Please check my computer for sny possible further infection [Archive]

View Full Version : Please check my computer for sny possible further infection

Nnewb

2016-08-07, 07:30

I came from here (https://forums.spybot.info/showthread.php?73697-Morto-fi-detected) so you can read up on the short history and what I did. :D:

Ok so it says to

Please make sure All Users is checked

Where is that on the GUI? Attached is a picture of of program in question.12620

I have another question about it as well, why not to run FRST64.exe in download folder or temp folder as it says here:

Please don't run the Farbar Recovery Scan Tool (FRST.txt) from your "Downloads" folder or from "Temporary Internet Files"

?

I already ran it in my downloads before I got to reading that part of the post....hahaha, I've re-scanned it with exe file on desktop.

Here's the Addition.txt: (Couldn't attach it as it was over file size limit)
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-08-2016
Ran by Manectric (2016-08-07 12:59:34)
Running from C:\Users\Electrike\Desktop
Windows 7 Professional Service Pack 1 (X64) (2016-01-19 02:59:00)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2798084944-1211984927-2140173799-500 - Administrator - Disabled)
Electrike (S-1-5-21-2798084944-1211984927-2140173799-1001 - Limited - Enabled) => C:\Users\Electrike
Guest (S-1-5-21-2798084944-1211984927-2140173799-501 - Limited - Disabled)
Manectric (S-1-5-21-2798084944-1211984927-2140173799-1000 - Administrator - Enabled) => C:\Users\Manectric

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DMark (HKLM-x32\...\Steam App 223850) (Version: - Futuremark)
8BitBoy (HKLM-x32\...\Steam App 296910) (Version: - AwesomeBlade)
Absconding Zatwor (HKLM-x32\...\Steam App 385200) (Version: - Zonitron Productions)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 22 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
AmCap version 9.01 (HKLM-x32\...\{0F45BECF-4C85-4301-A8A4-D2E2AE2A2C08}_is1) (Version: 9.01 - Gigabyte, Inc.)
Auslogics BoostSpeed 7 (HKLM-x32\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: 7.9.0.0 - Auslogics Labs Pty Ltd)
BioShock (HKLM-x32\...\Steam App 7670) (Version: - 2K Boston)
Blaster Shooter GunGuy! (HKLM-x32\...\Steam App 391740) (Version: - Adam DeLease)
Breakout Invaders (HKLM-x32\...\Steam App 366700) (Version: - DreamsSoftGames)
Canon Easy-PhotoPrint EX - Additional Materials DL_AN1 (HKLM-x32\...\Easy-PhotoPrint EX - DL_AN1) (Version: - )
Canon Easy-PhotoPrint EX - Additional Materials DL_AN2 (HKLM-x32\...\Easy-PhotoPrint EX - DL_AN2) (Version: - )
Canon Easy-PhotoPrint EX - Additional Materials DL_AN3 (HKLM-x32\...\Easy-PhotoPrint EX - DL_AN3) (Version: - )
Canon Easy-PhotoPrint EX - Additional Materials DL_AN4 (HKLM-x32\...\Easy-PhotoPrint EX - DL_AN4) (Version: - )
Canon Easy-PhotoPrint EX - Additional Materials DL_AN5 (HKLM-x32\...\Easy-PhotoPrint EX - DL_AN5) (Version: - )
Canon Easy-PhotoPrint EX - Additional Materials DL_FA1 (HKLM-x32\...\Easy-PhotoPrint EX - DL_FA1) (Version: - )
Canon Easy-PhotoPrint EX - Additional Materials DL_FA2 (HKLM-x32\...\Easy-PhotoPrint EX - DL_FA2) (Version: - )
Canon Easy-PhotoPrint EX - Additional Materials DL_FA3 (HKLM-x32\...\Easy-PhotoPrint EX - DL_FA3) (Version: - )
Canon Easy-PhotoPrint EX - Additional Materials DL_FA4 (HKLM-x32\...\Easy-PhotoPrint EX - DL_FA4) (Version: - )
Canon Easy-PhotoPrint EX - Additional Materials DL_FA5 (HKLM-x32\...\Easy-PhotoPrint EX - DL_FA5) (Version: - )
Canon Easy-PhotoPrint EX - Additional Materials DL_ST1 (HKLM-x32\...\Easy-PhotoPrint EX - DL_ST1) (Version: - )
Canon Easy-PhotoPrint EX - Additional Materials DL_ST2 (HKLM-x32\...\Easy-PhotoPrint EX - DL_ST2) (Version: - )
Canon Easy-PhotoPrint EX - Additional Materials DL_ST3 (HKLM-x32\...\Easy-PhotoPrint EX - DL_ST3) (Version: - )
Canon Easy-PhotoPrint EX - Additional Materials DL_ST4 (HKLM-x32\...\Easy-PhotoPrint EX - DL_ST4) (Version: - )
Canon Easy-PhotoPrint EX - Additional Materials DL_ST5 (HKLM-x32\...\Easy-PhotoPrint EX - DL_ST5) (Version: - )
Canon Easy-PhotoPrint EX - Additional Materials DL_ST6 (HKLM-x32\...\Easy-PhotoPrint EX - DL_ST6) (Version: - )
Canon Easy-PhotoPrint EX - Additional Materials DL_ST7 (HKLM-x32\...\Easy-PhotoPrint EX - DL_ST7) (Version: - )
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.1.6 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MG6200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6200_series) (Version: - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version: - Torn Banner Studios)
CONSORTIUM (HKLM-x32\...\Steam App 264240) (Version: - Interdimensional Games Inc)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
CyberLink PowerDVD 15 (HKLM-x32\...\{DE85B8F3-D088-4D6E-A970-EE0BC7883A66}) (Version: 15.0.2205.58 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Edge of Space (HKLM-x32\...\Steam App 238240) (Version: - Handyman Studios)
ELAN Touchpad 11.14.7.1_X64_WHQL (HKLM\...\Elantech) (Version: 11.14.7.1 - ELAN Microelectronic Corp.)
FaeVerse Alchemy (HKLM\...\Steam App 282880) (Version: - Subsoap)
FileZilla Client 3.18.0 (HKLM-x32\...\FileZilla Client) (Version: 3.18.0 - Tim Kosse)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Futuremark SystemInfo (HKLM-x32\...\{70690D9E-3D00-47D6-9CE9-BC3B6F900447}) (Version: 4.41.563.0 - Futuremark)
Game Dev Tycoon version 1.5.24 (HKLM-x32\...\{5BBB8682-1335-410F-A79F-8E5611A54BD0}_is1) (Version: 1.5.24 - Greenheart Games Pty. Ltd.)
GIGABYTE Smart USB Backup 2.0.20141014 (HKLM-x32\...\GIGABYTE Smart USB Backup) (Version: 2.0.20141014 - GIGABYTE TECHNOLOGY CO.,LTD.)
Hell Yeah! (HKLM-x32\...\Steam App 205230) (Version: - Arkedo)
Hyperdimension Neptunia Re;Birth1 (HKLM-x32\...\Steam App 282900) (Version: - Idea Factory, Inc.)
Hyperdimension Neptunia Re;Birth2 Sisters Generation (HKLM-x32\...\Steam App 351710) (Version: - Compile Heart)
Intel(R) Chipset Device Software (x32 Version: 10.0.22 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.2.1000 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.5.0.1056 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.34 - Intel Corporation)
Intel(R) Wireless Bluetooth(R)(patch version 17.0.1427.2) (HKLM\...\{302600C1-6BDF-4FD1-1406-148929CC1385}) (Version: 17.1.1406.0472 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{7991b5ae-96d7-4df2-97fb-a605b7cb638b}) (Version: 17.12.0 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
Jet Set Radio (HKLM-x32\...\Steam App 205950) (Version: - Blit Software)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{F575F386-57EF-4943-B003-A13F13B05EEB}) (Version: 16.0.1.445 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 16.0.1.445 - Kaspersky Lab) Hidden
Killing Floor (HKLM-x32\...\Steam App 1250) (Version: - Tripwire Interactive)
Killing Floor 2 (HKLM-x32\...\Steam App 232090) (Version: - Tripwire Interactive)
Killing Floor SDK (HKLM\...\Steam App 1260) (Version: - Tripwire Interactive)
Kingdom Wars (HKLM\...\Steam App 227180) (Version: - Reverie World Studios, INC)
LanOptimizer (HKLM-x32\...\{B416A23D-C2BD-4956-8BAE-5C3BAFF1AC1E}) (Version: 1.00.0000 - Realtek)
Left 4 Dead (HKLM-x32\...\Steam App 500) (Version: - Valve)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
LIMBO (HKLM\...\Steam App 48000) (Version: - Playdead)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MediaInfo 0.7.78 (HKLM\...\MediaInfo) (Version: 0.7.78 - MediaArea.net)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 45.2.0 ESR (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.2.0 ESR (x86 en-US)) (Version: 45.2.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.2.0.5996 - Mozilla)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA Graphics Driver 344.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.42 - NVIDIA Corporation)
Omikron - The Nomad Soul (HKLM-x32\...\Steam App 243000) (Version: - Quantic Dream)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Opera Stable 39.0.2256.48 (HKLM-x32\...\Opera 39.0.2256.48) (Version: 39.0.2256.48 - Opera Software)
ORION: Prelude (HKLM-x32\...\Steam App 104900) (Version: - Spiral Game Studios)
Razer Naga (HKLM-x32\...\{ED4108A9-60FD-4F18-AF42-122219977773}) (Version: 3.03.01 - Razer USA Ltd.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21239 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.82.317.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7348 - Realtek Semiconductor Corp.)
Renegade Ops (HKLM-x32\...\Steam App 99300) (Version: - Avalanche Studios)
Revo Uninstaller Pro 3.1.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.6 - VS Revo Group, Ltd.)
Sandboxie 5.12 (64-bit) (HKLM\...\Sandboxie) (Version: 5.12 - Sandboxie Holdings, LLC)
Savage: The Battle For Newerth (Version: 1.0RC3) (HKLM-x32\...\{ABDEBB00-96E9-47A2-94CC-BB0CCC4630DE}_is1) (Version: - Newerth.com)
SEGA Genesis & Mega Drive Classics (HKLM-x32\...\Steam App 34270) (Version: - Sega)
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Smart Manager V3 Ver 4.4.3 (HKLM\...\Smart Manager V3) (Version: Ver 4.4.3 - GIGABYTE)
Smart Update v2.3.5 (HKLM-x32\...\Smart Update) (Version: v2.3.5 - GIGABYTE TECHNOLOGY CO.,LTD.)
Sniper Elite: Nazi Zombie Army 2 (HKLM-x32\...\Steam App 247910) (Version: - )
Soulbringer (HKLM-x32\...\Steam App 283310) (Version: - Infogames Europe SA)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
Star Wars - Battlefront II (HKLM-x32\...\Steam App 6060) (Version: - Pandemic Studios)
Starbound - Unstable (HKLM\...\Steam App 367540) (Version: - )
Starbound (HKLM-x32\...\Steam App 211820) (Version: - )
State of Decay (HKLM-x32\...\Steam App 241540) (Version: - Undead Labs)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Street Racing Syndicate (HKLM-x32\...\Steam App 292410) (Version: - Eutechnyx)
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version: - Team Meat)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1212 - SUPERAntiSpyware.com)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
The Ship (HKLM-x32\...\Steam App 2400) (Version: - Outerlight Ltd.)
UE3Redist (HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}) (Version: 1.00.0000 - Epic Games)
UE3Redist (x32 Version: 1.00.0000 - Epic Games) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Viking: Battle for Asgard (HKLM-x32\...\Steam App 211160) (Version: - Creative Assembly, PC Port - Hardlight)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.6.2015.18 - Ruiware)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Electrike\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Electrike\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001_Classes\CLSID\{869C14C8-1830-491F-B575-5F9AB40D2B42}\InprocServer32 -> C:\Program Files\MediaInfo\MediaInfo_InfoTip.dll (MediaArea.net)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0F31E738-83EC-40CD-A7C2-F7CEF30EC5D6} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {281FAFD2-11AC-46FE-B3D7-74FFC96FCB60} - System32\Tasks\RtlLanOptimizerVistaStart => C:\Program Files (x86)\Realtek\LanOptimizer\LanOptimizer.exe [2013-01-18] (Realtek Semiconductor)
Task: {34744266-050D-465A-AEDC-071063F1F8C6} - System32\Tasks\Opera scheduled Autoupdate 1453433047 => C:\Program Files (x86)\Opera\launcher.exe [2016-08-03] (Opera Software)
Task: {88C14B97-48EB-43EE-9F66-AA4268FA32FE} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {D2443CEE-28E7-4E8E-B014-09D96E0D998C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-09] (Piriform Ltd)
Task: {E1B701B4-8889-46F5-A1E8-6226A5212985} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-08-06] (Adobe Systems Incorporated)
Task: {EAAE9075-97CB-4D2F-9372-8DD858214FBB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {FFE4DF80-8C39-4568-8C64-A70E97751AF6} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe [2016-08-03] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\RtlLanOptimizerVistaStart.job => C:\Program Files (x86)\Realtek\LanOptimizer\LanOptimizer.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-10-29 15:01 - 2014-10-29 15:01 - 00014336 _____ () C:\Program Files\GIGABYTE\SmartManagerV3\ElevateService.exe
2014-10-22 14:26 - 2014-10-13 23:13 - 00011920 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-10-22 14:26 - 2014-10-13 19:59 - 00115912 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-10-29 15:06 - 2014-10-29 15:06 - 00434688 _____ () C:\Program Files\GIGABYTE\SmartManagerV3\OSD\Skin\OSD_Skin.dll
2014-10-29 15:01 - 2014-10-29 15:01 - 00064000 _____ () C:\Program Files\GIGABYTE\SmartManagerV3\PCIeCtl.dll
2014-10-29 15:01 - 2014-10-29 15:01 - 00209408 _____ () C:\Program Files\GIGABYTE\SmartManagerV3\GetDispDevs.dll
2014-10-29 15:06 - 2014-10-29 15:06 - 04300800 _____ () C:\Program Files\GIGABYTE\SmartManagerV3\Skin\Main_Skin.dll
2015-12-22 02:47 - 2015-12-22 02:47 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\kpcengine.2.3.dll
2014-10-22 14:26 - 2014-10-13 23:13 - 00012104 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-04-30 07:23 - 2014-04-30 07:23 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-01-15 06:37 - 2016-08-03 06:08 - 00785920 _____ () E:\Steam\SDL2.dll
2016-01-15 06:37 - 2016-08-03 06:10 - 04962816 _____ () E:\Steam\v8.dll
2016-01-15 06:37 - 2016-08-03 06:09 - 01556992 _____ () E:\Steam\icui18n.dll
2016-01-15 06:37 - 2016-08-03 06:09 - 01187840 _____ () E:\Steam\icuuc.dll
2016-01-15 06:37 - 2016-08-03 08:00 - 02320160 _____ () E:\Steam\video.dll
2016-01-15 06:37 - 2016-02-09 07:14 - 02549760 _____ () E:\Steam\libavcodec-56.dll
2016-01-15 06:37 - 2016-02-09 07:14 - 00442880 _____ () E:\Steam\libavutil-54.dll
2016-01-15 06:37 - 2016-02-09 07:14 - 00491008 _____ () E:\Steam\libavformat-56.dll
2016-01-15 06:37 - 2016-02-09 07:14 - 00332800 _____ () E:\Steam\libavresample-2.dll
2016-01-15 06:37 - 2016-02-09 07:14 - 00485888 _____ () E:\Steam\libswscale-3.dll
2016-01-15 06:31 - 2016-08-03 07:59 - 00831776 _____ () E:\Steam\bin\chromehtml.DLL
2016-03-10 10:38 - 2016-07-07 06:00 - 00266560 _____ () E:\Steam\openvr_api.dll
2016-01-15 06:31 - 2016-06-15 03:14 - 49826080 _____ () E:\Steam\bin\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\92888469.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\92888469.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7908 more sites.

IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\1-2005-search.com -> www.1-2005-search.com

There are 12725 more sites.

IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\1-2005-search.com -> www.1-2005-search.com

