Solved Caught a virus

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2015
Ran by Brandon at 2015-05-25 19:08:52
Running from C:\Users\Brandon\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-278216543-354200022-3375136711-500 - Administrator - Disabled)
Brandon (S-1-5-21-278216543-354200022-3375136711-1001 - Administrator - Enabled) => C:\Users\Brandon
Guest (S-1-5-21-278216543-354200022-3375136711-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

«Witcher 3 - Wild Hunt» 1.0.3.0 (HKLM-x32\...\{BF679CAD-FE6D-4CBE-9E99-D7193809207A}_is1) (Version: 1.0.3.0 - CD Project RED)
µTorrent (HKU\S-1-5-21-278216543-354200022-3375136711-1001\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.04.01 - ASUSTeK Computer Inc.)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.8.2.0 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.8.2.0 - ASUSTek COMPUTER INC.) Hidden
ASUS PCE-AC66 WLAN Card Utilities/Driver (HKLM-x32\...\{68209E06-26F0-4C69-AAEA-044605307CAC}) (Version: 2.0.6.2 - ASUS)
ASUS Product Register Program (HKLM-x32\...\{C0B16F2E-3980-44F8-8CF4-F84696541FF7}) (Version: 1.0.017 - ASUSTek Computer Inc.)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Corsair Link (HKLM-x32\...\{658EFB3F-8606-4576-8FEC-B0CED48F1E68}) (Version: 2.7.5361 - Corsair)
Corsair Link(TM) USB Dongle (Driver Removal) (HKLM-x32\...\SIUSBXP&1B1C&1C00) (Version: - Corsair Memory, Inc.)
Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.0.0.0 - Electronic Arts)
Don't Starve (HKLM-x32\...\GOGPACKDONTSTARVE_is1) (Version: 2.7.0.16 - GOG.com)
Dr. Power (HKLM-x32\...\{50D76CB3-B08A-4F30-A25D-B2A055C8ACD7}) (Version: 1.0.1 - ASUS)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05.0.0 - Electronic Arts)
Dual Audio Recorder 2.3 (HKLM-x32\...\Dual Audio Recorder_is1) (Version: - Adrosoft)
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Network Connections 18.1.59.0 (HKLM\...\PROSetDX) (Version: 18.1.59.0 - Intel)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Kega Fusion low FPS fix (HKLM\...\{6f77d6c3-0452-44f7-b279-7d84c38c0303}.sdb) (Version: - )
KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 3.6.0.0 - QFX Software Corporation)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Marvell Storage Utility V4 (HKLM-x32\...\mvMSU) (Version: 4.1.0.2013 - Marvell)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Mozilla Firefox 38.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0 (x86 en-US)) (Version: 38.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.2 - Mozilla)
Nero 2015 (HKLM-x32\...\{61F056D1-E951-4403-A8DD-322D6C328D4C}) (Version: 16.0.04300 - Nero AG)
Nero 2015 Content Pack (HKLM-x32\...\{55192BC6-EDBA-4F48-A2C4-3D164E41AF55}) (Version: 16.0.00300 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1003 - Nero AG)
NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
Ori and the Blind Forest (HKLM-x32\...\Ori and the Blind Forest_is1) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.)
Outlast: Whistleblower (HKLM-x32\...\T3V0bGFzdFdoaXN0bGVibG93ZXI=_is1) (Version: 1 - )
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: Beta 5.2.1 - Popcorn Time)
Prerequisite installer (x32 Version: 16.0.0003 - Nero AG) Hidden
Probe II (HKLM-x32\...\{9C8C5569-AA0B-4FF2-8C14-AF066E3238FE}) (Version: - )
Process Hacker 2.35 (r5898) (HKLM\...\Process_Hacker2_is1) (Version: 2.35.0.5898 - wj32)
Raptr (HKLM-x32\...\Raptr) (Version: - )
RealDownloader (x32 Version: 17.0.15.4 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 17.0.15.7 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.15 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
Samsung SyncMaster 3D Game Launcher (TriDef 3D) 1.1.8 (HKLM-x32\...\experience-samsung-mon-bundle) (Version: 1.1.8 - Dynamic Digital Depth Australia Pty Ltd)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Sid Meier's Civilization 5 (HKLM-x32\...\Sid Meier's Civilization 5_R.G. Mechanics_is1) (Version: - R.G. Mechanics, Panky)
Sid Meiers Civilization Beyond Earth (HKLM-x32\...\U2lkTWVpZXJzQ2l2aWxpemF0aW9uQmV5b25kRWFydGg=_is1) (Version: 1 - )
SketchUp 2015 (HKLM\...\{90A6F70E-96AD-4054-AB8F-42BCFA75F8EC}) (Version: 15.0.9350 - Trimble Navigation Limited)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Software Informer 1.4.1273.0 (HKLM\...\Software Informer_is1) (Version: - Informer Technologies, Inc.)
SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.04.0000 - Electronic Arts)
SPORE™ Creepy & Cute Parts Pack (HKLM-x32\...\{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}) (Version: 1.00.0000 - Electronic Arts)
SPORE™ Galactic Adventures (HKLM-x32\...\{63CEA2E4-4FE7-4F2C-B388-C1313D24157C}) (Version: 1.00.0000 - Electronic Arts)
Stardock Start8 (HKLM\...\Start8_is1) (Version: 1.41 - Stardock Software, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Sims(tm) Medieval (HKLM-x32\...\{D3F66B94-DF84-4686-832E-D5761B478BF0}) (Version: 2.0.113.00107 - Electronic Arts)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.6.0.0 - Azureus Software, Inc.)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Wolfenstein - The New Order (HKLM-x32\...\Wolfenstein - The New Order_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-278216543-354200022-3375136711-1001_Classes\CLSID\{AB246BE9-1623-4A84-ABDA-CFF4D4A273CB}\InprocServer32 -> C:\WINDOWS\system32\kernel32.dll (Microsoft Corporation)

