\S-1-5-21-2270263200-2199008938-408583840-1000\...\Run: [Clownfish] => [X]
HKU\S-1-5-21-2270263200-2199008938-408583840-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28919424 2015-05-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2270263200-2199008938-408583840-1000\...\MountPoints2: D - D:\LaunchBFII.exe
HKU\S-1-5-21-2270263200-2199008938-408583840-1000\...\MountPoints2: {7a9a2a8b-ece0-11e3-85f1-bc5ff4650ae9} - E:\LG_PC_Programs.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-12-30] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\appinit_dll.dll => C:\Windows\system32\appinit_dll.dll [172320 2012-03-12] (Lucidlogix Inc.)
AppInit_DLLs-x32: c:\windows\syswow64\appinit_dll.dll => c:\windows\syswow64\appinit_dll.dll [148256 2012-03-12] (Lucidlogix Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

URLSearchHook: HKU\S-1-5-21-2270263200-2199008938-408583840-1000 - SearchHook Class - {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\DeviceVM\SmartView\AddressBarSearch.dll (DeviceVM, Inc.)
SearchScopes: HKU\S-1-5-21-2270263200-2199008938-408583840-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-2270263200-2199008938-408583840-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.yahoo.com/search?fr=chr-g ... =599486&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2270263200-2199008938-408583840-1000 -> {1BE4C22D-9809-424c-A833-59F16348829A} URL = http://www.google.com/custom?client=pub ... 1&hl=en&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2270263200-2199008938-408583840-1000 -> {226587C4-F1BE-4B1F-ACED-0516A65922B8} URL = http://search.conduit.com/Results.aspx? ... 92E3741&q={searchTerms}&SSPV=
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-04-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: SmartView VisualBookmark -> {0E5680D1-BF44-4929-94AF-FD30D784AD1D} -> C:\Program Files (x86)\DeviceVM\SmartView\SmartView.dll [2010-09-02] (DeviceVM, Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.10.106\McAfeeMSS_IE.dll [2014-11-04] (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-03-04] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-10-18] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-18] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.8.4 192.168.1.1
Tcpip\..\Interfaces\{2ADF34BA-DA84-47F8-BC47-419817DD090C}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{AA7F7C0B-259F-409A-AB23-3B9B6325C782}: [NameServer] 8.8.8.8,8.8.8.8

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-09-03] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-2270263200-2199008938-408583840-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\John\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-29] (Unity Technologies ApS)

Chrome:
=======
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-18]
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-18]
CHR Extension: (Dark Skin for Youtube™) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfeknfgchonpnofdjokchhdhdnddhglm [2014-04-18]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-18]
CHR Extension: (McAfee Security Scan+) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-04-18]
CHR Extension: (Adblock Plus) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-18]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-18]
CHR Extension: (PanicButton) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm [2014-07-18]
CHR Extension: (Bookmark Manager) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]
CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-18]
CHR Extension: (Universe) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\oecmlnmneeeeiccpcohlffnipjhngmdk [2014-04-18]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-18]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [448384 2014-12-04] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S4 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [395136 2011-10-19] (cFos Software GmbH)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
S4 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2015-02-09] (Hi-Rez Studios) [File not signed]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
S4 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
S4 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.10.106\McCHSvc.exe [289256 2014-11-04] (McAfee, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-04-30] ()
S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 SmartViewService; C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe [125216 2010-09-02] (DeviceVM, Inc.)
S4 WCUService; C:\Program Files (x86)\DeviceVM\SmartView Software Updater\WCUService.exe [456976 2010-09-02] (DeviceVM, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2015-02-28] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2013-12-27] (FNet Co., Ltd.)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-29] (Visicom Media Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-28] (Visicom Media Inc.)
S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-04-16] ()
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-04 11:51 - 2015-06-04 11:53 - 00019001 _____ C:\Users\John\Downloads\FRST.txt
2015-06-04 11:51 - 2015-06-04 11:51 - 00000000 ____D C:\FRST
2015-06-04 11:50 - 2015-06-04 11:52 - 00000000 ____D C:\AdwCleaner
2015-06-04 11:50 - 2015-06-04 11:50 - 02231296 _____ C:\Users\John\Downloads\adwcleaner_4.206.exe
2015-06-04 11:50 - 2015-06-04 11:50 - 02108928 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2015-06-04 11:50 - 2015-06-04 11:50 - 00000207 _____ C:\Windows\tweaking.com-regbackup-JOHN-PC-Windows-7-Professional-(64-bit).dat
2015-06-04 11:49 - 2015-06-04 11:49 - 00000000 ____D C:\RegBackup
2015-06-04 11:48 - 2015-06-04 11:48 - 04720448 _____ C:\Users\John\Downloads\tweaking.com_registry_backup_setup.exe
2015-06-04 11:48 - 2015-06-04 11:48 - 00002235 _____ C:\Users\John\Desktop\Tweaking.com - Registry Backup.lnk
2015-06-04 11:48 - 2015-06-04 11:48 - 00000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-06-04 11:48 - 2015-06-04 11:48 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-06-03 21:15 - 2015-06-03 21:15 - 00000000 ____D C:\Users\John\Documents\Skullgirls
2015-06-03 19:20 - 2015-06-03 19:20 - 00000222 _____ C:\Users\John\Desktop\Skullgirls.url
2015-06-02 19:17 - 2015-06-02 19:20 - 00001089 _____ C:\Windows\system32\Drivers\etc\hosts.txt
2015-06-02 19:11 - 2015-06-02 19:11 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\John\Downloads\tdsskiller (2).exe
2015-06-02 16:41 - 2015-06-02 16:41 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-06-02 16:39 - 2015-06-02 16:39 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\John\Downloads\tdsskiller (1).exe
2015-06-02 15:43 - 2015-06-02 15:43 - 00024469 _____ C:\Users\John\Desktop\dds.txt
2015-06-02 15:43 - 2015-06-02 15:43 - 00005438 _____ C:\Users\John\Desktop\attach.txt
2015-06-02 15:42 - 2015-06-02 15:42 - 00688992 ____R (Swearware) C:\Users\John\Downloads\dds.scr
2015-06-02 15:34 - 2015-06-02 15:34 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\John\Downloads\tdsskiller.exe
2015-06-02 14:43 - 2015-06-02 14:43 - 24949216 _____ C:\Users\John\Downloads\EVEOnlineLauncher_2_1_826897 (1).exe
2015-06-02 14:40 - 2015-06-02 14:40 - 24949216 _____ C:\Users\John\Downloads\EVEOnlineLauncher_2_1_826897.exe
2015-06-02 13:06 - 2015-06-02 13:07 - 00001209 _____ C:\Users\John\Desktop\launcher - Shortcut.lnk
2015-06-02 13:02 - 2015-06-02 13:02 - 22175720 _____ C:\Users\John\Downloads\EVEOnlineLauncher_2_2_884420.exe
2015-05-29 15:39 - 2015-05-29 15:40 - 00682844 _____ C:\Users\John\Downloads\it feels like somebody wants to sell me something.mp4
2015-05-26 15:18 - 2015-05-26 15:18 - 00001496 _____ C:\Users\John\Desktop\exefile - Shortcut.lnk
2015-05-25 11:09 - 2015-05-25 11:09 - 00299282 _____ C:\Users\John\Downloads\Judge Smails Well Were waiting.mp4
2015-05-12 23:17 - 2015-05-01 09:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 23:17 - 2015-05-01 09:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 15:36 - 2015-05-04 21:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 15:36 - 2015-05-04 21:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 15:36 - 2015-04-21 22:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 15:36 - 2015-04-21 21:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-12 15:36 - 2015-04-21 13:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 15:36 - 2015-04-21 13:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-12 15:36 - 2015-04-21 13:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-12 15:36 - 2015-04-21 12:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-12 15:36 - 2015-04-21 12:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 15:36 - 2015-04-21 12:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 15:36 - 2015-04-21 12:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-12 15:36 - 2015-04-21 12:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 15:36 - 2015-04-21 12:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-12 15:36 - 2015-04-21 12:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-12 15:36 - 2015-04-21 12:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-12 15:36 - 2015-04-21 12:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 15:36 - 2015-04-21 12:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 15:36 - 2015-04-21 12:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-12 15:36 - 2015-04-21 12:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-12 15:36 - 2015-04-21 12:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-12 15:36 - 2015-04-21 12:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 15:36 - 2015-04-21 12:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-12 15:36 - 2015-04-21 12:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-12 15:36 - 2015-04-21 12:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-12 15:36 - 2015-04-21 12:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-12 15:36 - 2015-04-21 12:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-12 15:36 - 2015-04-21 12:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-12 15:36 - 2015-04-21 12:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-12 15:36 - 2015-04-21 12:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-12 15:36 - 2015-04-21 12:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-12 15:36 - 2015-04-21 12:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-12 15:36 - 2015-04-21 12:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 15:36 - 2015-04-21 12:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-12 15:36 - 2015-04-21 12:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 15:36 - 2015-04-21 12:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-12 15:36 - 2015-04-21 12:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-12 15:36 - 2015-04-21 12:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-12 15:36 - 2015-04-21 12:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-12 15:36 - 2015-04-21 11:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-12 15:36 - 2015-04-21 11:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-12 15:36 - 2015-04-21 11:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-12 15:36 - 2015-04-21 11:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 15:36 - 2015-04-21 11:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 15:36 - 2015-04-21 11:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-12 15:36 - 2015-04-21 11:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-12 15:36 - 2015-04-21 11:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 15:36 - 2015-04-21 11:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-12 15:36 - 2015-04-21 11:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 15:36 - 2015-04-21 11:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-12 15:36 - 2015-04-21 11:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-12 15:36 - 2015-04-21 11:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-12 15:36 - 2015-04-21 11:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-12 15:36 - 2015-04-21 11:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 15:36 - 2015-04-21 11:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-12 15:36 - 2015-04-21 11:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-12 15:36 - 2015-04-21 11:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-12 15:36 - 2015-04-21 11:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-12 15:36 - 2015-04-21 11:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 15:36 - 2015-04-21 11:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-12 15:36 - 2015-04-21 11:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-12 15:36 - 2015-04-21 10:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-12 15:36 - 2015-04-21 10:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-12 15:36 - 2015-04-17 23:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 15:36 - 2015-04-17 22:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-12 15:36 - 2015-04-03 23:29 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-12 15:36 - 2015-04-03 23:29 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-12 15:36 - 2015-04-03 23:22 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 15:36 - 2015-04-03 23:22 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-12 15:36 - 2015-04-03 23:22 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-12 15:36 - 2015-04-03 23:22 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-12 15:36 - 2015-04-03 23:22 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-12 15:36 - 2015-04-03 23:22 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-12 15:36 - 2015-04-03 23:22 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-12 15:36 - 2015-04-03 23:22 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-12 15:36 - 2015-04-03 23:22 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-12 15:36 - 2015-04-03 23:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-12 15:36 - 2015-04-03 23:20 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-12 15:36 - 2015-04-03 23:20 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-12 15:36 - 2015-04-03 23:17 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-12 15:36 - 2015-04-03 23:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-12 15:36 - 2015-04-03 23:15 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-12 15:36 - 2015-04-03 23:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-12 15:36 - 2015-04-03 23:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-12 15:36 - 2015-04-03 23:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-12 15:36 - 2015-04-03 23:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-12 15:36 - 2015-04-03 23:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-12 15:36 - 2015-04-03 23:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-12 15:36 - 2015-04-03 23:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-12 15:36 - 2015-04-03 23:04 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-12 15:36 - 2015-04-03 23:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-12 15:36 - 2015-04-03 23:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-12 15:36 - 2015-04-03 23:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-12 15:36 - 2015-04-03 22:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-12 15:35 - 2015-04-19 23:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 15:35 - 2015-04-19 23:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 15:35 - 2015-04-19 22:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-12 15:35 - 2015-04-19 22:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 15:35 - 2015-04-12 23:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 15:35 - 2015-04-07 23:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-12 15:35 - 2015-04-07 23:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-12 15:35 - 2015-04-07 23:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-12 15:34 - 2015-02-18 03:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-12 15:34 - 2015-02-18 03:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-08 22:02 - 2015-05-08 22:02 - 00217904 _____ () C:\Users\John\Downloads\ManyCamStandaloneSetup.exe
2015-05-05 17:05 - 2015-06-04 01:46 - 00000000 ____D C:\Users\John\AppData\Roaming\TS3Client
2015-05-05 17:04 - 2015-05-05 17:04 - 00000000 ____D C:\Users\John\AppData\Local\Overwolf
2015-05-05 17:03 - 2015-05-05 17:04 - 30014480 _____ (TeamSpeak Systems GmbH) C:\Users\John\Downloads\TeamSpeak3-Client-win64-3.0.16 (1).exe
2015-05-05 17:01 - 2015-05-05 17:01 - 30014480 _____ (TeamSpeak Systems GmbH) C:\Users\John\Downloads\TeamSpeak3-Client-win64-3.0.16.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-04 11:52 - 2013-12-27 23:56 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-04 11:52 - 2013-12-27 23:43 - 00000000 ____D C:\Users\John\AppData\Roaming\Skype
2015-06-04 11:44 - 2013-12-27 23:45 - 01368938 _____ C:\Windows\WindowsUpdate.log
2015-06-04 11:43 - 2013-12-27 23:22 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-04 11:42 - 2014-04-18 16:54 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-04 11:41 - 2014-04-18 16:54 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-04 11:41 - 2013-12-27 22:03 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-06-04 11:40 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-04 11:40 - 2009-07-14 00:51 - 00062272 _____ C:\Windows\setupact.log
2015-06-04 01:48 - 2009-07-14 00:45 - 00012768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-04 01:48 - 2009-07-14 00:45 - 00012768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-03 10:20 - 2013-12-27 22:03 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-06-03 09:52 - 2014-06-11 11:32 - 00000000 ____D C:\ProgramData\Skype
2015-06-03 09:47 - 2013-12-27 22:07 - 00689324 _____ C:\Windows\PFRO.log
2015-06-02 16:27 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Vss
2015-06-02 15:47 - 2014-09-09 18:30 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-02 15:47 - 2014-04-18 22:42 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-02 15:47 - 2014-04-18 22:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-02 15:47 - 2014-04-18 22:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-02 15:27 - 2015-04-20 20:03 - 00000022 _____ C:\Users\John\Downloads\jeveassets-2.10.2.zip
2015-05-28 16:31 - 2014-01-13 16:36 - 00000000 ____D C:\Users\John\AppData\Local\CrashDumps
2015-05-27 15:14 - 2014-06-11 11:32 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-05-25 21:43 - 2014-04-18 16:56 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-19 16:58 - 2014-09-03 19:34 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-05-16 10:37 - 2014-04-18 16:54 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-16 10:37 - 2014-04-18 16:54 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-15 19:18 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-05-13 19:28 - 2009-07-14 01:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-05-13 13:27 - 2009-07-14 00:45 - 00439704 _____ C:\Windows\system32\FNTCACHE.DAT
2015-05-13 13:25 - 2009-07-14 03:47 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-12 23:16 - 2013-12-30 14:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-12 23:16 - 2013-12-30 14:46 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-12 23:16 - 2013-12-30 14:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-07 23:34 - 2015-04-21 23:03 - 00000000 ____D C:\Users\John\AppData\Local\Battle.net
2015-05-07 21:00 - 2015-04-21 23:03 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-05-05 17:05 - 2014-03-08 15:11 - 00001166 _____ C:\Users\John\Desktop\TeamSpeak 3 Client.lnk
2015-05-05 17:05 - 2014-03-08 15:11 - 00000000 ____D C:\Users\John\AppData\Local\TeamSpeak 3 Client

