csrss.exe or csrss.exe.mui virus taking over

Posted 16 April 2016 – 05:41 PM

frst.txt

Scan results of Farbar Restoration Scan Instrument (FRST) (x64) Model:13-04-2016

Ran by cody (administrator) on CODY-PC (16-04-2016 15:27:08)

Working from C:UserscodyDownloads

Loaded Profiles: cody (Out there Profiles: cody)

Platform: Home windows 7 Skilled Service Pack 1 (X64) Language: English (United States)

Web Explorer Model 11 (Default browser: Chrome)

Boot Mode: Regular

Tutorial for Farbar Restoration Scan Instrument: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included within the fixlist, the method will probably be closed. The file is not going to be moved.)

(NVIDIA Company) C:WindowsSystem32nvvsvc.exe

(NVIDIA Company) C:Program FilesNVIDIA CorporationDisplaynvxdsync.exe

(NVIDIA Company) C:WindowsSystem32nvvsvc.exe

(Realtek Semiconductor) C:Program FilesRealtekAudioHDARAVCpl64.exe

(FinalWire Ltd.) C:appsAIDA64 Extremeaida64.exe

(Enigma Software program Group USA, LLC.) C:Program FilesEnigma Software program GroupSpyHunterSpyHunter4.exe

(Malwarebytes) C:Program Recordsdata (x86)Malwarebytes Anti-Malwarembam.exe

(Malwarebytes) C:Program Recordsdata (x86)Malwarebytes Anti-Malwarembamservice.exe

(Malwarebytes) C:Program Recordsdata (x86)Malwarebytes Anti-Malwarembamscheduler.exe

(SecurityXploded) C:Program Recordsdata (x86)SecurityXplodedProcNetMonitorProcNetMonitor.exe

(Google Inc.) C:Program Recordsdata (x86)GoogleChromeApplicationchrome.exe

(Farbar) C:UserscodyDownloadsFRST64THISONE.exe

(Google Inc.) C:Program Recordsdata (x86)GoogleChromeApplicationchrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included within the fixlist, the registry merchandise will probably be restored to default or eliminated. The file is not going to be moved.)

HKLM…Run: [RTHDVCPL] => C:Program FilesRealtekAudioHDARAVCpl64.exe [16409496 2015-11-26] (Realtek Semiconductor)

==================== Web (Whitelisted) ====================

(If an merchandise is included within the fixlist, if it’s a registry merchandise will probably be eliminated or restored to default.)

TcpipParameters: [DhcpNameServer] 192.168.0.1

Tcpip..Interfaces{89825573-332A-4175-A1AB-1DD82C29379D}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Tcpip..Interfaces{92E98328-2CB1-4BDA-B0F0-103886DB4751}: [DhcpNameServer] 192.168.0.1

Web Explorer:

==================

FireFox:

========

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @instruments.google.com/Google Replace;model=3 -> C:Program Recordsdata (x86)GoogleUpdate1.3.29.5npGoogleUpdate3.dll [2016-02-01] (Google Inc.)

FF Plugin-x32: @instruments.google.com/Google Replace;model=9 -> C:Program Recordsdata (x86)GoogleUpdate1.3.29.5npGoogleUpdate3.dll [2016-02-01] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:Program Recordsdata (x86)AdobeAcrobat Reader DCReaderAIRnppdf32.dll [2016-02-26] (Adobe Programs Inc.)

Chrome:

=======

CHR StartupUrls: Default -> “hxxps://www.google.com/”

CHR Profile: C:UserscodyAppDataLocalGoogleChromeUser DataDefault

CHR Extension: (Google Drive) – C:UserscodyAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf [2015-12-19]

CHR Extension: (YouTube) – C:UserscodyAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-19]

CHR Extension: (Google Search) – C:UserscodyAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf [2015-12-19]

CHR Extension: (Chrome Net Retailer Funds) – C:UserscodyAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]

CHR Extension: (Gmail) – C:UserscodyAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia [2015-12-19]

==================== Companies (Whitelisted) ========================

(If an entry is included within the fixlist, will probably be faraway from the registry. The file is not going to be moved except listed individually.)

R2 MBAMScheduler; C:Program Recordsdata (x86)Malwarebytes Anti-Malwarembamscheduler.exe [1514464 2016-03-10] (Malwarebytes)

R2 MBAMService; C:Program Recordsdata (x86)Malwarebytes Anti-Malwarembamservice.exe [1136608 2016-03-10] (Malwarebytes)

S2 SpyHunter 4 Service; C:Program FilesEnigma Software program GroupSpyHunterSH4Service.exe [1042304 2016-04-16] (Enigma Software program Group USA, LLC.)

R2 WinDefend; C:Program FilesWindows Defendermpsvc.dll [1011712 2015-06-12] (Microsoft Company)

===================== Drivers (Whitelisted) ==========================

(If an entry is included within the fixlist, will probably be faraway from the registry. The file is not going to be moved except listed individually.)

R3 AIDA64Driver; C:appsAIDA64 Extremekerneld.x64 [34136 2014-12-08] ()

S3 ebdrv; C:Windowssystem32driversevbda.sys [3286016 2009-06-10] (Broadcom Company)

R3 esgiguard; C:Program FilesEnigma Software program GroupSpyHunteresgiguard.sys [15920 2016-04-16] (Enigma Software program Group USA, LLC.)