==================== Restore Points =========================

10-05-2015 05:35:02 Installed DirectX
11-05-2015 16:11:24 Installed DirectX
12-05-2015 01:15:08 Installed Microsoft Visual C++ 2005 Redistributable
12-05-2015 17:12:30 Windows Modules Installer
14-05-2015 12:59:08 Installed AI Suite II
14-05-2015 14:38:17 Restore Operation
15-05-2015 14:54:24 Windows Backup
15-05-2015 15:51:09 Windows Backup
15-05-2015 16:12:03 Windows Backup
15-05-2015 16:53:19 Windows Backup
15-05-2015 17:06:29 Windows Backup
15-05-2015 19:15:29 Windows Backup
15-05-2015 19:40:06 Windows Backup
15-05-2015 19:42:08 Windows Backup
16-05-2015 05:19:55 Windows Backup
19-05-2015 10:52:40 Installed Samsung_MonSetup
20-05-2015 02:33:25 Windows Backup
21-05-2015 05:45:15 Windows Backup
23-05-2015 15:13:19 Revo Uninstaller Pro's restore point - Far Cry 4
23-05-2015 16:27:52 Windows Defender Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2015-05-04 11:03 - 00000853 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 cap.cyberlink.com

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {16E2C015-D481-437E-834A-F79D51CB2853} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2014-10-29] ()
Task: {231C3DA2-6752-4E3B-900D-DABF14E59511} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-04] (Microsoft Corporation)
Task: {238205F7-46A7-4883-BBE6-B975CBC3A519} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2014-07-21] (Nero AG)
Task: {2795F8C7-740D-40A2-96C5-8451969DEF03} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe [2011-09-09] ()
Task: {28D7705C-DF24-48FE-B380-717688729C55} - System32\Tasks\ASUS\ASUS DigiPowerControl Help => C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe [2013-01-14] (ASUSTeK Computer Inc.)
Task: {352A413F-EA28-4D5C-99FB-0C7693E52720} - System32\Tasks\SoftwareInformerService => C:\Program Files\Software Informer\softinfo.exe [2015-03-30] (Informer Technologies, Inc.)
Task: {35793429-ACB8-4CED-804C-CD037120CE75} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3A15B2DF-8E9E-4FF3-8402-3FEDFE6B8396} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-04] (Microsoft Corporation)
Task: {3B446F4A-7715-4A41-B79D-DAF8D4D73BC0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-04] (Google Inc.)
Task: {58196D9E-B552-4DD4-BD2D-67A81401A7D2} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-04] (Microsoft Corporation)
Task: {5B68C91F-07C9-44DF-803D-3CA2D1E78A68} - \Optimize Start Menu Cache Files-S-1-5-21-278216543-354200022-3375136711-1001 No Task File <==== ATTENTION
Task: {675D248A-B39A-482B-BD99-5E5BD59E5BD3} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-04] (Microsoft Corporation)
Task: {7B6F9005-26F6-4151-942B-F25F449D69F7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {80A12FC1-5D2A-47AF-8DF3-E411EFCC2B14} - System32\Tasks\Start Corsair Link => C:\Program Files (x86)\Corsair\Corsair Link\CorsairLINK.exe [2014-09-05] ()
Task: {8136D7E4-A684-48EA-AF58-C8E06B9C5CA4} - System32\Tasks\PCEAC66WLANMGR => C:\Program Files (x86)\ASUS\PCE-AC66 WLAN Card Utilities\WlanMgr.exe [2013-09-13] (ASUS)
Task: {815B697A-EBB0-462D-8BE7-1E9F7C0395F5} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-278216543-354200022-3375136711-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-10-26] (RealNetworks, Inc.)
Task: {A9DFBA67-ACA2-4D6E-A5DE-F251EB2FCE47} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_pepper.exe
Task: {B10FEC1E-7BA8-4C8C-9EF2-6F12DF1947A1} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-23] (Adobe Systems Incorporated)
Task: {B9AA446C-C7EB-47C3-B714-5F1D1C9B4DC7} - System32\Tasks\ASUS\Easy Update => C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe [2013-01-14] ()
Task: {C8B0DEB5-A9D1-49AA-A249-911571480C00} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-278216543-354200022-3375136711-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-26] (RealNetworks, Inc.)
Task: {D30D393C-312D-4C05-B321-90EE91E30284} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-12] (Microsoft Corporation)
Task: {D6FD2B7B-4F09-407A-BE05-590FBC77F325} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
Task: {DA0DF03A-A62C-49F3-9228-378E1E23FB68} - System32\Tasks\Games\UpdateCheck_S-1-5-21-278216543-354200022-3375136711-1001
Task: {E016A19A-6CCE-47C9-A38E-3EC7CEA49213} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-278216543-354200022-3375136711-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-26] (RealNetworks, Inc.)
Task: {E51D23DF-3646-43F6-BADE-E0CE620519C2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-04] (Google Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-09-11 17:27 - 2012-09-11 17:27 - 00062128 _____ () C:\Program Files (x86)\ASUS\APRP\AsusProductRegisterService.exe
2014-10-29 19:06 - 2014-10-29 19:06 - 00560192 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
2014-10-29 19:07 - 2014-10-29 19:07 - 00065600 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\dtvhooks.dll
2015-05-25 16:26 - 2015-05-22 13:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll
2015-05-25 16:26 - 2015-05-22 13:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll
2014-10-29 19:01 - 2014-10-29 19:01 - 01382048 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\cpprest100_1_2.dll
2015-05-25 16:26 - 2015-05-22 13:22 - 14982472 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Brandon\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-278216543-354200022-3375136711-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 8.8.8.8 - 8.8.4.4