==================== Files in the root of some directories =======

2014-04-12 19:34 - 2014-04-12 19:34 - 2177680 _____ (Microsoft Corporation) C:\Users\John\AppData\Roaming\Flashdefaultpack.exe
2013-12-27 22:09 - 2013-12-27 22:09 - 0000003 _____ () C:\Users\John\AppData\Local\user_data.ini

Some files in TEMP:
====================
C:\Users\John\AppData\Local\Temp\Quarantine.exe
C:\Users\John\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-24 12:50

==================== End of log ============================
ihateviruses423
Active Member
 
Posts: 7
Joined: June 2nd, 2015, 3:40 pm

Re: Google Analytics Virus

Unread postby ihateviruses423 » June 4th, 2015, 11:57 am

Additional scan result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
Ran by John at 2015-06-04 11:54:01
Running from C:\Users\John\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2270263200-2199008938-408583840-500 - Administrator - Disabled)
Guest (S-1-5-21-2270263200-2199008938-408583840-501 - Limited - Disabled)
John (S-1-5-21-2270263200-2199008938-408583840-1000 - Administrator - Enabled) => C:\Users\John

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{E4490157-303F-F06F-FB6E-D2053A43A182}) (Version: 8.0.873.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASRock App Charger v1.0.5 (HKLM\...\ASRock App Charger_is1) (Version: - ASRock Inc.)
ASRock eXtreme Tuner v0.1.248 (HKLM-x32\...\ASRock eXtreme Tuner_is1) (Version: - )
ASRock InstantBoot v1.29 (HKLM-x32\...\ASRock InstantBoot_is1) (Version: - )
ASRock SmartConnect v1.0.6 (HKLM\...\ASRock SmartConnect_is1) (Version: - ASRock Inc.)
ASRock XFast RAM v2.0.9 (HKLM\...\ASRock XFast RAM_is1) (Version: - ASRock Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Clownfish for Skype (HKLM-x32\...\Clownfish) (Version: - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1611_37043 - CyberLink Corp.)
DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)
Divinity: Original Sin (HKLM-x32\...\Steam App 230230) (Version: - Larian Studios)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
EasyBoost (HKLM-x32\...\InstallShield_{41910260-4532-4734-8181-3E8AFDBB05D7}) (Version: 1.0.7.1 - GIGABYTE)
EasyBoost (x32 Version: 1.0.7.1 - GIGABYTE) Hidden
Endless Space (HKLM-x32\...\Steam App 208140) (Version: - AMPLITUDE Studios)
EVE Isk per Hour (HKLM-x32\...\{7A37BE74-5767-407A-8145-098EF7DA02FB}) (Version: 3.1 - EVE IPH)
EVE Online (HKLM-x32\...\{51153409-857E-4979-A6C0-9FD81066E5F2}) (Version: 3.0.0 - CCP Games Ltd.)
EVEMon (HKLM-x32\...\EVEMon) (Version: 1.9.4 - battleclinic.com)
FileParade bundle uninstaller (HKLM-x32\...\FileParade bundle uninstaller) (Version: 1.0.0.0 - FileParade) <==== ATTENTION
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version: - Subset Games)
GameRanger (HKU\S-1-5-21-2270263200-2199008938-408583840-1000\...\GameRanger) (Version: - GameRanger Technologies)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - )
GCFScape 1.8.5 (HKLM\...\GCFScape_is1) (Version: - Ryan Gregg)
Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Happy Wars (HKLM-x32\...\Steam App 246280) (Version: - Toylogic inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version: - Reto-Moto)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.2.0.1006 - Intel Corporation)
Intel(R) Smart Connect Technology 2.0 x64 (HKLM\...\{D1B033E8-A077-4B0D-9831-5798E19E861E}) (Version: 2.0.1083.0 - Intel)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
LG United Mobile Drivers (HKLM-x32\...\{55031CEF-CE75-4A5C-8DEA-60577820529B}) (Version: 3.10.1.0 - LG Electronics)
Linksys Wireless-G PCI Adapter (HKLM-x32\...\{4DDC3BED-CC68-44AA-B435-D727B620CA5B}) (Version: - )
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.10.106.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4719.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version: - TaleWorlds Entertainment)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.5 - Notepad++ Team)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version: - Sony Online Entertainment)
PlanetSide 2 (HKU\S-1-5-21-2270263200-2199008938-408583840-1000\...\SOE-PlanetSide 2) (Version: - Sony Online Entertainment)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
Ralink RT6x Wireless LAN Card (HKLM-x32\...\{FAB1F336-1B7C-4057-A7BC-2922CD82A781}) (Version: 1.5.4.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)
Rise of Nations: Extended Edition (HKLM-x32\...\Steam App 287450) (Version: - SkyBox Labs)
Rising Storm/Red Orchestra 2 Multiplayer (HKLM-x32\...\Steam App 35450) (Version: - Tripwire Interactive)
Risk of Rain (HKLM-x32\...\Steam App 248820) (Version: - )
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
Skullgirls (HKLM-x32\...\Steam App 245170) (Version: - Lab Zero Games)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)
SmartView for IE (HKLM-x32\...\{C448EA30-BB7F-4D42-83BC-385EBA140AF2}) (Version: 1.0.4.1 - DeviceVM, Inc.) <==== ATTENTION
SmartView Software Updater (HKLM-x32\...\{5B0CE14A-B9B6-4E25-A1BE-3EEC1998AC2C}) (Version: 1.0.4.1 - DeviceVM, Inc.) <==== ATTENTION
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 2.0.2574.0 - Hi-Rez Studios)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Star Wars Battlefront II (HKLM-x32\...\{3D374523-CFDE-461A-827E-2A102E2AB365}) (Version: 1.0 - LucasArts)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Strife (HKLM-x32\...\Strife) (Version: - S2 Games)
System Requirements Lab Detection (HKLM-x32\...\{3E960D09-F42D-4167-AA4D-0B95A79695CD}) (Version: 2.2.1.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKU\S-1-5-21-2270263200-2199008938-408583840-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.25942 - TeamViewer)
THX TruStudio (HKLM-x32\...\{AFB907F5-C0E6-4753-8284-DE955EF86AC2}) (Version: 1.00.01 - Creative Technology Limited)
Total War: ROME II - Emperor Edition (HKLM-x32\...\Steam App 214950) (Version: - Creative Assembly)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
Unity Web Player (HKU\S-1-5-21-2270263200-2199008938-408583840-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VIRTU MVP 2.1.111 (HKLM\...\VIRTU MVP_is1) (Version: 2.1.111 - Lucidlogix Technologies LTD)
War Thunder (HKLM-x32\...\Steam App 236390) (Version: - Gaijin Entertainment)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
XFast LAN v6.61 (HKLM\...\XFast LAN) (Version: 6.61 - cFos Software GmbH, Bonn)
XFastUSB (HKLM-x32\...\XFastUSB) (Version: 3.02.30 - ASRock Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2270263200-2199008938-408583840-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2015-06-02 19:22 - 00001147 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1B11725C-1D48-46F6-B904-B8BB90209C57} - System32\Tasks\{D42C2FA5-FF57-46DB-A87E-28C4725CCF9B} => C:\Program Files (x86)\CCP\EVE\eve.exe [2015-03-18] (CCP hf.)
Task: {22BD8C74-ED53-4A2E-AE4C-C163F826F654} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-18] (Google Inc.)
Task: {2B6AC16F-47D3-4A82-B2C9-58416580849E} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2013-12-29] (Microsoft Corporation)
Task: {3D1794CE-5E6E-48CD-9F5C-1A2276D9336B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-18] (Google Inc.)
Task: {4513ACE6-987A-4750-B44F-FBDDE212F922} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5144D03D-12FF-46C4-823A-8899BB375E4B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {58A1467F-0C61-47F8-8768-6B846C499306} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {72708BA2-063E-4E67-B12D-32F029567B2E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {944CF6D0-1E80-4A95-AA72-844140E1FC19} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {94D19B57-7920-4526-BD89-505ACA2AC472} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {99E573BD-B337-4432-BB3A-712CF8DDE12B} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-19] (Microsoft Corporation)
Task: {A3A6D9C8-4FE9-4B38-8815-0E67807E62A1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {A90CCDF0-E2EE-444D-BD5B-3C4310111D32} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {B55ED9CF-98F1-4218-A153-6F0A82318DAC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {DCC8144B-BC52-45FB-829D-642B01D34BDC} - System32\Tasks\{2CFB5EE6-79BF-4CEC-A39B-0F10ABC8E6FC} => C:\Program Files (x86)\CCP\EVE\eve.exe [2015-03-18] (CCP hf.)
Task: {DF282909-423B-4A78-A6A1-F229C0F82EFD} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {EB21F4BE-4B2B-492D-8FCC-6D2F0DFA5DCF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {FEDF1FAF-BBC9-4EC4-89AB-A0AC906F8567} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2011-04-11] (CyberLink)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe

==================== Loaded Modules (Whitelisted) ==============

2014-09-03 19:34 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-02-02 15:17 - 2015-04-30 15:11 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-03-16 15:27 - 2015-01-27 11:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-06-04 11:50 - 2015-06-04 11:50 - 02231296 _____ () C:\Users\John\Downloads\adwcleaner_4.206.exe
2015-03-16 15:27 - 2015-01-27 10:13 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2015-05-25 21:43 - 2015-05-22 16:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll
2015-05-25 21:43 - 2015-05-22 16:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll
2015-05-25 21:43 - 2015-05-22 16:22 - 14982472 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\PepperFlash\pepflashplayer.dll
2013-12-28 00:06 - 2015-04-16 13:40 - 00776192 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-20 16:12 - 2015-04-22 22:16 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-20 16:12 - 2015-04-22 22:16 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-20 16:12 - 2015-04-22 22:16 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-05-21 14:44 - 2015-06-01 23:29 - 02407104 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-30 11:49 - 2014-12-01 17:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-30 11:49 - 2014-12-01 17:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-30 11:49 - 2014-12-01 17:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-30 11:49 - 2014-12-01 17:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-30 11:49 - 2014-12-01 17:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-12-28 00:06 - 2015-06-01 23:28 - 00703168 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-12-28 00:06 - 2015-05-11 15:01 - 36302728 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-05-14 14:56 - 2015-05-11 15:01 - 08958344 _____ () C:\Program Files (x86)\Steam\bin\pdf.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7868 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2270263200-2199008938-408583840-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 8.8.8.8