There are 12685 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:34 - 2016-07-07 15:52 - 00453407 ___RA C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 cap.cyberlink.com
127.0.0.1 activation.cyberlink.com127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 15551 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Manectric\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Electrike\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{ED44402E-6B9E-4DB1-B967-E19AA4AE59D5}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{0A43CEC0-D11C-4630-A413-B6E8C04EBC33}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{066D6F27-71F5-4E62-A6E1-7CBE8CC659B8}] => (Allow) LPort=2869
FirewallRules: [{DB872E6F-011D-4F33-9FAC-0FDC2FF78F8E}] => (Allow) LPort=1900
FirewallRules: [{975A9371-4FC5-4492-A0FA-31983D49C1F5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{46B1C078-AFED-45D5-926D-B400B0762AEA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{8AA98205-C1F8-4F48-929E-28A6F5C66746}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{218FBBB7-0A07-424B-9DBA-25DEE324042F}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{2CEB3727-6E0E-474B-BEDB-55CD6FA31863}] => (Allow) E:\Steam\bin\steamwebhelper.exe
FirewallRules: [{0E988A6F-1597-434D-8FDF-ACCAC6D3BABA}] => (Allow) E:\Steam\bin\steamwebhelper.exe
FirewallRules: [{BA275EC0-0E29-4CB2-851E-0DF94DD3B256}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD.exe
FirewallRules: [{D7B7FE81-F7C1-4CC2-9A5D-3BFBC4F8B092}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\Kernel\DMS\CLMSServerPDVD15.exe
FirewallRules: [{158CD4F6-032B-4273-826C-217282EBB367}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe
FirewallRules: [{1923CDDD-D237-42FD-8C23-BC5FB283A78E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\Movie\PowerDVDMovie.exe
FirewallRules: [{AE2A9A89-B88B-4683-B869-8B2EF65AD275}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{23E604FA-4DDA-45B1-9908-9EBFB959E3DF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1B14BB29-0D4F-4A8C-8ABC-6888D216BD83}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{42E4617A-5FCA-4251-8EFB-91382308D1CF}] => (Allow) E:\Steam\steamapps\common\3DMark\3DMarkLauncher.exe
FirewallRules: [{5915F504-940F-4CF9-8851-E2D9D34CCF8B}] => (Allow) E:\Steam\steamapps\common\3DMark\3DMarkLauncher.exe
FirewallRules: [{977B611B-A28C-4028-B3BC-1039ED8857E6}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{6E11EF2F-6830-49D3-BD5C-667A4C9A40F6}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{19406A0C-DDD7-46E7-A82F-38E6F9627D2A}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win64\CDW.exe
FirewallRules: [{2513EA08-BD87-41FE-A41B-2C727C0E0AA2}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win64\CDW.exe
FirewallRules: [{31FED2C9-495D-4342-8B10-7966E278394C}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{61BC3A19-BF39-4DD6-A1A6-0D58AEE19178}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{106113F8-9421-4270-820D-CC76EEA2A2B3}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win32\CDW.exe
FirewallRules: [{DBF93726-DD05-4DD9-BC9F-9948951E75B1}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win32\CDW.exe
FirewallRules: [{D0CE9C82-7250-46DC-94CF-0CA3B4E0A5AC}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{B70D3706-95ED-49E3-AF67-CBE783281915}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{B7138CFE-00E4-4F1A-B081-EAF371CC90C5}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{2DC418BB-D092-44D7-B9D5-2AAF21966D87}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{080F40DB-3587-4EB6-818C-FE2225702188}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{441B589F-AC8B-4E86-9F8A-536B5BB1D1BB}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{1AC40D78-85FC-44D5-97B1-05DE752CE4AB}] => (Allow) E:\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{16E5442B-B244-434D-89BC-122C4DC23666}] => (Allow) E:\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{0659532C-2FC0-41DE-A1FE-F884355EFCA2}] => (Allow) E:\Steam\steamapps\common\Edge of Space\Launcher.exe
FirewallRules: [{E7546CF8-5893-4099-B834-70CE3F0A815D}] => (Allow) E:\Steam\steamapps\common\Edge of Space\Launcher.exe
FirewallRules: [{827ABB98-CC0A-4987-990F-859B67A93BE4}] => (Allow) E:\Steam\steamapps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{6F18E829-CE8B-4EFC-96F4-B0EE1D357AB4}] => (Allow) E:\Steam\steamapps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{0E8AC9E3-CCC1-4B56-A403-CAF7318C1872}] => (Allow) E:\Steam\steamapps\common\left 4 dead\left4dead.exe
FirewallRules: [{0B8EAF10-34D3-4982-97C4-7B8909D7ABA1}] => (Allow) E:\Steam\steamapps\common\left 4 dead\left4dead.exe
FirewallRules: [{4B4DA01D-819F-4EFF-A0FD-2C0BE6406682}] => (Allow) E:\Steam\steamapps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
FirewallRules: [{54884BF2-8338-451F-B9E7-46AB96619750}] => (Allow) E:\Steam\steamapps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
FirewallRules: [{E61D0B2A-5D79-4977-AF7D-2F0B7106C268}] => (Allow) E:\Steam\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{3DCB6A24-1389-4942-92D5-3843075404E4}] => (Allow) E:\Steam\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{DBA18D9C-8ACA-49E2-AAC4-3562035A8C57}] => (Allow) E:\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{BBEFBE26-BED3-48B4-B121-E489A3ADF5B1}] => (Allow) E:\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{33926AC4-D51F-4479-8FC0-6A47B2055EEF}] => (Allow) E:\Steam\steamapps\common\Neptunia Rebirth1\NeptuniaReBirth1.exe
FirewallRules: [{1C996CF8-6816-406F-B0E0-7F5346B9A085}] => (Allow) E:\Steam\steamapps\common\Neptunia Rebirth1\NeptuniaReBirth1.exe
FirewallRules: [{8EB3D9BC-0F02-45D3-9DAB-C24D00AB72C1}] => (Allow) E:\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{11A7FAF0-73F9-4D6F-BE83-AE1B847685DE}] => (Allow) E:\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{9BD875E2-2851-4332-AE83-1C609C0F596E}] => (Allow) E:\Steam\steamapps\common\The Ship\ship.exe
FirewallRules: [{B64A9B7C-6C69-4C35-B792-9697435EB025}] => (Allow) E:\Steam\steamapps\common\The Ship\ship.exe
FirewallRules: [{C7B05986-D0C4-4108-BF55-AA0DB2F9B964}] => (Allow) E:\Steam\steamapps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe
FirewallRules: [{86B27BFA-B00C-4819-AC2E-2698A8D1D867}] => (Allow) E:\Steam\steamapps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe
FirewallRules: [{0CB72F27-4441-44FA-9C5A-5441E38EE959}] => (Allow) E:\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{1D8F9B21-75A4-4095-925D-37EF588122EC}] => (Allow) E:\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{D1FBB2F4-3AEB-4A10-B314-1997BF169FD9}] => (Allow) E:\Steam\steamapps\common\Sniper Elite Nazi Zombie Army 2\bin\NZA2.exe
FirewallRules: [{746B90D7-A441-49B8-9D00-634C77BA026A}] => (Allow) E:\Steam\steamapps\common\Sniper Elite Nazi Zombie Army 2\bin\NZA2.exe
FirewallRules: [{DBE2503B-EFAA-4652-A651-B03A21CBF6F6}] => (Allow) E:\Steam\steamapps\common\Neptunia Rebirth2\NeptuniaReBirth2.exe
FirewallRules: [{2DF07BBF-0773-4A95-9F7F-1E5853B86F17}] => (Allow) E:\Steam\steamapps\common\Neptunia Rebirth2\NeptuniaReBirth2.exe
FirewallRules: [{3A9F16C0-CD27-4147-9FB4-5A1298898CE0}] => (Allow) E:\Steam\steamapps\common\Absconding Zatwor\AbscondingZatwor.exe
FirewallRules: [{071E8CC3-0D48-4F22-9580-C472D454D7C9}] => (Allow) E:\Steam\steamapps\common\Absconding Zatwor\AbscondingZatwor.exe
FirewallRules: [{53DFE6F9-4512-43A8-9878-0A28C814363E}] => (Allow) E:\Steam\steamapps\common\8BitBoy\8bitboy.exe
FirewallRules: [{79D7B79F-14C8-41B4-AF2B-E5A83CD0A94E}] => (Allow) E:\Steam\steamapps\common\8BitBoy\8bitboy.exe
FirewallRules: [{BE1625A0-5C22-4012-B36E-CBEB9D1D0B44}] => (Allow) E:\Steam\steamapps\common\Soulbringer\Soulbringer.exe
FirewallRules: [{732E4072-52AD-437F-832B-8788A54BC722}] => (Allow) E:\Steam\steamapps\common\Soulbringer\Soulbringer.exe
FirewallRules: [{B8112D4F-B895-48FD-A761-07233224E301}] => (Allow) E:\Steam\steamapps\common\Soulbringer\SBLang.exe
FirewallRules: [{7B73DB18-60C1-48C2-8BC7-EDB9EA198B1A}] => (Allow) E:\Steam\steamapps\common\Soulbringer\SBLang.exe
FirewallRules: [{DBB54C42-A404-4750-9EA6-CE7EC5EBF23F}] => (Allow) E:\Steam\steamapps\common\Omikron\Runtime.exe
FirewallRules: [{4394EE80-8ACE-407E-952B-CC4B6719971F}] => (Allow) E:\Steam\steamapps\common\Omikron\Runtime.exe
FirewallRules: [{FEB10303-05F6-449E-A3CF-ACCB9CCA8B02}] => (Allow) E:\Steam\steamapps\common\Blaster Shooter GunGuy!\BlasterShooterGunGuy.exe
FirewallRules: [{1EF7DA4A-1823-4F8D-9155-BEA31FD22B5E}] => (Allow) E:\Steam\steamapps\common\Blaster Shooter GunGuy!\BlasterShooterGunGuy.exe
FirewallRules: [{ACA46DCF-C461-4ED4-BED5-2C3C4850A8F3}] => (Allow) E:\Steam\steamapps\common\State of Decay\StateOfDecay.exe
FirewallRules: [{273E2CC8-617A-48CB-9CCF-B94AA9D96ECD}] => (Allow) E:\Steam\steamapps\common\State of Decay\StateOfDecay.exe
FirewallRules: [{172E3FBA-DEE4-43F4-8A2D-B9B8D68CACA0}] => (Allow) E:\Steam\steamapps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{E94AD05B-C733-4A92-B5A2-BD09EB05A410}] => (Allow) E:\Steam\steamapps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{00AC840B-80A1-4336-88EE-248DC558DC8E}] => (Allow) E:\Steam\steamapps\common\Street Racing Syndicate\Bin\SRS.EXE
FirewallRules: [{B21938C0-9E93-436B-AFD1-BE72C9E048AF}] => (Allow) E:\Steam\steamapps\common\Street Racing Syndicate\Bin\SRS.EXE
FirewallRules: [{0604D7D5-CE4B-40F0-8844-36D0181A3D33}] => (Allow) E:\Steam\steamapps\common\Hell Yeah\HELLYEAH.exe
FirewallRules: [{B257BEA4-3A33-4DDE-A96D-9442D2C7C6A8}] => (Allow) E:\Steam\steamapps\common\Hell Yeah\HELLYEAH.exe
FirewallRules: [{D5FD205B-7422-4B63-9C42-2C284F7A5357}] => (Allow) E:\Steam\steamapps\common\Jet Set Radio\jsrsetup.exe
FirewallRules: [{2CB6CF4F-6F0E-4F3A-B7BA-0878C855956C}] => (Allow) E:\Steam\steamapps\common\Jet Set Radio\jsrsetup.exe
FirewallRules: [{AF18B0FD-32DD-40CD-9EF0-A41F3EBD6195}] => (Allow) E:\Steam\steamapps\common\Sega Classics\SEGAGenesisClassics.exe
FirewallRules: [{6B2D4BD6-6BE2-4027-97BB-CABBCD2940F0}] => (Allow) E:\Steam\steamapps\common\Sega Classics\SEGAGenesisClassics.exe
FirewallRules: [{E378E1DC-8AEA-4A0D-AC1D-1222A117A1C6}] => (Allow) E:\Steam\steamapps\common\Renegade Ops\RenegadeOps.exe
FirewallRules: [{81BCE8BE-6B13-4ADF-A0CD-0C5ACCEF2E15}] => (Allow) E:\Steam\steamapps\common\Renegade Ops\RenegadeOps.exe
FirewallRules: [{0101F286-11E3-44C1-B549-C2065BD8AAE6}] => (Allow) E:\Steam\steamapps\common\Viking Battle for Asgard\viking.exe
FirewallRules: [{5E4891E6-CA93-4429-B4F7-B2B650E4D791}] => (Allow) E:\Steam\steamapps\common\Viking Battle for Asgard\viking.exe
FirewallRules: [{37DBD26C-BB32-49F8-9A7D-167AE3B772CA}] => (Allow) E:\Steam\steamapps\common\Viking Battle for Asgard\ConfigTool.exe
FirewallRules: [{4C1DAB79-D364-4727-A421-F26F7AF3442B}] => (Allow) E:\Steam\steamapps\common\Viking Battle for Asgard\ConfigTool.exe
FirewallRules: [{DF112BDD-C962-4B16-9F8F-FF4A26DDCCE9}] => (Allow) E:\Steam\steamapps\common\Breakout Invaders\Breakout Invaders.exe
FirewallRules: [{DA48FB98-14F8-49EF-8ED7-6940578C2D5D}] => (Allow) E:\Steam\steamapps\common\Breakout Invaders\Breakout Invaders.exe
FirewallRules: [{CCF81E90-D5FA-4A26-8642-90A9613C7AD8}] => (Allow) E:\Steam\steamapps\common\Dawn of Fantasy\Dof.exe
FirewallRules: [{F145CB47-1CA1-40B7-9699-5EFBA332DE3C}] => (Allow) E:\Steam\steamapps\common\Dawn of Fantasy\Dof.exe
FirewallRules: [{44CF666E-77CD-4F57-A70C-E9F1C612782D}] => (Allow) E:\Steam\steamapps\common\Dawn of Fantasy\dof_options.exe
FirewallRules: [{52A5BE11-5E01-4B08-B08B-852ED99BD5C0}] => (Allow) E:\Steam\steamapps\common\Dawn of Fantasy\dof_options.exe
FirewallRules: [{6419C5BC-EF54-466F-994F-CEC4BA1FA469}] => (Allow) E:\Steam\steamapps\common\Dawn of Fantasy\Editor.exe
FirewallRules: [{F9E29DF7-450C-41C3-BC16-5136E441DF43}] => (Allow) E:\Steam\steamapps\common\Dawn of Fantasy\Editor.exe
FirewallRules: [{A2F07D3A-76E2-4EAF-B45C-A52BC59EE74E}] => (Allow) E:\Steam\steamapps\common\Sega Classics\SEGAGameRoom.exe
FirewallRules: [{F8EC441D-3F40-4788-A95F-21BF6ED19202}] => (Allow) E:\Steam\steamapps\common\Sega Classics\SEGAGameRoom.exe
FirewallRules: [{E3DAC1B9-43BF-4EB8-94FC-48EEB9AC8F9F}] => (Allow) E:\Steam\steamapps\common\FaeVerseAlchemy\FaeVerseAlchemy.exe
FirewallRules: [{439F11BE-2C0F-4ACD-9C6D-3598C7352FBB}] => (Allow) E:\Steam\steamapps\common\FaeVerseAlchemy\FaeVerseAlchemy.exe
FirewallRules: [{17E95339-3EF6-4626-9A5D-EB3522338690}] => (Allow) E:\Steam\steamapps\common\KillingFloor\System\KFEd.exe
FirewallRules: [{B7A6306D-3CD2-4D06-94F9-58BAB76BD903}] => (Allow) E:\Steam\steamapps\common\KillingFloor\System\KFEd.exe
FirewallRules: [{53B34361-08C1-428A-A1B6-CCF0D371D5B9}] => (Allow) E:\Steam\steamapps\common\Limbo\limbo.exe
FirewallRules: [{F263328F-E5C4-478C-B00B-080E494827EB}] => (Allow) E:\Steam\steamapps\common\Limbo\limbo.exe
FirewallRules: [{873B68C9-BB41-43E3-A241-3F0B51AF28D1}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{53B56E07-3523-4C42-9C68-2B075C2E0A4A}] => (Allow) E:\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe
FirewallRules: [{949ECB15-C111-47AD-9B56-EB7CF5F04070}] => (Allow) E:\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe
FirewallRules: [{D71B24E8-A218-49A1-9C40-5B3F74EC8755}] => (Allow) E:\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe
FirewallRules: [{E0026D43-5EFA-44A5-B3D1-0A038B1FB885}] => (Allow) E:\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe
FirewallRules: [{7095CF9D-D5D4-4787-AD5F-0C05D92F4C75}] => (Allow) E:\Steam\steamapps\common\Starbound\win32\mod_uploader.exe
FirewallRules: [{62CEF1C9-E199-443D-8B32-0B16DE0A7869}] => (Allow) E:\Steam\steamapps\common\Starbound\win32\mod_uploader.exe
FirewallRules: [{BBE098F3-917B-40CC-8B4C-9232B9CAF868}] => (Allow) E:\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{6A219DDF-FA22-40B0-BCDA-02972DFDB946}] => (Allow) E:\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{F46EED8E-922E-4129-981A-A5BCFAEBA239}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win32\mod_uploader.exe
FirewallRules: [{5E3C4E03-8EBA-45A2-AA19-343991C46DB3}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win32\mod_uploader.exe
FirewallRules: [{E31810B6-E548-42A2-9556-FF063CE58EEE}] => (Allow) E:\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{324C0FC5-F91F-4F4C-9322-58E7A4FE1E57}] => (Allow) E:\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{E88CA193-08F8-44F9-AAC7-0D1A5E0EFA7A}] => (Allow) E:\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{3D8A4B1F-ADC2-46F3-A493-530D3910871B}] => (Allow) E:\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{511B82B9-0A56-4D98-ABBB-362CBC278DE1}] => (Allow) E:\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{162A06FA-0FC2-4ADF-84D1-6730D6CF7E42}] => (Allow) E:\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{89521BB0-DF55-46CF-9E62-C41CA967AD29}] => (Allow) E:\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{7322A81B-A789-4BFA-A332-9F8203F4A46B}] => (Allow) E:\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{F066C9B0-764E-43CD-8CA6-1DF4F261ED18}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win64\starbound.exe
FirewallRules: [{EAE6118B-AB2E-4477-A927-15B50748608B}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win64\starbound.exe
FirewallRules: [{719A00C5-AE92-4F00-A83A-ED29E6DBCD90}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win64\starbound_server.exe
FirewallRules: [{D2A77B95-EE45-49E5-85F2-9D0927111C25}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win64\starbound_server.exe
FirewallRules: [{6707124E-3B27-45CA-B2B0-873B942957F5}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win64\mod_uploader.exe
FirewallRules: [{BE081998-A33C-4B93-AD8B-6AD6D3668860}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win64\mod_uploader.exe
FirewallRules: [{AC96E2B3-3FB2-423C-91BA-B4335C6626BB}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win32\starbound.exe
FirewallRules: [{8D1D9C45-AE7F-4813-8962-56FBCC94A1FA}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win32\starbound.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name: Microsoft Virtual WiFi Miniport Adapter #7
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Virtual WiFi Miniport Adapter #8
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (08/07/2016 09:00:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/06/2016 09:22:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/05/2016 08:10:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/04/2016 09:37:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/03/2016 05:53:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/02/2016 08:10:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/01/2016 08:19:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/31/2016 11:28:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2016 10:05:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/29/2016 11:36:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (08/07/2016 09:04:19 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Intel Corporation driver update for Intel(R) HD Graphics 4600.

Error: (08/07/2016 09:01:43 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/07/2016 09:01:31 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error:
%%2 = The system cannot find the file specified.

Error: (08/07/2016 09:00:44 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (08/06/2016 09:57:41 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Intel Corporation driver update for Intel(R) HD Graphics 4600.

Error: (08/06/2016 08:02:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service Installer Wrapper TrueKey service terminated unexpectedly. It has done this 1 time(s).

Error: (08/06/2016 09:25:37 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Intel Corporation driver update for Intel(R) HD Graphics 4600.

Error: (08/06/2016 09:22:51 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error:
%%2 = The system cannot find the file specified.

Error: (08/06/2016 09:22:22 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/06/2016 09:22:03 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

CodeIntegrity:
===================================
Date: 2016-01-22 13:37:14.199
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-01-22 13:37:14.198
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-01-22 13:37:14.196
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-01-22 13:37:14.194
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-01-22 13:37:14.193
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-01-22 13:37:14.192
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 31%
Total physical RAM: 16302.39 MB
Available physical RAM: 11180.13 MB
Total Virtual: 16300.58 MB
Available Virtual: 10663.01 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:103.99 GB) (Free:52.38 GB) NTFS
Drive e: (Game Drive) (Fixed) (Total:1863.01 GB) (Free:1499.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: E71727C5)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: AEFDE666)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=260 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=104 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

And my FRST.txt: 12621

Here's my aswMBR.txt: 12622

Hm, I seem to be getting an error trying to backup the registry with that program, here's the screenshot: 12623

And I think that's it that you're after...I will disable TeaTimer when someone replies with a fix....

Nnewb

2016-08-07, 07:39

Oops, just realized that typo on thread title, it should read: Please check my computer for any possible further infection.

Juliet

2016-08-07, 14:55

I did not find anything alarming within these logs.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

start
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]
SearchScopes: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000 -> DefaultScope {B0C9ACC6-6B01-470F-B98A-DCC12B58795A} URL =
SearchScopes: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001 -> DefaultScope {B0C9ACC6-6B01-470F-B98A-DCC12B58795A} URL =
SearchScopes: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001 -> {B0C9ACC6-6B01-470F-B98A-DCC12B58795A} URL =
EmptyTemp:
End

Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~~~~~~~~

Your may need to temporarily disable your antivirus to run the below tools.

http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and save the file to your Desktop.
Right-click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click http://i.imgur.com/A49sxPr.png Scan.
Upon completion, click http://i.imgur.com/6cyn5v5.png Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate.
Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
Click http://i.imgur.com/MqHawIb.png Clean.
Follow the prompts and allow your computer to reboot.
After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt.

======================================================

Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/)
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

****
please post
Fixlog.txt
AdwCleaner[C1].txt
JRT.txt

Nnewb

2016-08-08, 06:15

Juliet

2016-08-08, 11:52

Let's update Malwarebytes Anti-Malware and run a scan

Open Malwarebytes

On the Dashboard click on Update Now

Go to the Setting Tab

Under Setting go to Detection and Protection

Under PUP and PUM make sure both are set to show Treat Detections as Malware

Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked

Then on the Dashboard click on Scan

Make sure to select THREAT SCAN

Then click on Scan

Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
Upon completion of the scan (or after the reboot), click the History tab.
Click Application Logs, followed by the first Scan Log.
Click Export, followed by Copy to Clipboard. Paste the log in your next reply.

******

What we can do now is run an online scan with Eset, a good trusted scanner, reliable and thorough.
The settings I suggest will also show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.

Ensure your external and/or USB drives are inserted during the scan.

Please disable your Antivirus as shown in the following topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs (http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/)

Close all opened programs, open your browser and go to the following link: ESET Online Scanner (http://www.eset.com/us/online-scanner/).
Click on the SCAN NOW button under ESET Online Scanner.

Depending on which browser you are using, you might be prompted to download an executable file.
Please save it to your desktop.
Right-click on esetonlinescanner_enu.exe and select Run as administrator.
If you agree to the Terms of use, select Accept to continue.

Please check the following option:

Enable detection of potentially unsafe applications
Enable detection of suspicious applications
Scan archives
Enable Anti-Stealth technology

Select Advanced settings and ensure that the following options are checked:

Enable detection of potentially unsafe applications
Enable detection of suspicious applications
Scan archives
Enable Anti-Stealth technology

Make sure that the following option is NOT checked: => Very important!

Clean threats automatically

Click Scan and the process will now begin. Please do not use your computer while the scan is running.
Once the scan is completed, click Copy to clipboard.
Open the Start menu and type notepad.exe in the search programs and files box.
Press Enter. A blank Notepad page should open, paste the contents inside the window.
Save the file as ESETScan.txt.
Please copy/paste the contents of ESETScan.txt in your next reply.
You can now safely close the program.
Do not forget to re-activate your Antivirus at this point.

Nnewb

2016-08-08, 15:12

Let's update Malwarebytes Anti-Malware and run a scan

Open Malwarebytes

On the Dashboard click on Update Now

Go to the Setting Tab

Under Setting go to Detection and Protection

Under PUP and PUM make sure both are set to show Treat Detections as Malware

Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked

Then on the Dashboard click on Scan

Make sure to select THREAT SCAN

Then click on Scan

Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
Upon completion of the scan (or after the reboot), click the History tab.
Click Application Logs, followed by the first Scan Log.
Click Export, followed by Copy to Clipboard. Paste the log in your next reply.

Here you go:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/08/2016
Scan Time: 6:10 PM
Logfile:
Administrator: No

Version: 2.2.1.1043
Malware Database: v2016.08.08.03
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Electrike

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 245062
Time Elapsed: 2 min, 53 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

******

What we can do now is run an online scan with Eset, a good trusted scanner, reliable and thorough.
The settings I suggest will also show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.

Ensure your external and/or USB drives are inserted during the scan.

Please disable your Antivirus as shown in the following topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs (http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/)

Close all opened programs, open your browser and go to the following link: ESET Online Scanner (http://www.eset.com/us/online-scanner/).
Click on the SCAN NOW button under ESET Online Scanner.

Depending on which browser you are using, you might be prompted to download an executable file.
Please save it to your desktop.
Right-click on esetonlinescanner_enu.exe and select Run as administrator.
If you agree to the Terms of use, select Accept to continue.

Please check the following option:

Enable detection of potentially unsafe applications
Enable detection of suspicious applications
Scan archives
Enable Anti-Stealth technology

Select Advanced settings and ensure that the following options are checked:

Enable detection of potentially unsafe applications
Enable detection of suspicious applications
Scan archives
Enable Anti-Stealth technology

Make sure that the following option is NOT checked: => Very important!

Clean threats automatically

Click Scan and the process will now begin. Please do not use your computer while the scan is running.
Once the scan is completed, click Copy to clipboard.
Open the Start menu and type notepad.exe in the search programs and files box.
Press Enter. A blank Notepad page should open, paste the contents inside the window.
Save the file as ESETScan.txt.
Please copy/paste the contents of ESETScan.txt in your next reply.
You can now safely close the program.
Do not forget to re-activate your Antivirus at this point.

Crashed whilst scanning drive E:\....and 2nd time the GUI just turns white and freezes........at least I took a screenshot or two on 2nd run to show where it was at before it fails. 12628

Juliet

2016-08-08, 22:00

While it was scanning C drive can you recall if it had said it had found anything.?

let's try the same scan but in a different way

Also, please tell me how the computer is at the moment.

Please download Emsisoft Emergency Kit (http://dl.emsisoft.com/EmsisoftEmergencyKit.exe) and save it to your desktop.
Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop.

Leave all settings as they are and click the Extract button at the bottom.
A folder named EEK will be created in the root of the drive (usually c:\).

After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates.
Please click Yes so that it downloads the latest database updates.
When the update process is complete, a new button will appear in the lower-left corner that says Back. Click on this button to return to the Overview screen.
Click on Scan to be taken to the scan options.
If you are asked if you want the scanner to scan for Potentially Unwanted Programs, then click Yes.
Click on the Malware Scan button to start the scan.
when finished, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.[/font]
Please save the log in Notepad on your desktop, and copy it to your next reply.
When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Nnewb

2016-08-09, 02:57

While it was scanning C drive can you recall if it had said it had found anything.?Ah yes it did, those four items it found were on the C:\ drive, nothing wa

let's try the same scan but in a different way

Also, please tell me how the computer is at the moment.It appears to be fine, though right before I started the ESET scan for the first time, most of my toolbar icons on the taskbar disappeared.....I'm guessing JRT did that or perhaps it was just a coincident that they all crashed. The only thing that didn't disappear was KIS 2016, Bluetooth, power, action center and the network icons; but I had to pause the protection like you said so ESET can do its scan without any hassle from it.

Please download Emsisoft Emergency Kit (http://dl.emsisoft.com/EmsisoftEmergencyKit.exe) and save it to your desktop.
Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop.

Leave all settings as they are and click the Extract button at the bottom.
A folder named EEK will be created in the root of the drive (usually c:\).

After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates.
Please click Yes so that it downloads the latest database updates.
When the update process is complete, a new button will appear in the lower-left corner that says Back. Click on this button to return to the Overview screen.
Click on Scan to be taken to the scan options.
If you are asked if you want the scanner to scan for Potentially Unwanted Programs, then click Yes.
Click on the Malware Scan button to start the scan.
when finished, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.[/font]
Please save the log in Notepad on your desktop, and copy it to your next reply.
When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Emsisoft Emergency Kit - Version 11.0
Last update: 9/08/2016 8:32:39 AM
User account: Raikou\Manectric

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 9/08/2016 8:33:25 AM
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\TASKMGR.EXE -> DEBUGGER detected: SecHijack (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\TASKMGR.EXE -> DEBUGGER detected: SecHijack (A)

Scanned 72731
Found 2

Scan end: 9/08/2016 8:33:47 AM
Scan time: 0:00:22

Nnewb

2016-08-09, 02:59

Ah yes it did, those four items it found were on the C:\ drive, nothing wa

ooops, looks like I didn't finish that sentence off: . . . was found on drive E:\ before it crashed/froze

Juliet

2016-08-09, 12:38

I think we're doing pretty good here, how's the computer now?

For the icons

Tweaking.com - Windows Repair All-In-One (Portable)

- Download Windows Repair All-In-One (Portable Version) from here (http://www.tweaking.com/content/page/windows_repair_all_in_one.html).

- Extract tweaking.com_windows_repair_aio.zip to your Desktop.

- Disable all your antivirus and antimalware software - see how to do that here (http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/).
- Right click on https://i.imgur.com/QfBzvq1.png and select Run as Administrator (XP users just double click) to start Windows Repair All-In-One.
(Windows Vista/7/8 users: Accept UAC warning if it is enabled.)

- A window will appear. Click Step 2.
http://i.imgur.com/2f8o60N.png

- Click the Open Pre-Scan button, then click Start Scan. Wait for Windows Repair to finish scanning.

- Depending on which error Windows Repair found, click Repair Reparse Point or Repair Environment Variable accordingly. When the button changes to "Done!", click the close button to return to Windows Repair.

- Go to Step 3, then click Check in the See If Check Disk Is Needed.

- If Windows Repair stated that errors are found, click Open Check Disk At Next Boot. Choose (/R) Fixes errors on the disk also locate bad sectors and recovers readable information, then click Add To Next Boot. Reboot the computer to let Windows check the disk.
http://i.imgur.com/Ymy7crZ.png

- Go to Step 4, then click Do It.
http://i.imgur.com/zDtdN75.png

- Go to Step 5. Under System Restore click Create.
http://i.imgur.com/f7lEe1N.png

- Go to Repairs and click Open Repairs. Leave all checkmarks as they are, then click Start Repairs.
http://i.imgur.com/PGv2vtD.png

Nnewb

2016-08-09, 15:43

I think we're doing pretty good here, how's the computer now?It's fine thanks. ☺ Though still would like to know what those four threats ESET found on the C drive........

For the icons

Yeah after I shutdown the lappy down for the day and booted it up the next morning, the icons returned so I guess it was a one off thing...weird.... So I suppose I don't need to do all this....

Nnewb

2016-08-09, 15:48

Oh yeah forgot to add this, did you want me to quarantine or delete the "SecHijack (A)" that was found after EMSISOFT finished the scan....? Um, I guess I'll just quarantine it for now.

Juliet

2016-08-09, 23:08

Oh yeah forgot to add this, did you want me to quarantine or delete the "SecHijack (A)" that was found after EMSISOFT finished the scan....? Um, I guess I'll just quarantine it for now.

Probably not necessary.

the IFEO key is used to force a program to run under a debugger regardless of how it is launched. Security scanners cannot distinguish between "good" and "malicious" use of powerful programs such as GMP, therefore they may alert you or even automatically remove them. That does not mean it's malware.
because some infections use that to prevent you from running certain programs (such as anti-virus software)

Looks like we can remove tools and quarantine folders now?