S3 EsgScanner; C:WindowsSystem32DRIVERSEsgScanner.sys [22704 2016-04-16] ()

R3 MBAMProtector; C:Windowssystem32driversmbam.sys [27008 2016-03-10] (Malwarebytes)

R3 MBAMSwissArmy; C:Windowssystem32driversMBAMSwissArmy.sys [192216 2016-04-16] (Malwarebytes)

R3 MBAMWebAccessControl; C:Windowssystem32driversmwac.sys [64896 2016-03-10] (Malwarebytes Company)

S3 xhunter1; ??C:Windowsxhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included within the fixlist, will probably be faraway from the registry. The file is not going to be moved except listed individually.)

==================== One Month Created information and folders ========

(If an entry is included within the fixlist, the file/folder will probably be moved.)

2016-04-16 15:27 – 2016-04-16 15:27 – 00006060 _____ C:UserscodyDownloadsFRST.txt

2016-04-16 15:17 – 2016-04-16 15:27 – 00000000 ____D C:FRST

2016-04-16 15:17 – 2016-04-16 15:17 – 02375168 _____ (Farbar) C:UserscodyDownloadsFRST64THISONE.exe

2016-04-16 13:36 – 2016-04-16 13:36 – 00012448 _____ C:UserscodyDesktopProcNetMonitorReportWINNING.html

2016-04-16 13:33 – 2016-04-16 13:33 – 00022704 _____ C:Windowssystem32DriversEsgScanner.sys

2016-04-16 13:31 – 2016-04-16 13:31 – 00000000 _____ C:autoexec.bat

2016-04-16 13:30 – 2016-04-16 13:34 – 00003320 _____ C:WindowsSystem32TasksSpyHunter4Startup

2016-04-16 13:30 – 2016-04-16 13:34 – 00001087 _____ C:UserscodyDesktopSpyHunter.lnk

2016-04-16 13:30 – 2016-04-16 13:33 – 00000000 ____D C:Program FilesEnigma Software program Group

2016-04-16 13:30 – 2016-04-16 13:30 – 00000000 ____D C:UserscodyAppDataRoamingMicrosoftWindowsStart MenuProgramsSpyHunter

2016-04-16 13:30 – 2016-04-16 13:30 – 00000000 ____D C:UserscodyAppDataRoamingEnigma Software program Group

2016-04-16 13:30 – 2016-04-16 13:30 – 00000000 ____D C:sh4ldr

2016-04-16 08:18 – 2016-04-16 08:18 – 02375168 _____ (Farbar) C:UserscodyDownloadsFRST64.exe

2016-04-16 07:26 – 2016-04-16 14:16 – 00192216 _____ (Malwarebytes) C:Windowssystem32DriversMBAMSwissArmy.sys

2016-04-16 07:24 – 2016-04-16 07:24 – 00001106 _____ C:UsersPublicDesktopMalwarebytes Anti-Malware.lnk

2016-04-16 07:24 – 2016-04-16 07:24 – 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes Anti-Malware

2016-04-16 07:24 – 2016-04-16 07:24 – 00000000 ____D C:ProgramDataMalwarebytes

2016-04-16 07:24 – 2016-04-16 07:24 – 00000000 ____D C:Program Recordsdata (x86)Malwarebytes Anti-Malware

2016-04-16 07:24 – 2016-03-10 14:09 – 00064896 _____ (Malwarebytes Company) C:Windowssystem32Driversmwac.sys

2016-04-16 07:24 – 2016-03-10 14:08 – 00140672 _____ (Malwarebytes) C:Windowssystem32Driversmbamchameleon.sys

2016-04-16 07:24 – 2016-03-10 14:08 – 00027008 _____ (Malwarebytes) C:Windowssystem32Driversmbam.sys

2016-04-16 07:22 – 2016-04-16 07:22 – 00008140 _____ C:UserscodyDesktopProcNetMonitorReport2.html

2016-04-16 07:21 – 2016-04-16 07:21 – 00021424 _____ C:UserscodyDesktopProcNetMonitorReport.html

2016-04-16 07:20 – 2016-04-16 07:20 – 03286400 _____ (Enigma Software program Group USA, LLC.) C:UserscodyDesktopSpyHunter-Installer.exe

2016-04-16 07:18 – 2016-04-16 07:19 – 22851472 _____ (Malwarebytes ) C:UserscodyDownloadsmbam-setup-2.2.1.1043.exe

2016-04-16 07:16 – 2016-04-16 11:53 – 00007633 _____ C:UserscodyAppDataLocalResmon.ResmonCfg

2016-04-16 06:26 – 2016-04-16 10:24 – 00000000 ____D C:UserscodyDesktopnetwork fixing

2016-04-16 00:28 – 2016-04-16 02:04 – 00000000 ____D C:UserscodyDesktopnetwork issues

2016-04-15 23:32 – 2016-04-15 23:32 – 00303112 _____ C:UserscodyDesktopnetbios-ns – Google Search.html

2016-04-15 23:32 – 2016-04-15 23:32 – 00000000 ____D C:UserscodyDesktopnetbios-ns – Google Search_files

2016-04-15 23:16 – 2016-04-15 23:16 – 00001263 _____ C:UserscodyDesktopProcNetMonitor.lnk

2016-04-15 23:16 – 2016-04-15 23:16 – 00000000 ____D C:UserscodyDesktopProcNetMonitor

2016-04-15 23:16 – 2016-04-15 23:16 – 00000000 ____D C:Program Recordsdata (x86)SecurityXploded