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: cFosSpeedS => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HiPatchService => 2
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel(R) ME Service => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: ISCTAgent => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: RalinkRegistryWriter => 2
MSCONFIG\Services: RalinkRegistryWriter64 => 2
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SmartViewService => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: WCUService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk => C:\Windows\pss\Ralink Wireless Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^flashsec.lnk => C:\Windows\pss\flashsec.lnk.Startup
MSCONFIG\startupfolder: C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^flashupdate.lnk => C:\Windows\pss\flashupdate.lnk.Startup
MSCONFIG\startupfolder: C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GameRanger.lnk => C:\Windows\pss\GameRanger.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AMD AVT => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Clownfish => "C:\Program Files (x86)\Clownfish\Clownfish.exe"
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SmartViewAgent => "C:\Program Files (x86)\DeviceVM\SmartView\SmartViewAgent.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: THX TruStudio NB Settings => "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
MSCONFIG\startupreg: THXCfg64 => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: VIRTU MVP => C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe /hide
MSCONFIG\startupreg: XFast LAN => C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe
MSCONFIG\startupreg: XFastUSB => "C:\Program Files (x86)\XFastUSB\XFastUsb.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{CE3DA1A1-567E-479B-A3CB-8C443005D85E}C:\users\john\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\john\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [UDP Query User{FB0B56ED-AE25-4C69-BC66-A5D400190554}C:\users\john\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\john\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [TCP Query User{2F7DA1F6-4CD8-4F72-A400-3D4B14986626}C:\users\john\desktop\skype.exe] => (Allow) C:\users\john\desktop\skype.exe
FirewallRules: [UDP Query User{088D8DD9-3D93-44A7-8697-60FEB1D738F8}C:\users\john\desktop\skype.exe] => (Allow) C:\users\john\desktop\skype.exe
FirewallRules: [{3DBEBD70-8A25-4642-AFAC-55435CB8498E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{87EA8BD4-62C4-4456-9EED-0F9AFD58B8DD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{17BBDF75-F0D6-41F1-9A2F-BB71ECE30A3E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Counter-Strike Source\hl2.exe
FirewallRules: [{B5EFF93A-79D5-4A77-B40B-8B1C248C097A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Counter-Strike Source\hl2.exe
FirewallRules: [{0CADAC5B-60D3-4AB3-B5E9-921E60CA410A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\dota 2 beta\dota.exe
FirewallRules: [{2D892611-F53C-49CB-8EC2-AA2F1DDAE1F8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\dota 2 beta\dota.exe
FirewallRules: [{869702D8-86C8-4D34-81C1-E5C46C890266}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{31B28B44-0A62-49F9-848C-69A21FC4C88C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{603A2F84-8E42-44D3-B157-3DD8084C6B70}C:\program files (x86)\steam\steamapps\common\happywars\happywars.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\happywars\happywars.exe
FirewallRules: [UDP Query User{9CE5D883-4B75-42EB-9AAD-B9AC54A7860E}C:\program files (x86)\steam\steamapps\common\happywars\happywars.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\happywars\happywars.exe
FirewallRules: [{FFE47F90-4DA0-4423-89A9-E2A05C84FC21}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{52DCEAAB-280A-47E3-BFE4-F200324EC1E8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\MountBlade Warband\mb_warband.exe
FirewallRules: [{2B036743-9B46-4409-9AE3-A10A45F570D5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\MountBlade Warband\mb_warband.exe
FirewallRules: [{FFCA8AC4-8C13-429E-AEE5-FF762C366D04}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{93C87920-A3E5-4F8B-B819-8BFE2EBEFC0E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{55311719-F11C-4D7A-A42F-4936AE85326F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\DayZ\DayZ.exe
FirewallRules: [{36535085-3B37-46CD-AE24-629A4869DCEC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\DayZ\DayZ.exe
FirewallRules: [TCP Query User{AF5C20B6-47D5-468D-9426-F92E528355AF}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{324443B7-8565-48BA-8F48-F86890A1A6EF}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{C2F584DE-DE9F-4D13-A4F6-3620D91B7352}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Unturned\Unturned.exe
FirewallRules: [{CE74146A-D85E-4CE2-8551-3CDA9851133C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Unturned\Unturned.exe
FirewallRules: [{803070F9-2B55-43FF-B14A-59E3F0454513}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\AMD Driver Updater, Vista and 7, 64 bit\Setup.exe
FirewallRules: [{D7F481B9-F5F2-4286-AE83-8382DD4CA38D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\AMD Driver Updater, Vista and 7, 64 bit\Setup.exe
FirewallRules: [TCP Query User{B8635650-238A-4634-85D9-6FC38B273020}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{11E3C1A0-DA4E-4E8A-9F6F-33BF584571DD}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [TCP Query User{217734B4-BD06-4B19-9FDC-5E18B406729F}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{174F594B-A8B9-40B2-9B25-150AF9B079BE}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{F0C8CD44-B80C-4CBB-9E30-7914BF761430}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{57E77D83-D7C1-448C-9E06-4D88C67081C8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{5ACAE282-FBE2-464C-815B-003D24A82158}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{DCA414C3-E405-4CD8-87AE-579B3EF92B18}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{84C94D1C-228E-4F5A-AE28-0841AF146140}] => (Allow) LPort=80
FirewallRules: [{F4A80D76-8C50-4DF0-97F1-7A13AC8072B6}] => (Allow) LPort=443
FirewallRules: [{06446E18-D382-4BCA-96A5-FCDEEF9A0D1A}] => (Allow) LPort=20010
FirewallRules: [{A3E68AD1-40C8-43E3-A78B-7BC34FE74A43}] => (Allow) LPort=3478
FirewallRules: [{869AE4B3-90B9-4198-9765-42AD1DE024E2}] => (Allow) LPort=7850
FirewallRules: [{4AF237A6-A244-4C1D-BC09-668AD29337B1}] => (Allow) LPort=7852
FirewallRules: [{3A6DF762-6FDB-4AD5-B40F-ECBE6A831013}] => (Allow) LPort=7853
FirewallRules: [{B9E1B06F-A189-40E5-940B-EC7D6B001779}] => (Allow) LPort=27022
FirewallRules: [{B6A1A07A-9685-437E-99B9-7D7ADE130746}] => (Allow) LPort=6881
FirewallRules: [{80F68BF8-6642-4568-9751-059D1D9A14DE}] => (Allow) LPort=33333
FirewallRules: [{23E4C5B4-150B-4917-B21D-7AFE1CB18124}] => (Allow) LPort=20443
FirewallRules: [{911D6894-2A62-4849-936A-E4C2C52C733B}] => (Allow) LPort=8090
FirewallRules: [{A06B322A-D35D-4C21-A148-A455767097DB}] => (Allow) C:\Program Files (x86)\WarThunder\launcher.exe
FirewallRules: [{24D3F07A-0D30-43A6-960A-E31E03D61AB6}] => (Allow) C:\Program Files (x86)\WarThunder\launcher.exe
FirewallRules: [TCP Query User{479D1637-A44D-4CD1-BD8A-113514FD158B}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [UDP Query User{B30CC9E1-C6E8-4851-8881-5C695AABE456}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [{F6E897C9-AE94-4E41-A7DA-7F748F69B0F2}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{56B3E630-6E82-4585-8E9B-E4382CCE1AA8}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{29E32B4D-B3CE-4E3D-8BFE-C8205BE1B4ED}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{6442C09E-19E6-42CA-98E8-D5E96859EA74}] => (Allow) C:\Windows.old.000\Program Files\Steam\SteamApps\Common\GarrysMod\hl2.exe
FirewallRules: [{C7C09E8F-FAD3-4D5C-9DDA-8FD7CFB93A44}] => (Allow) C:\Windows.old.000\Program Files\Steam\SteamApps\Common\GarrysMod\hl2.exe
FirewallRules: [{2EFF73FD-EC3A-4F3C-841A-00EA38E6FD65}] => (Allow) C:\Windows.old.000\Program Files\Steam\SteamApps\Common\Just Cause 2 - Multiplayer Mod\JcmpLauncher.exe
FirewallRules: [{30376EBD-BE22-49C4-92E7-3A0E6356E5BD}] => (Allow) C:\Windows.old.000\Program Files\Steam\SteamApps\Common\Just Cause 2 - Multiplayer Mod\JcmpLauncher.exe
FirewallRules: [{EE510959-A976-4CEF-A35D-69F14C223E81}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Endless Space\EndlessSpace.exe
FirewallRules: [{58F23830-DB4D-4C30-A58D-40DEB3B0117B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Endless Space\EndlessSpace.exe
FirewallRules: [{6737BFF1-F512-401E-835A-A0A681258517}] => (Allow) C:\Windows.old.000\Program Files\Steam\SteamApps\Common\Eve Online\eve.exe
FirewallRules: [{51AA14AA-258D-40B9-9B72-65A045B112CB}] => (Allow) C:\Windows.old.000\Program Files\Steam\SteamApps\Common\Eve Online\eve.exe
FirewallRules: [{A643D35C-55C9-46C5-B2DE-D0A6CBCCE5E5}] => (Allow) C:\Windows.old.000\Program Files\Steam\SteamApps\Common\Just Cause 2 - Multiplayer Mod\JcmpLauncher.exe
FirewallRules: [{807D52B4-FF32-40B7-B9E9-84BDEB2F0BE8}] => (Allow) C:\Windows.old.000\Program Files\Steam\SteamApps\Common\Just Cause 2 - Multiplayer Mod\JcmpLauncher.exe
FirewallRules: [{AE65DE4D-4A10-4257-BD39-D098D17C65C2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Unturned\Unturned.exe
FirewallRules: [{50E481FA-CA5D-4289-8617-C07114C0A8A8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Unturned\Unturned.exe
FirewallRules: [{6F77DCD5-C0ED-4E3A-B363-9B4E3649E141}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\War Thunder\launcher.exe
FirewallRules: [{6E889411-E780-46BD-9CDE-A904F3FA22FB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\War Thunder\launcher.exe
FirewallRules: [TCP Query User{34BFA7AA-44FA-44B1-9634-B3A0FA612317}C:\windows.old.000\program files\steam\steamapps\common\war thunder\launcher.exe] => (Allow) C:\windows.old.000\program files\steam\steamapps\common\war thunder\launcher.exe
FirewallRules: [UDP Query User{CA68EA0E-42EB-47A4-A775-B16AF9657A72}C:\windows.old.000\program files\steam\steamapps\common\war thunder\launcher.exe] => (Allow) C:\windows.old.000\program files\steam\steamapps\common\war thunder\launcher.exe
FirewallRules: [TCP Query User{CD8C0722-0A05-4A62-A511-7F430382C989}C:\windows.old.000\program files\steam\steamapps\common\eve online\bin\exefile.exe] => (Allow) C:\windows.old.000\program files\steam\steamapps\common\eve online\bin\exefile.exe
FirewallRules: [UDP Query User{9B3EDBE1-3E83-482E-AB1F-DD4A90E63E3C}C:\windows.old.000\program files\steam\steamapps\common\eve online\bin\exefile.exe] => (Allow) C:\windows.old.000\program files\steam\steamapps\common\eve online\bin\exefile.exe
FirewallRules: [TCP Query User{E7BC9C20-CF38-4E23-8815-2143A6F0CC9A}C:\windows.old.000\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe] => (Allow) C:\windows.old.000\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [UDP Query User{0563AA4E-84A5-4D38-9D10-6D55F822514B}C:\windows.old.000\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe] => (Allow) C:\windows.old.000\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{A2ADE3B2-6589-43B0-8DF6-A8CB1554975A}] => (Allow) C:\Windows.old.000\Program Files\Steam\SteamApps\Common\Kerbal Space Program\KSP.exe
FirewallRules: [{A1B83DCF-C95C-43CA-91E4-58513EB11FAC}] => (Allow) C:\Windows.old.000\Program Files\Steam\SteamApps\Common\Kerbal Space Program\KSP.exe
FirewallRules: [TCP Query User{AC918B04-13EE-4C20-8EC9-73C68F67BC07}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{B0564453-6E6F-40D2-AD68-E70B22FFF98B}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [{35C6D0F4-013C-4E2F-BE16-7675B14F1340}] => (Allow) C:\Users\John\Downloads\uTorrent.exe
FirewallRules: [{09948C43-3B68-49B7-838C-478E3F141D2B}] => (Allow) C:\Users\John\Downloads\uTorrent.exe
FirewallRules: [TCP Query User{5425980B-2494-454C-B86F-A6C6AC06E208}C:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe] => (Allow) C:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe
FirewallRules: [UDP Query User{2D75F0B9-BC29-4A39-AF8E-489E17E71A9B}C:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe] => (Allow) C:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe
FirewallRules: [TCP Query User{893DF295-5040-47C6-97D7-5AE7D18E04C5}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [UDP Query User{F529472A-7D72-470A-A4F3-EB07907C3315}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [{9E163583-B661-4EC7-B655-6AF415F619B0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\DayZ\DayZ_BE.exe
FirewallRules: [{ECF5799E-BC47-4D3F-906A-166CA857DBD8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\DayZ\DayZ_BE.exe
FirewallRules: [{D55FAB52-53F4-4993-8AB0-A27EE9C248BE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{8D2D2C32-ED76-4EC9-AA2C-754343D81847}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{144D5124-04FB-4E1C-91F1-9FF76C794B51}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\War Thunder\launcher.exe
FirewallRules: [{838C80B5-7DB2-41B3-BDCE-E342C29E18C4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\War Thunder\launcher.exe
FirewallRules: [{1B45D462-5685-4228-BAF1-33B25B59D8F7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{CE3B1D97-B493-4DBF-807B-5FE45294903F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{26E5A4FD-1EFA-454F-ADB8-C6F1DCB7937E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\PlanetSide 2\LaunchPad.exe
FirewallRules: [{FA592867-BB59-4383-989F-4CFAD2C47D85}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\PlanetSide 2\LaunchPad.exe
FirewallRules: [{D8BB604C-F88C-40C1-A5B9-4530E3EA489A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Red Orchestra 2\Binaries\Win32\ROGame.exe
FirewallRules: [{6C3679B8-8F66-4173-A021-376557A820FB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Red Orchestra 2\Binaries\Win32\ROGame.exe
FirewallRules: [TCP Query User{93EE6674-C7E3-4A2A-A56D-3BB35E2E3FEE}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [UDP Query User{061CA40E-09C7-4F03-8E61-E4B2D947941B}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [{166EA4B7-09FC-462C-885D-BEFDB0CCAEEA}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{F2103994-2351-4C06-9DBE-13D5DDDD2925}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{5DA7FC47-472B-4409-AEDD-4FBAB2982373}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{CBB48A29-2D91-4D9A-834A-788A51333D6E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{EF87FA39-632C-43E6-99E6-1807D4966DE3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{C3263D24-AA94-4F91-A54D-3246282A8B5D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{E9C56FAC-CF53-49EE-8773-F82679291645}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{2ECFA91E-A284-4294-B37D-DC932F4B2E1C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{73CCC846-3A67-460E-81E0-46BE47DF16B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{AA83E332-FA87-402E-8574-528D481ECBC6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{09B43E63-88B7-4DD8-8C1D-1F71D91AAAD9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{043CB9DC-5C8B-4560-BB2D-EAEC7A67A244}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{716A62E6-D426-487C-A87B-047157F74846}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{E35CD8B8-5D5F-4F0A-92B3-B6BCCDC0F037}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{C662941D-F89D-4AA2-AAF2-A37A333225DB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{FD581595-AA70-4938-8F56-982AFB4F2EE5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{F767A4F5-18F6-44BD-9270-71709EE02F2F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{39F539D7-58C9-4D4C-B4F1-BD6A9BB31FF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{B4BB2B28-F7CB-4574-A360-A8BA480BDB34}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Divinity - Original Sin\Shipping\EoCApp.exe
FirewallRules: [{06BB19E6-C583-4B0A-A9DC-7B72CF595234}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Divinity - Original Sin\Shipping\EoCApp.exe
FirewallRules: [TCP Query User{E15AEAF8-E81E-4906-B616-435AA07AE304}C:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe
FirewallRules: [UDP Query User{7379CB63-19E7-4658-9A08-77A95A6ED298}C:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe
FirewallRules: [{939DA250-2DEE-4ACF-AAA0-B2CEA0D6755B}] => (Allow) C:\windows.old.000\program files\steam\steamapps\common\eve online\bin\exefile.exe
FirewallRules: [{68D527D9-CDE8-44D0-ABAD-24D2FEDE2094}] => (Allow) C:\windows.old.000\program files\steam\steamapps\common\eve online\bin\exefile.exe
FirewallRules: [{0B266AC4-FDA5-4382-8F79-E8724805C6BE}] => (Allow) C:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe
FirewallRules: [{C6EA82AF-1831-483A-BFF6-3AF082AD2CF1}] => (Allow) C:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe
FirewallRules: [{851F30EB-557E-4FE5-8ED0-9062B10B60DC}] => (Allow) C:\Users\John\Downloads\uTorrent.exe
FirewallRules: [{CA525B00-17DD-4BAC-A8B5-3431A4F7828F}] => (Allow) C:\Users\John\Downloads\uTorrent.exe
FirewallRules: [TCP Query User{379D4864-4419-4CB7-B52E-83FD60C681D9}C:\program files (x86)\ccp\eve\bin\exefile.exe] => (Allow) C:\program files (x86)\ccp\eve\bin\exefile.exe
FirewallRules: [UDP Query User{70F855CB-FCE4-444D-AC43-C81C628531E4}C:\program files (x86)\ccp\eve\bin\exefile.exe] => (Allow) C:\program files (x86)\ccp\eve\bin\exefile.exe
FirewallRules: [{A8EE1EBF-3C22-4194-A3FC-88818761376F}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{406D1596-7340-45DB-A268-55EE8F8B82FB}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{C963CE03-0D9C-4250-B6A3-618B50D9A9B3}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{B5228873-A060-4F4C-8473-416F2D1DD65B}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{07759962-C8CE-4EC1-99A5-874911D1C450}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{56BA7AB4-2C47-44F4-A17A-C657108C9AC5}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{C40008D3-D090-4302-9F7F-9A6A37347F3F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{304BCC7B-FC1B-4229-8BA3-FD796FDEBC48}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [{40780BBF-65AF-4E6A-A9FE-0607AE2FE139}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [{C88050F1-C283-4A71-9C13-3EB6470AE30D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Skullgirls\SkullGirls.exe
FirewallRules: [{3DFA7C15-31DA-4543-94AF-840FF8653844}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Skullgirls\SkullGirls.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/28/2015 04:31:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmprph.exe, version: 12.0.7600.16385, time stamp: 0x4a5bd018
Faulting module name: ntdll.dll, version: 6.1.7601.18798, time stamp: 0x5507b864
Exception code: 0xc0000005
Fault offset: 0x000000000004ad94
Faulting process id: 0x15dc
Faulting application start time: 0xwmprph.exe0
Faulting application path: wmprph.exe1
Faulting module path: wmprph.exe2
Report Id: wmprph.exe3