Nnewb

2016-08-10, 02:01

Probably not necessary.

the IFEO key is used to force a program to run under a debugger regardless of how it is launched. Security scanners cannot distinguish between "good" and "malicious" use of powerful programs such as GMP, therefore they may alert you or even automatically remove them. That does not mean it's malware.
because some infections use that to prevent you from running certain programs (such as anti-virus software)Oh well I noticed when I did that, Process Explorer no longer shows when I open Task Manager, but the default windows one. Well I fixed that by making Process Explorer the default Task Manager again. ☺

Looks like we can remove tools and quarantine folders now?

Yep, tell me which to remove an which to quarantine.

Juliet

2016-08-10, 11:27

DelFix

Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Click the Run button.
-- This will remove the specialized tools we used to disinfect your system.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

************************************

Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP

AdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://i.imgur.com/6YRrgUC.png Malwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://i.imgur.com/jv4nhMJ.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://i.imgur.com/DgW1XL2.png Secunia PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://i.imgur.com/j1OLIec.png SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://i.imgur.com/sHjS79L.png Unchecky (http://unchecky.com/) automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs.
http://i.imgur.com/JEP5iWI.png Web of Trust (https://www.mywot.com/) (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

Want to help others? Join the ClassRoom (http://forums.whatthetech.com/What_the_Tech_Classroom_t80368.html) and learn how.

Nnewb

2016-08-11, 11:32

DelFix

Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Click the Run button.
-- This will remove the specialized tools we used to disinfect your system.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

Virustotal (https://www.virustotal.com/en/file/8a22c1ebd3acbfd7ba443a950d1a7903c27eb63fe0722585cbab2d56d2ad2d9c/analysis/1470900766/) says it found a trojan? I'm guessing these are false positives? Well I've let those three companies know and hopefully add it to their whitelist if they deem it trojan free.

I can't just uninstall the programs myself without using DelFix? I do have Revo Uninstaller Pro which is a much respected complete uninstaller for anything that's installed....

************************************

Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP

AdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://i.imgur.com/6YRrgUC.png Malwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://i.imgur.com/jv4nhMJ.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://i.imgur.com/DgW1XL2.png Secunia PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://i.imgur.com/j1OLIec.png SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://i.imgur.com/sHjS79L.png Unchecky (http://unchecky.com/) automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs.
http://i.imgur.com/JEP5iWI.png Web of Trust (https://www.mywot.com/) (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

Want to help others? Join the ClassRoom (http://forums.whatthetech.com/What_the_Tech_Classroom_t80368.html) and learn how.

I thought the programs I already have can protect against ransomeware...? So apparently I need CryptoPrevent for the ransomeware part because none of the security software I have installed can detect and delete these kinds of malware? I once had KIS 2016 detect a Crypto infection whilst none of the other programs(Malwarebytes, SUPERAntiSpyware and Spybot) could detect and remove.

I used to have Anti-Exploit running, but gave up on that idea because I didn't want to bloat my system with unnecessary security programs....

Already got Malwarebytes, NoScript, Sandboxie, Spywareblaster and WOT. Unchecky sounds like an unecessary program to have, so does adblock because Noscript pretty much does that too and more.... As for Secunia PSI, KIS 2016 has a vulnerability scan integrated with its security suite, so yeah...

As for the rest of the links, hmmm interesting reads.....

Juliet

2016-08-11, 12:52

Virustotal says it found a trojan? I'm guessing these are false positives? Well I've let those three companies know and hopefully add it to their whitelist if they deem it trojan free.

I can't just uninstall the programs myself without using DelFix? I do have Revo Uninstaller Pro which is a much respected complete uninstaller for anything that's installed....
Found a trojan where?

You can uninstall the programs yourself without using DelFix.

Nnewb

2016-08-11, 15:39

Juliet

2016-08-11, 22:00

http://users.telenet.be/bluepatchy/miekiemoes/Links.html#Online%20Scanners

^ Needs to be updated, ESET isn't on there as an online scanner Or maybe it doesn't do full system scans and is just a quickie?
Online Armor is no longer viable because Tall Emu got bought out and then Emisoft or whoever it is(Emsisoft that's the one, I just googled Online Armor), took over and then dumped it altogether. Shame really, I liked the HIPS feature of it; at the time of it's life, I was about to grab a lifetime license for it, but forgot about it and then later find that it got bought out and then eventually dumped altogether)
Yeah no there's lots of stuff to update that page on whoever owns the page because it's outdated.... Also some of the links you provided linked me to other page(s) which links to other info which are no either dead or nonexistent, which is shame because I was gonna follow up on some of those stuff....
Here: https://www.virustotal.com/en/file/8a22c1ebd3acbfd7ba443a950d1a7903c27eb63fe0722585cbab2d56d2ad2d9c/analysis/1470900766/ I hyperlinked it with the word virustotal, I guess you must have overlooked it. Here's a screenshot of it:
12629
Also you never told me why I can't(or shouldn't according to the quote) run said programs in the downloads folder or the temp folder.....is it because it's easier to keep track? If not please explain, because usually I just put them in an empty folder which in my eyes is easier to keep track....and my downloads folder is usually empty.......
And the other one about the All Users check here(which doesn't exist):12634 which needs to be fixed up because it's still there....I'm guessing it used to be there from previous versions of the program?
I'll try to get in contact with the web owner to update that page.

~~
Virus total has done this to the tool before and I can assure you it's a false positive.
I've run it on my own machine and I can confirm this.

~~~~
Running tools from a temp folder can run into trouble, we most often direct the tool(s) through specialized scripts to empty temp folders thus anything needed for backup or some other function would be lost.
Now, running from a specialized folder can be used but, in most users they don't always know how or understand to do this or would be lost trying to run or locate FRST to that designated folder.
~~~
All Users check did at one time have a button on the innerface of the tool but since has been updated with the most current version.
There are those who downloaded and used FRST in the past that still have the tool on their computers and would see this. But, not recommended to not uninstall/delete the tool when cleaned.

Nnewb

2016-08-13, 13:04

I'll try to get in contact with the web owner to update that page.

~~
Virus total has done this to the tool before and I can assure you it's a false positive.
I've run it on my own machine and I can confirm this.

~~~~
Running tools from a temp folder can run into trouble, we most often direct the tool(s) through specialized scripts to empty temp folders thus anything needed for backup or some other function would be lost.
Now, running from a specialized folder can be used but, in most users they don't always know how or understand to do this or would be lost trying to run or locate FRST to that designated folder.
~~~Ah ok.

All Users check did at one time have a button on the innerface of the tool but since has been updated with the most current version.
There are those who downloaded and used FRST in the past that still have the tool on their computers and would see this. But, not recommended to not uninstall/delete the tool when cleaned.

Well perhaps make a note on it stating on later release, you may not see the All Users checkbox, in which case you can ignore it...?

So I've been following along and reading these various articles you've linked me to. One of which was (when I eventually got) was speeding up Firefox, it says to look for this entry: browser.tabs.showSingleWindowModePrefs but such entry doesn't exist or no longer exist, so how does one follow this guide (http://netforbeginners.about.com/od/understandyourbrowser/ht/firefoxhack.htm) if it doesn't exist? The other two entries: network.http.pipelining and network.http.pipelining.maxrequests exist so I am able to change those values.

Ok, so I've started to make use of group policy settings(from reading the linked articles of course), how does this look? Check the attachment for the screenshot.12635 Anything needs to change or add to it so I am more proactively protected from virus and malware? I notice VSSAdmin.exe is optional which doesn't really do much if you're not making use of system restore or any of that kind of stuff, like me as it's completely disabled to save space as I'm only on a 128GB SSD. All virus and malware can do to it is make it remove all restoration points, but since I don't have any and it's disabled, it's effectively mute....hahahaha

I do make use of 'principle of least privilege'(unfortunately this doesn't really work well with windows XP as some legitimate programs/games throw a fit if you're not an admin so I guess I'll stay as admin but at least enforce the same group policy settings I have for my lappy?) so I only get access to stuff I usually want to access and no more so if a virus/malware does somehow get a hold of my account, I'm only on a limited account so all it can do is what all I can do, unless I accidentally give it admin privileges from a legitimate looking executable file....such as said game trainer......I'm still a bit confused as it shouldn't really need admin access to alter a game's memory.....speaking of which, hows the analyses going? Or are you guys completely different to the person on the other end of detections @ spybot.info that I submitted the zipped file to?

So in on of the posts, it says: 12636 I have Auslogics Boostspeed(and AVG PC Tuneup 2012 another program I've used in the past), and this program falls under that right, since it apparently also has a memory manager/optimizer/registry cleaner of sorts with it? So they are just a gimmick then? So I shouldn't really bother with these stuff and just be fine with only Ccleaner and a program to defrag HDDs and that's it for any cleaning and optimization? I remember reading something that it says it will just push those programs from memory into pagefile system, but if you don't have that(mine's disabled)....where does the memory allocation go to?

The other tools from Boostspeeds are convenient at times, such as Disk Defrag, Startup Manager, Tweak Manager, Locked Files Manager, Uninstall Manager(used to use this but Revo replaces this as it's superior), and Internet Optimizer. So what about registry defrag, is that another unneeded optimization?

I would have thought an optimization program like BoostSpeed is just a more comprehensive version of Ccleaner takes off where Ccleaner leaves as it would appear that BoostSpeeds picks up some more stuff that Ccleaner is wasn't able to pick up.

My usual routine I used to follow but don't anymore or not as much now (coz I'm lazy! :P) was this:

>Scan computer for virus/malware
>Clean with Ccleaner
>Further clean and optimize with BoostSpeed/PC TuneUp (which ever is installed)
> Backup/move files/folders now that you they are virus/malware free
>Profit

Hm, I have a question about using online scanners like that ESET one you wanted me to do; some people have suggested it's best ot be 100% offline and *then* scan for possible viruses and malware. So by having your computer connected and letting the online scanner do it's job, wouldn't any virus/malware that are active could very well have started to do some damage or phone home and then do some damage in some way whilst you're scanning? Is that a risk that the user has to take...? For example, say I get infected with Cryptolocker or something of this caliber, and I am still connected so ESET can do it's scan, so CryptoLocker goes around, encrypting all my files and then gets to the scanner and screws it up somehow, by forcing it to crash or just fail and then afterwards, it finishes off the computers whilst I am being confused as to what has happened, besides knowing ESET online scanner failed to scan the entire computer.

Another question, should I use MVPS' HOSTS (http://winhelp2002.mvps.org/hosts.txt) file or just keep using my own? Do take note that Spyware Blaster, Spybot Search and Destory and possibly other programs I have and myself included may have added additional entries to my own HOSTS file.

And lastly but not lease: Is my computer now confirmed to be virus/malware free?

Juliet

2016-08-13, 14:33

Ah ok.

Well perhaps make a note on it stating on later release, you may not see the All Users checkbox, in which case you can ignore it...?

So I've been following along and reading these various articles you've linked me to. One of which was (when I eventually got) was speeding up Firefox, it says to look for this entry: browser.tabs.showSingleWindowModePrefs but such entry doesn't exist or no longer exist, so how does one follow this guide (http://netforbeginners.about.com/od/understandyourbrowser/ht/firefoxhack.htm) if it doesn't exist? The other two entries: network.http.pipelining and network.http.pipelining.maxrequests exist so I am able to change those values.
My guess is that it is related to an older version of Firefox. If something should be working and it's not related to Firefox would have to go to the Firefox forums to ask those questions
https://support.mozilla.org/en-US/kb/get-community-support

Ok, so I've started to make use of group policy settings(from reading the linked articles of course), how does this look? Check the attachment for the screenshot.12635 Anything needs to change or add to it so I am more proactively protected from virus and malware? I notice VSSAdmin.exe is optional which doesn't really do much if you're not making use of system restore or any of that kind of stuff, like me as it's completely disabled to save space as I'm only on a 128GB SSD. All virus and malware can do to it is make it remove all restoration points, but since I don't have any and it's disabled, it's effectively mute....hahahaha
screen shots didn't work. I would keep system restore enabled in case an event happened and you needed to restore to an earlier date. I know that after a while the older ones will be deleted allowing newer ones to be created.
I leave group policies where they are, can be difficult to change later. At least your educating yourself on the inner workings of an operating system.

I do make use of 'principle of least privilege'(unfortunately this doesn't really work well with windows XP as some legitimate programs/games throw a fit if you're not an admin so I guess I'll stay as admin but at least enforce the same group policy settings I have for my lappy?) so I only get access to stuff I usually want to access and no more so if a virus/malware does somehow get a hold of my account, I'm only on a limited account so all it can do is what all I can do, unless I accidentally give it admin privileges from a legitimate looking executable file....such as said game trainer......I'm still a bit confused as it shouldn't really need admin access to alter a game's memory.....speaking of which, hows the analyses going? Or are you guys completely different to the person on the other end of detections @ spybot.info that I submitted the zipped file to?
I'm on the end of malware removal, I do know there are many people sending in samples daily so it might take a while to see and analyze files submitted and added to definitions.

So in on of the posts, it says: 12636 I have Auslogics Boostspeed(and AVG PC Tuneup 2012 another program I've used in the past), and this program falls under that right, since it apparently also has a memory manager/optimizer/registry cleaner of sorts with it? So they are just a gimmick then? So I shouldn't really bother with these stuff and just be fine with only Ccleaner and a program to defrag HDDs and that's it for any cleaning and optimization? I remember reading something that it says it will just push those programs from memory into pagefile system, but if you don't have that(mine's disabled)....where does the memory allocation go to?

The other tools from Boostspeeds are convenient at times, such as Disk Defrag, Startup Manager, Tweak Manager, Locked Files Manager, Uninstall Manager(used to use this but Revo replaces this as it's superior), and Internet Optimizer. So what about registry defrag, is that another unneeded optimization?

I would have thought an optimization program like BoostSpeed is just a more comprehensive version of Ccleaner takes off where Ccleaner leaves as it would appear that BoostSpeeds picks up some more stuff that Ccleaner is wasn't able to pick up.

My usual routine I used to follow but don't anymore or not as much now (coz I'm lazy! :P) was this:

>Scan computer for virus/malware
>Clean with Ccleaner
>Further clean and optimize with BoostSpeed/PC TuneUp (which ever is installed)
> Backup/move files/folders now that you they are virus/malware free
>Profit
Tools that go after cleaning the registry should actually be left alone. No registry cleaner is completely safe since most do not even create a backup the potential is ever present to cause more problems than they claim to fix.
If you do not have knowledge of the registry, then you would probably be better off leaving it alone, and definitely not placing blind trust in a program to do the job for you. Ones that take care of more simpler jobs are acceptable, defrag or boost speed by disabling startups can be used so that later you can change these items if needed.

Hm, I have a question about using online scanners like that ESET one you wanted me to do; some people have suggested it's best ot be 100% offline and *then* scan for possible viruses and malware. So by having your computer connected and letting the online scanner do it's job, wouldn't any virus/malware that are active could very well have started to do some damage or phone home and then do some damage in some way whilst you're scanning? Is that a risk that the user has to take...? For example, say I get infected with Cryptolocker or something of this caliber, and I am still connected so ESET can do it's scan, so CryptoLocker goes around, encrypting all my files and then gets to the scanner and screws it up somehow, by forcing it to crash or just fail and then afterwards, it finishes off the computers whilst I am being confused as to what has happened, besides knowing ESET online scanner failed to scan the entire computer.

Another question, should I use MVPS' HOSTS (http://winhelp2002.mvps.org/hosts.txt) file or just keep using my own? Do take note that Spyware Blaster, Spybot Search and Destory and possibly other programs I have and myself included may have added additional entries to my own HOSTS file.

And lastly but not lease: Is my computer now confirmed to be virus/malware free?
I would keep the host files setup from SpyBot since it's updated more frequently.

If malware is running, or calling home, it does it with all tools running to catch the malicious files to be cleaned. Sometimes by going into safemode a virus isn't working because of how few windows files run at that time and is a good time to try and run removal tools to take advantage of this.
By the time we ask for an online scan, it's our hope we're going after remnants. Being connected to the internet makes no difference unless it was malware designed to make connections impossible.

The design of the Crypto (variants) run regardless connected to the internet or not, even run hidden for a very short time by design then deletes it's own executable file. What it does behind the scenes isn't caught till the damage done.

I think your computer is clean and your good to go.

Nnewb

2016-08-13, 17:12

My guess is that it is related to an older version of Firefox. If something should be working and it's not related to Firefox would have to go to the Firefox forums to ask those questions
https://support.mozilla.org/en-US/kb/get-community-supportOh alright, I'll go chase after them then.

screen shots didn't work. I would keep system restore enabled in case an event happened and you needed to restore to an earlier date. I know that after a while the older ones will be deleted allowing newer ones to be created.
I leave group policies where they are, can be difficult to change later. At least your educating yourself on the inner workings of an operating system.Yes, they didn't work for me as well, said it was an invalid attachment, I'll upload it again here: 12638 Oh hang I see what's going on, I had this reply window open for so long, because I was reading the other articles so I could make one big post rather than post this and then later post again with more bits and pieces. It said I was logged out but I Control + C it before just in case. So I clicked the back button and then clicked reply to thread and then pasted the text and then clicked submit. The attachments must have deleted itself since it wasn't used within an hour.

I've noticed that this also disables cmd(apparently command prompt is executed from the %appdata% directory? Since because when I allow it through there, it opens no problem, but when I disallow it , it says it's blocked, however it's executing the cmd.exe from the system32 directory?) the so I can't pull that up for testing things(for example, with this: http://www.howtogeek.com/howto/28609/how-can-i-tell-what-is-listening-on-a-tcpip-port-in-windows/)....even adding C:\Windows\system32\cmd.exe and have it unrestricted still gives me an error saying it's disabled by group policy. Process Explorer no longer works either, says the 64-bit can't be executed. I've moved the folder from the desktop to C:\Program Files (x86)\ProcessExplorer\ and even added a line to it for unrestricted access and still gives me the same error(the folder only contains the 32-bit version, but upon executing the 32-bit one, the 64-bit file appears....). I've also notice even the default Windows Task Manager no longer opens unless I change the security level for %userprofile% from Disallowed to Unrestricted. I've tested it with it on and added the line: C:\Windows\system32\taskmgr.exe but still doesn't open.... What am I doing wrong? hahaha Here's what it currently looks like: 12639 The files in the Downloads folder of the profile executes fine so I must have got that rule correct, but what about these??

I'm on the end of malware removal, I do know there are many people sending in samples daily so it might take a while to see and analyze files submitted and added to definitions. Would I get a reply email back or I don't get anything back at all and I have to keep prodding them until I get some updates of the analyses? Hahaha

Tools that go after cleaning the registry should actually be left alone. No registry cleaner is completely safe since most do not even create a backup the potential is ever present to cause more problems than they claim to fix.
If you do not have knowledge of the registry, then you would probably be better off leaving it alone, and definitely not placing blind trust in a program to do the job for you. Ones that take care of more simpler jobs are acceptable, defrag or boost speed by disabling startups can be used so that later you can change these items if needed. Actually, Auslogics BoostSpeed's Registry Cleaner does have a backup option as you can see here in this screenshot: 12640 So what about Registry Defrag, is that a good idea or not a good idea for this program to do it for me? I've done since I've known about, which was a few years ago and nothing bad has happened yet from placing my faith in BoostSpeeds' and PC Tune Up's Registry cleaners and defragers....maybe I got lucky or they are doing a decent job of it and you're just being cynical....?:laugh:

I would keep the host files setup from SpyBot since it's updated more frequently.Ah ok, will do.

If malware is running, or calling home, it does it with all tools running to catch the malicious files to be cleaned. Sometimes by going into safemode a virus isn't working because of how few windows files run at that time and is a good time to try and run removal tools to take advantage of this.
By the time we ask for an online scan, it's our hope we're going after remnants. Being connected to the internet makes no difference unless it was malware designed to make connections impossible....so I should try the ESET online scanner again but in Safe Mode with networking(so I can get internet because this is an online scanner unless this scanner can be ran offline?)...? It did find 4 items before it crashed/froze, which I'm now curious about.....hahahaha

The design of the Crypto (variants) run regardless connected to the internet or not, even run hidden for a very short time by design then deletes it's own executable file. What it does behind the scenes isn't caught till the damage done.Mmmmm.....but wouldn't it need to phone home to get some more instructions or possibly grab the payload?

Are Crypto variants the only ones that deletes it's own infected file or can other malware/virus types have the ability to delete itself? Do majority of virus/malware delete themselves or do they leave the original infected file as is on the victim's computer? I would guess so, because they wouldn't be that dumb as to leave the original source of infection available in view.....with that said, that game trainer I downloaded, deleting itself at random, whenever I'm not watching......could it be infected but none of the scanners I or you use picked it up? Or could it possibly be an outside interference, maybe I got RAT'd(If I got the abbreviation right) and someone has complete control over my computer now but does so very discretely so I do not know and has deleted the trainer file whilst I'm not looking....?

I don't know...I'm starting to not like this file....randomly and mysteriously deleting itself, I think I won't add this to my backup drive(in case it does something to that in which all my backups are screwed! hahaha), despite every scanner I've used, including virustotal.com comes clean..... XP

Well I suppose if a crypto was running on a really ancient computer(such as a P4 or P3, or even P2 for that matter, computer), it could be caught as you would know that the computer is running slower than usual.......

I think your computer is clean and your good to go.

Cool:bigthumb:

Juliet

2016-08-14, 14:34

I'm going to try and answers these questions one by one with the information I have.

My Group Policy settings ==> I think, these policies have been set in place by your computers Kaspersky Internet Security software

I think it's focus is to stop an .exe from running in APP data folder due to techniques used by malware.

~~~

I'm on the end of malware removal, I do know there are many people sending in samples daily so it might take a while to see and analyze files submitted and added to definitions.
Would I get a reply email back or I don't get anything back at all and I have to keep prodding them until I get some updates of the analyses? Hahaha
They do not answer back.

Actually, Auslogics BoostSpeed's Registry Cleaner does have a backup option as you can see here in this screenshot: backup boostspeed registry cleaner.png So what about Registry Defrag, is that a good idea or not a good idea for this program to do it for me? I've done since I've known about, which was a few years ago and nothing bad has happened yet from placing my faith in BoostSpeeds' and PC Tune Up's Registry cleaners and defragers....maybe I got lucky or they are doing a decent job of it and you're just being cynical.
I am being informative. If your being lucky then good but many haven't. Maybe their tools are becoming better at what they proclaim to do, but one little mistake can cause one little catastrophe. I really can't give information on registry cleaners or defraggers other then what I have previously posted since I don't use them....you want to continue doing so, your option.

so I should try the ESET online scanner again but in Safe Mode with networking(so I can get internet because this is an online scanner unless this scanner can be ran offline?)...? It did find 4 items before it crashed/froze, which I'm now curious about
certainly

The design of the Crypto (variants) run regardless connected to the internet or not, even run hidden for a very short time by design then deletes it's own executable file. What it does behind the scenes isn't caught till the damage done.
Mmmmm.....but wouldn't it need to phone home to get some more instructions or possibly grab the payload?
No.

Are Crypto variants the only ones that deletes it's own infected file or can other malware/virus types have the ability to delete itself? Do majority of virus/malware delete themselves or do they leave the original infected file as is on the victim's computer? I would guess so, because they wouldn't be that dumb as to leave the original source of infection available in view.....with that said, that game trainer I downloaded, deleting itself at random, whenever I'm not watching......could it be infected but none of the scanners I or you use picked it up? Or could it possibly be an outside interference, maybe I got RAT'd(If I got the abbreviation right) and someone has complete control over my computer now but does so very discretely so I do not know and has deleted the trainer file whilst I'm not looking....?
As to how many or confined to a specific infection on deleting itself, will have to remain unanswered, no idea if that info is available.
We do find malicious running .exe's, .sys's and .dll's that can be considered left behind and depending who/what created it originally would I think depends on their level of knowledge.

I have no idea about the game trainer why it deletes itself. Does that game have a forum for help topics?
Locate the .exe and run it through Virus total.....
IF, someone had control over your computer other then yourself, you'd know it.

One last thing we can try is run a tool to check for errors that might point to items not working as they should

This repair may take some hours !!!

Tweaking.com - Windows Repair All-In-One (Portable)

- Download Windows Repair All-In-One (Portable Version) from here (http://www.tweaking.com/content/page/windows_repair_all_in_one.html).

- Extract tweaking.com_windows_repair_aio.zip to your Desktop.

- Disable all your antivirus and antimalware software - see how to do that here (http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/).
- Right click on https://i.imgur.com/QfBzvq1.png and select Run as Administrator (XP users just double click) to start Windows Repair All-In-One.
(Windows Vista/7/8 users: Accept UAC warning if it is enabled.)

- A window will appear. Click Step 2.
http://i.imgur.com/2f8o60N.png

- Click the Open Pre-Scan button, then click Start Scan. Wait for Windows Repair to finish scanning.

- Depending on which error Windows Repair found, click Repair Reparse Point or Repair Environment Variable accordingly. When the button changes to "Done!", click the close button to return to Windows Repair.

- Go to Step 3, then click Check in the See If Check Disk Is Needed.

- If Windows Repair stated that errors are found, click Open Check Disk At Next Boot. Choose (/R) Fixes errors on the disk also locate bad sectors and recovers readable information, then click Add To Next Boot. Reboot the computer to let Windows check the disk.
http://i.imgur.com/Ymy7crZ.png

- Go to Step 4, then click Do It.
http://i.imgur.com/zDtdN75.png

- Go to Step 5. Under System Restore click Create.
http://i.imgur.com/f7lEe1N.png

- Go to Repairs and click Open Repairs. Leave all checkmarks as they are, then click Start Repairs.
http://i.imgur.com/PGv2vtD.png

- By default Windows Repair All-In-One will create a "Logs" folder in its folder on the Desktop.

Try the above and check for improvements.

Nnewb

2016-08-17, 07:47

Sorry, I've been busy and haven't gotten around to do this yet, well I have now.

I'm going to try and answers these questions one by one with the information I have.

My Group Policy settings ==> I think, these policies have been set in place by your computers Kaspersky Internet Security software

I think it's focus is to stop an .exe from running in APP data folder due to techniques used by malware.No no, Kaspersky didnt make this, I did, before this - Group Policy wasn't even enabled. Just wanted to see what you think about it is all and to get task manager and cmd working for whilst having all that locked down. ☺

~~~

They do not answer back.Then how do I know it's done, besides waiting for god knows how long until it I re-scan it and it either picks up or doesn't which then further makes me wonder if they even analyzed it at all or not....

certainlyYep I'll give this a run after I post this message.