2016-04-14 20:14 – 2016-04-14 20:14 – 00000000 ____D C:UserscodyAppDataLocalLowAdobe

2016-04-14 19:59 – 2016-04-14 19:59 – 00003886 _____ C:WindowsSystem32TasksAdobe Acrobat Replace Process

2016-04-14 19:58 – 2016-04-14 20:15 – 00000000 ____D C:ProgramDataAdobe

2016-04-14 19:58 – 2016-04-14 19:58 – 00002441 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsAcrobat Reader DC.lnk

2016-04-14 19:58 – 2016-04-14 19:58 – 00000000 ____D C:Program Recordsdata (x86)Adobe

2016-04-14 19:57 – 2016-04-14 20:14 – 00000000 ____D C:UserscodyAppDataLocalAdobe

2016-04-14 19:55 – 2016-04-14 19:56 – 00009033 _____ C:Windowssystem32activity.txt

2016-04-14 19:52 – 2016-04-14 19:55 – 00002305 _____ C:Windowssystem32activity.exe

2016-04-12 05:16 – 2016-04-12 05:16 – 00002294 _____ C:UserscodyDesktopGoogle Chrome.lnk

2016-04-12 04:22 – 2016-04-12 04:22 – 00000359 _____ C:UserscodyDesktopRecycle Bin.lnk

2016-04-10 21:32 – 2016-04-16 00:23 – 00000000 ____D C:UserscodyDesktopcvzxnzvc

2016-04-08 03:16 – 2016-04-08 03:16 – 00000082 _____ C:UserscodyDesktopSo you need to go stay within the woods for a year- – Survivalist Discussion board.url

2016-04-06 04:36 – 2016-04-16 08:01 – 00223974 _____ C:Windowsntbtlog.txt

2016-04-04 17:04 – 2016-04-04 17:05 – 00000000 ____D C:UserscodyDesktopbrookes whore publish

2016-03-19 13:30 – 2016-03-19 13:30 – 00000075 _____ C:UserscodyDesktopLive Audio.url

==================== One Month Modified information and folders ========

(If an entry is included within the fixlist, the file/folder will probably be moved.)

2016-04-16 12:02 – 2009-07-13 22:13 – 00781298 _____ C:Windowssystem32PerfStringBackup.INI

2016-04-16 12:02 – 2009-07-13 20:20 – 00000000 ____D C:Windowsinf

2016-04-16 11:57 – 2009-07-13 21:45 – 00031312 ____H C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2016-04-16 11:57 – 2009-07-13 21:45 – 00031312 ____H C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2016-04-16 11:54 – 2015-12-19 17:18 – 00000894 _____ C:WindowsTasksGoogleUpdateTaskMachineCore.job

2016-04-16 11:54 – 2015-10-14 13:13 – 00003152 _____ C:WindowsSystem32TasksAIDA64 AutoStart

2016-04-16 11:54 – 2009-07-13 22:08 – 00000006 ____H C:WindowsTasksSA.DAT

2016-04-16 11:53 – 2009-07-13 22:08 – 00032564 _____ C:WindowsTasksSCHEDLGU.TXT

2016-04-16 11:03 – 2015-12-19 20:48 – 00000000 ____D C:UserscodyAppDataLocalBattle.web

2016-04-16 06:08 – 2015-12-19 17:17 – 00000000 ____D C:UserscodyAppDataLocalDeployment

2016-04-16 06:06 – 2016-03-12 20:09 – 00000000 ____D C:UserscodyAppDataRoamingMicrosoftWindowsStart MenuProgramsSteam

2016-04-16 06:04 – 2015-10-14 13:17 – 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsDeluge

2016-04-16 02:34 – 2015-12-27 22:04 – 00000000 ____D C:UserscodyAppDataRoamingiSpy

2016-04-15 14:52 – 2015-12-21 23:58 – 00000000 ____D C:UserscodyAppDataRoamingSpotify

2016-04-15 14:52 – 2015-12-21 23:58 – 00000000 ____D C:UserscodyAppDataLocalSpotify

2016-04-14 20:14 – 2015-10-14 13:02 – 00000000 ____D C:UserscodyAppDataRoamingAdobe

2016-04-11 13:32 – 2015-12-19 17:19 – 00002195 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk

2016-04-11 13:32 – 2015-12-19 17:19 – 00000000 ____D C:UserscodyAppDataLocalGoogle

2016-04-10 22:44 – 2011-04-12 01:28 – 00000000 ___RD C:UsersPublicRecorded TV

2016-04-10 22:44 – 2009-07-13 20:20 – 00000000 __RHD C:UsersPublicLibraries

2016-04-10 22:22 – 2016-01-11 14:37 – 00000000 ____D C:UserscodyAppDataLocalElevatedDiagnostics

2016-04-01 18:50 – 2016-03-12 01:32 – 00000000 ____D C:UserscodyAppDataLocalNXEPassportClient

2016-04-01 18:50 – 2016-03-12 00:41 – 00000000 ____D C:UserscodyAppDataLocalNexonLauncher

2016-03-29 10:38 – 2015-12-19 20:48 – 00000000 ____D C:UserscodyAppDataLocalBlizzard Leisure

2016-03-21 22:33 – 2015-12-19 23:48 – 00000000 ____D C:UserscodyDocumentsStarCraft II

==================== Recordsdata within the root of some directories =======

2016-03-02 23:49 – 2016-03-02 23:49 – 0000218 _____ () C:UserscodyAppDataLocalrecently-used.xbel

2016-04-16 07:16 – 2016-04-16 11:53 – 0007633 _____ () C:UserscodyAppDataLocalResmon.ResmonCfg

2015-12-19 17:38 – 2015-12-19 17:38 – 0000000 ____H () C:ProgramDataDP45977C.lfl

Some information in TEMP:

====================

C:UserscodyAppDataLocalTemp545b5db6e86538fb20a0d4b42e48f185.dll

C:UserscodyAppDataLocalTemp6a246669c4722113966d0cbd29442eb9.dll

C:UserscodyAppDataLocalTempnvStInst.exe

C:UserscodyAppDataLocalTempxmlUpdater.exe

==================== Bamital & volsnap =================

(There is no such thing as a automated repair for information that don’t go verification.)