Error: (05/27/2015 03:46:33 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485933

Error: (05/27/2015 03:46:33 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x5; CorrelationId: {08501130-FBE6-4EA9-9DC3-011930F46D26}

Error: (05/26/2015 03:46:42 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485933

Error: (05/26/2015 03:46:42 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x5; CorrelationId: {06FC86BD-F9EB-4F18-AD2C-FACE8BE46A37}

Error: (05/25/2015 08:10:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: sysmain.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9db
Exception code: 0xc0000005
Fault offset: 0x000000000001a6ba
Faulting process id: 0x7f0
Faulting application start time: 0xsvchost.exe_SysMain0
Faulting application path: svchost.exe_SysMain1
Faulting module path: svchost.exe_SysMain2
Report Id: svchost.exe_SysMain3

Error: (05/24/2015 09:31:12 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485933

Error: (05/24/2015 09:31:12 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x5; CorrelationId: {1A75D6F0-588E-4B42-85E3-0E6613322930}

Error: (05/23/2015 06:50:45 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (05/23/2015 06:50:26 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.


System errors:
=============
Error: (06/04/2015 11:40:10 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (06/03/2015 09:48:16 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (06/03/2015 00:49:46 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (06/02/2015 04:27:57 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (06/02/2015 11:45:26 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (06/01/2015 10:13:43 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (05/31/2015 11:00:47 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (05/29/2015 01:48:10 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (05/29/2015 01:43:01 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (05/28/2015 00:08:13 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom


Microsoft Office:
=========================
Error: (05/28/2015 04:31:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wmprph.exe12.0.7600.163854a5bd018ntdll.dll6.1.7601.187985507b864c0000005000000000004ad9415dc01d09985445173f5C:\Program Files\Windows Media Player\wmprph.exeC:\Windows\SYSTEM32\ntdll.dll82839423-0578-11e5-b431-bc5ff4650ae9

Error: (05/27/2015 03:46:33 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485933

Error: (05/27/2015 03:46:33 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x5; CorrelationId: {08501130-FBE6-4EA9-9DC3-011930F46D26}

Error: (05/26/2015 03:46:42 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485933

Error: (05/26/2015 03:46:42 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x5; CorrelationId: {06FC86BD-F9EB-4F18-AD2C-FACE8BE46A37}

Error: (05/25/2015 08:10:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc3c1sysmain.dll6.1.7601.175144ce7c9dbc0000005000000000001a6ba7f001d096f88771b60fC:\Windows\system32\svchost.exec:\windows\system32\sysmain.dlla91eccdb-033b-11e5-957c-bc5ff4650ae9

Error: (05/24/2015 09:31:12 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485933

Error: (05/24/2015 09:31:12 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x5; CorrelationId: {1A75D6F0-588E-4B42-85E3-0E6613322930}

Error: (05/23/2015 06:50:45 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: c:\program files (x86)\Steam\steamapps\downloading\221100\DayZ.exec:\program files (x86)\Steam\steamapps\downloading\221100\DayZ.exe0

Error: (05/23/2015 06:50:26 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 37%
Total physical RAM: 8087.01 MB
Available physical RAM: 5048.61 MB
Total Pagefile: 11540.41 MB
Available Pagefile: 8128.62 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive b: () (RAMDisk) (Total:464.54 GB) (Free:8.77 GB) NTFS
Drive c: () (Fixed) (Total:464.54 GB) (Free:7.52 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B11FC2EC)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=464.5 GB) - (Type=07 NTFS)

==================== End of log ============================
ihateviruses423
Active Member
 
Posts: 7
Joined: June 2nd, 2015, 3:40 pm

Re: Google Analytics Virus

Unread postby ihateviruses423 » June 4th, 2015, 12:03 pm

I would like to note that I did go into my host file and delete the

"Hosts: 146.0.75.221 www.google-analytics.com .
Hosts: 146.0.75.221 google-analytics.com.
Hosts: 146.0.75.221 connect.facebook.net.
Hosts: 146.0.75.221 bing.com.
Hosts: 146.0.75.221 www.bing.com .
Hosts: 79.142.66.242 www.google-analytics.com .
Hosts: 79.142.66.242 google-analytics.com.
Hosts: 79.142.66.242 connect.facebook.net.
Hosts: 79.142.66.242 bing.com.
Hosts: 79.142.66.242 www.bing.com . "

text that was in their, and that has seemed to solve the problem. I'm not sure though if the virus is still on my computer.
ihateviruses423
Active Member
 
Posts: 7
Joined: June 2nd, 2015, 3:40 pm

Re: Google Analytics Virus

Unread postby Gary R » June 4th, 2015, 1:07 pm

Your log shows a large number of startup items that have been disabled by the use of MSCONFIG.

Msconfig was meant to be used to temporarily disable startup items for the purpose of fault finding, it was NOT meant to be used as a way to permanently disable them.

If you don't wish them to start at bootup let me know and I'll disable them properly, but in the meantime I need you to re-enable them for me.

  • Click Start and in the search programs and files box type msconfig
  • Click on msconfig.exe at the top of the list of items found.
  • When the System Configuration window opens, click on the Startup tab.
  • Now click on Enable all and then click OK
  • Now reboot your computer, and allow any prompts displayed.

Next ...

Re-run your FRST scan using the instructions below ...