I have no idea about the game trainer why it deletes itself. Does that game have a forum for help topics?
Locate the .exe and run it through Virus total.....There is no forum topic about it, it's just hosted on some download page, here's some more info:

MD5: 0bd2a9acf46e2a17976d43f55d6f9506
SHA256: e7568c8406fc965ff30834e56dac95bf41eebcbe627afd60f8c8559389d312bd
http://www.gamepatchplanet.com/game/download/ds.php?p=OIL.RUSH.V1.0.AND.V1.01.PLUS.2.TRAINER.BY.Burmass.rar&t=YTo0OntzOjQ6InRpbWUiO2k6MTQ2Nzc5MjkxMTtzOjQ6Imhhc2giO3M6NDA6ImQ5M2YwNzFjMmFkNjIxYjk2YmRmOTU4MDYzMWUzMzNlM2UzNmEwMTkiO3M6NjoiY3Rva2VuIjtzOjMyOiJhZTYzNGYwYmUwZmEwMTExMTU3OGE3MWM2OTQzNzk4MSI7czo2OiJzdG9rZW4iO3M6MzI6IjgyOGJjZTc1M2JjMGQ1OWE5NDgyYzMyYWRlNDFjMTkzIjt9
password: gamepatchplanet

http://www.gamepatchplanet.com/game/oil_rush
Oil Rush v1.0 & v1.01 +2 Trainer
| File Size: 403 KB | File Format: .rar | Language Version: n/a | Author: Burmass | Download

Info
Trainer options:
- Infinite Oil
- Infinite Skill Points

Virustotal scan(I've re-scanned today): https://www.virustotal.com/en/file/e7568c8406fc965ff30834e56dac95bf41eebcbe627afd60f8c8559389d312bd/analysis/1471411160/ and https://www.virustotal.com/en/file/e934c283ea48ca80a9ce1881044d9a1b53a02dd21e0cf07893072b9fc969352b/analysis/1471411208/ and the actual exe file: https://www.virustotal.com/en/file/fc8ffdf19d9297df8badff9e1cd002e2070f3a95d0f15987a9eccc0f1b4e1fad/analysis/1471411257/

The website I got it from, if you follow the gamepatchplanent.com link and it's one of those quoted descriptons if you scroll down far enough, and then once you go download it, they claim their uploads are virus/malware free, or else they wouldn't upload it.

IF, someone had control over your computer other then yourself, you'd know it.Well they could you know just be watching and doing nothing at all....they can just watch what I'm doing on screen, can't they?

One last thing we can try is run a tool to check for errors that might point to items not working as they should

This repair may take some hours !!!

Ok so I did all that. Screenie for step 2: 12641

@ Step 3, it said it found some errors, but I was away when they did the scan during the reboot, do you know where they keep their chkdsk log?

@ Step 4 It found some corrupt files and had to repair those.

In the end, I never got a log file.....you said I would get one on the desktop, I don't see any... Nevermind, I'm an idiot, you said logs folder within its folder, not flat out on the desktop. hahaha well here are those logs if you wanna read: 1264212643 And of course your upload fails to upload this zipped folder....And I'll paste the rest here because either file size limit or and too lazy to upload files one by one because you don't have a multi-loader thing:

_Windows_Repair_Log.txt

Tweaking.com - Windows Repair v3.9.9
--------------------------------------------------------------------------------

System Variables
--------------------------------------------------------------------------------
OS: Windows 7 Professional
OS Architecture: 64-bit
OS Version: 6.1.7601
OS Service Pack: Service Pack 1
Computer Name: RAIKOU
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\Manectric
Current Profile SID: S-1-5-21-2798084944-1211984927-2140173799-1000
Current Profile Classes: S-1-5-21-2798084944-1211984927-2140173799-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Manectric\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:09:45

Process Count: 84
Commit Total: 3.71 GB
Commit Limit: 15.92 GB
Commit Peak: 3.72 GB
Handle Count: 26180
Kernel Total: 658.23 MB
Kernel Paged: 432.42 MB
Kernel Non Paged: 225.82 MB
System Cache: 6.07 GB
Thread Count: 1201
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 15.92 GB
Memory Used: 3.69 GB(23.1847%)
Memory Avail.: 12.23 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 15.92 GB
Memory Used: 3.31 GB(20.8039%)
Memory Avail.: 12.61 GB
--------------------------------------------------------------------------------

Starting Repairs...
Started at (17/08/2016 12:52:26 PM)

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 162

01 - Reset Registry Permissions
Restore Windows 7/8/10 Default Registry Permissions
Start (17/08/2016 12:52:27 PM)

Decompressing & Updating Windows Permission File C:\Users\Electrike\Downloads\Tweaking.com - Windows Repair\files\permissions\7\hku.7z
Done, 0.14 seconds.

Decompressing & Updating Windows Permission File C:\Users\Electrike\Downloads\Tweaking.com - Windows Repair\files\permissions\7\hku.7z
Done, 0.16 seconds.

Decompressing & Updating Windows Permission File C:\Users\Electrike\Downloads\Tweaking.com - Windows Repair\files\permissions\7\hklm.7z
Done, 1.36 seconds.

Running Repair Under System Account
Done (17/08/2016 12:55:18 PM)

Reset File Permissions: C:
C: & Sub Folders
Start (17/08/2016 12:55:18 PM)

Running Repair Under Current User Account
Done (17/08/2016 12:57:17 PM)

Reset File Permissions
Restore Windows 7/8/10 Default File Permissions
Start (17/08/2016 12:57:17 PM)

Decompressing & Updating Windows Permission File C:\Users\Electrike\Downloads\Tweaking.com - Windows Repair\files\permissions\7\default.7z
Done, 0.13 seconds.

Decompressing & Updating Windows Permission File C:\Users\Electrike\Downloads\Tweaking.com - Windows Repair\files\permissions\7\profile.7z
Done, 0.13 seconds.

Decompressing & Updating Windows Permission File C:\Users\Electrike\Downloads\Tweaking.com - Windows Repair\files\permissions\7\program_files.7z
Done, 0.16 seconds.

Decompressing & Updating Windows Permission File C:\Users\Electrike\Downloads\Tweaking.com - Windows Repair\files\permissions\7\program_files_x86.7z
Done, 0.13 seconds.

Decompressing & Updating Windows Permission File C:\Users\Electrike\Downloads\Tweaking.com - Windows Repair\files\permissions\7\programdata.7z
Done, 0.13 seconds.

Decompressing & Updating Windows Permission File C:\Users\Electrike\Downloads\Tweaking.com - Windows Repair\files\permissions\7\windows.7z
Done, 1.14 seconds.

Running Repair Under Current User Account
Done (17/08/2016 12:58:06 PM)

Reset File Permissions: Cleanup
Repairing Restricted Folders Permissions To Avoid Infinite Loops
Start (17/08/2016 12:58:06 PM)

Running Repair Under Current User Account
Running Repair Under System Account
Done (17/08/2016 12:58:09 PM)

03 - Reset Service Permissions
Start (17/08/2016 12:58:09 PM)

Running Repair Under Current User Account
Running Repair Under System Account
Done (17/08/2016 12:58:21 PM)

04 - Register System Files
Start (17/08/2016 12:58:21 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (17/08/2016 12:59:28 PM)

05 - Repair WMI
Start (17/08/2016 12:59:28 PM)

Starting Security Center So We Can Export The Security Info.

Exporting Antivirus Info...
Kaspersky Internet Security Exported.

Exporting AntiSpyware Info...
Kaspersky Internet Security Exported.
Windows Defender Exported.

Exporting 3rd Party Firewall Info...
Kaspersky Internet Security Exported.

Running Repair Under Current User Account
Done (17/08/2016 1:00:37 PM)

06 - Repair Windows Firewall
Start (17/08/2016 1:00:38 PM)

Decompressing & Updating Windows Permission File C:\Users\Electrike\Downloads\Tweaking.com - Windows Repair\files\permissions\7\services.7z
Done, 0.14 seconds.

Running Repair Under Current User Account
Running Repair Under System Account
Done (17/08/2016 1:01:15 PM)

07 - Repair Internet Explorer
Start (17/08/2016 1:01:15 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (17/08/2016 1:01:45 PM)

08 - Repair MDAC/MS Jet
Start (17/08/2016 1:01:45 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (17/08/2016 1:01:59 PM)

09 - Repair Hosts File
Start (17/08/2016 1:02:00 PM)
Running Repair Under System Account
Done (17/08/2016 1:02:01 PM)

10 - Remove Policies Set By Infections
Start (17/08/2016 1:02:01 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (17/08/2016 1:02:05 PM)

11 - Repair Start Menu Icons Removed By Infections
Start (17/08/2016 1:02:05 PM)
Running Repair Under System Account
Done (17/08/2016 1:02:06 PM)

12 - Repair Icons
Start (17/08/2016 1:02:06 PM)
Running Repair Under Current User Account
Done (17/08/2016 1:02:07 PM)

13 - Repair Network
Start (17/08/2016 1:02:07 PM)

Decompressing & Updating Windows Permission File C:\Users\Electrike\Downloads\Tweaking.com - Windows Repair\files\permissions\7\services.7z
Done, 0.14 seconds.

Running Repair Under Current User Account
Running Repair Under System Account
Done (17/08/2016 1:02:27 PM)

14 - Remove Temp Files
Start (17/08/2016 1:02:27 PM)
Running Repair Under System Account
Done (17/08/2016 1:02:28 PM)

15 - Repair Proxy Settings
Start (17/08/2016 1:02:28 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (17/08/2016 1:02:30 PM)

17 - Repair Windows Updates
Start (17/08/2016 1:02:30 PM)

Decompressing & Updating Windows Permission File C:\Users\Electrike\Downloads\Tweaking.com - Windows Repair\files\permissions\7\services.7z
Done, 0.14 seconds.

Running Repair Under Current User Account
Running Repair Under System Account
Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
Done (17/08/2016 1:03:14 PM)

18 - Repair CD/DVD Missing/Not Working
Start (17/08/2016 1:03:14 PM)
iTunes or GEARAspiWDM.sys not found, not applying UpperFilters iTunes Reg Key
Done (17/08/2016 1:03:14 PM)

19 - Repair Volume Shadow Copy Service
Start (17/08/2016 1:03:14 PM)

Decompressing & Updating Windows Permission File C:\Users\Electrike\Downloads\Tweaking.com - Windows Repair\files\permissions\7\services.7z
Done, 0.14 seconds.

Running Repair Under Current User Account
Running Repair Under System Account
Done (17/08/2016 1:03:34 PM)

20 - Repair Windows Sidebar/Gadgets
Start (17/08/2016 1:03:34 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (17/08/2016 1:03:37 PM)

21 - Repair MSI (Windows Installer)
Start (17/08/2016 1:03:38 PM)

Decompressing & Updating Windows Permission File C:\Users\Electrike\Downloads\Tweaking.com - Windows Repair\files\permissions\7\services.7z
Done, 0.13 seconds.

Running Repair Under Current User Account
Running Repair Under System Account
Done (17/08/2016 1:03:48 PM)

22 - Repair Windows Snipping Tool
Start (17/08/2016 1:03:48 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (17/08/2016 1:03:50 PM)

23.01 - Repair bat Association
Start (17/08/2016 1:03:50 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (17/08/2016 1:03:52 PM)

23.02 - Repair cmd Association
Start (17/08/2016 1:03:52 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (17/08/2016 1:03:56 PM)

23.03 - Repair com Association
Start (17/08/2016 1:03:56 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (17/08/2016 1:03:58 PM)

23.04 - Repair Directory Association
Start (17/08/2016 1:03:58 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (17/08/2016 1:04:00 PM)

23.05 - Repair Drive Association
Start (17/08/2016 1:04:00 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (17/08/2016 1:04:02 PM)

23.06 - Repair exe Association
Start (17/08/2016 1:04:02 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (17/08/2016 1:04:04 PM)

23.07 - Repair Folder Association
Start (17/08/2016 1:04:04 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (17/08/2016 1:04:06 PM)

23.08 - Repair inf Association
Start (17/08/2016 1:04:06 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (17/08/2016 1:04:09 PM)

23.09 - Repair lnk (Shortcuts) Association
Start (17/08/2016 1:04:09 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (17/08/2016 1:04:11 PM)

23.10 - Repair msc Association
Start (17/08/2016 1:04:11 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (17/08/2016 1:04:13 PM)

23.11 - Repair reg Association
Start (17/08/2016 1:04:13 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (17/08/2016 1:04:15 PM)

23.12 - Repair scr Association
Start (17/08/2016 1:04:15 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (17/08/2016 1:04:17 PM)

24 - Repair Windows Safe Mode
Start (17/08/2016 1:04:17 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (17/08/2016 1:04:19 PM)

25 - Repair Print Spooler
Start (17/08/2016 1:04:19 PM)

Decompressing & Updating Windows Permission File C:\Users\Electrike\Downloads\Tweaking.com - Windows Repair\files\permissions\7\services.7z
Done, 0.14 seconds.

Running Repair Under Current User Account
Running Repair Under System Account
Done (17/08/2016 1:04:35 PM)

26 - Restore Important Windows Services
Start (17/08/2016 1:04:35 PM)

Decompressing & Updating Windows Permission File C:\Users\Electrike\Downloads\Tweaking.com - Windows Repair\files\permissions\7\services.7z
Done, 0.13 seconds.

Running Repair Under Current User Account
Running Repair Under System Account
Done (17/08/2016 1:04:52 PM)

27 - Set Windows Services To Default Startup
Start (17/08/2016 1:04:52 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (17/08/2016 1:05:00 PM)

Skipping Repair.
Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
Current version: 6.1.7601

Skipping Repair.
Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
Current version: 6.1.7601

Skipping Repair.
Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
Current version: 6.1.7601

31 - Repair Windows 'New' Submenu
Start (17/08/2016 1:05:00 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (17/08/2016 1:05:02 PM)

32 - Restore UAC (User Account Control) Settings
Start (17/08/2016 1:05:02 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (17/08/2016 1:05:04 PM)

33 - Repair Performance Counters
Start (17/08/2016 1:05:04 PM)
Running Repair Under Current User Account
Done (17/08/2016 1:05:13 PM)

Cleaning up empty logs...

All Selected Repairs Done.
Done at (17/08/2016 1:05:13 PM)
Total Repair Time: 00:12:49

...YOU MUST RESTART YOUR SYSTEM...

What does this mean?12645 Too much input? lol your forum server overloaded! hahaha Alright, I post the rest in the following post.....

Nnewb

2016-08-17, 07:53

Alright, screw it, error 413 again, I'll just zip up the remaining txt files for you so you can go download them all in one go to read, here's the link: http://s000.tinyupload.com/index.php?file_id=22203404109878645943 and here's the delete link once you're done with it: http://s000.tinyupload.com/index.php?del_id=92196160597924923548

Thanks.

Time to scan the lappy with ESET Online scanner in Safe mode with networking.

Juliet

2016-08-17, 14:46

OK, some of this I can help with and some I can't.

Then how do I know it's done, besides waiting for god knows how long until it I re-scan it and it either picks up or doesn't which then further makes me wonder if they even analyzed it at all or not....

Since I do not work with SpyBot in such a way, I will have to refer you to a sub forum so you can ask that question
https://forums.spybot.info/forumdisplay.php?4-Spybot

~~~~

Virustotal scan(I've re-scanned today): https://www.virustotal.com/en/file/e...is/1471411160/ and https://www.virustotal.com/en/file/e...is/1471411208/ and the actual exe file: https://www.virustotal.com/en/file/f...is/1471411257/

The website I got it from, if you follow the gamepatchplanent.com link and it's one of those quoted descriptons if you scroll down far enough, and then once you go download it, they claim their uploads are virus/malware free, or else they wouldn't upload it.

File name: OIL.RUSH.V1.0.AND.V1.01.PLUS.2.TRAINER.BY.Burmass.rar <--did not show signs of infection.
File name: OIL.RUSH.V1.0.AND.V1.01.PLUS.2.TRAINER.BY.Burmass(Extracted).rar <-- did
File name: Oil Rush V1.0_1.01 2 Trn_2.exe <-- did

You may want to remove those.

IF, someone had control over your computer other then yourself, you'd know it.
Well they could you know just be watching and doing nothing at all....they can just watch what I'm doing on screen, can't they?

yes, they could just sit and watch but no idea why someone would want to do that since it would be a huge waste of time on their side.
Jealous girlfriend/boyfriend who are spying for information to see who contacts who and whats being said....different scopes could be used with different scenarios. But with all you know I think you'd indentify something quickly on your machine that wasn't supposed to be there.
My opinion, someone hacks into your computer it's usually for one purpose, collect data for profit.
If your machine is not used for any type of banking or use of PayPal, game results that add to money points or profits, they'd move on.

The ChkDsk issues,
It might be a false positive. Read this
http://www.tweaking.com/forums/index.php/topic,2546.0.html

try performing Last Known Good Configuration?
https://support.microsoft.com/en-us/products/windows?os=windows-7

~~~~
For cmd and task manager problems I'll have to refer you to a different help forum since these items are out of my realm of help
Microsoft Windows™
https://forums.whatthetech.com/index.php?showforum=119

Nnewb

2016-08-18, 03:10

OK, some of this I can help with and some I can't.

Since I do not work with SpyBot in such a way, I will have to refer you to a sub forum so you can ask that question
https://forums.spybot.info/forumdisplay.php?4-SpybotOh ok, I can just add a reply to my original thread in question over there asking what the progress is so I don't have to start another thread.

~~~~

File name: OIL.RUSH.V1.0.AND.V1.01.PLUS.2.TRAINER.BY.Burmass.rar <--did not show signs of infection.
File name: OIL.RUSH.V1.0.AND.V1.01.PLUS.2.TRAINER.BY.Burmass(Extracted).rar <-- did
File name: Oil Rush V1.0_1.01 2 Trn_2.exe <-- did

You may want to remove those.The first one didn't come with any sign of infections is because it's password protected and as far as a I know, no anti-virus/malware scanners are able to circum/transcend that(without knowing the password if it has the capability of scanning password protected files - but I don't know any programs that either brute force their way to scan a password protected achive/file for any infections or allow you to input the password before scanning any password protected archives/files) and thus cannot actually scan the real contents of the file....

The second rar file is the file that got extracted from the password protected rar achive that gamepatchplanet made and this file is not password protected.....

And the third file, which the game trainer that I wanted, is not password protected either. Now the download claims there are no viruses/malware in their files and believes any that is picked up are to be false positive, do you not think that could be why the many flags? Huh, I just extracted that file not a some hrs ago(to re-scan for virustotal.com and I never deleted it too) and now it's disappeared on me again! How suspicious.....maybe those flags aren't false positives....but I will find that out when I get them all to analyse the file and report back to me on what exactly it does.....

Yes, I will delete those two offending files for now......

yes, they could just sit and watch but no idea why someone would want to do that since it would be a huge waste of time on their side.
Jealous girlfriend/boyfriend who are spying for information to see who contacts who and whats being said....different scopes could be used with different scenarios. But with all you know I think you'd indentify something quickly on your machine that wasn't supposed to be there.
My opinion, someone hacks into your computer it's usually for one purpose, collect data for profit.
If your machine is not used for any type of banking or use of PayPal, game results that add to money points or profits, they'd move on.Hmmm, yes probably right, perhaps I'm just being paranoid now....I do make use of paypal and banking on this machine, but I don't play in tournaments so I have no game results...should I change password or you think I am safe that there's no keylogger installed? :P

The ChkDsk issues,
It might be a false positive. Read this
http://www.tweaking.com/forums/index.php/topic,2546.0.htmlAh I see.

try performing Last Known Good Configuration?
https://support.microsoft.com/en-us/products/windows?os=windows-7What would this fix for me? Would this undo the changes Tweak program did to my machine?

~~~~
For cmd and task manager problems I'll have to refer you to a different help forum since these items are out of my realm of help
Microsoft Windows™
https://forums.whatthetech.com/index.php?showforum=119Alright, guess I'll make an account on there and post a question about my group policy settings....

Ok, I have left the machine on for overnight scanning with ESET Online scanner, after I saw it white screened whilst scanning drive E - perhaps it is still scanning but not reporting back the status via its own UI for some reason; or perhaps it has stoppe scanning and wants me to pick an option, but I can't because the interface is invisible(though you can clearly see on the taskbar)!). The same result happened: The GUI becomes invisible or is easily overwritten from programs that come on top(after getting to drive E: and scanning some of my games), however checking task manager, it appears to be running and not "Not responding" status......here, a screenshot: 12646 I am not sure what is happening, is it still scanning or has the scanner locked up but program reports still running in task manager? Has this sort of thing ever happened before?

Nnewb

2016-08-18, 04:00

Just used Currports to check what possible hidden processes that might be running and connected to the net: 1264712648

So if there were to be any remote connections, whether hidden or not, it would show up here? Do you see anything suspicious? I don't see anything suspicious with my amateur virus/malware knowledge.....hahahaa

Nnewb

2016-08-18, 04:28

Here you go, another angle at why is the ESET Online scanner UI invisible?!?!?12649

Juliet

2016-08-18, 11:36

Oh ok, I can just add a reply to my original thread in question over there asking what the progress is so I don't have to start another thread.
I know you'll have to create a new topic in that forum or they wont know your asking a question.
If you want to add the link to this one I'm sure it would be OK ...

Hmmm, yes probably right, perhaps I'm just being paranoid now....I do make use of paypal and banking on this machine, but I don't play in tournaments so I have no game results...should I change password or you think I am safe that there's no keylogger installed? :P
Any time you suspect something suspicious you should consider changing passwords. I know people that change passwords every couple of weeks as a security standard.

try performing Last Known Good Configuration?
https://support.microsoft.com/en-us/...s?os=windows-7
What would this fix for me? Would this undo the changes Tweak program did to my machine?