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "ASUS Dr. Power"
HKLM\...\StartupApproved\Run32: => "ASUS AiChargerPlus Execute"
HKLM\...\StartupApproved\Run32: => "MSUTray"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKU\S-1-5-21-278216543-354200022-3375136711-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{D74E3C72-E8F7-47FA-8B6F-45E6C120E823}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C35081A5-B100-4CD2-918C-66B8297C5983}] => (Allow) C:\Users\Brandon\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3E46460B-AC37-46C4-A534-BDA6918E55B0}] => (Allow) C:\Users\Brandon\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [UDP Query User{E16E98D1-6F25-49E4-A5DE-873DD00422A8}C:\program files (x86)\marvell\storage\apache2\bin\httpd.exe] => (Allow) C:\program files (x86)\marvell\storage\apache2\bin\httpd.exe
FirewallRules: [TCP Query User{34BDBFFA-6DCE-4AA3-AFF1-4AE2642B2763}C:\program files (x86)\marvell\storage\apache2\bin\httpd.exe] => (Allow) C:\program files (x86)\marvell\storage\apache2\bin\httpd.exe
FirewallRules: [TCP Query User{C5332F8E-D678-4132-8280-57221B66755D}C:\users\brandon\downloads\ipcameratool version 1.0.0.1 - 20131120\ipcamera.exe] => (Allow) C:\users\brandon\downloads\ipcameratool version 1.0.0.1 - 20131120\ipcamera.exe
FirewallRules: [UDP Query User{C701A5C2-F1D8-47EE-AE2B-44A9C13299C2}C:\users\brandon\downloads\ipcameratool version 1.0.0.1 - 20131120\ipcamera.exe] => (Allow) C:\users\brandon\downloads\ipcameratool version 1.0.0.1 - 20131120\ipcamera.exe
FirewallRules: [{6C5555F6-492C-4293-B046-B5AC5755BC9F}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{09E6A003-C799-477C-8B88-518C7D2CAEB5}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{7B43954F-6254-47F6-9481-2FD6C3E2F122}] => (Allow) C:\Program Files (x86)\Nero\Nero 2015\Nero Burning ROM\StartNBR.exe
FirewallRules: [{D5A45F06-D86A-4809-9328-159C7DF10CDD}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{B67720A3-4C7C-445A-8992-1E5286ACCD09}] => (Allow) C:\Program Files (x86)\Nero\Nero 2015\Nero Burning ROM\nero.exe
FirewallRules: [{3C571573-6D22-40BF-870B-D4503A28DAE9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EF04D567-2BFC-40BF-9DD6-A7FED43FD68A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7ACF1A63-F436-4119-8158-4AC39BFCF3CA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F028EFD0-C645-421B-A515-D401F9C6EB90}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D16605D1-200A-4AD4-BE63-E4B124B0A6C7}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{98670C12-8E7B-4E24-A719-F987D02930DD}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{EC4DD1B7-1CAB-487D-AC49-40D9773D095A}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{2EA1E910-7D7B-474B-9B54-4D19DF785CDD}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{75AFFD18-E69F-451D-A4DE-FF6851AB83FD}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [TCP Query User{729CB052-D110-482B-A115-B1D8516A91FE}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [UDP Query User{37399DEE-DF7A-4A5F-BAE3-6505E0781D23}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [{180F333D-842B-4FD9-A79D-582A0925B020}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{9E10ED91-E53A-45FE-8CA9-3A393AB1975C}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{2A9F7D4B-A56D-4DC3-970E-D72D8FF251C7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{410921D0-9792-43D3-988E-1F88997452AA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DB966A07-9BC0-40AF-869F-6CCF70E1A590}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{7D628441-04DE-47BF-9C84-F2EBD894E35A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3316D949-838B-4260-931E-0334F8F045E8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2296ED77-5C3C-4B2B-81DD-83D50A45EBC5}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{56CBC8F2-7868-4508-8A1F-FA264869C66F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9C46EFD5-932F-4F45-A3A8-21AE50830295}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{8CEF82E1-59E7-4CFD-BC7D-9B25EB084AE0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{03365276-BE3F-4ADC-95DC-B48DF890AAB2}] => (Allow) C:\Program Files (x86)\Origin Games\Crysis 3\Bin32\Crysis3.exe
FirewallRules: [{B46C489F-3887-4131-9FD8-2DC31651AB33}] => (Allow) C:\Program Files (x86)\Origin Games\Crysis 3\Bin32\Crysis3.exe
FirewallRules: [{EDF288E1-E67F-4C83-9EF4-28307B531556}] => (Allow) C:\Program Files (x86)\Origin Games\Peggle Deluxe\Peggle.exe
FirewallRules: [{5699BC63-94F5-4F53-AB50-59D382EAA66C}] => (Allow) C:\Program Files (x86)\Origin Games\Peggle Deluxe\Peggle.exe
FirewallRules: [{31046085-0539-4FC5-80CB-188C0AF2FF18}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims Medieval\Game\Bin\TSM.exe
FirewallRules: [{DD6B179F-1EE0-49B3-A036-373E4DC33927}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims Medieval\Game\Bin\TSM.exe
FirewallRules: [TCP Query User{BBB2E862-C986-4BD2-A512-6C2984840471}C:\program files (x86)\mortal kombat complete edition\mkke.exe] => (Allow) C:\program files (x86)\mortal kombat complete edition\mkke.exe
FirewallRules: [UDP Query User{43458827-78D9-434C-9B26-CEFE31CABFB8}C:\program files (x86)\mortal kombat complete edition\mkke.exe] => (Allow) C:\program files (x86)\mortal kombat complete edition\mkke.exe
FirewallRules: [TCP Query User{8164A716-7363-4505-97D1-ED9843F155FF}C:\program files (x86)\r.g. mechanics\wolfenstein - the new order\wolfneworder_x64.exe] => (Allow) C:\program files (x86)\r.g. mechanics\wolfenstein - the new order\wolfneworder_x64.exe
FirewallRules: [UDP Query User{24BB97E5-A1A6-40AA-96D7-1311AFD0A4B0}C:\program files (x86)\r.g. mechanics\wolfenstein - the new order\wolfneworder_x64.exe] => (Allow) C:\program files (x86)\r.g. mechanics\wolfenstein - the new order\wolfneworder_x64.exe
FirewallRules: [{C4084632-CC50-4C62-83D9-C7C7843C2E57}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{427F00BF-80C3-425A-9878-5DF34EC88CA2}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [TCP Query User{9738D3C1-8896-4EE5-B8BA-47B71E283548}I:\users\doubledueces\appdata\roaming\utorrent\utorrent.exe] => (Block) I:\users\doubledueces\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{A253005E-823D-491F-927A-6D719007D730}I:\users\doubledueces\appdata\roaming\utorrent\utorrent.exe] => (Block) I:\users\doubledueces\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{000E9BA8-FAF3-4ECE-ADEE-22DC765A8DE9}] => (Allow) C:\Users\Brandon\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{ED91335E-3662-42D2-96F5-8FC81BAD5A0D}] => (Allow) C:\Users\Brandon\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{BA3CD6F8-3F7C-42A5-88BD-B50F1B121C8A}C:\program files (x86)\outlast whistleblower\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\outlast whistleblower\binaries\win64\olgame.exe
FirewallRules: [UDP Query User{2D3C8DD3-EB20-47A2-8453-B1E4561A90B6}C:\program files (x86)\outlast whistleblower\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\outlast whistleblower\binaries\win64\olgame.exe
FirewallRules: [{5A199403-6ACE-48BF-9C30-8D76249F6953}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{978BD2B3-8387-4AAB-A0EC-845C1A2C29B0}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{A3D31262-680E-4F16-BEF3-D0CF6F6A6859}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{BD55DBED-D3F6-41AA-8A83-31EA4AC7B6D9}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{A95373E3-88A1-42EF-8F7D-0EE85216F2DB}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{EE9B22DA-C31E-45FB-8964-769CBF050AB1}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{EA0A6733-4658-4FD3-88A6-993196894723}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Mad Catz S.T.R.I.K.E.7 V.E.N.O.M
Description: Mad Catz S.T.R.I.K.E.7 V.E.N.O.M
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/25/2015 05:24:54 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (05/25/2015 05:17:36 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (05/25/2015 04:28:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 1.0.2.929 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: cac

Start Time: 01d097420d6b88d9

Termination Time: 60000

Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

Report Id: 66e37dce-0335-11e5-be93-001bdc0f2e95

Faulting package full name:

Faulting package-relative application ID:

Error: (05/25/2015 04:22:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/25/2015 04:22:29 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/25/2015 04:22:24 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/25/2015 07:05:27 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/25/2015 06:52:07 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/25/2015 02:03:42 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/24/2015 07:45:02 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (05/25/2015 06:41:13 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll

Error: (05/25/2015 05:35:02 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll

Error: (05/25/2015 05:21:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (05/25/2015 05:21:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (05/25/2015 05:21:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (05/25/2015 05:21:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (05/25/2015 05:18:54 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom1, has a bad block.

Error: (05/25/2015 05:18:45 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom1, has a bad block.

Error: (05/25/2015 05:18:36 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom1, has a bad block.

Error: (05/25/2015 05:18:27 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom1, has a bad block.


Microsoft Office:
=========================
Error: (05/25/2015 05:24:54 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (05/25/2015 05:17:36 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (05/25/2015 04:28:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.0.2.929cac01d097420d6b88d960000C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe66e37dce-0335-11e5-be93-001bdc0f2e95

Error: (05/25/2015 04:22:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{6FCD4D5A-20B9-4D79-ABA5-4E7048944025}\recordingmanager.exe

Error: (05/25/2015 04:22:29 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{6FCD4D5A-20B9-4D79-ABA5-4E7048944025}\recordingmanager.exe

Error: (05/25/2015 04:22:24 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{6FCD4D5A-20B9-4D79-ABA5-4E7048944025}\recordingmanager.exe

Error: (05/25/2015 07:05:27 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{6FCD4D5A-20B9-4D79-ABA5-4E7048944025}\recordingmanager.exe

Error: (05/25/2015 06:52:07 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{6FCD4D5A-20B9-4D79-ABA5-4E7048944025}\recordingmanager.exe

Error: (05/25/2015 02:03:42 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{6FCD4D5A-20B9-4D79-ABA5-4E7048944025}\recordingmanager.exe

Error: (05/24/2015 07:45:02 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{6FCD4D5A-20B9-4D79-ABA5-4E7048944025}\recordingmanager.exe


CodeIntegrity Errors:
===================================
Date: 2015-05-25 15:17:17.057
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-25 15:17:16.965
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-25 15:17:16.873
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-25 15:17:16.258
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-25 15:17:16.096
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-25 06:22:34.513
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-25 06:22:34.410
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-25 06:22:34.303
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-25 06:22:34.193
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-25 01:37:45.906
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3930K CPU @ 3.20GHz
Percentage of memory in use: 11%
Total physical RAM: 32708.52 MB
Available physical RAM: 29034.4 MB
Total Pagefile: 37572.52 MB
Available Pagefile: 33512.34 MB
Total Virtual: 131072 MB
Available Virtual: 131071.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1861.91 GB) (Free:1352.59 GB) NTFS
Drive f: (Swap ) (Fixed) (Total:59.43 GB) (Free:2.43 GB) NTFS
Drive g: () (Fixed) (Total:172.89 GB) (Free:22.97 GB) NTFS
Drive h: () (Fixed) (Total:593.6 GB) (Free:20.31 GB) NTFS
Drive I: () (Fixed) (Total:172.89 GB) (Free:27.35 GB) NTFS
Drive j: (New Volume) (Fixed) (Total:1096 GB) (Free:1046.98 GB) NTFS
Drive k: (RECOVERY) (Removable) (Total:7.19 GB) (Free:6.9 GB) FAT32
Drive l: () (Fixed) (Total:931.51 GB) (Free:926.73 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1862.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 2 (Size: 1863 GB) (Disk ID: 349A1A4D)

Partition: GPT Partition Type.

========================================================
Disk: 3 (Size: 931.5 GB) (Disk ID: 3FBD0986)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 7.2 GB) (Disk ID: 65B632DB)
Partition 1: (Active) - (Size=7.2 GB) - (Type=0B)

==================== End of log ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    1.7 KB · Views: 5
Fix result of Farbar Recovery Scan Tool (x64) Version: 25-05-2015
Ran by Brandon at 2015-05-25 21:13:53 Run:1
Running from C:\Users\Brandon\Desktop
Loaded Profiles: Brandon (Available Profiles: Brandon)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKU\S-1-5-21-278216543-354200022-3375136711-1001\...\MountPoints2: {cc43aea6-f246-11e4-be66-806e6f6e6963} - "E:\Diablo III Setup.exe"
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
R3 cpuz137; \??\C:\Users\Brandon\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
2015-05-15 17:37 - 2015-05-15 17:37 - 0002745 _____ () C:\Users\Brandon\AppData\Local\Perfmon.PerfmonCfg
2015-05-05 18:02 - 2015-05-05 18:02 - 0007602 _____ () C:\Users\Brandon\AppData\Local\Resmon.ResmonCfg
2015-05-04 09:42 - 2015-05-04 09:42 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
C:\Users\Brandon\AppData\Local\Temp\amd-catalyst-omega-14.12-without-dotnet45-win8.1-64bit.exe
C:\Users\Brandon\AppData\Local\Temp\AutoDetectUtilApp.exe
C:\Users\Brandon\AppData\Local\Temp\cIRHWFSywXnJOPkOaYIu.DLL
C:\Users\Brandon\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Brandon\AppData\Local\Temp\i4jdel0.exe
C:\Users\Brandon\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Brandon\AppData\Local\Temp\lowproc.exe
C:\Users\Brandon\AppData\Local\Temp\NeroInst.EXE
C:\Users\Brandon\AppData\Local\Temp\OOpCVVsOae.DLL
C:\Users\Brandon\AppData\Local\Temp\Process.exe
C:\Users\Brandon\AppData\Local\Temp\processhacker-2.35-setup.exe
C:\Users\Brandon\AppData\Local\Temp\Quarantine.exe
C:\Users\Brandon\AppData\Local\Temp\raptrpatch.exe
C:\Users\Brandon\AppData\Local\Temp\raptr_stub.exe
C:\Users\Brandon\AppData\Local\Temp\sqlite3.dll
C:\Users\Brandon\AppData\Local\Temp\stubhelper.dll
C:\Users\Brandon\AppData\Local\Temp\TFDJoRfHjlEbrrGrXScA.DLL
Task: {5B68C91F-07C9-44DF-803D-3CA2D1E78A68} - \Optimize Start Menu Cache Files-S-1-5-21-278216543-354200022-3375136711-1001 No Task File <==== ATTENTION
AlternateDataStreams: C:\Users\Brandon\OneDrive:ms-properties

*****************

"HKU\S-1-5-21-278216543-354200022-3375136711-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc43aea6-f246-11e4-be66-806e6f6e6963}" => key Removed successfully
HKCR\CLSID\{cc43aea6-f246-11e4-be66-806e6f6e6963} => key not found.
BCM42RLY => Service Removed successfully
cpuz137 => Unable to stop service.
cpuz137 => Service Removed successfully
C:\Users\Brandon\AppData\Local\Perfmon.PerfmonCfg => Moved successfully.
C:\Users\Brandon\AppData\Local\Resmon.ResmonCfg => Moved successfully.
C:\ProgramData\DP45977C.lfl => Moved successfully.
C:\Users\Brandon\AppData\Local\Temp\amd-catalyst-omega-14.12-without-dotnet45-win8.1-64bit.exe => Moved successfully.
C:\Users\Brandon\AppData\Local\Temp\AutoDetectUtilApp.exe => Moved successfully.
C:\Users\Brandon\AppData\Local\Temp\cIRHWFSywXnJOPkOaYIu.DLL => Moved successfully.
C:\Users\Brandon\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
C:\Users\Brandon\AppData\Local\Temp\i4jdel0.exe => Moved successfully.
C:\Users\Brandon\AppData\Local\Temp\LMkRstPt.exe => Moved successfully.
C:\Users\Brandon\AppData\Local\Temp\lowproc.exe => Moved successfully.
C:\Users\Brandon\AppData\Local\Temp\NeroInst.EXE => Moved successfully.
C:\Users\Brandon\AppData\Local\Temp\OOpCVVsOae.DLL => Moved successfully.
C:\Users\Brandon\AppData\Local\Temp\Process.exe => Moved successfully.
C:\Users\Brandon\AppData\Local\Temp\processhacker-2.35-setup.exe => Moved successfully.
C:\Users\Brandon\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Brandon\AppData\Local\Temp\raptrpatch.exe => Moved successfully.
C:\Users\Brandon\AppData\Local\Temp\raptr_stub.exe => Moved successfully.
C:\Users\Brandon\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\Brandon\AppData\Local\Temp\stubhelper.dll => Moved successfully.
C:\Users\Brandon\AppData\Local\Temp\TFDJoRfHjlEbrrGrXScA.DLL => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5B68C91F-07C9-44DF-803D-3CA2D1E78A68}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B68C91F-07C9-44DF-803D-3CA2D1E78A68}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-278216543-354200022-3375136711-1001" => key Removed successfully
C:\Users\Brandon\OneDrive => ":ms-properties" ADS Removed successfully.


The system needed a reboot.

==== End of Fixlog 21:14:04 ====
 
Mostly adware and garbage. Nothing serious.

Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Results of screen317's Security Check version 1.002
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 45
Adobe Flash Player 17.0.0.169
Mozilla Firefox (38.0)
Google Chrome (43.0.2357.65)
Google Chrome (43.0.2357.81)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
Windows Defender MpCmdRun.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 17-01-2015
Ran by Brandon (administrator) on 26-05-2015 at 12:43:29
Running from "C:\Users\Brandon\Desktop"
Microsoft Windows 8.1 Pro with Media Center (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuaueng.dll".


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 
2015-05-26 19:51:17.918 Sophos Virus Removal Tool version 2.5.4
2015-05-26 19:51:17.918 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2015-05-26 19:51:17.918 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2015-05-26 19:51:17.918 Windows version 6.2 SP 0.0 build 9200 SM=0x100 PT=0x1 WOW64
2015-05-26 19:51:17.918 Checking for updates...
2015-05-26 19:51:17.930 Update progress: proxy server not available
2015-05-26 19:51:24.262 Option all = no
2015-05-26 19:51:24.262 Option recurse = yes
2015-05-26 19:51:24.262 Option archive = no
2015-05-26 19:51:24.262 Option service = yes
2015-05-26 19:51:24.262 Option confirm = yes
2015-05-26 19:51:24.262 Option sxl = yes
2015-05-26 19:51:24.263 Option max-data-age = 35
2015-05-26 19:51:24.263 Option EnableSafeClean = yes
2015-05-26 19:51:26.059 Option vdl-logging = yes
2015-05-26 19:51:26.069 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-05-26 19:51:26.069 Machine ID: 6ee4e68bc58e4249b912eb3b7f27f7f5
2015-05-26 19:51:26.070 Component SVRTcli.exe version 2.5.4
2015-05-26 19:51:26.070 Component control.dll version 2.5.4
2015-05-26 19:51:26.070 Component SVRTservice.exe version 2.5.4
2015-05-26 19:51:26.070 Component engine\osdp.dll version 1.44.1.2200
2015-05-26 19:51:26.071 Component engine\veex.dll version 3.60.0.2200
2015-05-26 19:51:26.071 Component engine\savi.dll version 8.1.7.2200
2015-05-26 19:51:26.071 Component rkdisk.dll version 1.5.30.0
2015-05-26 19:51:26.071 Version info: Product version 2.5.4
2015-05-26 19:51:26.072 Version info: Detection engine 3.60.0
2015-05-26 19:51:26.072 Version info: Detection data 5.14
2015-05-26 19:51:26.072 Version info: Build date 4/28/2015
2015-05-26 19:51:26.072 Version info: Data files added 339
2015-05-26 19:51:26.072 Version info: Last successful update (not yet updated)
2015-05-26 19:51:44.669 Downloading updates...
2015-05-26 19:51:44.671 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2015-05-26 19:51:44.671 Update progress: [I49502] Found supplement SAVIW32 LATEST
2015-05-26 19:51:44.671 Update progress: [I49502] Found supplement IDE515 LATEST
2015-05-26 19:51:44.671 Update progress: [I49502] Found supplement IDE516 LATEST
2015-05-26 19:51:44.671 Update progress: [I49502] Found supplement IDE517 LATEST
2015-05-26 19:51:44.671 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2015-05-26 19:51:44.671 Update progress: [I19463] Syncing product SAVIW32 54
2015-05-26 19:51:46.475 Update progress: [I19463] Syncing product IDE515 171
2015-05-26 19:51:47.454 Installing updates...
2015-05-26 19:51:48.057 Error level 1
2015-05-26 19:51:48.070 Update progress: [I19463] Syncing product IDE516 172
2015-05-26 19:51:48.070 Update progress: [I19463] Syncing product IDE517 1
2015-05-26 19:51:56.722 Update successful
2015-05-26 19:52:05.327 Option all = no
2015-05-26 19:52:05.327 Option recurse = yes
2015-05-26 19:52:05.327 Option archive = no
2015-05-26 19:52:05.327 Option service = yes
2015-05-26 19:52:05.327 Option confirm = yes
2015-05-26 19:52:05.327 Option sxl = yes
2015-05-26 19:52:05.328 Option max-data-age = 35
2015-05-26 19:52:05.328 Option EnableSafeClean = yes
2015-05-26 19:52:05.613 Option vdl-logging = yes
2015-05-26 19:52:05.630 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-05-26 19:52:05.630 Machine ID: 6ee4e68bc58e4249b912eb3b7f27f7f5
2015-05-26 19:52:05.630 Component SVRTcli.exe version 2.5.4
2015-05-26 19:52:05.631 Component control.dll version 2.5.4
2015-05-26 19:52:05.631 Component SVRTservice.exe version 2.5.4
2015-05-26 19:52:05.631 Component engine\osdp.dll version 1.44.1.2200
2015-05-26 19:52:05.631 Component engine\veex.dll version 3.60.0.2200
2015-05-26 19:52:05.631 Component engine\savi.dll version 8.1.7.2200
2015-05-26 19:52:05.632 Component rkdisk.dll version 1.5.30.0
2015-05-26 19:52:05.632 Version info: Product version 2.5.4
2015-05-26 19:52:05.632 Version info: Detection engine 3.60.0
2015-05-26 19:52:05.632 Version info: Detection data 5.14G
2015-05-26 19:52:05.632 Version info: Build date 4/28/2015
2015-05-26 19:52:05.632 Version info: Data files added 339
2015-05-26 19:52:05.632 Version info: Last successful update 5/26/2015 12:51:56 PM

2015-05-27 00:26:49.728 Could not open C:\hiberfil.sys
2015-05-27 00:26:49.774 Could not open C:\pagefile.sys
2015-05-27 00:34:27.061 >>> Virus 'Mal/VMProtBad-A' found in file C:\Program Files (x86)\R.G. Mechanics\Sid Meier's Civilization 5\Steam_API.dll
2015-05-27 00:34:27.061 >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
2015-05-27 00:34:27.061 >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
2015-05-27 00:35:57.292 Could not open C:\swapfile.sys
2015-05-27 00:35:58.292 Could not open C:\System Volume Information\{139649ed-fa6c-11e4-be82-60a44ce972f1}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-05-27 00:35:58.292 Could not open C:\System Volume Information\{152ce3a6-f872-11e4-be80-60a44ce972f1}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-05-27 00:35:58.292 Could not open C:\System Volume Information\{1e544175-f6e0-11e4-be7d-60a44ce972f1}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-05-27 00:35:58.292 Could not open C:\System Volume Information\{221f0c86-fec6-11e4-be8b-60a44ce972f1}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-05-27 00:35:58.292 Could not open C:\System Volume Information\{22232781-f82b-11e4-be7f-60a44ce972f1}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-05-27 00:35:58.292 Could not open C:\System Volume Information\{32b58d34-fb13-11e4-be85-001bdc0f2e95}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-05-27 00:35:58.292 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-05-27 00:35:58.292 Could not open C:\System Volume Information\{3daddbab-fe47-11e4-be88-001bdc0f2e95}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-05-27 00:35:58.292 Could not open C:\System Volume Information\{5cb2963a-ff9d-11e4-be8c-001bdc0f2e95}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-05-27 00:35:58.292 Could not open C:\System Volume Information\{985416d6-fb6e-11e4-be87-001bdc0f2e95}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-05-27 00:35:58.292 Could not open C:\System Volume Information\{98541a67-fb6e-11e4-be87-001bdc0f2e95}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-05-27 00:35:58.292 Could not open C:\System Volume Information\{98541aa7-fb6e-11e4-be87-001bdc0f2e95}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-05-27 00:35:58.292 Could not open C:\System Volume Information\{ae127bcc-fb4d-11e4-be85-001bdc0f2e95}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-05-27 00:35:58.292 Could not open C:\System Volume Information\{ae1282d6-fb4d-11e4-be85-001bdc0f2e95}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-05-27 00:35:58.292 Could not open C:\System Volume Information\{ae128398-fb4d-11e4-be85-001bdc0f2e95}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-05-27 00:35:58.292 Could not open C:\System Volume Information\{cc1583f5-fba5-11e4-be87-001bdc0f2e95}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-05-27 00:35:58.292 Could not open C:\System Volume Information\{d0b8d63a-0174-11e5-be8c-001bdc0f2e95}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-05-27 00:35:58.292 Could not open C:\System Volume Information\{d0b8de23-0174-11e5-be8c-001bdc0f2e95}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-05-27 00:35:58.292 Could not open C:\System Volume Information\{d4c7819d-03bd-11e5-be95-001bdc0f2e95}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-05-27 00:35:58.292 Could not open C:\System Volume Information\{dcd37591-f900-11e4-be82-60a44ce972f1}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-05-27 00:35:58.292 Could not open C:\System Volume Information\{e9ec79df-fb5c-11e4-be86-001bdc0f2e95}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-05-27 00:35:58.292 Could not open C:\System Volume Information\{e9ec7bb4-fb5c-11e4-be86-001bdc0f2e95}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-05-27 00:35:58.292 Could not open C:\System Volume Information\{effa54cd-fa80-11e4-be84-60a44ce972f1}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-05-27 00:36:04.240 Could not open C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Current Session
2015-05-27 00:36:04.272 Could not check C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOCK (virus scan failed)
2015-05-27 00:36:04.287 Could not check C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK (virus scan failed)
2015-05-27 00:36:10.095 Could not check C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\GCM Store\LOCK (virus scan failed)
2015-05-27 00:36:10.329 Could not check C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gfjopfpjmkcfgjpogepmdjmcnihfpokn\LOCK (virus scan failed)
2015-05-27 00:36:10.345 Could not check C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOCK (virus scan failed)
2015-05-27 00:36:17.570 Could not check C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOCK (virus scan failed)
2015-05-27 00:36:17.585 Could not check C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOCK (virus scan failed)
2015-05-27 00:36:17.648 Could not check C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\gfjopfpjmkcfgjpogepmdjmcnihfpokn\LOCK (virus scan failed)
2015-05-27 00:46:18.160 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2015-05-27 00:46:18.160 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2015-05-27 00:46:19.031 Could not open C:\Windows\System32\config\BBI
2015-05-27 00:46:19.124 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2015-05-27 00:46:19.124 Could not open C:\Windows\System32\config\RegBack\SAM
2015-05-27 00:46:19.124 Could not open C:\Windows\System32\config\RegBack\SECURITY
2015-05-27 00:46:19.124 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2015-05-27 00:46:19.124 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2015-05-27 01:42:21.913 >>> Virus 'Troj/Agent-AJTU' found in file H:\Program Files (x86)\Electronic Arts\The Sims 4\Game\Bin\rld.dll
2015-05-27 01:42:21.913 >>> Virus 'Troj/Agent-AJTU' found in file HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
2015-05-27 01:42:21.913 >>> Virus 'Troj/Agent-AJTU' found in file HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
2015-05-27 01:42:26.343 >>> Virus 'Troj/Agent-AJTQ' found in file H:\Program Files (x86)\Electronic Arts\The Sims 4\Game\Bin\RldOrigin.dll
2015-05-27 01:42:26.343 >>> Virus 'Troj/Agent-AJTQ' found in file HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
2015-05-27 01:42:26.343 >>> Virus 'Troj/Agent-AJTQ' found in file HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
2015-05-27 02:55:42.860 >>> Virus 'Troj/Agent-AJTQ' found in file H:\Users\Brandon\Desktop\downloads\The Sims 4 - Get to Work\Game\Bin\RldOrigin.dll
2015-05-27 02:55:42.860 >>> Virus 'Troj/Agent-AJTQ' found in file HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
2015-05-27 02:55:42.860 >>> Virus 'Troj/Agent-AJTQ' found in file HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
2015-05-27 02:55:54.111 >>> Virus 'Troj/Agent-AJTQ' found in file H:\Users\Brandon\Desktop\downloads\The_Sims_4_fix_TORRENT-VERSION\Game\Bin\RldOrigin.dll
2015-05-27 02:55:54.111 >>> Virus 'Troj/Agent-AJTQ' found in file HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
2015-05-27 02:55:54.111 >>> Virus 'Troj/Agent-AJTQ' found in file HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
2015-05-27 02:56:18.854 >>> Virus 'Troj/Agent-AJTQ' found in file H:\Users\Brandon\Downloads\The_Sims_4_fix_update_only\Game\Bin\RldOrigin.dll
2015-05-27 02:56:18.854 >>> Virus 'Troj/Agent-AJTQ' found in file HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
2015-05-27 02:56:18.854 >>> Virus 'Troj/Agent-AJTQ' found in file HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
2015-05-27 04:17:10.803 The following items will be cleaned up:
2015-05-27 04:17:10.803 Mal/VMProtBad-A
2015-05-27 04:17:10.803 Troj/Agent-AJTU
2015-05-27 04:17:10.803 Troj/Agent-AJTQ
 
Update Adobe Flash Player: http://get.adobe.com/flashplayer/
Make sure you UN-check Yes, install McAfee Security Scan Plus

NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

==================================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.
 
Thank you so much Broni! Working lkike a charm now:) trly you are a force to be reckoned with, and may all malware soon meet it's doom at your hands sir! Cheers.
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
774
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back