  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to disclaimer.
    • please ensure the Addition.txt button is checked (otherwise that log will not be produced).
    • Press the Scan button.
    • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them separately in your next reply.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21863
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Google Analytics Virus

Unread postby ihateviruses423 » June 4th, 2015, 2:24 pm

dditional scan result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
Ran by John at 2015-06-04 14:20:16
Running from C:\Users\John\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2270263200-2199008938-408583840-500 - Administrator - Disabled)
Guest (S-1-5-21-2270263200-2199008938-408583840-501 - Limited - Disabled)
John (S-1-5-21-2270263200-2199008938-408583840-1000 - Administrator - Enabled) => C:\Users\John

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{E4490157-303F-F06F-FB6E-D2053A43A182}) (Version: 8.0.873.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASRock App Charger v1.0.5 (HKLM\...\ASRock App Charger_is1) (Version: - ASRock Inc.)
ASRock eXtreme Tuner v0.1.248 (HKLM-x32\...\ASRock eXtreme Tuner_is1) (Version: - )
ASRock InstantBoot v1.29 (HKLM-x32\...\ASRock InstantBoot_is1) (Version: - )
ASRock SmartConnect v1.0.6 (HKLM\...\ASRock SmartConnect_is1) (Version: - ASRock Inc.)
ASRock XFast RAM v2.0.9 (HKLM\...\ASRock XFast RAM_is1) (Version: - ASRock Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Clownfish for Skype (HKLM-x32\...\Clownfish) (Version: - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1611_37043 - CyberLink Corp.)
DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)
Divinity: Original Sin (HKLM-x32\...\Steam App 230230) (Version: - Larian Studios)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
EasyBoost (HKLM-x32\...\InstallShield_{41910260-4532-4734-8181-3E8AFDBB05D7}) (Version: 1.0.7.1 - GIGABYTE)
EasyBoost (x32 Version: 1.0.7.1 - GIGABYTE) Hidden
Endless Space (HKLM-x32\...\Steam App 208140) (Version: - AMPLITUDE Studios)
EVE Isk per Hour (HKLM-x32\...\{7A37BE74-5767-407A-8145-098EF7DA02FB}) (Version: 3.1 - EVE IPH)
EVE Online (HKLM-x32\...\{51153409-857E-4979-A6C0-9FD81066E5F2}) (Version: 3.0.0 - CCP Games Ltd.)
EVEMon (HKLM-x32\...\EVEMon) (Version: 1.9.4 - battleclinic.com)
FileParade bundle uninstaller (HKLM-x32\...\FileParade bundle uninstaller) (Version: 1.0.0.0 - FileParade) <==== ATTENTION
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version: - Subset Games)
GameRanger (HKU\S-1-5-21-2270263200-2199008938-408583840-1000\...\GameRanger) (Version: - GameRanger Technologies)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - )
GCFScape 1.8.5 (HKLM\...\GCFScape_is1) (Version: - Ryan Gregg)
Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Happy Wars (HKLM-x32\...\Steam App 246280) (Version: - Toylogic inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version: - Reto-Moto)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.2.0.1006 - Intel Corporation)
Intel(R) Smart Connect Technology 2.0 x64 (HKLM\...\{D1B033E8-A077-4B0D-9831-5798E19E861E}) (Version: 2.0.1083.0 - Intel)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
LG United Mobile Drivers (HKLM-x32\...\{55031CEF-CE75-4A5C-8DEA-60577820529B}) (Version: 3.10.1.0 - LG Electronics)
Linksys Wireless-G PCI Adapter (HKLM-x32\...\{4DDC3BED-CC68-44AA-B435-D727B620CA5B}) (Version: - )
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.10.106.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4719.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version: - TaleWorlds Entertainment)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.5 - Notepad++ Team)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version: - Sony Online Entertainment)
PlanetSide 2 (HKU\S-1-5-21-2270263200-2199008938-408583840-1000\...\SOE-PlanetSide 2) (Version: - Sony Online Entertainment)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
Ralink RT6x Wireless LAN Card (HKLM-x32\...\{FAB1F336-1B7C-4057-A7BC-2922CD82A781}) (Version: 1.5.4.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)
Rise of Nations: Extended Edition (HKLM-x32\...\Steam App 287450) (Version: - SkyBox Labs)
Rising Storm/Red Orchestra 2 Multiplayer (HKLM-x32\...\Steam App 35450) (Version: - Tripwire Interactive)
Risk of Rain (HKLM-x32\...\Steam App 248820) (Version: - )
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
Skullgirls (HKLM-x32\...\Steam App 245170) (Version: - Lab Zero Games)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)
SmartView for IE (HKLM-x32\...\{C448EA30-BB7F-4D42-83BC-385EBA140AF2}) (Version: 1.0.4.1 - DeviceVM, Inc.) <==== ATTENTION
SmartView Software Updater (HKLM-x32\...\{5B0CE14A-B9B6-4E25-A1BE-3EEC1998AC2C}) (Version: 1.0.4.1 - DeviceVM, Inc.) <==== ATTENTION
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 2.0.2574.0 - Hi-Rez Studios)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Star Wars Battlefront II (HKLM-x32\...\{3D374523-CFDE-461A-827E-2A102E2AB365}) (Version: 1.0 - LucasArts)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Strife (HKLM-x32\...\Strife) (Version: - S2 Games)
System Requirements Lab Detection (HKLM-x32\...\{3E960D09-F42D-4167-AA4D-0B95A79695CD}) (Version: 2.2.1.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKU\S-1-5-21-2270263200-2199008938-408583840-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.25942 - TeamViewer)
THX TruStudio (HKLM-x32\...\{AFB907F5-C0E6-4753-8284-DE955EF86AC2}) (Version: 1.00.01 - Creative Technology Limited)
Total War: ROME II - Emperor Edition (HKLM-x32\...\Steam App 214950) (Version: - Creative Assembly)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
Unity Web Player (HKU\S-1-5-21-2270263200-2199008938-408583840-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VIRTU MVP 2.1.111 (HKLM\...\VIRTU MVP_is1) (Version: 2.1.111 - Lucidlogix Technologies LTD)
War Thunder (HKLM-x32\...\Steam App 236390) (Version: - Gaijin Entertainment)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
XFast LAN v6.61 (HKLM\...\XFast LAN) (Version: 6.61 - cFos Software GmbH, Bonn)
XFastUSB (HKLM-x32\...\XFastUSB) (Version: 3.02.30 - ASRock Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2270263200-2199008938-408583840-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2015-06-02 19:22 - 00001147 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1B11725C-1D48-46F6-B904-B8BB90209C57} - System32\Tasks\{D42C2FA5-FF57-46DB-A87E-28C4725CCF9B} => C:\Program Files (x86)\CCP\EVE\eve.exe [2015-03-18] (CCP hf.)
Task: {22BD8C74-ED53-4A2E-AE4C-C163F826F654} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-18] (Google Inc.)
Task: {2B6AC16F-47D3-4A82-B2C9-58416580849E} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2013-12-29] (Microsoft Corporation)
Task: {3D1794CE-5E6E-48CD-9F5C-1A2276D9336B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-18] (Google Inc.)
Task: {4513ACE6-987A-4750-B44F-FBDDE212F922} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5144D03D-12FF-46C4-823A-8899BB375E4B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {58A1467F-0C61-47F8-8768-6B846C499306} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {72708BA2-063E-4E67-B12D-32F029567B2E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {944CF6D0-1E80-4A95-AA72-844140E1FC19} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {94D19B57-7920-4526-BD89-505ACA2AC472} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {99E573BD-B337-4432-BB3A-712CF8DDE12B} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-19] (Microsoft Corporation)
Task: {A3A6D9C8-4FE9-4B38-8815-0E67807E62A1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {A90CCDF0-E2EE-444D-BD5B-3C4310111D32} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {B55ED9CF-98F1-4218-A153-6F0A82318DAC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {DCC8144B-BC52-45FB-829D-642B01D34BDC} - System32\Tasks\{2CFB5EE6-79BF-4CEC-A39B-0F10ABC8E6FC} => C:\Program Files (x86)\CCP\EVE\eve.exe [2015-03-18] (CCP hf.)
Task: {DF282909-423B-4A78-A6A1-F229C0F82EFD} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {EB21F4BE-4B2B-492D-8FCC-6D2F0DFA5DCF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {FEDF1FAF-BBC9-4EC4-89AB-A0AC906F8567} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2011-04-11] (CyberLink)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe

==================== Loaded Modules (Whitelisted) ==============

2014-09-03 19:34 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-02-02 15:17 - 2015-04-30 15:11 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-03-16 15:27 - 2015-01-27 11:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-03-16 15:27 - 2015-01-27 10:13 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2013-12-27 23:00 - 2009-08-20 22:59 - 00860160 _____ () C:\Program Files (x86)\Ralink\Common\RaWLAPI.dll
2012-12-07 10:16 - 2012-12-07 10:16 - 22224096 _____ () C:\Users\John\AppData\Roaming\GameRanger\GameRanger Prefs\Components\libcef.dll
2015-05-25 21:43 - 2015-05-22 16:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll
2015-05-25 21:43 - 2015-05-22 16:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll
2014-11-18 16:21 - 2014-11-18 16:21 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2015-03-16 15:27 - 2015-01-27 10:13 - 08898720 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\1033\GrooveIntlResource.dll
2014-09-03 19:34 - 2014-09-03 19:37 - 00196264 _____ () C:\Program Files\Microsoft Office 15\root\office15\IEAWSDC.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7868 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2270263200-2199008938-408583840-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 8.8.8.8