If something on the machine isn't working correctly it's possible, sometimes, to use Last Known Good Configuration and correct the situation.
It's not a cure all but just a suggestion.

Just used Currports to check what possible hidden processes that might be running and connected to the net: currports.pngcurrports1.png
So if there were to be any remote connections, whether hidden or not, it would show up here? Do you see anything suspicious?
I would think it would.

why is the ESET Online scanner UI invisible?
Got me. No idea why.

Nnewb

2016-08-19, 06:02

I know you'll have to create a new topic in that forum or they wont know your asking a question.
If you want to add the link to this one I'm sure it would be OK ...Oh well someone replied when I bumped my post.

Any time you suspect something suspicious you should consider changing passwords. I know people that change passwords every couple of weeks as a security standard.Right.

I would think it would.Ok, well you saw the screenshot, which one of those processes you think is suspicious, since you're the pro here? I would take a guess one of the unknowns since they don't tell u exactly which/what it is......

Got me. No idea why.
So I should stop the scan(because it's still going and yes task manager still says it's running and not "Not responding" status) and ask ESET support why this is happening and link them to this thread, since it's just wasting time and power?

Juliet

2016-08-19, 12:38

So I should stop the scan(because it's still going and yes task manager still says it's running and not "Not responding" status) and ask ESET support why this is happening and link them to this thread, since it's just wasting time and power?
You can.....

If you like you can run Emsisoft Emergency Kit again, allow it to remove what it's finds.

Would you like to run FRST once more?

Nnewb

2016-08-20, 04:05

You can.....

If you like you can run Emsisoft Emergency Kit again, allow it to remove what it's finds.

Would you like to run FRST once more?

Ok well I've stopped the ESET scan and then ran the Emsisoft kit. Found nothing, I even did a custom scan hoping it would scan all drives and apparently nothing....strange, either ESET items were false positives, or Emsisoft can't pick them up because they're probably new threats that no other anti-virus/malware programs have been updated to know about. Here's the logs:

Emsisoft Emergency Kit - Version 11.9
Last update: 20/08/2016 12:06:52 AM
User account: Raikou\Manectric
Computer name: RAIKOU
OS version: Windows 7x64 Service Pack 1

Scan settings:

Scan type: Custom Scan
Objects: Rootkits, Memory, Traces, B:\, C:\, E:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 20/08/2016 12:08:38 AM

Scanned 554385
Found 0

Scan end: 20/08/2016 12:50:15 AM
Scan time: 0:41:37

Emsisoft Emergency Kit - Version 11.9
Last update: 20/08/2016 12:06:52 AM
User account: Raikou\Manectric
Computer name: RAIKOU
OS version: Windows 7x64 Service Pack 1

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 20/08/2016 12:08:00 AM

Scanned 73178
Found 0

Scan end: 20/08/2016 12:08:11 AM
Scan time: 0:00:11

Here's my FRST64 logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-08-2016
Ran by Manectric (administrator) on RAIKOU (20-08-2016 09:55:03)
Running from C:\Users\Electrike\Desktop
Loaded Profiles: Manectric & Electrike (Available Profiles: Manectric & Electrike)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "Mozilla\Firefox" -osint -url "%1")
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(GIGABYTE TECHNOLOGY CO., LTD.) C:\Program Files\GIGABYTE\SmartManagerV3\OSD\GBOSDV2.exe
(NirSoft) C:\Users\Electrike\Downloads\cports-x64\cports.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322712 2014-10-10] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7827256 2014-05-14] (Motorola Solutions, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3276040 2014-05-21] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13675736 2014-08-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1396592 2014-09-01] (Realtek Semiconductor)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-09-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-06-28] (Intel Corporation)
HKLM-x32\...\Run: [Razer Naga Driver] => C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe [953232 2011-11-16] (Razer USA Ltd)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\RunOnce: [SmartUpdate] => C:\Program Files\GIGABYTE\Smart Update\urgent.exe [355840 2014-10-22] (GIGABYTE)
HKLM Group Policy restriction on software: *.JSE <====== ATTENTION
HKLM Group Policy restriction on software: *.JS <====== ATTENTION
HKLM Group Policy restriction on software: *.VBE <====== ATTENTION
HKLM Group Policy restriction on software: *.VBS <====== ATTENTION
HKLM Group Policy restriction on software: *.WSF <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile% <====== ATTENTION
HKLM Group Policy restriction on software: C:\Windows\System32\VSSAdmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata% <====== ATTENTION
HKLM Group Policy restriction on software: *.WSH <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\ProcessExplorer\ <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\Electrike\Desktop\Group Policy.msc <====== ATTENTION
HKLM Group Policy restriction on software: C:\Windows\system32\cmd.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Windows\system32\taskmgr.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Downloads <====== ATTENTION
HKLM\...\Policies\Explorer: [NoThumbnailCache] 1
HKLM\...\Policies\Explorer: [DisableThumbnailsOnNetworkFolders] 1
HKLM\...\Policies\Explorer: [NoCDBurning] 1
HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [797328 2016-06-15] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-07-06] (SUPERAntiSpyware)
HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1216648 2015-08-06] (Ruiware)
HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [797328 2016-06-15] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1216648 2015-08-06] (Ruiware)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2014-10-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156840 2014-10-13] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GBOSDV3.lnk [2014-10-30]
ShortcutTarget: GBOSDV3.lnk -> C:\Program Files\GIGABYTE\SmartManagerV3\OSD\GBOSDV2.exe (GIGABYTE TECHNOLOGY CO., LTD.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Welcome.lnk [2014-10-31]
ShortcutTarget: Welcome.lnk -> C:\Program Files\GIGABYTE\Smart USB Backup\Welcome.exe ()
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Tcpip\..\Interfaces\{19335884-B8F1-4C09-BCC6-6644B6627BFF}: [NameServer] 192.168.1.1,8.8.8.8
Tcpip\..\Interfaces\{8ED6DA2E-8DC3-40FF-83BF-0D80A3F52055}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{8ED6DA2E-8DC3-40FF-83BF-0D80A3F52055}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://localoem.msn.com/?pc=SBJB
HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com/?pc=SBJB
HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://localoem.msn.com/?pc=SBJB
HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com/?pc=SBJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000 -> DefaultScope {B0C9ACC6-6B01-470F-B98A-DCC12B58795A} URL =
SearchScopes: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001 -> {B0C9ACC6-6B01-470F-B98A-DCC12B58795A} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO-x32: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
Toolbar: HKLM - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)

FireFox:
========
FF ProfilePath: C:\Users\Manectric\AppData\Roaming\Mozilla\Firefox\Profiles\ipvqxq4h.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-08-06] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-08-06] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-30] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-30] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Extension: WOT - C:\Users\Manectric\AppData\Roaming\Mozilla\Firefox\Profiles\ipvqxq4h.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2016-01-22]
FF Extension: TrafficLight - C:\Users\Manectric\AppData\Roaming\Mozilla\Firefox\Profiles\ipvqxq4h.default\extensions\trafficlight@bitdefender.com.xpi [2016-01-22]
FF Extension: HTTPS-Everywhere - C:\Users\Manectric\AppData\Roaming\Mozilla\Firefox\Profiles\ipvqxq4h.default\extensions\https-everywhere@eff.org [2016-01-22]
FF Extension: NoScript - C:\Users\Manectric\AppData\Roaming\Mozilla\Firefox\Profiles\ipvqxq4h.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-06-11]
FF Extension: Flagfox - C:\Users\Manectric\AppData\Roaming\Mozilla\Firefox\Profiles\ipvqxq4h.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2016-01-22]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi [2016-08-16]
FF HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: IDM integration - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-06-08]
FF HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Manectric\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Manectric\AppData\Roaming\IDM\idmmzcc5 [2016-06-16] [not signed]
FF HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Electrike\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Electrike\AppData\Roaming\IDM\idmmzcc5 [2016-08-13] [not signed]
FF HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-06-10]
CHR HKLM-x32\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
S2 AVP16.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe [236928 2015-12-22] (AO Kaspersky Lab)
S2 ElevateService; C:\Program Files\GIGABYTE\SmartManagerV3\ElevateService.exe [14336 2014-10-29] () [File not signed]
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18584 2014-10-10] (Intel Corporation)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-10-04] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-02-01] (Intel(R) Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-04-30] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-04-30] (Intel Corporation)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\vssbridge64.exe [152488 2015-12-22] (AO Kaspersky Lab)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-08-19] ()
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-17] (NVIDIA Corporation)
S2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [197264 2016-06-15] (Sandboxie Holdings, LLC)
S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 Update_Service; C:\Program Files\GIGABYTE\Smart Update\Update_Service.exe [136704 2014-10-22] (GIGABYTE) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-09-02] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3817168 2014-08-19] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [141624 2014-05-14] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1424184 2014-05-14] (Motorola Solutions, Inc.)
S3 btmlehid; C:\Windows\system32\drivers\btmlehid.sys [83256 2014-02-04] (Motorola Solutions, Inc.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
S1 epp; C:\EEK\bin64\epp.sys [116944 2016-06-30] (Emsisoft Ltd)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [30360 2014-10-09] (Intel Corporation)
S3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [210376 2014-07-04] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-09-11] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
S1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [79240 2015-12-01] (AO Kaspersky Lab)
S2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78200 2015-12-02] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [182152 2015-12-11] (AO Kaspersky Lab)
S1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [236888 2016-08-16] (AO Kaspersky Lab)
S3 klids; C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [182360 2016-08-17] (AO Kaspersky Lab)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1001304 2016-08-16] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [50776 2016-04-29] (AO Kaspersky Lab)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52608 2015-11-11] (AO Kaspersky Lab)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
S1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45960 2015-12-07] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [110424 2016-08-16] (AO Kaspersky Lab)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [194440 2015-12-03] (AO Kaspersky Lab)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-07-08] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-04-30] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3423720 2014-08-22] (Intel Corporation)
S3 NVSWCFilter; C:\Windows\system32\drivers\nvswcfilter.sys [19616 2014-09-05] (Windows (R) Win 7 DDK provider)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-05] (NVIDIA Corporation)
S3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [429272 2014-10-22] (Realsil Semiconductor Corporation)
R3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [126464 2011-11-15] (Razer USA Ltd)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [204944 2016-06-15] (Sandboxie Holdings, LLC)
S2 {687703DE-DC6D-4649-892B-B8497854A6AB}; C:\Program Files (x86)\CyberLink\PowerDVD15\Common\NavFilter\000.fcl [29896 2015-10-05] (CyberLink Corp.)
S3 NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-20 09:55 - 2016-08-20 09:55 - 00020957 _____ C:\Users\Electrike\Desktop\FRST.txt
2016-08-20 09:54 - 2016-08-20 09:55 - 00000000 ____D C:\FRST
2016-08-20 00:05 - 2016-08-20 09:53 - 00000000 ____D C:\EEK
2016-08-19 23:45 - 2016-08-19 23:45 - 02395648 _____ (Farbar) C:\Users\Electrike\Desktop\FRST64.exe
2016-08-19 23:42 - 2016-08-19 23:53 - 247661272 _____ C:\Users\Electrike\Desktop\EmsisoftEmergencyKit.exe
2016-08-18 09:23 - 2016-08-18 09:26 - 00071387 _____ C:\Windows\system32\activity.txt
2016-08-18 09:20 - 2016-08-18 10:01 - 00000000 ____D C:\Users\Electrike\Downloads\cports-x64
2016-08-18 09:19 - 2016-08-18 09:19 - 00113711 _____ C:\Users\Electrike\Downloads\cports-x64.zip
2016-08-18 09:15 - 2016-08-18 09:15 - 00000000 _____ C:\Users\Electrike\test.txt
2016-08-17 13:08 - 2016-08-17 13:08 - 00000144 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-08-17 12:41 - 2016-08-17 12:41 - 00003536 _____ C:\bootsqm.dat
2016-08-17 12:26 - 2016-08-17 12:29 - 00000000 ____D C:\Users\Electrike\Downloads\Tweaking.com - Windows Repair
2016-08-17 12:23 - 2016-08-17 12:24 - 27326629 _____ C:\Users\Electrike\Downloads\tweaking.com_windows_repair_aio.zip
2016-08-17 12:21 - 2016-08-17 12:21 - 06761600 _____ (ESET spol. s r.o.) C:\Users\Electrike\Downloads\esetonlinescanner_enu.exe
2016-08-14 16:09 - 2016-08-14 16:09 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2016-08-14 16:09 - 2016-08-14 16:09 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-08-14 16:09 - 2016-08-14 16:09 - 00000000 ____D C:\ProgramData\Skype
2016-08-14 16:09 - 2016-08-14 16:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-08-14 00:10 - 2016-08-14 00:10 - 00076653 _____ C:\Users\Electrike\Desktop\Group Policy.msc
2016-08-13 10:46 - 2016-08-14 18:22 - 00021280 __RSH C:\ProgramData\ntuser.pol
2016-08-13 09:34 - 2016-08-13 09:51 - 00000000 ____D C:\Users\Electrike\Downloads\CrystalDiskMark5_1_2Shizuku
2016-08-13 09:32 - 2016-08-13 09:32 - 00000201 _____ C:\Users\Electrike\Downloads\CrystalDiskMark5_1_2Shizuku.zip.txt
2016-08-13 09:30 - 2016-08-13 09:30 - 17699182 _____ C:\Users\Electrike\Downloads\CrystalDiskMark5_1_2Shizuku.zip
2016-08-13 09:21 - 2016-08-13 09:21 - 00003148 _____ C:\Windows\System32\Tasks\FRAPS
2016-08-10 09:37 - 2016-08-02 22:54 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-08-10 09:37 - 2016-08-02 22:08 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-08-10 09:37 - 2016-08-02 14:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-08-10 09:37 - 2016-08-02 14:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-08-10 09:37 - 2016-08-02 14:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-08-10 09:37 - 2016-08-02 14:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-08-10 09:37 - 2016-08-02 14:32 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-08-10 09:37 - 2016-08-02 14:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-08-10 09:37 - 2016-08-02 14:31 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-08-10 09:37 - 2016-08-02 14:31 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-08-10 09:37 - 2016-08-02 14:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-08-10 09:37 - 2016-08-02 14:24 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-08-10 09:37 - 2016-08-02 14:23 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-08-10 09:37 - 2016-08-02 14:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-08-10 09:37 - 2016-08-02 14:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-08-10 09:37 - 2016-08-02 14:19 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-08-10 09:37 - 2016-08-02 14:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-08-10 09:37 - 2016-08-02 14:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-08-10 09:37 - 2016-08-02 14:18 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-08-10 09:37 - 2016-08-02 14:11 - 00969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-08-10 09:37 - 2016-08-02 14:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-08-10 09:37 - 2016-08-02 14:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-08-10 09:37 - 2016-08-02 14:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-08-10 09:37 - 2016-08-02 13:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-08-10 09:37 - 2016-08-02 13:56 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-08-10 09:37 - 2016-08-02 13:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-08-10 09:37 - 2016-08-02 13:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-08-10 09:37 - 2016-08-02 13:53 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-08-10 09:37 - 2016-08-02 13:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-08-10 09:37 - 2016-08-02 13:51 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-08-10 09:37 - 2016-08-02 13:51 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-08-10 09:37 - 2016-08-02 13:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-08-10 09:37 - 2016-08-02 13:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-08-10 09:37 - 2016-08-02 13:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-08-10 09:37 - 2016-08-02 13:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-08-10 09:37 - 2016-08-02 13:45 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-08-10 09:37 - 2016-08-02 13:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-08-10 09:37 - 2016-08-02 13:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-08-10 09:37 - 2016-08-02 13:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-08-10 09:37 - 2016-08-02 13:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-08-10 09:37 - 2016-08-02 13:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-08-10 09:37 - 2016-08-02 13:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-08-10 09:37 - 2016-08-02 13:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-08-10 09:37 - 2016-08-02 13:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-08-10 09:37 - 2016-08-02 13:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-08-10 09:37 - 2016-08-02 13:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-08-10 09:37 - 2016-08-02 13:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-08-10 09:37 - 2016-08-02 13:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-08-10 09:37 - 2016-08-02 13:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-08-10 09:37 - 2016-08-02 13:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-08-10 09:37 - 2016-08-02 13:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-08-10 09:37 - 2016-08-02 13:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-08-10 09:37 - 2016-08-02 13:24 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-08-10 09:37 - 2016-08-02 13:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-08-10 09:37 - 2016-08-02 13:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-08-10 09:37 - 2016-08-02 13:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-08-10 09:37 - 2016-08-02 13:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-08-10 09:37 - 2016-08-02 13:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-08-10 09:37 - 2016-08-02 13:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-08-10 09:37 - 2016-08-02 13:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-08-10 09:37 - 2016-08-02 13:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-08-10 09:37 - 2016-08-02 13:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-08-10 09:37 - 2016-08-02 12:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-08-10 09:37 - 2016-08-02 12:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-08-10 09:37 - 2016-08-02 12:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-08-10 09:37 - 2016-08-02 12:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-08-10 09:37 - 2016-07-08 23:37 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-08-10 09:37 - 2016-07-08 23:37 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-08-10 09:37 - 2016-07-08 23:32 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-08-10 09:37 - 2016-07-08 23:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-08-10 09:37 - 2016-07-08 23:32 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-08-10 09:37 - 2016-07-08 23:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-08-10 09:37 - 2016-07-08 23:32 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-08-10 09:37 - 2016-07-08 23:32 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-08-10 09:37 - 2016-07-08 23:32 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-08-10 09:37 - 2016-07-08 23:32 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-08-10 09:37 - 2016-07-08 23:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-08-10 09:37 - 2016-07-08 23:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-08-10 09:37 - 2016-07-08 23:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-08-10 09:37 - 2016-07-08 23:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-08-10 09:37 - 2016-07-08 23:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-08-10 09:37 - 2016-07-08 23:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-08-10 09:37 - 2016-07-08 23:32 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-08-10 09:37 - 2016-07-08 23:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-08-10 09:37 - 2016-07-08 23:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-08-10 09:37 - 2016-07-08 23:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-08-10 09:37 - 2016-07-08 23:17 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-08-10 09:37 - 2016-07-08 23:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-08-10 09:37 - 2016-07-08 23:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-08-10 09:37 - 2016-07-08 23:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-08-10 09:37 - 2016-07-08 23:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-08-10 09:37 - 2016-07-08 23:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-08-10 09:37 - 2016-07-08 23:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-08-10 09:37 - 2016-07-08 23:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-08-10 09:37 - 2016-07-08 23:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-08-10 09:37 - 2016-07-08 23:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-08-10 09:37 - 2016-07-08 23:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-08-10 09:37 - 2016-07-08 23:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-08-10 09:37 - 2016-07-08 23:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-08-10 09:37 - 2016-07-08 23:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-08-10 09:37 - 2016-07-08 23:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-08-10 09:37 - 2016-07-08 23:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-08-10 09:37 - 2016-07-08 22:57 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-08-10 09:37 - 2016-07-08 22:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-08-10 09:37 - 2016-07-08 22:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-08-10 09:37 - 2016-07-08 22:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-08-10 09:37 - 2016-07-08 22:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-08-10 09:37 - 2016-07-08 22:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-08-10 09:35 - 2016-07-08 23:01 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-08-08 20:01 - 2016-08-08 20:01 - 00000000 ____D C:\Users\Manectric\AppData\Local\CrashDumps
2016-08-08 20:01 - 2016-08-08 20:01 - 00000000 ____D C:\Users\Electrike\AppData\Local\ESET
2016-08-08 18:57 - 2016-08-08 18:57 - 00000000 ____D C:\Users\Manectric\AppData\Local\ESET
2016-08-07 13:14 - 2016-08-07 13:14 - 00000207 _____ C:\Windows\tweaking.com-regbackup-RAIKOU-Windows-7-Professional-(64-bit).dat
2016-08-07 13:13 - 2016-08-07 13:13 - 00018139 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2016-08-07 09:01 - 2016-08-17 13:07 - 00084896 _____ C:\Users\Electrike\AppData\Local\GDIPFONTCACHEV1.DAT
2016-08-06 15:26 - 2016-08-06 15:27 - 00000000 ____D C:\Users\Electrike\AppData\Local\tkdata
2016-08-06 15:25 - 2016-08-07 09:00 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-08-06 15:25 - 2016-08-06 19:56 - 00000000 ____D C:\ProgramData\McAfee
2016-08-06 09:44 - 2016-08-06 10:09 - 01125745 _____ C:\Users\Electrike\Downloads\Trainer for Oil Rush.zip
2016-08-03 05:57 - 2016-08-13 23:43 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-08-03 05:57 - 2016-08-03 05:57 - 00003890 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-07-28 23:16 - 2016-07-28 23:16 - 00000000 ____D C:\Windows\EOONotify

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-20 09:55 - 2016-01-19 13:47 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-08-20 00:08 - 2016-06-26 17:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-18 09:15 - 2016-01-23 11:54 - 00000000 ____D C:\Users\Electrike
2016-08-18 09:07 - 2016-07-06 15:25 - 00000000 ____D C:\Users\Electrike\Downloads\Trainer for Oil Rush
2016-08-17 14:00 - 2009-07-14 13:13 - 00779996 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-17 14:00 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\inf
2016-08-17 13:54 - 2016-07-07 16:17 - 00084896 _____ C:\Users\Manectric\AppData\Local\GDIPFONTCACHEV1.DAT
2016-08-17 13:54 - 2015-01-12 17:26 - 00180174 _____ C:\Users\Electrike\Documents\%$##!!@.TXT
2016-08-17 13:31 - 2016-03-06 10:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-17 13:16 - 2009-07-14 12:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-17 13:16 - 2009-07-14 12:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-17 13:08 - 2014-10-22 14:52 - 00000300 _____ C:\Windows\Tasks\RtlLanOptimizerVistaStart.job
2016-08-17 13:08 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-17 13:07 - 2016-07-07 19:02 - 00335928 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-17 13:06 - 2016-01-20 02:57 - 00000000 ____D C:\Windows\CSC
2016-08-17 13:01 - 2009-07-14 10:34 - 00000722 _____ C:\Windows\win.ini
2016-08-17 12:42 - 2016-01-22 11:27 - 00000000 ____D C:\Program Files (x86)\Razer
2016-08-16 18:41 - 2016-06-16 15:04 - 01001304 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2016-08-16 18:41 - 2016-04-29 06:12 - 00236888 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2016-08-16 18:41 - 2015-12-03 11:10 - 00110424 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klwtp.sys
2016-08-15 09:41 - 2016-04-30 09:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-08-14 23:09 - 2016-06-23 22:12 - 00000000 ____D C:\Users\Electrike\AppData\Roaming\Skype
2016-08-14 18:19 - 2016-01-23 16:45 - 00001157 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-08-14 18:17 - 2016-01-23 16:45 - 00001071 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-08-13 09:21 - 2016-01-22 17:01 - 00000000 ____D C:\Fraps
2016-08-12 12:14 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\rescache
2016-08-11 21:52 - 2009-07-14 11:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-08-11 11:30 - 2016-01-22 11:28 - 00009896 _____ C:\Windows\Sandboxie.ini
2016-08-11 00:18 - 2016-01-22 20:48 - 00000000 ____D C:\Windows\system32\MRT
2016-08-11 00:16 - 2016-01-22 20:48 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-08-08 11:58 - 2016-01-22 17:02 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-08-08 11:37 - 2016-04-29 15:47 - 00000000 ____D C:\Users\Electrike\AppData\Local\CrashDumps
2016-08-07 09:00 - 2014-10-22 13:35 - 00000000 ____D C:\Program Files\Intel
2016-08-06 15:26 - 2014-10-22 13:37 - 00000000 ____D C:\ProgramData\Intel
2016-08-06 15:22 - 2016-03-06 10:01 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-08-06 15:22 - 2016-03-06 10:01 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-08-06 15:22 - 2016-03-06 10:01 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-08-06 15:20 - 2016-01-31 11:21 - 00000000 ____D C:\Users\Electrike\AppData\Local\Adobe
2016-08-06 15:20 - 2016-01-22 23:34 - 00000000 ____D C:\Users\Manectric\AppData\Local\Adobe
2016-08-06 15:18 - 2016-07-17 00:50 - 00000000 ____D C:\Users\Electrike\AppData\Roaming\WinPatrol
2016-08-05 17:34 - 2016-01-22 11:24 - 00003832 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1453433047
2016-08-05 17:34 - 2016-01-22 11:24 - 00000000 ____D C:\Program Files (x86)\Opera
2016-08-05 16:48 - 2016-01-23 17:21 - 00000000 ____D C:\Users\Electrike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-08-03 16:00 - 2016-03-11 08:40 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-08-01 13:06 - 2014-10-22 14:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-07-28 23:16 - 2016-01-22 21:14 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-07-28 23:16 - 2016-01-22 21:14 - 00000000 ___SD C:\Windows\system32\GWX

==================== Files in the root of some directories =======

2016-01-19 10:59 - 2016-01-22 17:20 - 0000020 _____ () C:\Users\Manectric\AppData\Roaming\db.ini
2014-08-20 12:06 - 2014-08-20 12:06 - 0000020 _____ () C:\ProgramData\db.ini
2014-10-22 13:49 - 2014-10-22 13:49 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Electrike\AppData\Local\Temp\procexp64.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-08-09 15:03

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-08-2016
Ran by Manectric (20-08-2016 09:55:16)
Running from C:\Users\Electrike\Desktop
Windows 7 Professional Service Pack 1 (X64) (2016-01-19 02:59:00)
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2798084944-1211984927-2140173799-500 - Administrator - Disabled)
Electrike (S-1-5-21-2798084944-1211984927-2140173799-1001 - Limited - Enabled) => C:\Users\Electrike
Guest (S-1-5-21-2798084944-1211984927-2140173799-501 - Limited - Disabled)
Manectric (S-1-5-21-2798084944-1211984927-2140173799-1000 - Administrator - Enabled) => C:\Users\Manectric

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DMark (HKLM-x32\...\Steam App 223850) (Version: - Futuremark)
8BitBoy (HKLM-x32\...\Steam App 296910) (Version: - AwesomeBlade)
Absconding Zatwor (HKLM-x32\...\Steam App 385200) (Version: - Zonitron Productions)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 22 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
AmCap version 9.01 (HKLM-x32\...\{0F45BECF-4C85-4301-A8A4-D2E2AE2A2C08}_is1) (Version: 9.01 - Gigabyte, Inc.)
Auslogics BoostSpeed 7 (HKLM-x32\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: 7.9.0.0 - Auslogics Labs Pty Ltd)
BioShock (HKLM-x32\...\Steam App 7670) (Version: - 2K Boston)
Blaster Shooter GunGuy! (HKLM-x32\...\Steam App 391740) (Version: - Adam DeLease)
Breakout Invaders (HKLM-x32\...\Steam App 366700) (Version: - DreamsSoftGames)
Canon Easy-PhotoPrint EX - Additional Materials DL_AN1 (HKLM-x32\...\Easy-PhotoPrint EX - DL_AN1) (Version: - )
Canon Easy-PhotoPrint EX - Additional Materials DL_AN2 (HKLM-x32\...\Easy-PhotoPrint EX - DL_AN2) (Version: - )
Canon Easy-PhotoPrint EX - Additional Materials DL_AN3 (HKLM-x32\...\Easy-PhotoPrint EX - DL_AN3) (Version: - )
Canon Easy-PhotoPrint EX - Additional Materials DL_AN4 (HKLM-x32\...\Easy-PhotoPrint EX - DL_AN4) (Version: - )
Canon Easy-PhotoPrint EX - Additional Materials DL_AN5 (HKLM-x32\...\Easy-PhotoPrint EX - DL_AN5) (Version: - )
Canon Easy-PhotoPrint EX - Additional Materials DL_FA1 (HKLM-x32\...\Easy-PhotoPrint EX - DL_FA1) (Version: - )
Canon Easy-PhotoPrint EX - Additional Materials DL_FA2 (HKLM-x32\...\Easy-PhotoPrint EX - DL_FA2) (Version: - )
Canon Easy-PhotoPrint EX - Additional Materials DL_FA3 (HKLM-x32\...\Easy-PhotoPrint EX - DL_FA3) (Version: - )
Canon Easy-PhotoPrint EX - Additional Materials DL_FA4 (HKLM-x32\...\Easy-PhotoPrint EX - DL_FA4) (Version: - )
Canon Easy-PhotoPrint EX - Additional Materials DL_FA5 (HKLM-x32\...\Easy-PhotoPrint EX - DL_FA5) (Version: - )
Canon Easy-PhotoPrint EX - Additional Materials DL_ST1 (HKLM-x32\...\Easy-PhotoPrint EX - DL_ST1) (Version: - )
Canon Easy-PhotoPrint EX - Additional Materials DL_ST2 (HKLM-x32\...\Easy-PhotoPrint EX - DL_ST2) (Version: - )
Canon Easy-PhotoPrint EX - Additional Materials DL_ST3 (HKLM-x32\...\Easy-PhotoPrint EX - DL_ST3) (Version: - )
Canon Easy-PhotoPrint EX - Additional Materials DL_ST4 (HKLM-x32\...\Easy-PhotoPrint EX - DL_ST4) (Version: - )
Canon Easy-PhotoPrint EX - Additional Materials DL_ST5 (HKLM-x32\...\Easy-PhotoPrint EX - DL_ST5) (Version: - )
Canon Easy-PhotoPrint EX - Additional Materials DL_ST6 (HKLM-x32\...\Easy-PhotoPrint EX - DL_ST6) (Version: - )
Canon Easy-PhotoPrint EX - Additional Materials DL_ST7 (HKLM-x32\...\Easy-PhotoPrint EX - DL_ST7) (Version: - )
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.1.6 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MG6200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6200_series) (Version: - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version: - Torn Banner Studios)
CONSORTIUM (HKLM-x32\...\Steam App 264240) (Version: - Interdimensional Games Inc)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
CyberLink PowerDVD 15 (HKLM-x32\...\{DE85B8F3-D088-4D6E-A970-EE0BC7883A66}) (Version: 15.0.2205.58 - CyberLink Corp.)
DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Edge of Space (HKLM-x32\...\Steam App 238240) (Version: - Handyman Studios)
ELAN Touchpad 11.14.7.1_X64_WHQL (HKLM\...\Elantech) (Version: 11.14.7.1 - ELAN Microelectronic Corp.)
FaeVerse Alchemy (HKLM\...\Steam App 282880) (Version: - Subsoap)
FileZilla Client 3.18.0 (HKLM-x32\...\FileZilla Client) (Version: 3.18.0 - Tim Kosse)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Game Dev Tycoon version 1.5.24 (HKLM-x32\...\{5BBB8682-1335-410F-A79F-8E5611A54BD0}_is1) (Version: 1.5.24 - Greenheart Games Pty. Ltd.)
GIGABYTE Smart USB Backup 2.0.20141014 (HKLM-x32\...\GIGABYTE Smart USB Backup) (Version: 2.0.20141014 - GIGABYTE TECHNOLOGY CO.,LTD.)
Hell Yeah! (HKLM-x32\...\Steam App 205230) (Version: - Arkedo)
Hyperdimension Neptunia Re;Birth1 (HKLM-x32\...\Steam App 282900) (Version: - Idea Factory, Inc.)
Hyperdimension Neptunia Re;Birth2 Sisters Generation (HKLM-x32\...\Steam App 351710) (Version: - Compile Heart)
Intel(R) Chipset Device Software (x32 Version: 10.0.22 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.2.1000 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.5.0.1056 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.34 - Intel Corporation)
Intel(R) Wireless Bluetooth(R)(patch version 17.0.1427.2) (HKLM\...\{302600C1-6BDF-4FD1-1406-148929CC1385}) (Version: 17.1.1406.0472 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{7991b5ae-96d7-4df2-97fb-a605b7cb638b}) (Version: 17.12.0 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
Jet Set Radio (HKLM-x32\...\Steam App 205950) (Version: - Blit Software)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{F575F386-57EF-4943-B003-A13F13B05EEB}) (Version: 16.0.1.445 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 16.0.1.445 - Kaspersky Lab) Hidden
Killing Floor (HKLM-x32\...\Steam App 1250) (Version: - Tripwire Interactive)
Killing Floor 2 (HKLM-x32\...\Steam App 232090) (Version: - Tripwire Interactive)
Killing Floor SDK (HKLM\...\Steam App 1260) (Version: - Tripwire Interactive)
Kingdom Wars (HKLM\...\Steam App 227180) (Version: - Reverie World Studios, INC)
LanOptimizer (HKLM-x32\...\{B416A23D-C2BD-4956-8BAE-5C3BAFF1AC1E}) (Version: 1.00.0000 - Realtek)
Left 4 Dead (HKLM-x32\...\Steam App 500) (Version: - Valve)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
LIMBO (HKLM\...\Steam App 48000) (Version: - Playdead)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MediaInfo 0.7.78 (HKLM\...\MediaInfo) (Version: 0.7.78 - MediaArea.net)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Mozilla Firefox 45.3.0 ESR (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.3.0 ESR (x86 en-US)) (Version: 45.3.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.3.0 - Mozilla)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA Graphics Driver 344.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.42 - NVIDIA Corporation)
Omikron - The Nomad Soul (HKLM-x32\...\Steam App 243000) (Version: - Quantic Dream)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Opera Stable 39.0.2256.48 (HKLM-x32\...\Opera 39.0.2256.48) (Version: 39.0.2256.48 - Opera Software)
ORION: Prelude (HKLM-x32\...\Steam App 104900) (Version: - Spiral Game Studios)
Razer Naga (HKLM-x32\...\{ED4108A9-60FD-4F18-AF42-122219977773}) (Version: 3.03.01 - Razer USA Ltd.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21239 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.82.317.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7348 - Realtek Semiconductor Corp.)
Renegade Ops (HKLM-x32\...\Steam App 99300) (Version: - Avalanche Studios)
Revo Uninstaller Pro 3.1.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.6 - VS Revo Group, Ltd.)
Sandboxie 5.12 (64-bit) (HKLM\...\Sandboxie) (Version: 5.12 - Sandboxie Holdings, LLC)
Savage: The Battle For Newerth (Version: 1.0RC3) (HKLM-x32\...\{ABDEBB00-96E9-47A2-94CC-BB0CCC4630DE}_is1) (Version: - Newerth.com)
SEGA Genesis & Mega Drive Classics (HKLM-x32\...\Steam App 34270) (Version: - Sega)
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
Smart Manager V3 Ver 4.4.3 (HKLM\...\Smart Manager V3) (Version: Ver 4.4.3 - GIGABYTE)
Smart Update v2.3.5 (HKLM-x32\...\Smart Update) (Version: v2.3.5 - GIGABYTE TECHNOLOGY CO.,LTD.)
Sniper Elite: Nazi Zombie Army 2 (HKLM-x32\...\Steam App 247910) (Version: - )
Soulbringer (HKLM-x32\...\Steam App 283310) (Version: - Infogames Europe SA)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
Star Wars - Battlefront II (HKLM-x32\...\Steam App 6060) (Version: - Pandemic Studios)
Starbound - Unstable (HKLM\...\Steam App 367540) (Version: - )
Starbound (HKLM-x32\...\Steam App 211820) (Version: - )
State of Decay (HKLM-x32\...\Steam App 241540) (Version: - Undead Labs)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Street Racing Syndicate (HKLM-x32\...\Steam App 292410) (Version: - Eutechnyx)
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version: - Team Meat)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1212 - SUPERAntiSpyware.com)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
The Ship (HKLM-x32\...\Steam App 2400) (Version: - Outerlight Ltd.)
UE3Redist (HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}) (Version: 1.00.0000 - Epic Games)
UE3Redist (x32 Version: 1.00.0000 - Epic Games) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Viking: Battle for Asgard (HKLM-x32\...\Steam App 211160) (Version: - Creative Assembly, PC Port - Hardlight)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.6.2015.18 - Ruiware)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Electrike\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileCoAuthLib64.dll => No F (the data entry has 3 more characters).
CustomCLSID: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Electrike\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe => No File
CustomCLSID: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001_Classes\CLSID\{869C14C8-1830-491F-B575-5F9AB40D2B42}\InprocServer32 -> C:\Program Files\MediaInfo\MediaInfo_InfoTip.dll (MediaArea.net)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0F31E738-83EC-40CD-A7C2-F7CEF30EC5D6} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {281FAFD2-11AC-46FE-B3D7-74FFC96FCB60} - System32\Tasks\RtlLanOptimizerVistaStart => C:\Program Files (x86)\Realtek\LanOptimizer\LanOptimizer.exe [2013-01-18] (Realtek Semiconductor)
Task: {34744266-050D-465A-AEDC-071063F1F8C6} - System32\Tasks\Opera scheduled Autoupdate 1453433047 => C:\Program Files (x86)\Opera\launcher.exe [2016-08-03] (Opera Software)
Task: {88C14B97-48EB-43EE-9F66-AA4268FA32FE} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {AE144BC0-4C06-4EDB-A9D6-64B7E80EFCC1} - System32\Tasks\FRAPS => C:\Fraps\fraps.exe [2015-09-05] (Beepa P/L)
Task: {D2443CEE-28E7-4E8E-B014-09D96E0D998C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-09] (Piriform Ltd)
Task: {E1B701B4-8889-46F5-A1E8-6226A5212985} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-08-06] (Adobe Systems Incorporated)
Task: {EAAE9075-97CB-4D2F-9372-8DD858214FBB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {FFE4DF80-8C39-4568-8C64-A70E97751AF6} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe [2016-08-03] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\RtlLanOptimizerVistaStart.job => C:\Program Files (x86)\Realtek\LanOptimizer\LanOptimizer.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-05-27 20:19 - 2016-05-27 20:19 - 00052912 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2014-10-29 15:06 - 2014-10-29 15:06 - 00434688 _____ () C:\Program Files\GIGABYTE\SmartManagerV3\OSD\Skin\OSD_Skin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\92888469.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\92888469.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7908 more sites.

IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\1-2005-search.com -> www.1-2005-search.com

There are 12725 more sites.

IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\1-2005-search.com -> www.1-2005-search.com

There are 12685 more sites.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:34 - 2016-08-17 13:02 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Manectric\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Electrike\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{ED44402E-6B9E-4DB1-B967-E19AA4AE59D5}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{975A9371-4FC5-4492-A0FA-31983D49C1F5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{46B1C078-AFED-45D5-926D-B400B0762AEA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{8AA98205-C1F8-4F48-929E-28A6F5C66746}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{218FBBB7-0A07-424B-9DBA-25DEE324042F}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{2CEB3727-6E0E-474B-BEDB-55CD6FA31863}] => (Allow) E:\Steam\bin\steamwebhelper.exe
FirewallRules: [{0E988A6F-1597-434D-8FDF-ACCAC6D3BABA}] => (Allow) E:\Steam\bin\steamwebhelper.exe
FirewallRules: [{BA275EC0-0E29-4CB2-851E-0DF94DD3B256}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD.exe
FirewallRules: [{D7B7FE81-F7C1-4CC2-9A5D-3BFBC4F8B092}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\Kernel\DMS\CLMSServerPDVD15.exe
FirewallRules: [{158CD4F6-032B-4273-826C-217282EBB367}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe
FirewallRules: [{1923CDDD-D237-42FD-8C23-BC5FB283A78E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\Movie\PowerDVDMovie.exe
FirewallRules: [{AE2A9A89-B88B-4683-B869-8B2EF65AD275}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{23E604FA-4DDA-45B1-9908-9EBFB959E3DF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1B14BB29-0D4F-4A8C-8ABC-6888D216BD83}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{42E4617A-5FCA-4251-8EFB-91382308D1CF}] => (Allow) E:\Steam\steamapps\common\3DMark\3DMarkLauncher.exe
FirewallRules: [{5915F504-940F-4CF9-8851-E2D9D34CCF8B}] => (Allow) E:\Steam\steamapps\common\3DMark\3DMarkLauncher.exe
FirewallRules: [{977B611B-A28C-4028-B3BC-1039ED8857E6}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{6E11EF2F-6830-49D3-BD5C-667A4C9A40F6}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{19406A0C-DDD7-46E7-A82F-38E6F9627D2A}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win64\CDW.exe
FirewallRules: [{2513EA08-BD87-41FE-A41B-2C727C0E0AA2}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win64\CDW.exe
FirewallRules: [{31FED2C9-495D-4342-8B10-7966E278394C}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{61BC3A19-BF39-4DD6-A1A6-0D58AEE19178}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{106113F8-9421-4270-820D-CC76EEA2A2B3}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win32\CDW.exe
FirewallRules: [{DBF93726-DD05-4DD9-BC9F-9948951E75B1}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win32\CDW.exe
FirewallRules: [{D0CE9C82-7250-46DC-94CF-0CA3B4E0A5AC}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{B70D3706-95ED-49E3-AF67-CBE783281915}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{B7138CFE-00E4-4F1A-B081-EAF371CC90C5}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{2DC418BB-D092-44D7-B9D5-2AAF21966D87}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{080F40DB-3587-4EB6-818C-FE2225702188}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{441B589F-AC8B-4E86-9F8A-536B5BB1D1BB}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{1AC40D78-85FC-44D5-97B1-05DE752CE4AB}] => (Allow) E:\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{16E5442B-B244-434D-89BC-122C4DC23666}] => (Allow) E:\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{0659532C-2FC0-41DE-A1FE-F884355EFCA2}] => (Allow) E:\Steam\steamapps\common\Edge of Space\Launcher.exe
FirewallRules: [{E7546CF8-5893-4099-B834-70CE3F0A815D}] => (Allow) E:\Steam\steamapps\common\Edge of Space\Launcher.exe
FirewallRules: [{827ABB98-CC0A-4987-990F-859B67A93BE4}] => (Allow) E:\Steam\steamapps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{6F18E829-CE8B-4EFC-96F4-B0EE1D357AB4}] => (Allow) E:\Steam\steamapps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{0E8AC9E3-CCC1-4B56-A403-CAF7318C1872}] => (Allow) E:\Steam\steamapps\common\left 4 dead\left4dead.exe
FirewallRules: [{0B8EAF10-34D3-4982-97C4-7B8909D7ABA1}] => (Allow) E:\Steam\steamapps\common\left 4 dead\left4dead.exe
FirewallRules: [{4B4DA01D-819F-4EFF-A0FD-2C0BE6406682}] => (Allow) E:\Steam\steamapps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
FirewallRules: [{54884BF2-8338-451F-B9E7-46AB96619750}] => (Allow) E:\Steam\steamapps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
FirewallRules: [{E61D0B2A-5D79-4977-AF7D-2F0B7106C268}] => (Allow) E:\Steam\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{3DCB6A24-1389-4942-92D5-3843075404E4}] => (Allow) E:\Steam\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{DBA18D9C-8ACA-49E2-AAC4-3562035A8C57}] => (Allow) E:\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{BBEFBE26-BED3-48B4-B121-E489A3ADF5B1}] => (Allow) E:\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{33926AC4-D51F-4479-8FC0-6A47B2055EEF}] => (Allow) E:\Steam\steamapps\common\Neptunia Rebirth1\NeptuniaReBirth1.exe
FirewallRules: [{1C996CF8-6816-406F-B0E0-7F5346B9A085}] => (Allow) E:\Steam\steamapps\common\Neptunia Rebirth1\NeptuniaReBirth1.exe
FirewallRules: [{8EB3D9BC-0F02-45D3-9DAB-C24D00AB72C1}] => (Allow) E:\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{11A7FAF0-73F9-4D6F-BE83-AE1B847685DE}] => (Allow) E:\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{9BD875E2-2851-4332-AE83-1C609C0F596E}] => (Allow) E:\Steam\steamapps\common\The Ship\ship.exe
FirewallRules: [{B64A9B7C-6C69-4C35-B792-9697435EB025}] => (Allow) E:\Steam\steamapps\common\The Ship\ship.exe
FirewallRules: [{C7B05986-D0C4-4108-BF55-AA0DB2F9B964}] => (Allow) E:\Steam\steamapps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe
FirewallRules: [{86B27BFA-B00C-4819-AC2E-2698A8D1D867}] => (Allow) E:\Steam\steamapps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe
FirewallRules: [{0CB72F27-4441-44FA-9C5A-5441E38EE959}] => (Allow) E:\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{1D8F9B21-75A4-4095-925D-37EF588122EC}] => (Allow) E:\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{D1FBB2F4-3AEB-4A10-B314-1997BF169FD9}] => (Allow) E:\Steam\steamapps\common\Sniper Elite Nazi Zombie Army 2\bin\NZA2.exe
FirewallRules: [{746B90D7-A441-49B8-9D00-634C77BA026A}] => (Allow) E:\Steam\steamapps\common\Sniper Elite Nazi Zombie Army 2\bin\NZA2.exe
FirewallRules: [{DBE2503B-EFAA-4652-A651-B03A21CBF6F6}] => (Allow) E:\Steam\steamapps\common\Neptunia Rebirth2\NeptuniaReBirth2.exe
FirewallRules: [{2DF07BBF-0773-4A95-9F7F-1E5853B86F17}] => (Allow) E:\Steam\steamapps\common\Neptunia Rebirth2\NeptuniaReBirth2.exe
FirewallRules: [{3A9F16C0-CD27-4147-9FB4-5A1298898CE0}] => (Allow) E:\Steam\steamapps\common\Absconding Zatwor\AbscondingZatwor.exe
FirewallRules: [{071E8CC3-0D48-4F22-9580-C472D454D7C9}] => (Allow) E:\Steam\steamapps\common\Absconding Zatwor\AbscondingZatwor.exe
FirewallRules: [{53DFE6F9-4512-43A8-9878-0A28C814363E}] => (Allow) E:\Steam\steamapps\common\8BitBoy\8bitboy.exe
FirewallRules: [{79D7B79F-14C8-41B4-AF2B-E5A83CD0A94E}] => (Allow) E:\Steam\steamapps\common\8BitBoy\8bitboy.exe
FirewallRules: [{BE1625A0-5C22-4012-B36E-CBEB9D1D0B44}] => (Allow) E:\Steam\steamapps\common\Soulbringer\Soulbringer.exe
FirewallRules: [{732E4072-52AD-437F-832B-8788A54BC722}] => (Allow) E:\Steam\steamapps\common\Soulbringer\Soulbringer.exe
FirewallRules: [{B8112D4F-B895-48FD-A761-07233224E301}] => (Allow) E:\Steam\steamapps\common\Soulbringer\SBLang.exe
FirewallRules: [{7B73DB18-60C1-48C2-8BC7-EDB9EA198B1A}] => (Allow) E:\Steam\steamapps\common\Soulbringer\SBLang.exe
FirewallRules: [{DBB54C42-A404-4750-9EA6-CE7EC5EBF23F}] => (Allow) E:\Steam\steamapps\common\Omikron\Runtime.exe
FirewallRules: [{4394EE80-8ACE-407E-952B-CC4B6719971F}] => (Allow) E:\Steam\steamapps\common\Omikron\Runtime.exe
FirewallRules: [{FEB10303-05F6-449E-A3CF-ACCB9CCA8B02}] => (Allow) E:\Steam\steamapps\common\Blaster Shooter GunGuy!\BlasterShooterGunGuy.exe
FirewallRules: [{1EF7DA4A-1823-4F8D-9155-BEA31FD22B5E}] => (Allow) E:\Steam\steamapps\common\Blaster Shooter GunGuy!\BlasterShooterGunGuy.exe
FirewallRules: [{ACA46DCF-C461-4ED4-BED5-2C3C4850A8F3}] => (Allow) E:\Steam\steamapps\common\State of Decay\StateOfDecay.exe
FirewallRules: [{273E2CC8-617A-48CB-9CCF-B94AA9D96ECD}] => (Allow) E:\Steam\steamapps\common\State of Decay\StateOfDecay.exe
FirewallRules: [{172E3FBA-DEE4-43F4-8A2D-B9B8D68CACA0}] => (Allow) E:\Steam\steamapps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{E94AD05B-C733-4A92-B5A2-BD09EB05A410}] => (Allow) E:\Steam\steamapps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{00AC840B-80A1-4336-88EE-248DC558DC8E}] => (Allow) E:\Steam\steamapps\common\Street Racing Syndicate\Bin\SRS.EXE
FirewallRules: [{B21938C0-9E93-436B-AFD1-BE72C9E048AF}] => (Allow) E:\Steam\steamapps\common\Street Racing Syndicate\Bin\SRS.EXE
FirewallRules: [{0604D7D5-CE4B-40F0-8844-36D0181A3D33}] => (Allow) E:\Steam\steamapps\common\Hell Yeah\HELLYEAH.exe
FirewallRules: [{B257BEA4-3A33-4DDE-A96D-9442D2C7C6A8}] => (Allow) E:\Steam\steamapps\common\Hell Yeah\HELLYEAH.exe
FirewallRules: [{D5FD205B-7422-4B63-9C42-2C284F7A5357}] => (Allow) E:\Steam\steamapps\common\Jet Set Radio\jsrsetup.exe
FirewallRules: [{2CB6CF4F-6F0E-4F3A-B7BA-0878C855956C}] => (Allow) E:\Steam\steamapps\common\Jet Set Radio\jsrsetup.exe
FirewallRules: [{AF18B0FD-32DD-40CD-9EF0-A41F3EBD6195}] => (Allow) E:\Steam\steamapps\common\Sega Classics\SEGAGenesisClassics.exe
FirewallRules: [{6B2D4BD6-6BE2-4027-97BB-CABBCD2940F0}] => (Allow) E:\Steam\steamapps\common\Sega Classics\SEGAGenesisClassics.exe
FirewallRules: [{E378E1DC-8AEA-4A0D-AC1D-1222A117A1C6}] => (Allow) E:\Steam\steamapps\common\Renegade Ops\RenegadeOps.exe
FirewallRules: [{81BCE8BE-6B13-4ADF-A0CD-0C5ACCEF2E15}] => (Allow) E:\Steam\steamapps\common\Renegade Ops\RenegadeOps.exe
FirewallRules: [{0101F286-11E3-44C1-B549-C2065BD8AAE6}] => (Allow) E:\Steam\steamapps\common\Viking Battle for Asgard\viking.exe
FirewallRules: [{5E4891E6-CA93-4429-B4F7-B2B650E4D791}] => (Allow) E:\Steam\steamapps\common\Viking Battle for Asgard\viking.exe
FirewallRules: [{37DBD26C-BB32-49F8-9A7D-167AE3B772CA}] => (Allow) E:\Steam\steamapps\common\Viking Battle for Asgard\ConfigTool.exe
FirewallRules: [{4C1DAB79-D364-4727-A421-F26F7AF3442B}] => (Allow) E:\Steam\steamapps\common\Viking Battle for Asgard\ConfigTool.exe
FirewallRules: [{DF112BDD-C962-4B16-9F8F-FF4A26DDCCE9}] => (Allow) E:\Steam\steamapps\common\Breakout Invaders\Breakout Invaders.exe
FirewallRules: [{DA48FB98-14F8-49EF-8ED7-6940578C2D5D}] => (Allow) E:\Steam\steamapps\common\Breakout Invaders\Breakout Invaders.exe
FirewallRules: [{CCF81E90-D5FA-4A26-8642-90A9613C7AD8}] => (Allow) E:\Steam\steamapps\common\Dawn of Fantasy\Dof.exe
FirewallRules: [{F145CB47-1CA1-40B7-9699-5EFBA332DE3C}] => (Allow) E:\Steam\steamapps\common\Dawn of Fantasy\Dof.exe
FirewallRules: [{44CF666E-77CD-4F57-A70C-E9F1C612782D}] => (Allow) E:\Steam\steamapps\common\Dawn of Fantasy\dof_options.exe
FirewallRules: [{52A5BE11-5E01-4B08-B08B-852ED99BD5C0}] => (Allow) E:\Steam\steamapps\common\Dawn of Fantasy\dof_options.exe
FirewallRules: [{6419C5BC-EF54-466F-994F-CEC4BA1FA469}] => (Allow) E:\Steam\steamapps\common\Dawn of Fantasy\Editor.exe
FirewallRules: [{F9E29DF7-450C-41C3-BC16-5136E441DF43}] => (Allow) E:\Steam\steamapps\common\Dawn of Fantasy\Editor.exe
FirewallRules: [{A2F07D3A-76E2-4EAF-B45C-A52BC59EE74E}] => (Allow) E:\Steam\steamapps\common\Sega Classics\SEGAGameRoom.exe
FirewallRules: [{F8EC441D-3F40-4788-A95F-21BF6ED19202}] => (Allow) E:\Steam\steamapps\common\Sega Classics\SEGAGameRoom.exe
FirewallRules: [{E3DAC1B9-43BF-4EB8-94FC-48EEB9AC8F9F}] => (Allow) E:\Steam\steamapps\common\FaeVerseAlchemy\FaeVerseAlchemy.exe
FirewallRules: [{439F11BE-2C0F-4ACD-9C6D-3598C7352FBB}] => (Allow) E:\Steam\steamapps\common\FaeVerseAlchemy\FaeVerseAlchemy.exe
FirewallRules: [{17E95339-3EF6-4626-9A5D-EB3522338690}] => (Allow) E:\Steam\steamapps\common\KillingFloor\System\KFEd.exe
FirewallRules: [{B7A6306D-3CD2-4D06-94F9-58BAB76BD903}] => (Allow) E:\Steam\steamapps\common\KillingFloor\System\KFEd.exe
FirewallRules: [{53B34361-08C1-428A-A1B6-CCF0D371D5B9}] => (Allow) E:\Steam\steamapps\common\Limbo\limbo.exe
FirewallRules: [{F263328F-E5C4-478C-B00B-080E494827EB}] => (Allow) E:\Steam\steamapps\common\Limbo\limbo.exe
FirewallRules: [{53B56E07-3523-4C42-9C68-2B075C2E0A4A}] => (Allow) E:\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe
FirewallRules: [{949ECB15-C111-47AD-9B56-EB7CF5F04070}] => (Allow) E:\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe
FirewallRules: [{D71B24E8-A218-49A1-9C40-5B3F74EC8755}] => (Allow) E:\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe
FirewallRules: [{E0026D43-5EFA-44A5-B3D1-0A038B1FB885}] => (Allow) E:\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe
FirewallRules: [{7095CF9D-D5D4-4787-AD5F-0C05D92F4C75}] => (Allow) E:\Steam\steamapps\common\Starbound\win32\mod_uploader.exe
FirewallRules: [{62CEF1C9-E199-443D-8B32-0B16DE0A7869}] => (Allow) E:\Steam\steamapps\common\Starbound\win32\mod_uploader.exe
FirewallRules: [{BBE098F3-917B-40CC-8B4C-9232B9CAF868}] => (Allow) E:\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{6A219DDF-FA22-40B0-BCDA-02972DFDB946}] => (Allow) E:\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{F46EED8E-922E-4129-981A-A5BCFAEBA239}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win32\mod_uploader.exe
FirewallRules: [{5E3C4E03-8EBA-45A2-AA19-343991C46DB3}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win32\mod_uploader.exe
FirewallRules: [{E31810B6-E548-42A2-9556-FF063CE58EEE}] => (Allow) E:\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{324C0FC5-F91F-4F4C-9322-58E7A4FE1E57}] => (Allow) E:\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{E88CA193-08F8-44F9-AAC7-0D1A5E0EFA7A}] => (Allow) E:\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{3D8A4B1F-ADC2-46F3-A493-530D3910871B}] => (Allow) E:\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{511B82B9-0A56-4D98-ABBB-362CBC278DE1}] => (Allow) E:\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{162A06FA-0FC2-4ADF-84D1-6730D6CF7E42}] => (Allow) E:\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{89521BB0-DF55-46CF-9E62-C41CA967AD29}] => (Allow) E:\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{7322A81B-A789-4BFA-A332-9F8203F4A46B}] => (Allow) E:\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{F066C9B0-764E-43CD-8CA6-1DF4F261ED18}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win64\starbound.exe
FirewallRules: [{EAE6118B-AB2E-4477-A927-15B50748608B}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win64\starbound.exe
FirewallRules: [{719A00C5-AE92-4F00-A83A-ED29E6DBCD90}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win64\starbound_server.exe
FirewallRules: [{D2A77B95-EE45-49E5-85F2-9D0927111C25}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win64\starbound_server.exe
FirewallRules: [{6707124E-3B27-45CA-B2B0-873B942957F5}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win64\mod_uploader.exe
FirewallRules: [{BE081998-A33C-4B93-AD8B-6AD6D3668860}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win64\mod_uploader.exe
FirewallRules: [{AC96E2B3-3FB2-423C-91BA-B4335C6626BB}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win32\starbound.exe
FirewallRules: [{8D1D9C45-AE7F-4813-8962-56FBCC94A1FA}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win32\starbound.exe
FirewallRules: [{C13F76AF-605C-4D49-BD78-3EA278F093ED}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

==================== Restore Points =========================

17-08-2016 12:47:40 Tweaking.com - Windows Repair

==================== Faulty Device Manager Devices =============

Name: Microsoft Virtual WiFi Miniport Adapter #7
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Kaspersky Lab power events provider
Description: Kaspersky Lab power events provider
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: KL
Service: klhk
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

==================== Event log errors: =========================

Application errors:
==================
Error: (08/17/2016 01:08:11 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0

Error: (08/17/2016 01:08:11 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0

Error: (08/17/2016 01:08:11 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0

Error: (08/17/2016 01:07:10 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (08/17/2016 01:07:10 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (08/17/2016 01:07:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -528.

Error: (08/17/2016 01:07:10 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Catalog Database (1576) Catalog Database: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Windows\system32\CatRoot2\edb.log.

Error: (08/17/2016 01:07:06 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0

Error: (08/17/2016 01:07:06 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0

Error: (08/17/2016 01:07:06 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0

System errors:
=============
Error: (08/19/2016 11:47:05 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (08/19/2016 11:47:04 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084NVSvc{DCAB0989-1301-4319-BE5F-ADE89F88581C}

Error: (08/19/2016 11:46:29 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084Bluetooth Device Monitor{DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}

Error: (08/19/2016 01:56:46 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/19/2016 12:01:50 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068stisvc{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (08/19/2016 12:00:26 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (08/18/2016 01:56:44 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/18/2016 08:36:12 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068stisvc{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (08/17/2016 01:57:18 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084NVSvc{DCAB0989-1301-4319-BE5F-ADE89F88581C}

Error: (08/17/2016 01:57:17 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084Bluetooth Device Monitor{DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}

CodeIntegrity:
===================================
Date: 2016-01-22 13:37:14.199
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-01-22 13:37:14.198
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-01-22 13:37:14.196
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-01-22 13:37:14.194
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-01-22 13:37:14.193
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-01-22 13:37:14.192
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 16%
Total physical RAM: 16302.39 MB
Available physical RAM: 13555.11 MB
Total Virtual: 16300.58 MB
Available Virtual: 14029.34 MB

==================== Drives ================================

Drive b: (FRAPS) (Fixed) (Total:931.51 GB) (Free:931.42 GB) NTFS
Drive c: (SYSTEM) (Fixed) (Total:103.99 GB) (Free:52.31 GB) NTFS
Drive e: (Game Drive) (Fixed) (Total:1863.01 GB) (Free:1624.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: E71727C5)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: AEFDE666)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=260 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=104 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 69318C77)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Nnewb

2016-08-20, 04:21

Hm I guess you don't know enough to tell me which of those processes from Currports look suspicious...

I also tried running KIS 2016 last night to do a full scan but it appears it's now morning and is taking its sweet ass time to load because I can see the load mouse cursor, but where's KIS 2016?? Checking Task manager, I see that AVP.exe *32 has loaded, but where's the GUI?

As I was saying about ESET picking up said items and other's not pick jack(since I can't edit my previous post), assuming these aren't false positive, then ESET is the only program(that we've tried so far) to detect these new threats but for some reason or another, ESET fails to complete the scan and show us what it found......coincident that I happen to be scanning for malware/viruses and ESET fails, no? I will contact ESET now to see what the problem is, and also link them to this thread.

Oh, this is new: 12651 How unfortunate that Malwarebytes' Anti-rootkit engine is not functioning in the times of need. Well, looks like I need to look elsewhere for a rootkit scanner then, since Malwarebytes can no longer do this. Perhaps Rkill and TDSKK? I will try them now to see if they also fail or not......

Nnewb

2016-08-20, 04:43

Rkill log:

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/20/2016 10:25:14 AM in x64 mode. (Safe Mode)
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Automatic

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic

* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)

* TBS [Missing Service]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 08/20/2016 10:25:20 AM
Execution time: 0 hours(s), 0 minute(s), and 6 seconds(s)

And TDSSK scan: 12652 It found three items but reasons for them were that they weren't signed, and not actually infected with anything.....hmmm, perhaps this could be the exact same three that ESET found?

Well if Rkill and TDSSK don't find anything then I guess I appear to be rootkit free.....I'll just need to fix up that Anti-Rootkit engine scanner for Malwarebytes and I'm good.....

Ah yes, I could run Tweak again with the fixes, to see if it will fix all this up.....

Nnewb

2016-08-20, 04:57

Tweak logs:

┌────────────────────────────────────────────────────────────────────────────────┐
│ Tweaking.com - Windows Repair v3.9.9 - Pre-Scan
│ Computer: RAIKOU (Windows 7 Professional 6.1.7601 Service Pack 1) (64-bit)
│ [Started Scan - 20/08/2016 10:40:42 AM]
└────────────────────────────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────────────────────────────────────┐
│ Scanning Windows Packages Files.
│ Started at (20/08/2016 10:40:42 AM)
│
│ No problems were found with the Packages Files.
│
│ Files Checked & Verified: 5,591
│
│ Done Scanning Windows Packages Files.(20/08/2016 10:41:07 AM)
└────────────────────────────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────────────────────────────────────┐
│ Scanning Reparse Points.
│ Started at (20/08/2016 10:41:07 AM)
│
│ Reparse Points are OK!.
│
│ Files & Folders Searched: 191,866
│ Reparse Points Found: 60
│
│ Done Scanning Reparse Points.(20/08/2016 10:41:11 AM)
└────────────────────────────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────────────────────────────────────┐
│ Checking Environment Variables.
│ Started at (20/08/2016 10:41:11 AM)
│
│ No problems were found with the Environment Variables.
│
│ Done Checking Environment Variables. (20/08/2016 10:41:11 AM)
└────────────────────────────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────────────────────────────────────┐
│ [Finished Scan - 20/08/2016 10:41:11 AM]
│
│ [x] Scan Complete - No Problems Found!
└────────────────────────────────────────────────────────────────────────────────┘

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\Electrike\Downloads\Tweaking.com - Windows Repair>CD /D C:\

C:\>set path=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SystemRoot%\System32\WindowsPowerShell\v1.0

C:\>chkdsk C:
The type of the file system is NTFS.
The volume is in use by another process. Chkdsk
might report errors when no corruption is present.
Volume label is SYSTEM.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
9 percent complete. (159207 of 176896 file records processed)
176896 file records processed.

File verification completed.
573 large file records processed.

0 bad file records processed.

2 EA records processed.

60 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
48 percent complete. (203946 of 233998 index entries processed)
233998 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 3)...
64 percent complete. (167725 of 176896 file SDs/SIDs processed)
176896 file SDs/SIDs processed.

Security descriptor verification completed.
28552 data files processed.

CHKDSK is verifying Usn Journal...
100 percent complete. (36052992 of 36061048 USN bytes processed)
36061048 USN bytes processed.

Usn Journal verification completed.
The master file table's (MFT) BITMAP attribute is incorrect.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

109037567 KB total disk space.
53863420 KB in 141161 files.
90628 KB in 28553 indexes.
0 KB in bad sectors.
284991 KB in use by the system.
65536 KB occupied by the log file.
54798528 KB available on disk.

4096 bytes in each allocation unit.
27259391 total allocation units on disk.
13699632 allocation units available on disk.

C:\>

12653

Nnewb

2016-08-20, 05:40

Oh that's interesting, I see Tweak has purge the hosts file so all those IPs that were set by Spybot and Spyware Blaster are gone. Guess I'll need to re-immunize the system.

Also, I'm not even gonna bother uploading the Tweak logs one by one again so instead I've uploaded them onto a file hosting service and here it is: http://s000.tinyupload.com/index.php?file_id=02324336235524793043 and here's the delete link once you're done with it: http://s000.tinyupload.com/index.php?del_id=07012334514769442031

Nnewb

2016-08-20, 13:14

Ok, rebooted, and got into normal mode, got KIS 2016 to scan, then Malwarebytes Anti-Malware, then SUPERAntiSpyware, then Spybot Search and Destroy. They all came clean, here's my log from Malwarebytes:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 20/08/2016
Scan Time: 12:58 PM
Logfile: malwarebytes og.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.08.20.02
Rootkit Database: v2016.08.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Manectric

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 822558
Time Elapsed: 1 hr, 46 min, 19 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

SUPERAntiSpyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/20/2016 at 04:26 PM

Application Version : 6.0.1222
Database Version : 12956

Scan type : Complete Scan
Total Scan Time : 01:36:01

Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Limited User

Memory items scanned : 668
Memory threats detected : 0
Registry items scanned : 65623
Registry threats detected : 0
File items scanned : 400948
File threats detected : 342

Adware.Tracking Cookie
.abmr.net [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
www.w3counter.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
m.webtrends.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
www.qsstats.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
click.e.jbhifi.com.au [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
click.e.jbhifi.com.au [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.googleadservices.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
s.opendsp.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.btrll.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.ads.linkedin.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.ads.linkedin.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.ads.linkedin.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.ads.linkedin.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.scorecardresearch.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.exelator.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.eqads.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.mathtag.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.adtechjp.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.adtechus.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.pubmatic.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.pubmatic.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
cdn.firstimpression.io [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.pubmatic.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.swid.switchads.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.gwallet.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
bs.serving-sys.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
bs.serving-sys.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.smaato.net [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.adsrvr.org [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.adsrvr.org [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.tapad.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.tapad.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.scorecardresearch.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.scorecardresearch.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.videohub.tv [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.videohub.tv [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.contextweb.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
www.qsstats.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.adzerk.net [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.w3counter.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.eyeviewads.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.adsby.bidtheatre.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.fwmrm.net [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.fwmrm.net [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
i.liadm.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.1rx.io [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.rhythmxchange.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.fwmrm.net [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.tubemogul.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.fwmrm.net [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.fwmrm.net [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.fwmrm.net [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.rfihub.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.adap.tv [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.adaptv.advertising.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.adnxs.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.rubiconproject.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
engine.adzerk.net [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
engine.adzerk.net [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.rfihub.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.bidr.io [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.bluekai.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.bluekai.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.adhigh.net [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.6241190602.log.optimizely.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.bitrix.info [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.bidswitch.net [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.stats.paypal.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.rubiconproject.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.ctnsnet.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.rlcdn.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.rfihub.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.adaptv.advertising.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.demdex.net [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.rlcdn.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.dpm.demdex.net [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
tap.rubiconproject.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.dyntrk.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.1475410895.log.optimizely.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.262855726.log.optimizely.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.554924358.log.optimizely.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.6198013023.log.optimizely.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.6241190602.log.optimizely.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.717623550.log.optimizely.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.rfihub.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.everesttech.net [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.everesttech.net [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.adhigh.net [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.openx.net [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.adnxs.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.mookie1.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.rlcdn.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.geo-um.btrll.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.geo-um.btrll.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.rubiconproject.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
x.bidswitch.net [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.liadm.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.liverail.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.liverail.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.w55c.net [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.mookie1.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.adap.tv [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.mathtag.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.mxptint.net [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.nexac.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.netseer.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.opendsp.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.ctnsnet.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.spotxchange.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.contextweb.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.openx.net [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.rubiconproject.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.rubiconproject.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.rubiconproject.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.p.liadm.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.gwallet.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.gwallet.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.gwallet.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.gwallet.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.gwallet.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.p.liadm.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.p.liadm.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.p.liadm.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.rlcdn.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.rubiconproject.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.pixel.rubiconproject.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.adaptv.advertising.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.rlcdn.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.rfihub.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.omtrdc.net [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.adnxs.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.rfihub.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.sociomantic.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.sociomantic.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.sundaysky.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.contextweb.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
d.liadm.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.taboola.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.taboola.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.taboola.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
trc.taboola.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
trc.taboola.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
trc.taboola.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
trc.taboola.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
trc.taboola.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
trc.taboola.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
trc.taboola.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
trc.taboola.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
trc.taboola.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
trc.taboola.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.tidaltv.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.scanscout.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.teads.tv [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.teads.tv [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.bidswitch.net [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.company-target.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
ad.360yield.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
d.liadm.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.bidswitch.net [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
d.liadm.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.tremorhub.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.tremorhub.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.tremorhub.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.tremorhub.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.tremorhub.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.tremorhub.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.tremorhub.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.tremorhub.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.rfihub.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.linksynergy.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.scanscout.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.simpli.fi [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.turn.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.videohub.tv [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
ad.360yield.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
ad.360yield.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.mathtag.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.adnxs.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.mathtag.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.w55c.net [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.mookie1.com [ C:\USERS\ELECTRIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.abmr.net [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
click.paypal-exchanges.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
click.paypal-exchanges.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.googleadservices.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.btrll.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.ads.linkedin.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.ads.linkedin.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.ads.linkedin.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.ads.linkedin.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.scorecardresearch.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.intergi.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.dotomi.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.mathtag.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.adtechus.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.intergi.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.pubmatic.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
va.v.liveperson.net [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
ads.stickyadstv.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
bs.serving-sys.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
bs.serving-sys.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
bs.serving-sys.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
bs.serving-sys.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
bs.serving-sys.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
bs.serving-sys.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
bs.serving-sys.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
bs.serving-sys.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
bs.serving-sys.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.scorecardresearch.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.scorecardresearch.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.contextweb.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.fwmrm.net [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.fwmrm.net [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
i.liadm.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.marinsm.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.1rx.io [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.rhythmxchange.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.fwmrm.net [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.solvemedia.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.solvemedia.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.solvemedia.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.fwmrm.net [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.fwmrm.net [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.fwmrm.net [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.adap.tv [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.tidaltv.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.adnxs.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.mmstat.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.rubiconproject.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.bluekai.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.bluekai.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.p.liadm.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.1369090036.log.optimizely.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.bidswitch.net [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.stats.paypal.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.rubiconproject.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.mmstat.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
tap.rubiconproject.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.1369090036.log.optimizely.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.232614688.log.optimizely.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.openx.net [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.mookie1.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.rubiconproject.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
x.bidswitch.net [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.liadm.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.liverail.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.liverail.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.mookie1.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.adap.tv [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.mathtag.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.dsply.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.tidaltv.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.p.liadm.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.p.liadm.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.p.liadm.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.p.liadm.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.p.liadm.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.p.liadm.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.rubiconproject.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.pixel.rubiconproject.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.adnxs.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.contextweb.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.taboola.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.taboola.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.taboola.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
trc.taboola.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
trc.taboola.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
trc.taboola.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
trc.taboola.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
trc.taboola.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
trc.taboola.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
trc.taboola.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
trc.taboola.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
trc.taboola.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.taboola.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
trc.taboola.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.tidaltv.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.tidaltv.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.tidaltv.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.bidswitch.net [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
d.liadm.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
p.liadm.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.bidswitch.net [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
d.liadm.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
p.liadm.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.agkn.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.dsply.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.criteo.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.turn.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
ads.stickyadstv.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.agkn.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.innovid.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.mathtag.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.adnxs.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.mathtag.com [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.effectivemeasure.net [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.effectivemeasure.net [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]
.w55c.net [ E:\SANDBOX\STEAMBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS9WAMD0.DEFAULT\COOKIES.SQLITE ]

============
End of Log
============

I don't know where Kaskpersky and Spybot keep their logs...

After all that, I reloaded Spyware Blaster and protected myself from everything there after an update of course.

Nnewb

2016-08-20, 14:56

Ok, so I've contacte ESET about our problem and now awaiting their reply.