C:Windowssystem32winlogon.exe => File is digitally signed

C:Windowssystem32wininit.exe => File is digitally signed

C:WindowsSysWOW64wininit.exe => File is digitally signed

C:Windowsexplorer.exe => File is digitally signed

C:WindowsSysWOW64explorer.exe => File is digitally signed

C:Windowssystem32svchost.exe => File is digitally signed

C:WindowsSysWOW64svchost.exe => File is digitally signed

C:Windowssystem32services.exe => File is digitally signed

C:Windowssystem32User32.dll => File is digitally signed

C:WindowsSysWOW64User32.dll => File is digitally signed

C:Windowssystem32userinit.exe => File is digitally signed

C:WindowsSysWOW64userinit.exe => File is digitally signed

C:Windowssystem32rpcss.dll => File is digitally signed

C:Windowssystem32dnsapi.dll => File is digitally signed

C:WindowsSysWOW64dnsapi.dll => File is digitally signed

C:Windowssystem32Driversvolsnap.sys => File is digitally signed

LastRegBack: 2016-04-08 05:06

==================== Finish of FRST.txt ============================

addition.txt

Further scan results of Farbar Restoration Scan Instrument (x64) Model:13-04-2016

Ran by cody (2016-04-16 15:27:31)

Working from C:UserscodyDownloads

Home windows 7 Skilled Service Pack 1 (X64) (2015-10-14 20:02:29)

Boot Mode: Regular

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2713047803-3773949990-1505566570-500 – Administrator – Disabled)

cody (S-1-5-21-2713047803-3773949990-1505566570-1000 – Administrator – Enabled) => C:Userscody

Visitor (S-1-5-21-2713047803-3773949990-1505566570-501 – Restricted – Enabled)

HomeGroupUser$ (S-1-5-21-2713047803-3773949990-1505566570-1006 – Restricted – Enabled)

==================== Safety Middle ========================

(If an entry is included within the fixlist, will probably be eliminated.)

AS: Home windows Defender (Enabled – Updated) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Put in Applications ======================

(Solely the adware applications with “Hidden” flag could possibly be added to the fixlist to unhide them. The adware applications must be uninstalled manually.)

7-Zip 15.09 beta (x64) (HKLM…7-Zip) (Model: 15.09 – Igor Pavlov)

Adobe Acrobat Reader DC (HKLM-x32…{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Model: 15.010.20060 – Adobe Programs Integrated)

Belkin USB Wi-fi Adapter (HKLM-x32…InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Model: 1.0.0.13 – Belkin)

Belkin USB Wi-fi Adapter (x32 Model: 1.0.0.13 – Belkin) Hidden

Mixed Neighborhood Codec Pack 64bit 2015-10-18 (HKLM…Mixed Neighborhood Codec Pack 64bit_is1) (Model: 2015.10.19.0 – CCCP Undertaking)

Diablo III (HKLM-x32…Diablo III) (Model: – Blizzard Leisure)

Diablo III Public Check (HKLM-x32…Diablo III Public Check) (Model: – Blizzard Leisure)

Google Chrome (HKLM-x32…Google Chrome) (Model: 49.0.2623.112 – Google Inc.)

Google Replace Helper (x32 Model: 1.3.29.5 – Google Inc.) Hidden

Heroes of the Storm (HKLM-x32…Heroes of the Storm) (Model: – Blizzard Leisure)

iSpy (64 bit) (HKLM…{4FCF8BB1-9CDE-432A-ACDF-FD7184463FAF}) (Model: 6.4.9.0 – DeveloperInABox)

iSpy package deal installer (64 bit) (HKLM-x32…{dc02f0d2-ce7d-46ef-97ad-ea16ed93a624}) (Model: 6.4.9.0 – DeveloperInABox)

LibreOffice 5.0.3.2 (HKLM-x32…{D61E7AA0-0380-49B9-8DDD-7685E2306176}) (Model: 5.0.3.2 – The Doc Basis)

Malwarebytes Anti-Malware model 2.2.1.1043 (HKLM-x32…Malwarebytes Anti-Malware_is1) (Model: 2.2.1.1043 – Malwarebytes)

Microsoft .NET Framework 4.5.2 (HKLM…{92FB6C44-E685-45AD-9B20-CADF4CABA132} – 1033) (Model: 4.5.51209 – Microsoft Company)

Microsoft Visible C++ 2005 Redistributable (HKLM-x32…{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Model: 8.0.61001 – Microsoft Company)

Microsoft Visible C++ 2005 Redistributable (x64) (HKLM…{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Model: 8.0.61000 – Microsoft Company)

Microsoft Visible C++ 2008 Redistributable – x64 9.0.30729.4148 (HKLM…{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Model: 9.0.30729.4148 – Microsoft Company)

Microsoft Visible C++ 2008 Redistributable – x64 9.0.30729.6161 (HKLM…{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Model: 9.0.30729.6161 – Microsoft Company)

Microsoft Visible C++ 2008 Redistributable – x86 9.0.30729.17 (HKLM-x32…{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Model: 9.0.30729 – Microsoft Company)

Microsoft Visible C++ 2008 Redistributable – x86 9.0.30729.6161 (HKLM-x32…{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Model: 9.0.30729.6161 – Microsoft Company)

Microsoft Visible C++ 2010 x64 Redistributable – 10.0.40219 (HKLM…{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Model: 10.0.40219 – Microsoft Company)

Microsoft Visible C++ 2010 x86 Redistributable – 10.0.40219 (HKLM-x32…{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Model: 10.0.40219 – Microsoft Company)

Microsoft Visible C++ 2013 Redistributable (x86) – 12.0.21005 (HKLM-x32…{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Model: 12.0.21005.1 – Microsoft Company)

Nexon Launcher (HKLM-x32…Nexon Nexon Launcher) (Model: 1.3.0 – Nexon)

Notepad++ (HKLM-x32…Notepad++) (Model: 6.8.3 – Notepad++ Crew)

NVIDIA Show Management Panel (HKLM…NVIDIA Show Management Panel) (Model: 6.14.11.9713 – NVIDIA Company)

NVIDIA Drivers (HKLM…NVIDIA Drivers) (Model: 1.10.62.40 – NVIDIA Company)

NVIDIA Graphics Driver 341.92 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Model: 341.92 – NVIDIA Company)

NVIDIA PhysX System Software program 9.13.1220 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Model: 9.13.1220 – NVIDIA Company)

ProcNetMonitor v5.0 (HKLM-x32…ProcNetMonitor) (Model: 5.0 – SecurityXploded)

Realtek Excessive Definition Audio Driver (HKLM-x32…{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Model: 6.0.1.7673 – Realtek Semiconductor Corp.)

Spotify (HKUS-1-5-21-2713047803-3773949990-1505566570-1000…Spotify) (Model: 1.0.27.75.gdc223232 – Spotify AB)

SpyHunter 4 (HKLM-x32…SpyHunter) (Model: 4.21.18.4608 – Enigma Software program Group, LLC)

StarCraft II (HKLM-x32…StarCraft II) (Model: – Blizzard Leisure)

Warcraft III (HKLM-x32…Warcraft III) (Model: – Blizzard Leisure)

==================== Customized CLSID (Whitelisted): ==========================

(If an entry is included within the fixlist, will probably be faraway from the registry. The file is not going to be moved except listed individually.)

==================== Scheduled Duties (Whitelisted) =============

(If an entry is included within the fixlist, will probably be faraway from the registry. The file is not going to be moved except listed individually.)

Process: {0A84F559-E363-468A-A263-473151383D8D} – System32TasksSpyHunter4Startup => C:Program FilesEnigma Software program GroupSpyHunterSpyhunter4.exe [2016-04-16] (Enigma Software program Group USA, LLC.)

Process: {5FD274CB-FCFB-447A-94B5-F90F97E8C13F} – System32TasksGoogleUpdateTaskMachineCore => C:Program Recordsdata (x86)GoogleUpdateGoogleUpdate.exe [2015-12-19] (Google Inc.)

Process: {78DE7F7F-84AB-4539-9252-3CB48E480023} – System32TasksAIDA64 AutoStart => C:appsAIDA64 Extremeaida64.exe [2014-12-08] (FinalWire Ltd.)

Process: {D0D952C2-BF15-4596-90F2-597EA337B3F3} – System32TasksGoogleUpdateTaskMachineUA => C:Program Recordsdata (x86)GoogleUpdateGoogleUpdate.exe [2015-12-19] (Google Inc.)

Process: {FE1B079E-6CFD-42C1-83B0-C845415056DB} – System32TasksAdobe Acrobat Replace Process => C:Program Recordsdata (x86)Frequent FilesAdobeARM1.0AdobeARM.exe [2015-12-14] (Adobe Programs Integrated)

(If an entry is included within the fixlist, the duty (.job) file will probably be moved. The file which is working by the duty is not going to be moved.)

Process: C:WindowsTasksGoogleUpdateTaskMachineCore.job => C:Program Recordsdata (x86)GoogleUpdateGoogleUpdate.exe

Process: C:WindowsTasksGoogleUpdateTaskMachineUA.job => C:Program Recordsdata (x86)GoogleUpdateGoogleUpdate.exe

==================== Shortcuts =============================

(The entries could possibly be listed to be restored or eliminated.)

==================== Loaded Modules (Whitelisted) ==============

2015-12-19 17:45 – 2015-10-13 10:26 – 00125616 _____ () C:Program FilesNVIDIA CorporationDisplayNvSmartMax64.dll

==================== Alternate Knowledge Streams (Whitelisted) =========

(If an entry is included within the fixlist, solely the ADS will probably be eliminated.)

AlternateDataStreams: C:Userscody:Heroes & Generals [38]

==================== Protected Mode (Whitelisted) ===================

(If an entry is included within the fixlist, will probably be faraway from the registry. The “AlternateShell” will probably be restored.)

==================== EXE Affiliation (Whitelisted) ===============

(If an entry is included within the fixlist, the registry merchandise will probably be restored to default or eliminated.)

==================== Web Explorer trusted/restricted ===============

(If an entry is included within the fixlist, will probably be faraway from the registry.)

IE trusted website: HKUS-1-5-21-2713047803-3773949990-1505566570-1000…dell.com -> dell.com

==================== Hosts content material: ===============================

(If wanted Hosts: directive could possibly be included within the fixlist to reset Hosts.)

2009-07-13 19:34 – 2009-06-10 14:00 – 00000824 ____N C:Windowssystem32Driversetchosts

==================== Different Areas ============================

(Presently there is no such thing as a automated repair for this part.)

HKUS-1-5-21-2713047803-3773949990-1505566570-1000Control PanelDesktopWallpaper ->

DNS Servers: 192.168.0.1

HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Home windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled objects ==

(Presently there is no such thing as a automated repair for this part.)

MSCONFIGstartupreg: Spotify Net Helper => “C:UserscodyAppDataRoamingSpotifySpotifyWebHelper.exe”

MSCONFIGstartupreg: Steam => “C:Program Files (x86)Steamsteam.exe” -silent

==================== FirewallRules (Whitelisted) ===============

(If an entry is included within the fixlist, will probably be faraway from the registry. The file is not going to be moved except listed individually.)

FirewallRules: [SPPSVC-In-TCP] => (Permit) %SystemRootpercentsystem32sppsvc.exe

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Permit) %SystemRootpercentsystem32sppsvc.exe

FirewallRules: [{820C4B7E-61CA-47A2-8104-6C3A052FCA22}] => (Permit) C:Program Recordsdata (x86)SteamSteam.exe

FirewallRules: [{62FC5B4F-1C22-4238-9C2F-0EB72728F355}] => (Permit) C:Program Recordsdata (x86)SteamSteam.exe

FirewallRules: [TCP Query User{60917E55-43E7-443C-A44F-42ED952556AF}C:userscodyappdataroamingspotifyspotify.exe] => (Permit) C:userscodyappdataroamingspotifyspotify.exe

FirewallRules: [UDP Query User{E0B5D872-328F-44CE-A062-2F3F3692A86D}C:userscodyappdataroamingspotifyspotify.exe] => (Permit) C:userscodyappdataroamingspotifyspotify.exe

FirewallRules: [TCP Query User{3FC5D267-3A88-4020-A18B-112ACD0AD6F3}C:program filesispyispy.exe] => (Permit) C:program filesispyispy.exe

FirewallRules: [UDP Query User{0514C84B-3F0A-43C8-9597-5C6FD8A96791}C:program filesispyispy.exe] => (Permit) C:program filesispyispy.exe

FirewallRules: [TCP Query User{16FEB11B-49C7-461D-AAF4-6ACA6F363F4B}C:userscodyappdataroamingspotifyspotify.exe] => (Permit) C:userscodyappdataroamingspotifyspotify.exe

FirewallRules: [UDP Query User{85E65DE5-DE38-4AB2-8395-2466D3D21B67}C:userscodyappdataroamingspotifyspotify.exe] => (Permit) C:userscodyappdataroamingspotifyspotify.exe

FirewallRules: [TCP Query User{8A56F114-8078-4AFD-A61E-FF8F7D538A2D}C:program filesispyispy.exe] => (Permit) C:program filesispyispy.exe

FirewallRules: [UDP Query User{A9575488-BB07-4129-8FE8-662E50018578}C:program filesispyispy.exe] => (Permit) C:program filesispyispy.exe

FirewallRules: [TCP Query User{0A6B35FF-4F4C-4FC4-9B55-5E3C8D0D12A2}C:appshearthstonehearthstone.exe] => (Permit) C:appshearthstonehearthstone.exe

FirewallRules: [UDP Query User{C83EEDC9-CEE0-4B09-A9B7-9D7ED6E042F3}C:appshearthstonehearthstone.exe] => (Permit) C:appshearthstonehearthstone.exe

FirewallRules: [TCP Query User{5BE0111B-B062-4F0F-BF4E-B4F9226D5247}C:appshearthstonehearthstone.exe] => (Permit) C:appshearthstonehearthstone.exe

FirewallRules: [UDP Query User{76772172-9BBA-4A9F-A49F-E24D12BC2E63}C:appshearthstonehearthstone.exe] => (Permit) C:appshearthstonehearthstone.exe

FirewallRules: [TCP Query User{D3B28E3D-F10E-4278-96C8-36C22F473FA8}C:appsdiablo iiidiablo iii.exe] => (Permit) C:appsdiablo iiidiablo iii.exe

FirewallRules: [UDP Query User{A2C7D3D8-D0DB-4AFF-B312-FA608D9C3469}C:appsdiablo iiidiablo iii.exe] => (Permit) C:appsdiablo iiidiablo iii.exe

FirewallRules: [TCP Query User{CC267355-D30E-4411-9DC4-C3BEF62589AC}C:appsdiablo iiidiablo iii.exe] => (Block) C:appsdiablo iiidiablo iii.exe

FirewallRules: [UDP Query User{B495B714-C945-4D0C-A8C7-ACA54D852AA8}C:appsdiablo iiidiablo iii.exe] => (Block) C:appsdiablo iiidiablo iii.exe

FirewallRules: [{6094F97F-D770-4002-BBC8-4DB91AE2A9BC}] => (Permit) C:Program Recordsdata (x86)Steambinsteamwebhelper.exe

FirewallRules: [{8966289B-DB8B-41D1-8629-77D7E7B1BA66}] => (Permit) C:Program Recordsdata (x86)Steambinsteamwebhelper.exe

FirewallRules: [{7A955FF1-CC74-4D5B-834F-230402F6216C}] => (Permit) C:Program Recordsdata (x86)AVGAvavgmfapx.exe

FirewallRules: [{A5BF0B23-1E5E-485E-9D7F-296367662094}] => (Permit) C:Program Recordsdata (x86)AVGAvavgmfapx.exe

FirewallRules: [TCP Query User{ADB878BE-6C22-47BC-A31C-FD0BC0EB13D0}C:program files (x86)delugedeluge.exe] => (Permit) C:program information (x86)delugedeluge.exe

FirewallRules: [UDP Query User{F19D0CD0-3252-46BF-BD3D-8B17B8316403}C:program files (x86)delugedeluge.exe] => (Permit) C:program information (x86)delugedeluge.exe

FirewallRules: [{0FE9AF5A-29F0-4918-99F9-D59B3C17E6F3}] => (Permit) C:NexonLibrarycombatarmsappdataNMService.exe

FirewallRules: [{F9FF0656-8841-4353-82A7-CF592361555F}] => (Permit) C:NexonLibrarycombatarmsappdataNMService.exe

FirewallRules: [{5F49A180-450C-41EA-A5D9-B462A2B03596}] => (Permit) C:Program Recordsdata (x86)SteamsteamappscommonHeroes & Generalshngsteamlauncher.exe

FirewallRules: [{F9A91355-A532-4123-B61E-ECD798159F40}] => (Permit) C:Program Recordsdata (x86)SteamsteamappscommonHeroes & Generalshngsteamlauncher.exe

FirewallRules: [{4EDBB71A-5B33-4CDB-9ED8-041788198915}] => (Permit) C:Program Recordsdata (x86)SteamsteamappscommonDirty BombBinariesWin32ShooterGame-Win32-Delivery.exe

FirewallRules: [{8FDB26AA-AF75-452B-BBB2-A281C1228D13}] => (Permit) C:Program Recordsdata (x86)SteamsteamappscommonDirty BombBinariesWin32ShooterGame-Win32-Delivery.exe

FirewallRules: [TCP Query User{38AD3F00-BBF0-40DD-97F8-81EA54DC8C20}C:userscodydocumentswarcraft iii reign of chaoswarcraft iiiwar3.exe] => (Permit) C:userscodydocumentswarcraft iii reign of chaoswarcraft iiiwar3.exe

FirewallRules: [UDP Query User{DB92E643-6721-4F92-817D-779754465111}C:userscodydocumentswarcraft iii reign of chaoswarcraft iiiwar3.exe] => (Permit) C:userscodydocumentswarcraft iii reign of chaoswarcraft iiiwar3.exe

FirewallRules: [TCP Query User{5FF23F45-A5A7-4455-BF7C-E4D6E449BF9C}C:appsdiablo iii public testdiablo iii.exe] => (Permit) C:appsdiablo iii public testdiablo iii.exe

FirewallRules: [UDP Query User{648C729E-497E-4A60-8227-CC0562AFEFF3}C:appsdiablo iii public testdiablo iii.exe] => (Permit) C:appsdiablo iii public testdiablo iii.exe

FirewallRules: [TCP Query User{374C6D5C-0DBF-454A-853F-F703B41C8DDE}C:appsdiablo iii public testdiablo iii.exe] => (Permit) C:appsdiablo iii public testdiablo iii.exe

FirewallRules: [UDP Query User{4ADAFBE5-2E61-4CD8-8DA8-AEB54FA103A1}C:appsdiablo iii public testdiablo iii.exe] => (Permit) C:appsdiablo iii public testdiablo iii.exe

FirewallRules: [{92DD9E61-3C73-4553-96BA-979C3272AE7A}] => (Permit) C:NexonLibrarycombatarmsappdataNMService.exe

FirewallRules: [{F3685E06-2D08-446A-B900-990E82313320}] => (Permit) C:NexonLibrarycombatarmsappdataNMService.exe

FirewallRules: [{CED396B5-F50C-4C7C-AD51-D26AEBEB8EA2}] => (Permit) C:appsStarCraft IIVersionsBase39576SC2_x64.exe

FirewallRules: [{B45791F2-A0A6-468B-990E-A2A5E9BD0916}] => (Permit) C:appsStarCraft IIVersionsBase39576SC2_x64.exe

FirewallRules: [{A0F4EB37-893B-4D42-9EE8-F8F379D0FD38}] => (Permit) C:appsStarCraft IIVersionsBase41743SC2_x64.exe

FirewallRules: [{2E64821A-5592-4713-87C0-80CD7C86CE0C}] => (Permit) C:appsStarCraft IIVersionsBase41743SC2_x64.exe

FirewallRules: [TCP Query User{3FEF5698-F32A-4232-A633-BD1F2EEBD30C}C:appsstarcraft iiversionsbase41743sc2_x64.exe] => (Permit) C:appsstarcraft iiversionsbase41743sc2_x64.exe

FirewallRules: [UDP Query User{86A7D654-9457-408A-92E8-08ADA8D60D44}C:appsstarcraft iiversionsbase41743sc2_x64.exe] => (Permit) C:appsstarcraft iiversionsbase41743sc2_x64.exe

FirewallRules: [{3817CC19-5144-481D-BA39-9E5A4AEE6C50}] => (Permit) C:Program Recordsdata (x86)SteamsteamappscommonDirty BombBinariesWin32ShooterGame-Win32-Delivery.exe

FirewallRules: [{C0251F1D-4953-49A1-AB5B-68F4722A930C}] => (Permit) C:Program Recordsdata (x86)SteamsteamappscommonDirty BombBinariesWin32ShooterGame-Win32-Delivery.exe

FirewallRules: [{1975B306-9DF2-471E-970F-CA686AACC51B}] => (Permit) C:Program Recordsdata (x86)SteamsteamappscommonHeroes & Generalshngsteamlauncher.exe

FirewallRules: [{7036DAEE-4C6B-4D3D-85DE-49037B4921A2}] => (Permit) C:Program Recordsdata (x86)SteamsteamappscommonHeroes & Generalshngsteamlauncher.exe

FirewallRules: [{66BD77EE-B4F2-48A3-8633-36F67D046B5F}] => (Permit) C:Program Recordsdata (x86)SteamSteam.exe

FirewallRules: [{FD61E182-620F-4D07-A7AE-B9545D866634}] => (Permit) C:Program Recordsdata (x86)SteamSteam.exe

FirewallRules: [{596FB3F3-1510-4266-8E06-FF5F051B8530}] => (Permit) C:Program Recordsdata (x86)Steambinsteamwebhelper.exe

FirewallRules: [{05C45D20-414C-4318-97BA-515536E6A3B0}] => (Permit) C:Program Recordsdata (x86)Steambinsteamwebhelper.exe

FirewallRules: [{51DA2CEC-61D7-42A7-9925-8308A77E9A15}] => (Permit) C:Program Recordsdata (x86)SteamsteamappscommonTeam Fortress 2hl2.exe

FirewallRules: [{0C2BCC3E-5928-4DC3-AE39-1CDEE5592928}] => (Permit) C:Program Recordsdata (x86)SteamsteamappscommonTeam Fortress 2hl2.exe

FirewallRules: [{44BFAE06-AD6D-4DF7-891A-6ED885E70972}] => (Permit) C:Program Recordsdata (x86)GoogleChromeApplicationchrome.exe

FirewallRules: [{63056B48-4763-4902-901E-6242EE75D8B2}] => (Permit) C:Program Recordsdata (x86)SteamSteam.exe

FirewallRules: [{99DED9ED-3340-4D1E-9B8E-028E46D9711B}] => (Permit) C:Program Recordsdata (x86)SteamSteam.exe

FirewallRules: [{18E08F0E-8E8B-4D03-B043-217EF9BC9EE2}] => (Permit) C:Program Recordsdata (x86)Steambinsteamwebhelper.exe

FirewallRules: [{946A6AB1-EAAD-440E-8C13-6B2D202213D2}] => (Permit) C:Program Recordsdata (x86)Steambinsteamwebhelper.exe

FirewallRules: [{41C4B5AB-E4F3-43FF-8392-F36A4FF870D4}] => (Permit) C:Program Recordsdata (x86)SteamsteamappscommonHeroes & Generalshngsteamlauncher.exe

FirewallRules: [{FAD75F3E-8406-4EDD-BCFD-0A9631523C06}] => (Permit) C:Program Recordsdata (x86)SteamsteamappscommonHeroes & Generalshngsteamlauncher.exe

==================== Restore Factors =========================

ATTENTION: System Restore is disabled

==================== Defective Gadget Supervisor Gadgets =============

Title: Microsoft PS/2 Mouse

Description: Microsoft PS/2 Mouse

Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}

Producer: Microsoft

Service: i8042prt

Downside: : This system will not be current, will not be working correctly, or doesn’t have all its drivers put in. (Code 24)

Decision: The system is put in incorrectly. The issue could possibly be a {hardware} failure, or a brand new driver is likely to be wanted.

Gadgets keep on this state if they’ve been ready for removing.

After you take away the system, this error disappears.Take away the system, and this error must be resolved.

Title: Normal PS/2 Keyboard

Description: Normal PS/2 Keyboard

Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}

Producer: (Normal keyboards)

Service: i8042prt

Downside: : This system will not be current, will not be working correctly, or doesn’t have all its drivers put in. (Code 24)

Decision: The system is put in incorrectly. The issue could possibly be a {hardware} failure, or a brand new driver is likely to be wanted.

Gadgets keep on this state if they’ve been ready for removing.

After you take away the system, this error disappears.Take away the system, and this error must be resolved.

==================== Occasion log errors: =========================

Software errors:

==================

Error: (04/16/2016 11:58:45 AM) (Supply: WinMgmt) (EventID: 10) (Person: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 990×80041003

System errors:

=============

Error: (04/16/2016 02:20:03 PM) (Supply: Service Management Supervisor) (EventID: 7009) (Person: )

Description: A timeout was reached (30000 milliseconds) whereas ready for the Home windows Error Reporting Service service to attach.

Error: (04/16/2016 02:19:27 PM) (Supply: Service Management Supervisor) (EventID: 7009) (Person: )

Description: A timeout was reached (30000 milliseconds) whereas ready for the Home windows Error Reporting Service service to attach.

Error: (04/16/2016 11:53:44 AM) (Supply: Service Management Supervisor) (EventID: 7034) (Person: )

Description: The Home windows Replace service terminated unexpectedly. It has achieved this 2 time(s).