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: cFosSpeedS => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HiPatchService => 2
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel(R) ME Service => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: ISCTAgent => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: RalinkRegistryWriter => 2
MSCONFIG\Services: RalinkRegistryWriter64 => 2
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SmartViewService => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: WCUService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk => C:\Windows\pss\Ralink Wireless Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^flashsec.lnk => C:\Windows\pss\flashsec.lnk.Startup
MSCONFIG\startupfolder: C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^flashupdate.lnk => C:\Windows\pss\flashupdate.lnk.Startup
MSCONFIG\startupfolder: C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GameRanger.lnk => C:\Windows\pss\GameRanger.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AMD AVT => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Clownfish => "C:\Program Files (x86)\Clownfish\Clownfish.exe"
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SmartViewAgent => "C:\Program Files (x86)\DeviceVM\SmartView\SmartViewAgent.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: THX TruStudio NB Settings => "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
MSCONFIG\startupreg: THXCfg64 => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: VIRTU MVP => C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe /hide
MSCONFIG\startupreg: XFast LAN => C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe
MSCONFIG\startupreg: XFastUSB => "C:\Program Files (x86)\XFastUSB\XFastUsb.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{CE3DA1A1-567E-479B-A3CB-8C443005D85E}C:\users\john\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\john\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [UDP Query User{FB0B56ED-AE25-4C69-BC66-A5D400190554}C:\users\john\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\john\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [TCP Query User{2F7DA1F6-4CD8-4F72-A400-3D4B14986626}C:\users\john\desktop\skype.exe] => (Allow) C:\users\john\desktop\skype.exe
FirewallRules: [UDP Query User{088D8DD9-3D93-44A7-8697-60FEB1D738F8}C:\users\john\desktop\skype.exe] => (Allow) C:\users\john\desktop\skype.exe
FirewallRules: [{3DBEBD70-8A25-4642-AFAC-55435CB8498E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{87EA8BD4-62C4-4456-9EED-0F9AFD58B8DD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{17BBDF75-F0D6-41F1-9A2F-BB71ECE30A3E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Counter-Strike Source\hl2.exe
FirewallRules: [{B5EFF93A-79D5-4A77-B40B-8B1C248C097A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Counter-Strike Source\hl2.exe
FirewallRules: [{0CADAC5B-60D3-4AB3-B5E9-921E60CA410A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\dota 2 beta\dota.exe
FirewallRules: [{2D892611-F53C-49CB-8EC2-AA2F1DDAE1F8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\dota 2 beta\dota.exe
FirewallRules: [{869702D8-86C8-4D34-81C1-E5C46C890266}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{31B28B44-0A62-49F9-848C-69A21FC4C88C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{603A2F84-8E42-44D3-B157-3DD8084C6B70}C:\program files (x86)\steam\steamapps\common\happywars\happywars.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\happywars\happywars.exe
FirewallRules: [UDP Query User{9CE5D883-4B75-42EB-9AAD-B9AC54A7860E}C:\program files (x86)\steam\steamapps\common\happywars\happywars.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\happywars\happywars.exe
FirewallRules: [{FFE47F90-4DA0-4423-89A9-E2A05C84FC21}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{52DCEAAB-280A-47E3-BFE4-F200324EC1E8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\MountBlade Warband\mb_warband.exe
FirewallRules: [{2B036743-9B46-4409-9AE3-A10A45F570D5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\MountBlade Warband\mb_warband.exe
FirewallRules: [{FFCA8AC4-8C13-429E-AEE5-FF762C366D04}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{93C87920-A3E5-4F8B-B819-8BFE2EBEFC0E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{55311719-F11C-4D7A-A42F-4936AE85326F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\DayZ\DayZ.exe
FirewallRules: [{36535085-3B37-46CD-AE24-629A4869DCEC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\DayZ\DayZ.exe
FirewallRules: [TCP Query User{AF5C20B6-47D5-468D-9426-F92E528355AF}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{324443B7-8565-48BA-8F48-F86890A1A6EF}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{C2F584DE-DE9F-4D13-A4F6-3620D91B7352}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Unturned\Unturned.exe
FirewallRules: [{CE74146A-D85E-4CE2-8551-3CDA9851133C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Unturned\Unturned.exe
FirewallRules: [{803070F9-2B55-43FF-B14A-59E3F0454513}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\AMD Driver Updater, Vista and 7, 64 bit\Setup.exe
FirewallRules: [{D7F481B9-F5F2-4286-AE83-8382DD4CA38D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\AMD Driver Updater, Vista and 7, 64 bit\Setup.exe
FirewallRules: [TCP Query User{B8635650-238A-4634-85D9-6FC38B273020}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{11E3C1A0-DA4E-4E8A-9F6F-33BF584571DD}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [TCP Query User{217734B4-BD06-4B19-9FDC-5E18B406729F}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{174F594B-A8B9-40B2-9B25-150AF9B079BE}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{F0C8CD44-B80C-4CBB-9E30-7914BF761430}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{57E77D83-D7C1-448C-9E06-4D88C67081C8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{5ACAE282-FBE2-464C-815B-003D24A82158}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{DCA414C3-E405-4CD8-87AE-579B3EF92B18}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{84C94D1C-228E-4F5A-AE28-0841AF146140}] => (Allow) LPort=80
FirewallRules: [{F4A80D76-8C50-4DF0-97F1-7A13AC8072B6}] => (Allow) LPort=443
FirewallRules: [{06446E18-D382-4BCA-96A5-FCDEEF9A0D1A}] => (Allow) LPort=20010
FirewallRules: [{A3E68AD1-40C8-43E3-A78B-7BC34FE74A43}] => (Allow) LPort=3478
FirewallRules: [{869AE4B3-90B9-4198-9765-42AD1DE024E2}] => (Allow) LPort=7850
FirewallRules: [{4AF237A6-A244-4C1D-BC09-668AD29337B1}] => (Allow) LPort=7852
FirewallRules: [{3A6DF762-6FDB-4AD5-B40F-ECBE6A831013}] => (Allow) LPort=7853
FirewallRules: [{B9E1B06F-A189-40E5-940B-EC7D6B001779}] => (Allow) LPort=27022
FirewallRules: [{B6A1A07A-9685-437E-99B9-7D7ADE130746}] => (Allow) LPort=6881
FirewallRules: [{80F68BF8-6642-4568-9751-059D1D9A14DE}] => (Allow) LPort=33333
FirewallRules: [{23E4C5B4-150B-4917-B21D-7AFE1CB18124}] => (Allow) LPort=20443
FirewallRules: [{911D6894-2A62-4849-936A-E4C2C52C733B}] => (Allow) LPort=8090
FirewallRules: [{A06B322A-D35D-4C21-A148-A455767097DB}] => (Allow) C:\Program Files (x86)\WarThunder\launcher.exe
FirewallRules: [{24D3F07A-0D30-43A6-960A-E31E03D61AB6}] => (Allow) C:\Program Files (x86)\WarThunder\launcher.exe
FirewallRules: [TCP Query User{479D1637-A44D-4CD1-BD8A-113514FD158B}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [UDP Query User{B30CC9E1-C6E8-4851-8881-5C695AABE456}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [{F6E897C9-AE94-4E41-A7DA-7F748F69B0F2}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{56B3E630-6E82-4585-8E9B-E4382CCE1AA8}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{29E32B4D-B3CE-4E3D-8BFE-C8205BE1B4ED}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{6442C09E-19E6-42CA-98E8-D5E96859EA74}] => (Allow) C:\Windows.old.000\Program Files\Steam\SteamApps\Common\GarrysMod\hl2.exe
FirewallRules: [{C7C09E8F-FAD3-4D5C-9DDA-8FD7CFB93A44}] => (Allow) C:\Windows.old.000\Program Files\Steam\SteamApps\Common\GarrysMod\hl2.exe
FirewallRules: [{2EFF73FD-EC3A-4F3C-841A-00EA38E6FD65}] => (Allow) C:\Windows.old.000\Program Files\Steam\SteamApps\Common\Just Cause 2 - Multiplayer Mod\JcmpLauncher.exe
FirewallRules: [{30376EBD-BE22-49C4-92E7-3A0E6356E5BD}] => (Allow) C:\Windows.old.000\Program Files\Steam\SteamApps\Common\Just Cause 2 - Multiplayer Mod\JcmpLauncher.exe
FirewallRules: [{EE510959-A976-4CEF-A35D-69F14C223E81}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Endless Space\EndlessSpace.exe
FirewallRules: [{58F23830-DB4D-4C30-A58D-40DEB3B0117B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Endless Space\EndlessSpace.exe
FirewallRules: [{6737BFF1-F512-401E-835A-A0A681258517}] => (Allow) C:\Windows.old.000\Program Files\Steam\SteamApps\Common\Eve Online\eve.exe
FirewallRules: [{51AA14AA-258D-40B9-9B72-65A045B112CB}] => (Allow) C:\Windows.old.000\Program Files\Steam\SteamApps\Common\Eve Online\eve.exe
FirewallRules: [{A643D35C-55C9-46C5-B2DE-D0A6CBCCE5E5}] => (Allow) C:\Windows.old.000\Program Files\Steam\SteamApps\Common\Just Cause 2 - Multiplayer Mod\JcmpLauncher.exe
FirewallRules: [{807D52B4-FF32-40B7-B9E9-84BDEB2F0BE8}] => (Allow) C:\Windows.old.000\Program Files\Steam\SteamApps\Common\Just Cause 2 - Multiplayer Mod\JcmpLauncher.exe
FirewallRules: [{AE65DE4D-4A10-4257-BD39-D098D17C65C2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Unturned\Unturned.exe
FirewallRules: [{50E481FA-CA5D-4289-8617-C07114C0A8A8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Unturned\Unturned.exe
FirewallRules: [{6F77DCD5-C0ED-4E3A-B363-9B4E3649E141}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\War Thunder\launcher.exe
FirewallRules: [{6E889411-E780-46BD-9CDE-A904F3FA22FB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\War Thunder\launcher.exe
FirewallRules: [TCP Query User{34BFA7AA-44FA-44B1-9634-B3A0FA612317}C:\windows.old.000\program files\steam\steamapps\common\war thunder\launcher.exe] => (Allow) C:\windows.old.000\program files\steam\steamapps\common\war thunder\launcher.exe
FirewallRules: [UDP Query User{CA68EA0E-42EB-47A4-A775-B16AF9657A72}C:\windows.old.000\program files\steam\steamapps\common\war thunder\launcher.exe] => (Allow) C:\windows.old.000\program files\steam\steamapps\common\war thunder\launcher.exe
FirewallRules: [TCP Query User{CD8C0722-0A05-4A62-A511-7F430382C989}C:\windows.old.000\program files\steam\steamapps\common\eve online\bin\exefile.exe] => (Allow) C:\windows.old.000\program files\steam\steamapps\common\eve online\bin\exefile.exe
FirewallRules: [UDP Query User{9B3EDBE1-3E83-482E-AB1F-DD4A90E63E3C}C:\windows.old.000\program files\steam\steamapps\common\eve online\bin\exefile.exe] => (Allow) C:\windows.old.000\program files\steam\steamapps\common\eve online\bin\exefile.exe
FirewallRules: [TCP Query User{E7BC9C20-CF38-4E23-8815-2143A6F0CC9A}C:\windows.old.000\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe] => (Allow) C:\windows.old.000\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [UDP Query User{0563AA4E-84A5-4D38-9D10-6D55F822514B}C:\windows.old.000\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe] => (Allow) C:\windows.old.000\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{A2ADE3B2-6589-43B0-8DF6-A8CB1554975A}] => (Allow) C:\Windows.old.000\Program Files\Steam\SteamApps\Common\Kerbal Space Program\KSP.exe
FirewallRules: [{A1B83DCF-C95C-43CA-91E4-58513EB11FAC}] => (Allow) C:\Windows.old.000\Program Files\Steam\SteamApps\Common\Kerbal Space Program\KSP.exe
FirewallRules: [TCP Query User{AC918B04-13EE-4C20-8EC9-73C68F67BC07}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{B0564453-6E6F-40D2-AD68-E70B22FFF98B}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [{35C6D0F4-013C-4E2F-BE16-7675B14F1340}] => (Allow) C:\Users\John\Downloads\uTorrent.exe
FirewallRules: [{09948C43-3B68-49B7-838C-478E3F141D2B}] => (Allow) C:\Users\John\Downloads\uTorrent.exe
FirewallRules: [TCP Query User{5425980B-2494-454C-B86F-A6C6AC06E208}C:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe] => (Allow) C:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe
FirewallRules: [UDP Query User{2D75F0B9-BC29-4A39-AF8E-489E17E71A9B}C:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe] => (Allow) C:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe
FirewallRules: [TCP Query User{893DF295-5040-47C6-97D7-5AE7D18E04C5}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [UDP Query User{F529472A-7D72-470A-A4F3-EB07907C3315}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [{9E163583-B661-4EC7-B655-6AF415F619B0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\DayZ\DayZ_BE.exe
FirewallRules: [{ECF5799E-BC47-4D3F-906A-166CA857DBD8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\DayZ\DayZ_BE.exe
FirewallRules: [{D55FAB52-53F4-4993-8AB0-A27EE9C248BE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{8D2D2C32-ED76-4EC9-AA2C-754343D81847}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{144D5124-04FB-4E1C-91F1-9FF76C794B51}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\War Thunder\launcher.exe
FirewallRules: [{838C80B5-7DB2-41B3-BDCE-E342C29E18C4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\War Thunder\launcher.exe
FirewallRules: [{1B45D462-5685-4228-BAF1-33B25B59D8F7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{CE3B1D97-B493-4DBF-807B-5FE45294903F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{26E5A4FD-1EFA-454F-ADB8-C6F1DCB7937E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\PlanetSide 2\LaunchPad.exe
FirewallRules: [{FA592867-BB59-4383-989F-4CFAD2C47D85}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\PlanetSide 2\LaunchPad.exe
FirewallRules: [{D8BB604C-F88C-40C1-A5B9-4530E3EA489A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Red Orchestra 2\Binaries\Win32\ROGame.exe
FirewallRules: [{6C3679B8-8F66-4173-A021-376557A820FB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Red Orchestra 2\Binaries\Win32\ROGame.exe
FirewallRules: [TCP Query User{93EE6674-C7E3-4A2A-A56D-3BB35E2E3FEE}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [UDP Query User{061CA40E-09C7-4F03-8E61-E4B2D947941B}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [{166EA4B7-09FC-462C-885D-BEFDB0CCAEEA}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{F2103994-2351-4C06-9DBE-13D5DDDD2925}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{5DA7FC47-472B-4409-AEDD-4FBAB2982373}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{CBB48A29-2D91-4D9A-834A-788A51333D6E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{EF87FA39-632C-43E6-99E6-1807D4966DE3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{C3263D24-AA94-4F91-A54D-3246282A8B5D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{E9C56FAC-CF53-49EE-8773-F82679291645}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{2ECFA91E-A284-4294-B37D-DC932F4B2E1C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{73CCC846-3A67-460E-81E0-46BE47DF16B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{AA83E332-FA87-402E-8574-528D481ECBC6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{09B43E63-88B7-4DD8-8C1D-1F71D91AAAD9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{043CB9DC-5C8B-4560-BB2D-EAEC7A67A244}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{716A62E6-D426-487C-A87B-047157F74846}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{E35CD8B8-5D5F-4F0A-92B3-B6BCCDC0F037}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{C662941D-F89D-4AA2-AAF2-A37A333225DB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{FD581595-AA70-4938-8F56-982AFB4F2EE5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{F767A4F5-18F6-44BD-9270-71709EE02F2F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{39F539D7-58C9-4D4C-B4F1-BD6A9BB31FF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{B4BB2B28-F7CB-4574-A360-A8BA480BDB34}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Divinity - Original Sin\Shipping\EoCApp.exe
FirewallRules: [{06BB19E6-C583-4B0A-A9DC-7B72CF595234}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Divinity - Original Sin\Shipping\EoCApp.exe
FirewallRules: [TCP Query User{E15AEAF8-E81E-4906-B616-435AA07AE304}C:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe
FirewallRules: [UDP Query User{7379CB63-19E7-4658-9A08-77A95A6ED298}C:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe
FirewallRules: [{939DA250-2DEE-4ACF-AAA0-B2CEA0D6755B}] => (Allow) C:\windows.old.000\program files\steam\steamapps\common\eve online\bin\exefile.exe
FirewallRules: [{68D527D9-CDE8-44D0-ABAD-24D2FEDE2094}] => (Allow) C:\windows.old.000\program files\steam\steamapps\common\eve online\bin\exefile.exe
FirewallRules: [{0B266AC4-FDA5-4382-8F79-E8724805C6BE}] => (Allow) C:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe
FirewallRules: [{C6EA82AF-1831-483A-BFF6-3AF082AD2CF1}] => (Allow) C:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe
FirewallRules: [{851F30EB-557E-4FE5-8ED0-9062B10B60DC}] => (Allow) C:\Users\John\Downloads\uTorrent.exe
FirewallRules: [{CA525B00-17DD-4BAC-A8B5-3431A4F7828F}] => (Allow) C:\Users\John\Downloads\uTorrent.exe
FirewallRules: [TCP Query User{379D4864-4419-4CB7-B52E-83FD60C681D9}C:\program files (x86)\ccp\eve\bin\exefile.exe] => (Allow) C:\program files (x86)\ccp\eve\bin\exefile.exe
FirewallRules: [UDP Query User{70F855CB-FCE4-444D-AC43-C81C628531E4}C:\program files (x86)\ccp\eve\bin\exefile.exe] => (Allow) C:\program files (x86)\ccp\eve\bin\exefile.exe
FirewallRules: [{A8EE1EBF-3C22-4194-A3FC-88818761376F}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{406D1596-7340-45DB-A268-55EE8F8B82FB}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{C963CE03-0D9C-4250-B6A3-618B50D9A9B3}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{B5228873-A060-4F4C-8473-416F2D1DD65B}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{07759962-C8CE-4EC1-99A5-874911D1C450}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{56BA7AB4-2C47-44F4-A17A-C657108C9AC5}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{C40008D3-D090-4302-9F7F-9A6A37347F3F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{304BCC7B-FC1B-4229-8BA3-FD796FDEBC48}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [{40780BBF-65AF-4E6A-A9FE-0607AE2FE139}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [{C88050F1-C283-4A71-9C13-3EB6470AE30D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Skullgirls\SkullGirls.exe
FirewallRules: [{3DFA7C15-31DA-4543-94AF-840FF8653844}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\Common\Skullgirls\SkullGirls.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/28/2015 04:31:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmprph.exe, version: 12.0.7600.16385, time stamp: 0x4a5bd018
Faulting module name: ntdll.dll, version: 6.1.7601.18798, time stamp: 0x5507b864
Exception code: 0xc0000005
Fault offset: 0x000000000004ad94
Faulting process id: 0x15dc
Faulting application start time: 0xwmprph.exe0
Faulting application path: wmprph.exe1
Faulting module path: wmprph.exe2
Report Id: wmprph.exe3