Hm, I think I might have DNS poisoning, by the looks of this HTML report from Currports: (And of course your uploader doesn't accept HTML files.....) http://s000.tinyupload.com/index.php?file_id=80262408477844134657 and delete link: http://s000.tinyupload.com/index.php?del_id=09636037138580580258

As you can see, AVP.exe, which is KIS 2016, is reporting to a site called www.xxokoriq.cn:53607? So is Firefox here: www.xxokoriq.cn:49156 but I haven't even been on that site before nor heard of it................why are either of them trying to report to that site? I didn't tell them to....looks like I'm still in this and not out yet....

Nnewb

2016-08-20, 14:59

Juliet

2016-08-20, 15:09

When you see the error for Malwarebytes Anti-Malware
Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.

~~~

Hm I guess you don't know enough to tell me which of those processes from for/using Currports look suspicious...

I also tried running KIS 2016 last night to do a full scan but it appears it's now morning and is taking its sweet ass time to load because I can see the load mouse cursor, but where's KIS 2016?? Checking Task manager, I see that AVP.exe *32 has loaded, but where's the GUI?
I had no idea what I was looking at to give any kind of comments on what was displayed in the photo you took Currports. I cannot give you instructions to remove or stop what it located.

For problems with Kaspersky 2016, they have a help forum https://forum.kaspersky.com/ and http://support.kaspersky.com/
I've never used this product and would think your probably not the first user who has run into issues and there your more likely to get help much better then what I can suggest.

~~~~

As I was saying about ESET picking up said items and other's not pick jack(since I can't edit my previous post), assuming these aren't false positive, then ESET is the only program(that we've tried so far) to detect these new threats but for some reason or another, ESET fails to complete the scan and show us what it found......coincident that I happen to be scanning for malware/viruses and ESET fails, no? I will contact ESET now to see what the problem is, and also link them to this thread.
The settings I suggest will also show us items located in quarantine folders so don't be alarmed with this. If you still feel the need to contact Eset support they may be able to help, no idea.
Many people run into the same issue. Why it does this, first thought is security software but, just a thought.

You know, if at any time you feel you need a different or better malware tech, I can refer you to a different help forum or ask a different helper to try and step in, let me know.
~~~~

I have a question
Did you set a new group policy or allow software on the machine to set new Policy restriction on software:?

HKLM Group Policy restriction on software: *.JSE <====== ATTENTION
HKLM Group Policy restriction on software: *.JS <====== ATTENTION
HKLM Group Policy restriction on software: *.VBE <====== ATTENTION
HKLM Group Policy restriction on software: *.VBS <====== ATTENTION
HKLM Group Policy restriction on software: *.WSF <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile% <====== ATTENTION
HKLM Group Policy restriction on software: C:\Windows\System32\VSSAdmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata% <====== ATTENTION
HKLM Group Policy restriction on software: *.WSH <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\ProcessExplorer\ <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\Electrike\Desktop\Group Policy.msc <====== ATTENTION
HKLM Group Policy restriction on software: C:\Windows\system32\cmd.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Windows\system32\taskmgr.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Downloads <====== ATTENTION
Your newest FRST log shows these are now different from your originals.

****

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

start
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000 -> DefaultScope {B0C9ACC6-6B01-470F-B98A-DCC12B58795A} URL =
SearchScopes: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001 -> {B0C9ACC6-6B01-470F-B98A-DCC12B58795A} URL =
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
C:\ProgramData\DP45977C.lfl
C:\Users\Electrike\AppData\Local\Temp\procexp64.exe
CustomCLSID: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Electrike\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileCoAuthLib64.dll => No File (the data entry has 3 more characters).
CustomCLSID: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Electrike\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe => No File
CMD: netsh winsock reset catalog
CMD: netsh int ip reset
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
EmptyTemp:
End

Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~

Nnewb

2016-08-20, 15:17

Oh ok, according to Sharewatch (http://www.techsupportalert.com/content/quickly-find-out-whos-connected-your-computer.htm)(Another program that was referred to by from one of those Bleeping computers thread post you referred me to), I have no users connected to my laptop so i guess I don't have anyone remotely accessing this machine, which is good!

Juliet

2016-08-20, 15:36

I forgot to comment on this:

As you can see, AVP.exe, which is KIS 2016, is reporting to a site called www.xxokoriq.cn:53607? So is Firefox here: www.xxokoriq.cn:49156 but I haven't even been on that site before nor heard of it................why are either of them trying to report to that site? I didn't tell them to....looks like I'm still in this and not out yet....

However since the address is looped back to the host computer, that would presume Spybot(with its immunization) or Spyware Blaster has saved me for the time being...
"immunisation" of Spybot addresses is in my host file in the entries placed by spybot search and destroy
As far as I know the Immunize feature adds some websites to the restricted zone in Internet Explorer. That means that they're blocked.
means that connection to the sites listed will not be possible.

Oh ok, according to Sharewatch(Another program that was referred to by from one of those Bleeping computers thread post you referred me to), I have no users connected to my laptop so i guess I don't have anyone remotely accessing this machine, which is good!
yes

Nnewb

2016-08-23, 04:21

When you see the error for Malwarebytes Anti-Malware
Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.Yes, that's the one, it looks like 12655 It doesn't seem to come back on Admin account, but on the limited account it keeps popping even after trying a few times, I thought Group Policy might be to blame but I've prerrty much allowed all the suspected paths and error still shows....

~~~

I had no idea what I was looking at to give any kind of comments on what was displayed in the photo you took Currports. I cannot give you instructions to remove or stop what it located.So I am to presume you have no experience or knowledge about Currports or TCPView then...?

For problems with Kaspersky 2016, they have a help forum https://forum.kaspersky.com/ and http://support.kaspersky.com/
I've never used this product and would think your probably not the first user who has run into issues and there your more likely to get help much better then what I can suggest.Well if you have no idea how to analyze Currports or TCPView, then I might just have to jump onto a different forum then... Do you at least know the term "DNS poisoning"(or DNS spoofing is what google comes back when I google that term) and how to combat it?

~~~~

The settings I suggest will also show us items located in quarantine folders so don't be alarmed with this. If you still feel the need to contact Eset support they may be able to help, no idea.
Many people run into the same issue. Why it does this, first thought is security software but, just a thought.Yeah, ESET got back to me and they weren't any help "Sorry we don't offer free support for the free products we have such as the Online scanner, however we are interested in any bugs or feedbacks you have on it" is what I've paraphased.

Anyways, I think I might know what the cause of the freeze/black highlights and GUI turning invisible, it's because of GDI Objects and according to google, you are limited to 10k to any specific program and the max *theoretical* limit is 65k. I came upon this when I wanted to see if this was just my laptop(caused by a still linger virus or whatever) or if this is a bug in the program and lo and behold I booted up my Windows XP build launched the scanner and in no time I would see the same results, GUID looking un-responsive, text getting black highlighted, etc. Here's a photo: 12656

Ok I thought, so tried to take a screenshot and it wouldn't let me, apparently I'm out of MEMORY! I thought, what?! That's impossible, this one tiny scanner could have not eaten up all 128GB of memory!! So I pulled out Process Explorer and yep, that confirmed my expression: 12657 -> As you can see it has only used up 8GB of memory so it was 120GB off the mark for such a window to appear.... Ok so I googled up the problem of the out of memory error and came across this:
https://stackoverflow.com/questions/17726092/outofmemoryexception-for-a-vb-net-application and in one of the replies was a mention of GDI Objects and thought, hmm, this might not be the same program I'm running but it wouldn't hurt to see if this could be the case, so I gleamed over to Process Explorer and: 1265812659 (Aw really only five attachments per post??) Fine, I 'll continue this on my next post then so it's not out of place.

Nnewb

2016-08-23, 04:42

And here's the last photo:12660

As you can see, the GDI Objects of that scanner was reaching 10k!! And Guess what, it's not supposed to, and according to this:
http://www.robertwloch.net/2011/08/10000-gdi-objects-ought-to-be-enough-for-anybody/ it *should* be enough but not for some programs....

Now I could raise the GDI limit, but I'm not gonna bother....and yeah, that's the problem I found. Also, going back to ESET support, apparently they don't know or trust Spybot, I even gave them a link to this thread and they were like "Oh no I'm not gonna follow that for security reasons" Oh please, what could possibly happen following a legitimate thread link? It's like saying I don't want to deposit my money at this bank(even though you're like right in front of the branch and the branch is of course legit) for security reasons.

You know, if at any time you feel you need a different or better malware tech, I can refer you to a different help forum or ask a different helper to try and step in, let me know.Well if you think another helper that steps in to help along with you that would save me the time of posting on more than one forum, that could help! For example, if you know anyone here who knows how to analyse Currports/TCPView(or maybe about those Group Policy settings which I've already started there as referred by you but by the looks of things, no seems to be interested in helping me out or are too busy to: https://forums.whatthetech.com/index.php?showtopic=130824 - I've had 51 views so I know at least people are reading, perhaps no one over there has any experience with GPS...?), then I don't need to ask on a different forum and just continue on with this thread.

~~~~

I have a question
Did you set a new group policy or allow software on the machine to set new Policy restriction on software:?If this is the screenshot you're referring to, then yes I setted(not a word?) the Group Policy myself: 12661 This was the previous config12662 I've given up on trying to find cmd to run so I've remove that path because I rarely even touch cmd for my everyday laptop use. As for Process Explorer, I'm still seeking out a way to load that properly(waiting for a reply on that What the tech forum, but not luck)......as I prefer that over the default Windows Task Manager...

Your newest FRST log shows these are now different from your originals.

****

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~ Yes, would you still like me to do this? I'm presuming this is because of the Group Policy setting I've placed...?

I forgot to comment on this:

"immunisation" of Spybot addresses is in my host file in the entries placed by spybot search and destroy
As far as I know the Immunize feature adds some websites to the restricted zone in Internet Explorer. That means that they're blocked.
means that connection to the sites listed will not be possible.
Ah yes, but the question is *why* are they connecting to these blocked sites? It's good that they're blocked for whatever malicious reason, but why are my programs accessing it is the question?

Nnewb

2016-08-23, 04:52

Hmmm, I have a question unrelated to this thread post and thought you might be able to answer this for me, so when you reach the 10k limit for GDI Objects, the UI of whatever progam becomes screwed up yeah? So what causes this: 1266312664(The Process Explorer picture is probably a better illustration as with ESET scanner, we now know obviously that's caused by reaching the GDI objects limit but I added it there for additional illustrations) If GDI Objects limit is not reach? What cause the black highlights? It happens on notepad too with pure text and you would see a row of black highlighted text.... As you can see, in this case the GDI Objects' limit aren't reached yet text is black highlighted.

Oh yeah I forgot to add this onto my last post:
I did another re-run of ESET to confirm this is also the case for my laptop and low and behold: 1266512666 It is!! As you can see with Windows Task Manager....

Juliet

2016-08-23, 17:59

sorry it took so long to get back, I have a 7 year old.

So I am to presume you have no experience or knowledge about Currports or TCPView then...?
correct

Well if you have no idea how to analyze Currports or TCPView, then I might just have to jump onto a different forum then... Do you at least know the term "DNS poisoning"(or DNS spoofing is what google comes back when I google that term) and how to combat it?
from tools run and logs posted, including rootkit scanners, there was nothing to try to eradicate from your machine.

Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~
Yes, would you still like me to do this? I'm presuming this is because of the Group Policy setting I've placed...?
it was also a restriction policy for IE, not needed if you wish not to.

Well if you think another helper that steps in to help along with you that would save me the time of posting on more than one forum, that could help!
I can look and post at other forums, no idea how long or who can help since we all work multiple help forums.

Nnewb

2016-08-24, 23:57

sorry it took so long to get back, I have a 7 year old.All good, as long as you reply back.

correctOh.....:sad:

from tools run and logs posted, including rootkit scanners, there was nothing to try to eradicate from your machine.
Oh ok, then explain to me why some of these processes are attempting to access those blocked addresses...? Ok just checked CurrPorts and it no longer appears to be accessing the blocked address(perhaps a one off?), however it is still looping itself to host for some reason....at various ports from 49000 to 49900....

it was also a restriction policy for IE, not needed if you wish not to.
Oh if it fixes up more things, yeah sure I'll run it.

I can look and post at other forums, no idea how long or who can help since we all work multiple help forums.Hmmm, well I suppose seeing how my laptop is not displaying any strange behaviors(besides processes looping to host for some reason that I would like explained to me), I suppose I can wait...

I found out where Process Explorer keeps its 64-bit image, here: %userprofile%\AppData\Local\Temp\procexp64.exe - I allowed this and Process Explorer runs now! Yay!

Nnewb

2016-08-25, 04:02

My god, what did you do to my laptop(or maybe it was me that stupidly removed the entry of "C:\windows"(or rather it was registry string but was still pointing to C:\windows) that was set to unblock(ie Unrestricted), but I removed it thinking nothing will happen and wanted to clear up some clutter on Group Policy setting)?! It's completely bricked!!! I followed this yeah from the previous posts to fix some stuff up:

start
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000 -> DefaultScope {B0C9ACC6-6B01-470F-B98A-DCC12B58795A} URL =
SearchScopes: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001 -> {B0C9ACC6-6B01-470F-B98A-DCC12B58795A} URL =
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
C:\ProgramData\DP45977C.lfl
C:\Users\Electrike\AppData\Local\Temp\procexp64.exe
CustomCLSID: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Electrike\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileCoAuthLib64.dll => No File (the data entry has 3 more characters).
CustomCLSID: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Electrike\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe => No File
CMD: netsh winsock reset catalog
CMD: netsh int ip reset
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
EmptyTemp:
End

Pasted that in notepad, saved the file as fixlist.txt next to FRST64.exe on the desktop, executed FRST64.exe, left everything on default and clicked on fix. Next second tells me to reboot and I reboot into windows, login, my mouse seems to have stopped functioning, though on the taskbar it said it was installing some driver(I couldn't click on it to see what it was installing drivers for, as obviously my mouse was frozen) Then my screens turn black. A few minutes later, it goes into 640x480 @ 8 bit colour, or maybe not even that, probably 4-bit colour space and then says Windows is shutting down. And I'm like what?! Then it boots back and then tries to load windows but fails with BSOD error code 7B which means something is wrong with the system drive....

What exactly did you do to it? I tried to use recovery console to bring it back to life. First I tried its automatic startup repair thingy but it apparently failed....I took a couple of photos of it before sending the error report to Microsoft. Here, check it out: 1266912668 So according to that, it would appear the cause of the problem is a driver? Well that could be the same driver that tried to install but failed maybe? And then the screens turned Black and then it was somehow told to auto rest?

Then I went into commandline to fix my Group Policy settings up with this guide (http://woshub.com/reset-local-group-policies-settings-in-windows/) and using the last method as obviously I can't even get into windows. All worked, reset laptop and still BSOD with error 7B.... Ok, maybe the Group Policy wasn't rest properly yet and still blocking access, so I tried it again, but this time with quotes(I tried without quotes as well) from here (http://www.sevenforums.com/tutorials/214461-local-group-policy-reset-default.html) and this time it says "The system cannot find this file specified." Aw oh, where did it go...? Here's a photo: 12670

So here I'm now probably thinking said driver that tried to install but probably failed half way was the ACHI driver for the SATA controller, it has to be that or something relating to that because windows 7 only has the generic ACHI driver but that doesn't always work with all and any motherboards with custom SATA controllers....now how would I go about installing the ACHI driver from a borked windows....?

Wait a second.....if it were the ACHI drivers then the recovery console wouldn't even find the drive to load......so I guess their generic driver works here fine... ...or it could be completely something else as I just tried to boot into Linux Mint and Puppy Linux and both failed to get into GUI mode..... Perhaps they are using those cheap optical drives (https://forums.linuxmint.com/viewtopic.php?t=203233#p1057033) that only work with windows discs? I don't know and I can't remember the last time I tried to boot Linux from this laptop. I think I'll go and try the USB boot method and see if it'll boot off there.....

Nnewb

2016-08-25, 04:33

Oh and I can't use system restore to restore it back before I applied your FRST64 fix because there was none to be found!! - Which is obvious because I disabled System Restore of course to save space....heh.:laugh:

Oh ...I just managed to revert the change, I think using "Last known Good configuration"....as soon as I booted into windows, it started with that driver instllation crap and then gave me a window saying oh you have two minutes before auto log off and restart and I was like oh crap. must google how to cancel auto shutdown(because I don't remember what the code was as I did it a long time ago) and it was "shutdown -a" to Run and it cancelled the scheduled logoff and I was sighing with relief! Phhhheeeeeeewwwwwww, that was close....

Yes, according to this, it was indeed blocked by a Policy(12671), but now that it's all resetted(12672), it shouldn't give me this reasoning......ok now I'm afraid to restart my machine on the account of it going into a fit and BSOD with error 7B and for all I know, this "Last Known Good configuration" could be a one use item....hahahaa

Oh yeah, that rule I was talking about earlier where I deleted was actually both them lol:laugh:, but the Programs one didn't seem to make the machine go into a fit, but the top one where it says "%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%" I deleted eventually(just a couple of hours ago actually) and threw a fit! Hahaha Didn't know deleting this rule would brick the machine.....

I guess I don't need to go looking into making a bootable USB Linux drive now that I am able to boot into(oh well not sure if it'll throw a fit the next but by the looks of it and that it forcing a auto restart could mean the same thing.....)...?

Some help here would be nice....

Nnewb

2016-08-25, 04:35

I'll just leave my laptop on until you get back to me.....

Nnewb

2016-08-25, 04:39

So yeah, right now I actually do need someone who knows their way around Group Policy settings(and not just for preventing virus/malware) and know a way to fix what I borked(that spelling is intentional :P) up.....

Nnewb

2016-08-25, 06:03

Wait, I think I just found the solution (https://superuser.com/questions/382896/device-installation-forbidden-by-system-policy)! We shall see after a restart....

Nnewb

2016-08-25, 07:27

It works!, I had to go into Device Manager and update the driver for each one that had a problem thanks to said policy. Restarted and laptop seems to be functioning like it should.

Sorry for the dramatic scene....heehee....

Anyways, now I know NOT to delete that rule if I am to continue and use Group Policy Settings as a measure of defense......

Juliet

2016-08-25, 15:00

So very glad you were able to locate what was wrong with your computer. Sometimes the person who is on the computer everyday is the best at diagnosing the problems. Also, sorry it took so long and that I had no knowledge in tech details to help expedite your time here.
I suppose all in all it was a learning process and that you gained in research skills and computer repair.

I would like to comment on something

So Juliet was wrong then to have referred me to a forum that has absolutely no knowledge of GPS? Perhaps he just googled for forums and happen to find this on the first page and thought this pace might know a thing or two about it... Actually, does anyone here even know Juliet from that Spybot forum...? Or is this really some random forum the guy picked from a google search? Heh
First, Juliet is a SHE and I did not do anything wrong in extending out and asking other techs in trying to help locate your problem on your machine. This is something all malware techs do to help all victims in need. While unsuccessful in reaching my goal in getting you help from someone who might have an idea what was wrong, who took the time trying to research anything that could cause this, LDTate gave you the best suggestions found to help.

WE were trained and certified in malware removal. While I think there might be other training facilities or schools that teach or help in the internals of computers, I didn't take that course. Therefor, I reached out seeking help for YOU.

And if you would, and you don't have to of course, please check my profile at WTT of which I help in malware removal at this forum too. (Yes they know me)
https://forums.whatthetech.com/index.php?showuser=52436

And if need be or if it matters
MS - MVP Consumer Security 2009 - 2016
http://blogs.msmvps.com/insiders/mvp-listing/juliet-ewing/

Now, for the tools we used and corresponding quarantine folder removal

DelFix

Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Click the Run button.
-- This will remove the specialized tools we used to disinfect your system.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

************************************

Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP

AdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://i.imgur.com/6YRrgUC.png Malwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://i.imgur.com/jv4nhMJ.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://i.imgur.com/DgW1XL2.png Secunia PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://i.imgur.com/j1OLIec.png SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://i.imgur.com/sHjS79L.png Unchecky (http://unchecky.com/) automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs.
http://i.imgur.com/JEP5iWI.png Web of Trust (https://www.mywot.com/) (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

Nnewb

2016-08-26, 06:31

Ooops, I just remembered I forgot to attach the fixlog.txt, well here it is: 12673

First, Juliet is a SHE

You're a she?! Sorry, I always presume any person I talk to on the internet is a guy until said 'guy' comes out and tell us he is actually a she or something else. Heh. :p:

WE were trained and certified in malware removal. While I think there might be other training facilities or schools that teach or help in the internals of computers, I didn't take that course. Therefor, I reached out seeking help for YOU.
Well I appreciate the help, thanks.

And if you would, and you don't have to of course, please check my profile at WTT of which I help in malware removal at this forum too. (Yes they know me)
https://forums.whatthetech.com/index.php?showuser=52436

And if need be or if it matters
MS - MVP Consumer Security 2009 - 2016
http://blogs.msmvps.com/insiders/mvp-listing/juliet-ewing/Hm okay....

Now, for the tools we used and corresponding quarantine folder removal

DelFix

Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Click the Run button.
-- This will remove the specialized tools we used to disinfect your system.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

************************************

Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP

AdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://i.imgur.com/6YRrgUC.png Malwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://i.imgur.com/jv4nhMJ.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://i.imgur.com/DgW1XL2.png Secunia PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://i.imgur.com/j1OLIec.png SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://i.imgur.com/sHjS79L.png Unchecky (http://unchecky.com/) automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs.
http://i.imgur.com/JEP5iWI.png Web of Trust (https://www.mywot.com/) (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

Done

Here's a log if you wanna see it:

# DelFix v1.010 - Logfile created 26/08/2016 at 12:30:47
# Updated 26/04/2015 by Xplode
# Username : Manectric - RAIKOU
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : \FRST
Deleted : \RegBackup
Deleted : \TDSSKiller.3.1.0.11_20.08.2016_10.32.30_log.txt
Deleted : C:\Users\Manectric\Desktop\Rkill.txt

########## - EOF - ##########

Nnewb

2016-08-26, 06:46

Oh the Delfix deleted itself Is that suppose to happen?

I'm guessing you don't know what GDI Objects are either or and have no experiences/knowledge about them?

Also:

Hmmm, I have a question unrelated to this thread post and thought you might be able to answer this for me, so when you reach the 10k limit for GDI Objects, the UI of whatever progam becomes screwed up yeah? So what causes this: 1266312664(The Process Explorer picture is probably a better illustration as with ESET scanner, we now know obviously that's caused by reaching the GDI objects limit but I added it there for additional illustrations) If GDI Objects limit is not reach? What cause the black highlights? It happens on notepad too with pure text and you would see a row of black highlighted text.... As you can see, in this case the GDI Objects' limit aren't reached yet text is black highlighted.

Oh ok, then explain to me why some of these processes are attempting to access those blocked addresses...? Ok just checked CurrPorts and it no longer appears to be accessing the blocked address(perhaps a one off?), however it is still looping itself to host for some reason....at various ports from 49000 to 49900....

So have you asked other techies of this or haven't yet? Otherwise I guess I'll just go post on another forum and ask these questions....along with the other questions before this that you don't seem to have the knowledge to answer.

Wow gee, you must have a lot of time on your hands to kill if you're volunteering your time to help others! Wish I had lost of time to kill so I can do it too(to further improve my knowledge/experiences of virus/malware fighting) as well as doing IRL stuff to play video games and watch stuff.....ahhh if only I could pause time........or at least somehow extend my time whilst I'm awake(and sleeping too I guess because I sometimes have nice dreams that I don't want to be awaken from....:laugh:)...:sad:

Nnewb

2016-08-26, 06:50

So I don't waste more of your time on me that could have been better spent on helping more important matters like other people who need more help than me because they're seriously infected or something and you helping me on probably tricial matters that I can look into myself is one person down....;)

That was suppose to be amended to the last post but of course I cannot edit my posts.... -.-

Juliet

2016-08-26, 12:27

So have you asked other techies of this or haven't yet? Otherwise I guess I'll just go post on another forum and ask these questions....along with the other questions before this that you don't seem to have the knowledge to answer.
I have asked like I said I would. One person did reply back and that it would have to wait till after he was back from vacation.

If you wish, below are 2 other help forums designated specifically to windows 7

http://www.sevenforums.com/
http://www.bleepingcomputer.com/forums/f/167/windows-7/

tashi

2016-08-28, 15:02

Thank you Juliet for all the assistance you kindly provided.

This thread is now archived.