Error: (05/27/2015 03:46:33 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485933

Error: (05/27/2015 03:46:33 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x5; CorrelationId: {08501130-FBE6-4EA9-9DC3-011930F46D26}

Error: (05/26/2015 03:46:42 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485933

Error: (05/26/2015 03:46:42 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x5; CorrelationId: {06FC86BD-F9EB-4F18-AD2C-FACE8BE46A37}

Error: (05/25/2015 08:10:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: sysmain.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9db
Exception code: 0xc0000005
Fault offset: 0x000000000001a6ba
Faulting process id: 0x7f0
Faulting application start time: 0xsvchost.exe_SysMain0
Faulting application path: svchost.exe_SysMain1
Faulting module path: svchost.exe_SysMain2
Report Id: svchost.exe_SysMain3

Error: (05/24/2015 09:31:12 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485933

Error: (05/24/2015 09:31:12 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x5; CorrelationId: {1A75D6F0-588E-4B42-85E3-0E6613322930}

Error: (05/23/2015 06:50:45 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (05/23/2015 06:50:26 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.


System errors:
=============
Error: (06/04/2015 01:44:04 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (06/04/2015 01:39:31 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
cFosSpeed

Error: (06/04/2015 01:39:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error:
%%1058

Error: (06/04/2015 01:36:03 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (06/04/2015 01:36:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error:
%%1058

Error: (06/04/2015 01:20:45 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (06/04/2015 11:40:10 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (06/03/2015 09:48:16 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (06/03/2015 00:49:46 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (06/02/2015 04:27:57 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom


Microsoft Office:
=========================
Error: (05/28/2015 04:31:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wmprph.exe12.0.7600.163854a5bd018ntdll.dll6.1.7601.187985507b864c0000005000000000004ad9415dc01d09985445173f5C:\Program Files\Windows Media Player\wmprph.exeC:\Windows\SYSTEM32\ntdll.dll82839423-0578-11e5-b431-bc5ff4650ae9

Error: (05/27/2015 03:46:33 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485933

Error: (05/27/2015 03:46:33 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x5; CorrelationId: {08501130-FBE6-4EA9-9DC3-011930F46D26}

Error: (05/26/2015 03:46:42 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485933

Error: (05/26/2015 03:46:42 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x5; CorrelationId: {06FC86BD-F9EB-4F18-AD2C-FACE8BE46A37}

Error: (05/25/2015 08:10:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc3c1sysmain.dll6.1.7601.175144ce7c9dbc0000005000000000001a6ba7f001d096f88771b60fC:\Windows\system32\svchost.exec:\windows\system32\sysmain.dlla91eccdb-033b-11e5-957c-bc5ff4650ae9

Error: (05/24/2015 09:31:12 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485933

Error: (05/24/2015 09:31:12 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x5; CorrelationId: {1A75D6F0-588E-4B42-85E3-0E6613322930}

Error: (05/23/2015 06:50:45 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: c:\program files (x86)\Steam\steamapps\downloading\221100\DayZ.exec:\program files (x86)\Steam\steamapps\downloading\221100\DayZ.exe0

Error: (05/23/2015 06:50:26 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 24%
Total physical RAM: 8087.01 MB
Available physical RAM: 6072.31 MB
Total Pagefile: 11313.33 MB
Available Pagefile: 9103.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:464.54 GB) (Free:7.87 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B11FC2EC)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=464.5 GB) - (Type=07 NTFS)

==================== End of log ============================
ihateviruses423
Active Member
 
Posts: 7
Joined: June 2nd, 2015, 3:40 pm

Re: Google Analytics Virus

Unread postby ihateviruses423 » June 4th, 2015, 2:24 pm

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015
Ran by John (administrator) on JOHN-PC on 04-06-2015 14:19:45
Running from C:\Users\John\Downloads
Loaded Profiles: John (Available Profiles: John)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.10.106\SSScheduler.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaUI.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(GameRanger Technologies) C:\Users\John\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\winword.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2270263200-2199008938-408583840-1000\...\Run: [ASRockXTU] => [X]
HKU\S-1-5-21-2270263200-2199008938-408583840-1000\...\Run: [zASRockInstantBoot] => [X]
HKU\S-1-5-21-2270263200-2199008938-408583840-1000\...\Run: [Clownfish] => [X]
HKU\S-1-5-21-2270263200-2199008938-408583840-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28919424 2015-05-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2270263200-2199008938-408583840-1000\...\MountPoints2: D - D:\LaunchBFII.exe
HKU\S-1-5-21-2270263200-2199008938-408583840-1000\...\MountPoints2: {7a9a2a8b-ece0-11e3-85f1-bc5ff4650ae9} - E:\LG_PC_Programs.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-12-30] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\appinit_dll.dll => C:\Windows\system32\appinit_dll.dll [172320 2012-03-12] (Lucidlogix Inc.)
AppInit_DLLs-x32: c:\windows\syswow64\appinit_dll.dll => c:\windows\syswow64\appinit_dll.dll [148256 2012-03-12] (Lucidlogix Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-06-04]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.10.106\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk [2015-06-04]
ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files (x86)\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\flashsec.lnk [2015-06-04]
ShortcutTarget: flashsec.lnk -> C:\Users\John\AppData\Roaming\Flash\updatesec.vbs (No File)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\flashupdate.lnk [2015-06-04]
ShortcutTarget: flashupdate.lnk -> C:\Users\John\AppData\Roaming\Flash\updatesg.vbs (No File)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk [2015-06-04]
ShortcutTarget: GameRanger.lnk -> C:\Users\John\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe (GameRanger Technologies)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

URLSearchHook: HKU\S-1-5-21-2270263200-2199008938-408583840-1000 - SearchHook Class - {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\DeviceVM\SmartView\AddressBarSearch.dll (DeviceVM, Inc.)
SearchScopes: HKU\S-1-5-21-2270263200-2199008938-408583840-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-2270263200-2199008938-408583840-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.yahoo.com/search?fr=chr-g ... =599486&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2270263200-2199008938-408583840-1000 -> {1BE4C22D-9809-424c-A833-59F16348829A} URL = http://www.google.com/custom?client=pub ... 1&hl=en&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2270263200-2199008938-408583840-1000 -> {226587C4-F1BE-4B1F-ACED-0516A65922B8} URL = http://search.conduit.com/Results.aspx? ... 92E3741&q={searchTerms}&SSPV=
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-04-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: SmartView VisualBookmark -> {0E5680D1-BF44-4929-94AF-FD30D784AD1D} -> C:\Program Files (x86)\DeviceVM\SmartView\SmartView.dll [2010-09-02] (DeviceVM, Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.10.106\McAfeeMSS_IE.dll [2014-11-04] (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-03-04] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-10-18] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-18] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.8.4 192.168.1.1
Tcpip\..\Interfaces\{2ADF34BA-DA84-47F8-BC47-419817DD090C}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{AA7F7C0B-259F-409A-AB23-3B9B6325C782}: [NameServer] 8.8.8.8,8.8.8.8

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-09-03] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-2270263200-2199008938-408583840-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\John\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-29] (Unity Technologies ApS)

Chrome:
=======
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-18]
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-18]
CHR Extension: (Dark Skin for Youtube™) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfeknfgchonpnofdjokchhdhdnddhglm [2014-04-18]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-18]
CHR Extension: (McAfee Security Scan+) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-04-18]
CHR Extension: (Adblock Plus) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-18]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-18]
CHR Extension: (PanicButton) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm [2014-07-18]
CHR Extension: (Bookmark Manager) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]
CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-18]
CHR Extension: (Universe) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\oecmlnmneeeeiccpcohlffnipjhngmdk [2014-04-18]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-18]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [448384 2014-12-04] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S4 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [395136 2011-10-19] (cFos Software GmbH)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
S4 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2015-02-09] (Hi-Rez Studios) [File not signed]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
S4 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
S4 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.10.106\McCHSvc.exe [289256 2014-11-04] (McAfee, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-04-30] ()
S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 SmartViewService; C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe [125216 2010-09-02] (DeviceVM, Inc.)
S4 WCUService; C:\Program Files (x86)\DeviceVM\SmartView Software Updater\WCUService.exe [456976 2010-09-02] (DeviceVM, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2015-02-28] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2013-12-27] (FNet Co., Ltd.)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-29] (Visicom Media Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-28] (Visicom Media Inc.)
S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-04-16] ()
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-04 11:54 - 2015-06-04 13:32 - 00057713 _____ C:\Users\John\Downloads\Addition.txt
2015-06-04 11:51 - 2015-06-04 14:20 - 00019697 _____ C:\Users\John\Downloads\FRST.txt
2015-06-04 11:51 - 2015-06-04 14:19 - 00000000 ____D C:\FRST
2015-06-04 11:50 - 2015-06-04 11:52 - 00000000 ____D C:\AdwCleaner
2015-06-04 11:50 - 2015-06-04 11:50 - 02231296 _____ C:\Users\John\Downloads\adwcleaner_4.206.exe
2015-06-04 11:50 - 2015-06-04 11:50 - 02108928 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2015-06-04 11:50 - 2015-06-04 11:50 - 00000207 _____ C:\Windows\tweaking.com-regbackup-JOHN-PC-Windows-7-Professional-(64-bit).dat
2015-06-04 11:49 - 2015-06-04 11:49 - 00000000 ____D C:\RegBackup
2015-06-04 11:48 - 2015-06-04 11:48 - 04720448 _____ C:\Users\John\Downloads\tweaking.com_registry_backup_setup.exe
2015-06-04 11:48 - 2015-06-04 11:48 - 00002235 _____ C:\Users\John\Desktop\Tweaking.com - Registry Backup.lnk
2015-06-04 11:48 - 2015-06-04 11:48 - 00000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-06-04 11:48 - 2015-06-04 11:48 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-06-03 21:15 - 2015-06-03 21:15 - 00000000 ____D C:\Users\John\Documents\Skullgirls
2015-06-03 19:20 - 2015-06-03 19:20 - 00000222 _____ C:\Users\John\Desktop\Skullgirls.url
2015-06-02 19:17 - 2015-06-02 19:20 - 00001089 _____ C:\Windows\system32\Drivers\etc\hosts.txt
2015-06-02 19:11 - 2015-06-02 19:11 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\John\Downloads\tdsskiller (2).exe
2015-06-02 16:41 - 2015-06-02 16:41 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-06-02 16:39 - 2015-06-02 16:39 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\John\Downloads\tdsskiller (1).exe
2015-06-02 15:43 - 2015-06-02 15:43 - 00024469 _____ C:\Users\John\Desktop\dds.txt
2015-06-02 15:43 - 2015-06-02 15:43 - 00005438 _____ C:\Users\John\Desktop\attach.txt
2015-06-02 15:42 - 2015-06-02 15:42 - 00688992 ____R (Swearware) C:\Users\John\Downloads\dds.scr
2015-06-02 15:34 - 2015-06-02 15:34 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\John\Downloads\tdsskiller.exe
2015-06-02 14:43 - 2015-06-02 14:43 - 24949216 _____ C:\Users\John\Downloads\EVEOnlineLauncher_2_1_826897 (1).exe
2015-06-02 14:40 - 2015-06-02 14:40 - 24949216 _____ C:\Users\John\Downloads\EVEOnlineLauncher_2_1_826897.exe
2015-06-02 13:06 - 2015-06-02 13:07 - 00001209 _____ C:\Users\John\Desktop\launcher - Shortcut.lnk
2015-06-02 13:02 - 2015-06-02 13:02 - 22175720 _____ C:\Users\John\Downloads\EVEOnlineLauncher_2_2_884420.exe
2015-05-29 15:39 - 2015-05-29 15:40 - 00682844 _____ C:\Users\John\Downloads\it feels like somebody wants to sell me something.mp4
2015-05-26 15:18 - 2015-05-26 15:18 - 00001496 _____ C:\Users\John\Desktop\exefile - Shortcut.lnk
2015-05-25 11:09 - 2015-05-25 11:09 - 00299282 _____ C:\Users\John\Downloads\Judge Smails Well Were waiting.mp4
2015-05-12 23:17 - 2015-05-01 09:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 23:17 - 2015-05-01 09:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 15:36 - 2015-05-04 21:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 15:36 - 2015-05-04 21:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 15:36 - 2015-04-21 22:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 15:36 - 2015-04-21 21:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-12 15:36 - 2015-04-21 13:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 15:36 - 2015-04-21 13:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-12 15:36 - 2015-04-21 13:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-12 15:36 - 2015-04-21 12:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-12 15:36 - 2015-04-21 12:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 15:36 - 2015-04-21 12:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 15:36 - 2015-04-21 12:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-12 15:36 - 2015-04-21 12:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 15:36 - 2015-04-21 12:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-12 15:36 - 2015-04-21 12:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-12 15:36 - 2015-04-21 12:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-12 15:36 - 2015-04-21 12:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 15:36 - 2015-04-21 12:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 15:36 - 2015-04-21 12:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-12 15:36 - 2015-04-21 12:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-12 15:36 - 2015-04-21 12:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-12 15:36 - 2015-04-21 12:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 15:36 - 2015-04-21 12:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-12 15:36 - 2015-04-21 12:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-12 15:36 - 2015-04-21 12:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-12 15:36 - 2015-04-21 12:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-12 15:36 - 2015-04-21 12:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-12 15:36 - 2015-04-21 12:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-12 15:36 - 2015-04-21 12:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-12 15:36 - 2015-04-21 12:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-12 15:36 - 2015-04-21 12:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-12 15:36 - 2015-04-21 12:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-12 15:36 - 2015-04-21 12:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 15:36 - 2015-04-21 12:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-12 15:36 - 2015-04-21 12:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 15:36 - 2015-04-21 12:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-12 15:36 - 2015-04-21 12:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-12 15:36 - 2015-04-21 12:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-12 15:36 - 2015-04-21 12:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-12 15:36 - 2015-04-21 11:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-12 15:36 - 2015-04-21 11:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-12 15:36 - 2015-04-21 11:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-12 15:36 - 2015-04-21 11:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 15:36 - 2015-04-21 11:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 15:36 - 2015-04-21 11:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-12 15:36 - 2015-04-21 11:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-12 15:36 - 2015-04-21 11:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 15:36 - 2015-04-21 11:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-12 15:36 - 2015-04-21 11:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 15:36 - 2015-04-21 11:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-12 15:36 - 2015-04-21 11:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-12 15:36 - 2015-04-21 11:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-12 15:36 - 2015-04-21 11:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-12 15:36 - 2015-04-21 11:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 15:36 - 2015-04-21 11:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-12 15:36 - 2015-04-21 11:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-12 15:36 - 2015-04-21 11:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-12 15:36 - 2015-04-21 11:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-12 15:36 - 2015-04-21 11:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 15:36 - 2015-04-21 11:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-12 15:36 - 2015-04-21 11:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-12 15:36 - 2015-04-21 10:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-12 15:36 - 2015-04-21 10:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-12 15:36 - 2015-04-17 23:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 15:36 - 2015-04-17 22:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-12 15:36 - 2015-04-03 23:29 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-12 15:36 - 2015-04-03 23:29 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-12 15:36 - 2015-04-03 23:22 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 15:36 - 2015-04-03 23:22 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-12 15:36 - 2015-04-03 23:22 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-12 15:36 - 2015-04-03 23:22 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-12 15:36 - 2015-04-03 23:22 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-12 15:36 - 2015-04-03 23:22 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-12 15:36 - 2015-04-03 23:22 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-12 15:36 - 2015-04-03 23:22 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-12 15:36 - 2015-04-03 23:22 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-12 15:36 - 2015-04-03 23:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-12 15:36 - 2015-04-03 23:20 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-12 15:36 - 2015-04-03 23:20 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-12 15:36 - 2015-04-03 23:17 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-12 15:36 - 2015-04-03 23:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-12 15:36 - 2015-04-03 23:15 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-12 15:36 - 2015-04-03 23:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-12 15:36 - 2015-04-03 23:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-12 15:36 - 2015-04-03 23:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-12 15:36 - 2015-04-03 23:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-12 15:36 - 2015-04-03 23:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-12 15:36 - 2015-04-03 23:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-12 15:36 - 2015-04-03 23:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-12 15:36 - 2015-04-03 23:04 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-12 15:36 - 2015-04-03 23:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-12 15:36 - 2015-04-03 23:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-12 15:36 - 2015-04-03 23:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-12 15:36 - 2015-04-03 22:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-12 15:35 - 2015-04-19 23:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 15:35 - 2015-04-19 23:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 15:35 - 2015-04-19 22:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-12 15:35 - 2015-04-19 22:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 15:35 - 2015-04-12 23:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 15:35 - 2015-04-07 23:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-12 15:35 - 2015-04-07 23:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-12 15:35 - 2015-04-07 23:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-12 15:34 - 2015-02-18 03:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-12 15:34 - 2015-02-18 03:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-08 22:02 - 2015-05-08 22:02 - 00217904 _____ () C:\Users\John\Downloads\ManyCamStandaloneSetup.exe
2015-05-05 17:05 - 2015-06-04 13:19 - 00000000 ____D C:\Users\John\AppData\Roaming\TS3Client
2015-05-05 17:04 - 2015-05-05 17:04 - 00000000 ____D C:\Users\John\AppData\Local\Overwolf
2015-05-05 17:03 - 2015-05-05 17:04 - 30014480 _____ (TeamSpeak Systems GmbH) C:\Users\John\Downloads\TeamSpeak3-Client-win64-3.0.16 (1).exe
2015-05-05 17:01 - 2015-05-05 17:01 - 30014480 _____ (TeamSpeak Systems GmbH) C:\Users\John\Downloads\TeamSpeak3-Client-win64-3.0.16.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-04 14:17 - 2013-12-27 23:43 - 00000000 ____D C:\Users\John\AppData\Roaming\Skype
2015-06-04 13:47 - 2013-12-27 23:45 - 01379895 _____ C:\Windows\WindowsUpdate.log
2015-06-04 13:44 - 2014-04-18 16:54 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-04 13:44 - 2013-12-27 22:03 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-06-04 13:44 - 2013-12-27 21:36 - 00000000 ____D C:\Users\John
2015-06-04 13:43 - 2015-04-15 22:52 - 00000000 ____D C:\Users\DEMON JOHN
2015-06-04 13:43 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-04 13:43 - 2009-07-14 00:51 - 00062384 _____ C:\Windows\setupact.log
2015-06-04 13:43 - 2009-07-14 00:45 - 00012768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-04 13:43 - 2009-07-14 00:45 - 00012768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-04 13:43 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Default
2015-06-04 13:43 - 2009-07-13 22:34 - 55574528 _____ C:\Windows\system32\config\components.old
2015-06-04 13:43 - 2009-07-13 22:34 - 19660800 _____ C:\Windows\system32\config\system.old
2015-06-04 13:43 - 2009-07-13 22:34 - 142082048 _____ C:\Windows\system32\config\software.old
2015-06-04 13:43 - 2009-07-13 22:34 - 04980736 _____ C:\Windows\system32\config\default.old
2015-06-04 13:43 - 2009-07-13 22:34 - 00262144 _____ C:\Windows\system32\config\security.old
2015-06-04 13:43 - 2009-07-13 22:34 - 00262144 _____ C:\Windows\system32\config\sam.old
2015-06-04 13:40 - 2014-11-27 12:05 - 00001404 _____ C:\Users\John\Desktop\Games.lnk
2015-06-04 13:40 - 2013-12-27 23:56 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-04 13:40 - 2013-12-27 22:17 - 00001404 _____ C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Social Games.lnk
2015-06-04 13:22 - 2014-04-12 20:39 - 00000600 _____ C:\lucid.log
2015-06-04 13:19 - 2015-04-16 22:29 - 00000000 ____D C:\Windows\pss
2015-06-04 12:43 - 2013-12-27 23:22 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-04 12:42 - 2014-04-18 16:54 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-03 10:20 - 2013-12-27 22:03 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-06-03 09:52 - 2014-06-11 11:32 - 00000000 ____D C:\ProgramData\Skype
2015-06-03 09:47 - 2013-12-27 22:07 - 00689324 _____ C:\Windows\PFRO.log
2015-06-02 16:27 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Vss
2015-06-02 15:47 - 2014-09-09 18:30 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-02 15:47 - 2014-04-18 22:42 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-02 15:47 - 2014-04-18 22:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-02 15:47 - 2014-04-18 22:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-02 15:27 - 2015-04-20 20:03 - 00000022 _____ C:\Users\John\Downloads\jeveassets-2.10.2.zip
2015-05-28 16:31 - 2014-01-13 16:36 - 00000000 ____D C:\Users\John\AppData\Local\CrashDumps
2015-05-27 15:14 - 2014-06-11 11:32 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-05-25 21:43 - 2014-04-18 16:56 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-19 16:58 - 2014-09-03 19:34 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-05-16 10:37 - 2014-04-18 16:54 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-16 10:37 - 2014-04-18 16:54 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-15 19:18 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-05-13 19:28 - 2009-07-14 01:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-05-13 13:27 - 2009-07-14 00:45 - 00439704 _____ C:\Windows\system32\FNTCACHE.DAT
2015-05-13 13:25 - 2009-07-14 03:47 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-12 23:16 - 2013-12-30 14:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-12 23:16 - 2013-12-30 14:46 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-12 23:16 - 2013-12-30 14:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-07 23:34 - 2015-04-21 23:03 - 00000000 ____D C:\Users\John\AppData\Local\Battle.net
2015-05-07 21:00 - 2015-04-21 23:03 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-05-05 17:05 - 2014-03-08 15:11 - 00001166 _____ C:\Users\John\Desktop\TeamSpeak 3 Client.lnk
2015-05-05 17:05 - 2014-03-08 15:11 - 00000000 ____D C:\Users\John\AppData\Local\TeamSpeak 3 Client

==================== Files in the root of some directories =======

2014-04-12 19:34 - 2014-04-12 19:34 - 2177680 _____ (Microsoft Corporation) C:\Users\John\AppData\Roaming\Flashdefaultpack.exe
2013-12-27 22:09 - 2013-12-27 22:09 - 0000003 _____ () C:\Users\John\AppData\Local\user_data.ini

Some files in TEMP:
====================
C:\Users\John\AppData\Local\Temp\Quarantine.exe
C:\Users\John\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-24 12:50

==================== End of log ============================
ihateviruses423
Active Member
 
Posts: 7
Joined: June 2nd, 2015, 3:40 pm

Re: Google Analytics Virus

Unread postby Gary R » June 4th, 2015, 5:22 pm

It doesn't look as if you have enabled your startups at all, since your log still shows things exactly as they were ...

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: cFosSpeedS => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HiPatchService => 2
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel(R) ME Service => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: ISCTAgent => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: RalinkRegistryWriter => 2
MSCONFIG\Services: RalinkRegistryWriter64 => 2
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SmartViewService => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: WCUService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk => C:\Windows\pss\Ralink Wireless Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^flashsec.lnk => C:\Windows\pss\flashsec.lnk.Startup
MSCONFIG\startupfolder: C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^flashupdate.lnk => C:\Windows\pss\flashupdate.lnk.Startup
MSCONFIG\startupfolder: C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GameRanger.lnk => C:\Windows\pss\GameRanger.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AMD AVT => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Clownfish => "C:\Program Files (x86)\Clownfish\Clownfish.exe"
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SmartViewAgent => "C:\Program Files (x86)\DeviceVM\SmartView\SmartViewAgent.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: THX TruStudio NB Settings => "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
MSCONFIG\startupreg: THXCfg64 => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: VIRTU MVP => C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe /hide
MSCONFIG\startupreg: XFast LAN => C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe
MSCONFIG\startupreg: XFastUSB => "C:\Program Files (x86)\XFastUSB\XFastUsb.exe"


.... so you've either posted me the wrong logs, or you didn't follow my instructions to re-enable all your startup entries.


Please follow the instructions below to re-enable the startups and services that you have disabled ...

  • Click Start and in the search programs and files box type msconfig
  • Click on msconfig.exe at the top of the list of items found.
  • When the System Configuration window opens, click on the Startup tab.
  • Now click on Enable all
  • Now click on the Services tab.
  • Click on Enable all and then click on OK
  • Now reboot your computer, and when prompted, allow the prompt.

Next ...

Run a new scan with FRST, as directed in my last post, and post me the new FRST.txt and Addition.txt

If you have problems with these instructions please let me know.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21863
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Google Analytics Virus

Unread postby Gary R » June 7th, 2015, 9:59 am

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21863
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 63 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware