Jump to content

DarylM

Members
  • Posts

    10
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Seems to be working great so far! Thank you so much! I sent you a donation for all the help
  2. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.6.6 (04.28.2015:1) OS: Windows 7 Home Premium x64 Ran by Daryl on Wed 04/29/2015 at 11:26:36.32 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted the following from C:\Users\Daryl\AppData\Roaming\mozilla\firefox\profiles\g03ff0aw.default\prefs.js user_pref(extensions.B1tVlK9Me.scode, try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\rjCGrjn8qjs7rHsGqjnGpjs6rHr\)>-1||url.inde user_pref(extensions.qIBcY.scode, try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\rjCGrjn8qjs7rHsGqjnGpjs6rHr\)>-1||url.indexOf( ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Wed 04/29/2015 at 11:28:26.08 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v4.202 - Logfile created 29/04/2015 at 11:29:43 # Updated 23/04/2015 by Xplode # Database : 2015-04-27.1 [server] # Operating system : Windows 7 Home Premium Service Pack 1 (x64) # Username : Daryl - DARYL-PC # Running from : C:\Users\Daryl\Desktop\adwcleaner_4.202.exe # Option : Cleaning ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Web browsers ] ***** -\\ Internet Explorer v11.0.9600.17728 -\\ Mozilla Firefox v35.0.1 (x86 en-US) -\\ Google Chrome v42.0.2311.90 [C:\Users\Daryl\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms} [C:\Users\Daryl\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} -\\ Chromium v -\\ Comodo Dragon v -\\ Chrome Canary v ************************* AdwCleaner[R0].txt - [3571 bytes] - [01/01/2014 21:30:28] AdwCleaner[R1].txt - [16171 bytes] - [28/04/2015 08:11:59] AdwCleaner[R2].txt - [1396 bytes] - [29/04/2015 11:29:02] AdwCleaner[s0].txt - [3734 bytes] - [01/01/2014 21:32:05] AdwCleaner[s1].txt - [12709 bytes] - [28/04/2015 08:13:36] AdwCleaner[s2].txt - [1325 bytes] - [29/04/2015 11:29:43] ########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1384 bytes] ##########
  3. The Kaspersky from the download link does not look like that (no cog to click) but I did click "change parameters" to include my main drive and then scanned my computer. I also could not save the report, so I took a screenshot and attached it to this comment.
  4. Sorry took so long, had to work.. C:\Users\All Users\InstallMate\{A60F21D2-60BC-42DA-A031-289E7DEC0324}\Custom.dll Win32/InstalleRex.M potentially unwanted application C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.15.2.24_1\plugins\ConduitChromeApiPlugin.dll a variant of Win32/Toolbar.Conduit.AH potentially unwanted application C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.26.2.507_0\APISupport\APISupport.dll a variant of Win32/Conduit.SearchProtect.P potentially unwanted application C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.26.2.507_0\nativeMessaging\TBMessagingHost.exe a variant of Win32/Toolbar.Conduit.AH potentially unwanted application C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkellkgendlmiakgmfcfagkniheiiokk\2.5_0\t1FFJiA4J.js Win32/Adware.MultiPlug.EB application C:\AdwCleaner\Quarantine\C\ProgramData\dfklljcnffcmkfdjehjjafbmkdlipjgj\C10dz.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fcaapjfaolabonncpklhecnihgjjfjgh\1.1\IKWWbbTlitYd.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\odpemcnmchdoinfgcdcmaggkdnffdoaf\2.7\WH88U3F8c31.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcaapjfaolabonncpklhecnihgjjfjgh\1.1\IKWWbbTlitYd.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\odpemcnmchdoinfgcdcmaggkdnffdoaf\2.7\WH88U3F8c31.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fcaapjfaolabonncpklhecnihgjjfjgh\1.1\IKWWbbTlitYd.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\odpemcnmchdoinfgcdcmaggkdnffdoaf\2.7\WH88U3F8c31.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\fus.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\fcaapjfaolabonncpklhecnihgjjfjgh\1.1\IKWWbbTlitYd.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\odpemcnmchdoinfgcdcmaggkdnffdoaf\2.7\WH88U3F8c31.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fcaapjfaolabonncpklhecnihgjjfjgh\1.1\IKWWbbTlitYd.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\odpemcnmchdoinfgcdcmaggkdnffdoaf\2.7\WH88U3F8c31.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcaapjfaolabonncpklhecnihgjjfjgh\1.1\IKWWbbTlitYd.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\odpemcnmchdoinfgcdcmaggkdnffdoaf\2.7\WH88U3F8c31.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fcaapjfaolabonncpklhecnihgjjfjgh\1.1\IKWWbbTlitYd.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\odpemcnmchdoinfgcdcmaggkdnffdoaf\2.7\WH88U3F8c31.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\fus.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\fcaapjfaolabonncpklhecnihgjjfjgh\1.1\IKWWbbTlitYd.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\odpemcnmchdoinfgcdcmaggkdnffdoaf\2.7\WH88U3F8c31.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Users\Jessie\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fcaapjfaolabonncpklhecnihgjjfjgh\1.1\IKWWbbTlitYd.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Users\Jessie\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\odpemcnmchdoinfgcdcmaggkdnffdoaf\2.7\WH88U3F8c31.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Users\Jessie\AppData\Local\torch\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\fus.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Users\Jessie\AppData\Local\torch\User Data\Default\Extensions\fcaapjfaolabonncpklhecnihgjjfjgh\1.1\IKWWbbTlitYd.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Users\Jessie\AppData\Local\torch\User Data\Default\Extensions\odpemcnmchdoinfgcdcmaggkdnffdoaf\2.7\WH88U3F8c31.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application deleted - quarantined C:\FRST\Quarantine\C\Users\Jessie\AppData\Local\Temp\AskPIP_FF_.exe.xBAD a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application deleted - quarantined C:\FRST\Quarantine\C\Users\Jessie\AppData\Local\Temp\hsbing_717_active.exe.xBAD a variant of Win32/Toolbar.Perion.A potentially unwanted application deleted - quarantined C:\FRST\Quarantine\C\Users\Jessie\AppData\Local\Temp\tbSomo.dll.xBAD a variant of Win32/Toolbar.Conduit.X potentially unwanted application deleted - quarantined C:\Program Files (x86)\Google\Chrome\Application\GoogleUpdate.dll Win32/ExtenBro.AZ trojan cleaned by deleting - quarantined C:\Program Files (x86)\Gtuner\Gtuner.exe a variant of Win32/Packed.Themida potentially unwanted application deleted - quarantined C:\Program Files (x86)\Gtuner\MaxAimDI.dll a variant of Win32/Packed.Themida potentially unwanted application deleted - quarantined C:\ProgramData\InstallMate\{A60F21D2-60BC-42DA-A031-289E7DEC0324}\Custom.dll Win32/InstalleRex.M potentially unwanted application deleted - quarantined C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\fus.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\fus.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\fus.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\fus.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Users\Jessie\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\fus.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined C:\Users\Jessie\AppData\Roaming\Mozilla\Firefox\extensions\{e306aaa2-3b4f-4802-9faf-0c10ab78b589}\Plugins\npConduitFirefoxPlugin.dll a variant of Win32/Conduit.SearchProtect.N potentially unwanted application deleted - quarantined C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.15.2.24_1\plugins\ConduitChromeApiPlugin.dll a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.26.2.507_0\APISupport\APISupport.dll a variant of Win32/Conduit.SearchProtect.P potentially unwanted application deleted - quarantined C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.26.2.507_0\nativeMessaging\TBMessagingHost.exe a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkellkgendlmiakgmfcfagkniheiiokk\2.5_0\t1FFJiA4J.js Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined D:\Daryl Download\1\NBA2k15 V1.00 Trainer +9 MrAntiFun B.EXE a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application deleted - quarantined D:\Daryl Download\pay2-rockballa86-f12e2dfa565efe4\pay2-rockballa86.exe a variant of Win32/GameHack.BE potentially unsafe application deleted - quarantined D:\Daryl Download\The.Sims.4-RELOADED\rld-thesims4.iso Win32/HackTool.Crack.CY potentially unsafe application deleted D:\DARYL-PC\Backup Set 2014-11-02 190000\Backup Files 2014-11-02 190000\Backup files 2.zip Win32/Adware.MultiPlug.EK application deleted - quarantined D:\DARYL-PC\Backup Set 2014-11-02 190000\Backup Files 2014-11-02 190000\Backup files 4.zip a variant of Win32/Conduit.SearchProtect.P potentially unwanted application deleted - quarantined D:\DARYL-PC\Backup Set 2014-11-02 190000\Backup Files 2014-11-02 190000\Backup files 5.zip Win32/AdWare.1ClickDownload.AW application deleted - quarantined D:\DARYL-PC\Backup Set 2014-12-14 190001\Backup Files 2014-12-14 190001\Backup files 2.zip Win32/Adware.MultiPlug.EK application deleted - quarantined D:\DARYL-PC\Backup Set 2014-12-21 213221\Backup Files 2014-12-21 213221\Backup files 2.zip Win32/Adware.MultiPlug.EK application deleted - quarantined D:\DARYL-PC\Backup Set 2015-01-19 104716\Backup Files 2015-01-19 104716\Backup files 2.zip Win32/Adware.MultiPlug.EK application deleted - quarantined D:\DARYL-PC\Backup Set 2015-02-15 190000\Backup Files 2015-03-01 190001\Backup files 2.zip a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application deleted - quarantined D:\Program Files\The Sims 4\Game\Bin\rld.dll Win32/HackTool.Crack.CY potentially unsafe application deleted - quarantined
  5. ComboFix 15-04-28.01 - Daryl 04/28/2015 11:39:11.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8104.6673 [GMT -4:00] Running from: c:\users\Daryl\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\ntuser.pol c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\background.html c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\content.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\fus.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\lsdb.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\background.html c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\content.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\fus.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\manifest.json c:\users\Daryl\AppData\Local\Google\Chrome\User Data\Default\Preferences c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\background.html c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\content.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\fus.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\lsdb.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\manifest.json c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\background.html c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\content.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\fus.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\lsdb.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\manifest.json c:\users\Jessie\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah c:\users\Jessie\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\background.html c:\users\Jessie\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\content.js c:\users\Jessie\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\fus.js c:\users\Jessie\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\lsdb.js c:\users\Jessie\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\200\manifest.json c:\users\Jessie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffieaadkkhencgelmgbbmkkipeocbcbg c:\users\Jessie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffieaadkkhencgelmgbbmkkipeocbcbg\179\background.html c:\users\Jessie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffieaadkkhencgelmgbbmkkipeocbcbg\179\content.js c:\users\Jessie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffieaadkkhencgelmgbbmkkipeocbcbg\179\lsdb.js c:\users\Jessie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffieaadkkhencgelmgbbmkkipeocbcbg\179\manifest.json c:\users\Jessie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffieaadkkhencgelmgbbmkkipeocbcbg\179\yC3.js c:\users\Jessie\AppData\Local\Google\Chrome\User Data\Default\Extensions\figfkcnjhphoacbljgmpogfhhpmlelfm c:\users\Jessie\AppData\Local\Google\Chrome\User Data\Default\Extensions\figfkcnjhphoacbljgmpogfhhpmlelfm\1.1\background.html c:\users\Jessie\AppData\Local\Google\Chrome\User Data\Default\Extensions\figfkcnjhphoacbljgmpogfhhpmlelfm\1.1\content.js c:\users\Jessie\AppData\Local\Google\Chrome\User Data\Default\Extensions\figfkcnjhphoacbljgmpogfhhpmlelfm\1.1\lsdb.js c:\users\Jessie\AppData\Local\Google\Chrome\User Data\Default\Extensions\figfkcnjhphoacbljgmpogfhhpmlelfm\1.1\manifest.json c:\users\Jessie\AppData\Local\Google\Chrome\User Data\Default\Extensions\figfkcnjhphoacbljgmpogfhhpmlelfm\1.1\ye1HgR.js c:\users\Jessie\AppData\Local\Google\Chrome\User Data\Default\Preferences c:\users\Jessie\AppData\Roaming\Mozilla\Firefox\Profiles\o0ulvp5a.default\extensions\staged\u@W.co.uk c:\users\Jessie\AppData\Roaming\Mozilla\Firefox\Profiles\o0ulvp5a.default\extensions\staged\u@W.co.uk\bootstrap.js c:\users\Jessie\AppData\Roaming\Mozilla\Firefox\Profiles\o0ulvp5a.default\extensions\staged\u@W.co.uk\chrome.manifest c:\users\Jessie\AppData\Roaming\Mozilla\Firefox\Profiles\o0ulvp5a.default\extensions\staged\u@W.co.uk\content\bg.js c:\users\Jessie\AppData\Roaming\Mozilla\Firefox\Profiles\o0ulvp5a.default\extensions\staged\u@W.co.uk\install.rdf c:\windows\SysWow64\DEBUG.log . . ((((((((((((((((((((((((( Files Created from 2015-03-28 to 2015-04-28 ))))))))))))))))))))))))))))))) . . 2015-04-28 15:41 . 2015-04-28 15:41 -------- d-----w- c:\users\Jessie\AppData\Local\temp 2015-04-28 15:41 . 2015-04-28 15:41 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-04-28 12:08 . 2015-04-28 12:08 -------- d-----w- C:\RegBackup 2015-04-28 12:06 . 2015-04-04 06:25 12032440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{36FB99EB-564A-4675-A0B1-A8F95B5251A5}\mpengine.dll 2015-04-28 06:39 . 2015-04-04 06:25 12032440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2015-04-22 14:26 . 2015-04-08 20:32 560968 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2015-04-15 05:26 . 2015-03-25 03:24 98304 ----a-w- c:\windows\system32\wudriver.dll 2015-04-15 05:25 . 2015-03-13 04:12 666624 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll 2015-04-14 20:44 . 2015-04-14 20:44 -------- d-----w- c:\users\Daryl\AppData\Local\openvr 2015-04-04 07:00 . 2015-04-04 07:00 -------- d-s---w- c:\windows\system32\GWX 2015-04-04 07:00 . 2015-04-04 07:00 -------- d-s---w- c:\windows\SysWow64\GWX 2015-03-31 05:15 . 2015-03-26 07:00 1187344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2490ED8A-0A52-4ABF-B3A0-37A7DB3DADDE}\gapaengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-04-28 14:53 . 2014-08-06 11:17 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-04-09 00:58 . 2014-04-10 23:56 3317344 ----a-w- c:\windows\system32\nvapi64.dll 2015-04-09 00:58 . 2014-04-10 23:56 17176128 ----a-w- c:\windows\system32\nvwgf2umx.dll 2015-04-09 00:58 . 2014-04-10 23:56 12689592 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2015-04-08 21:30 . 2014-04-10 23:57 6841488 ----a-w- c:\windows\system32\nvcpl.dll 2015-04-08 21:30 . 2014-04-10 23:57 3478344 ----a-w- c:\windows\system32\nvsvc64.dll 2015-04-08 21:30 . 2014-10-27 02:13 2558608 ----a-w- c:\windows\system32\nvsvcr.dll 2015-04-08 21:30 . 2014-04-10 23:57 936264 ----a-w- c:\windows\system32\nvvsvc.exe 2015-04-08 21:30 . 2014-04-10 23:57 62608 ----a-w- c:\windows\system32\nvshext.dll 2015-04-08 21:30 . 2014-04-10 23:57 385168 ----a-w- c:\windows\system32\nvmctray.dll 2015-04-08 17:52 . 2014-04-10 23:57 4336074 ----a-w- c:\windows\system32\nvcoproc.bin 2015-04-01 15:16 . 2012-04-24 01:57 128913832 ----a-w- c:\windows\system32\MRT.exe 2015-03-28 03:44 . 2014-06-09 01:27 1316000 ----a-w- c:\windows\SysWow64\nvspbridge.dll 2015-03-28 03:44 . 2014-04-10 23:58 1316000 ----a-w- c:\windows\SysWow64\nvspcap.dll 2015-03-28 03:43 . 2014-06-09 01:27 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll 2015-03-28 03:43 . 2014-04-10 23:58 1570672 ----a-w- c:\windows\system32\nvspcap64.dll 2015-03-26 07:00 . 2014-01-24 17:34 1187344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2015-03-21 20:18 . 2012-05-15 11:57 466456 ----a-w- c:\windows\system32\wrap_oal.dll 2015-03-21 20:18 . 2012-05-15 11:57 122904 ----a-w- c:\windows\system32\OpenAL32.dll 2015-03-21 20:18 . 2012-05-15 11:57 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll 2015-03-21 20:18 . 2012-05-15 11:57 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll 2015-03-18 12:12 . 2012-04-25 23:13 778928 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2015-03-18 12:12 . 2012-04-25 23:13 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2015-03-17 04:56 . 2015-04-15 05:26 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2015-03-13 19:41 . 2015-03-18 12:09 1896136 ----a-w- c:\windows\system32\nvdispco6434788.dll 2015-03-13 19:41 . 2015-03-18 12:09 1557648 ----a-w- c:\windows\system32\nvdispgenco6434788.dll 2015-03-03 13:17 . 2010-11-21 03:27 295552 ------w- c:\windows\system32\MpSigStub.exe 2015-02-26 03:25 . 2015-03-11 05:05 3204096 ----a-w- c:\windows\system32\win32k.sys 2015-02-20 04:41 . 2015-03-11 05:06 41984 ----a-w- c:\windows\system32\lpk.dll 2015-02-20 04:40 . 2015-03-11 05:06 100864 ----a-w- c:\windows\system32\fontsub.dll 2015-02-20 04:40 . 2015-03-11 05:06 14336 ----a-w- c:\windows\system32\dciman32.dll 2015-02-20 04:40 . 2015-03-11 05:06 46080 ----a-w- c:\windows\system32\atmlib.dll 2015-02-20 04:13 . 2015-03-11 05:06 70656 ----a-w- c:\windows\SysWow64\fontsub.dll 2015-02-20 04:13 . 2015-03-11 05:06 10240 ----a-w- c:\windows\SysWow64\dciman32.dll 2015-02-20 04:13 . 2015-03-11 05:06 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2015-02-20 04:12 . 2015-03-11 05:06 25600 ----a-w- c:\windows\SysWow64\lpk.dll 2015-02-20 03:29 . 2015-03-11 05:06 372224 ----a-w- c:\windows\system32\atmfd.dll 2015-02-20 03:09 . 2015-03-11 05:06 299008 ----a-w- c:\windows\SysWow64\atmfd.dll 2015-02-13 05:22 . 2015-03-11 05:06 14177280 ----a-w- c:\windows\system32\shell32.dll 2015-02-05 21:01 . 2015-02-10 22:33 1895240 ----a-w- c:\windows\system32\nvdispco6434752.dll 2015-02-05 21:01 . 2015-02-10 22:33 1557648 ----a-w- c:\windows\system32\nvdispgenco6434752.dll 2015-02-04 16:23 . 2015-02-04 16:23 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll 2015-02-04 16:13 . 2015-02-04 16:13 869536 ----a-w- c:\windows\system32\msvcr120_clr0400.dll 2015-02-04 03:16 . 2015-03-11 05:05 465920 ----a-w- c:\windows\system32\WMPhoto.dll 2015-02-04 02:54 . 2015-03-11 05:05 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll 2015-02-03 03:34 . 2015-03-11 05:06 693176 ----a-w- c:\windows\system32\winload.efi 2015-02-03 03:34 . 2015-03-11 05:06 94656 ----a-w- c:\windows\system32\drivers\mountmgr.sys 2015-02-03 03:33 . 2015-03-11 05:06 616360 ----a-w- c:\windows\system32\winresume.efi 2015-02-03 03:31 . 2015-03-11 05:06 14632960 ----a-w- c:\windows\system32\wmp.dll 2015-02-03 03:31 . 2015-03-11 05:06 782848 ----a-w- c:\windows\system32\wmdrmsdk.dll 2015-02-03 03:31 . 2015-03-11 05:06 229376 ----a-w- c:\windows\system32\wintrust.dll 2015-02-03 03:31 . 2015-03-11 05:05 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll 2015-02-03 03:31 . 2015-03-11 05:06 215552 ----a-w- c:\windows\system32\ubpm.dll 2015-02-03 03:31 . 2015-03-11 05:06 5120 ----a-w- c:\windows\system32\dxmasf.dll 2015-02-03 03:31 . 2015-03-11 05:06 5120 ----a-w- c:\windows\system32\msdxm.ocx 2015-02-03 03:31 . 2015-03-11 05:06 63488 ----a-w- c:\windows\system32\setbcdlocale.dll 2015-02-03 03:31 . 2015-03-11 05:06 1574400 ----a-w- c:\windows\system32\quartz.dll 2015-02-03 03:31 . 2015-03-11 05:06 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll 2015-02-03 03:31 . 2015-03-11 05:06 371712 ----a-w- c:\windows\system32\qdvd.dll 2015-02-03 03:31 . 2015-03-11 05:06 188416 ----a-w- c:\windows\system32\pcasvc.dll 2015-02-03 03:31 . 2015-03-11 05:06 37376 ----a-w- c:\windows\system32\pcadm.dll 2015-02-03 03:31 . 2015-03-11 05:06 9728 ----a-w- c:\windows\system32\spwmp.dll 2015-02-03 03:31 . 2015-03-11 05:06 641024 ----a-w- c:\windows\system32\msscp.dll 2015-02-03 03:31 . 2015-03-11 05:06 325632 ----a-w- c:\windows\system32\msnetobj.dll 2015-02-03 03:31 . 2015-03-11 05:06 11264 ----a-w- c:\windows\system32\msmmsp.dll 2015-02-03 03:31 . 2015-03-11 05:06 4121600 ----a-w- c:\windows\system32\mf.dll 2015-02-03 03:31 . 2015-03-11 05:06 432128 ----a-w- c:\windows\system32\mfplat.dll 2015-02-03 03:31 . 2015-03-11 05:06 206848 ----a-w- c:\windows\system32\mfps.dll 2015-02-03 03:30 . 2015-03-11 05:06 631808 ----a-w- c:\windows\system32\evr.dll 2015-02-03 03:30 . 2015-03-11 05:06 284672 ----a-w- c:\windows\system32\EncDump.dll 2015-02-03 03:30 . 2015-03-11 05:06 1202176 ----a-w- c:\windows\system32\drmv2clt.dll 2015-02-03 03:30 . 2015-03-11 05:06 497664 ----a-w- c:\windows\system32\drmmgrtn.dll 2015-02-03 03:30 . 2015-03-11 05:06 1480192 ----a-w- c:\windows\system32\crypt32.dll 2015-02-03 03:30 . 2015-03-11 05:06 140288 ----a-w- c:\windows\system32\cryptnet.dll 2015-02-03 03:30 . 2015-03-11 05:06 1069056 ----a-w- c:\windows\system32\cryptui.dll 2015-02-03 03:30 . 2015-03-11 05:06 187904 ----a-w- c:\windows\system32\cryptsvc.dll 2015-02-03 03:30 . 2015-03-11 05:06 82432 ----a-w- c:\windows\system32\cryptsp.dll 2015-02-03 03:30 . 2015-03-11 05:06 842240 ----a-w- c:\windows\system32\blackbox.dll 2015-02-03 03:30 . 2015-03-11 05:06 680960 ----a-w- c:\windows\system32\audiosrv.dll 2015-02-03 03:30 . 2015-03-11 05:06 296448 ----a-w- c:\windows\system32\AudioSes.dll 2015-02-03 03:30 . 2015-03-11 05:06 440832 ----a-w- c:\windows\system32\AudioEng.dll 2015-02-03 03:30 . 2015-03-11 05:06 58880 ----a-w- c:\windows\system32\appidapi.dll 2015-02-03 03:30 . 2015-03-11 05:06 32256 ----a-w- c:\windows\system32\appidsvc.dll 2015-02-03 03:30 . 2015-03-11 05:06 55808 ----a-w- c:\windows\system32\rrinstaller.exe 2015-02-03 03:30 . 2015-03-11 05:06 9728 ----a-w- c:\windows\system32\pcalua.exe 2015-02-03 03:30 . 2015-03-11 05:06 11264 ----a-w- c:\windows\system32\pcawrk.exe 2015-02-03 03:30 . 2015-03-11 05:06 24576 ----a-w- c:\windows\system32\mfpmp.exe 2015-02-03 03:30 . 2015-03-11 05:06 126464 ----a-w- c:\windows\system32\audiodg.exe 2015-02-03 03:30 . 2015-03-11 05:06 17920 ----a-w- c:\windows\system32\appidcertstorecheck.exe 2015-02-03 03:30 . 2015-03-11 05:06 146944 ----a-w- c:\windows\system32\appidpolicyconverter.exe 2015-02-03 03:30 . 2015-03-11 05:06 12625920 ----a-w- c:\windows\system32\wmploc.DLL 2015-02-03 03:29 . 2015-03-11 05:06 8704 ----a-w- c:\windows\system32\pcaevts.dll 2015-02-03 03:28 . 2015-03-11 05:06 2048 ----a-w- c:\windows\system32\mferror.dll 2015-02-03 03:19 . 2015-03-11 05:06 663552 ----a-w- c:\windows\system32\drivers\PEAuth.sys 2015-02-03 03:12 . 2015-03-11 05:06 179200 ----a-w- c:\windows\SysWow64\wintrust.dll 2015-02-03 03:12 . 2015-03-11 05:06 617984 ----a-w- c:\windows\SysWow64\wmdrmsdk.dll 2015-02-03 03:12 . 2015-03-11 05:05 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2015-02-03 03:12 . 2015-03-11 05:06 171520 ----a-w- c:\windows\SysWow64\ubpm.dll 2015-02-03 03:12 . 2015-03-11 05:06 4096 ----a-w- c:\windows\SysWow64\msdxm.ocx 2015-02-03 03:12 . 2015-03-11 05:06 4096 ----a-w- c:\windows\SysWow64\dxmasf.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="d:\program files\Steam\steam.exe" [2015-04-13 2889408] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-07-03 3673184] "CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-04-23 8204056] "Spotify Web Helper"="c:\users\Daryl\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2015-02-15 1676344] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Logitech G35"="c:\program files (x86)\Logitech\G35\G35.exe" [2010-10-05 1811800] . c:\users\Daryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ CurseClientStartup.ccip [2014-10-24 0] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandbus64.sys [x] R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lganddiag64.sys [x] R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandgps64.sys [x] R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandmodem64.sys [x] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x] R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 xb1usb;Microsoft Xbox One Controller Driver;c:\windows\system32\DRIVERS\xb1usb.sys;c:\windows\SYSNATIVE\DRIVERS\xb1usb.sys [x] R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AsrAppCharger.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz135_x64.sys [x] S2 Fitbit Connect;Fitbit Connect Service;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe [x] S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x] S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x] S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x] S3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\DRIVERS\ladfDHP2amd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfDHP2amd64.sys [x] S3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\DRIVERS\ladfSBVMamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfSBVMamd64.sys [x] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x] S3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x] S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x] S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys;c:\windows\SYSNATIVE\DRIVERS\pneteth.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2015-04-16 11:59 988488 ----a-w- c:\program files (x86)\Google\Chrome\Application\42.0.2311.90\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2015-04-28 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 12:12] . 2015-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-18 19:32] . 2015-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-18 19:32] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-30 1332296] "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-03-28 2673296] "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-03-28 1570672] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-30 171992] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-30 399832] "Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-30 442328] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mStart Page = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 FF - ProfilePath - c:\users\Daryl\AppData\Roaming\Mozilla\Firefox\Profiles\g03ff0aw.default\ . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-zASRockInstantBoot - (no file) Wow6432Node-HKCU-Run-AceWebException - c:\users\Daryl\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\S-1-5-21-3472384728-3891243327-1104791788-1000\Software\SecuROM\License information*] "datasecu"=hex:78,2b,0e,8f,7f,d7,b5,03,09,62,fb,75,1a,66,86,e7,d0,c4,8e,4e,09, 68,55,d3,41,67,a2,b3,fb,02,5d,30,be,a6,3d,98,99,bf,2d,27,67,fb,d1,3b,a4,e5,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.15" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2015-04-28 11:43:08 ComboFix-quarantined-files.txt 2015-04-28 15:43 . Pre-Run: 9,165,275,136 bytes free Post-Run: 8,976,977,920 bytes free . - - End Of File - - 3D95E40574251182BFD765C4B952FB1F A36C5E4F47E84449FF07ED3517B43A31
  6. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 4/28/2015 Scan Time: 10:53:16 AM Logfile: okkk.txt Administrator: Yes Version: 2.00.4.1028 Malware Database: v2015.04.28.04 Rootkit Database: v2015.04.21.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Daryl Scan Type: Threat Scan Result: Completed Objects Scanned: 409919 Time Elapsed: 5 min, 39 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) ______________________________________________________________ Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-04-2015 01 Ran by Daryl at 2015-04-28 11:01:18 Run:1 Running from C:\Users\Daryl\Desktop Loaded Profiles: Daryl (Available profiles: Daryl & Jessie) Boot Mode: Normal ============================================== Content of fixlist: ***************** start CloseProcesses: ATTENTION: System Restore is disabled. HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess? HKU\S-1-5-21-3472384728-3891243327-1104791788-1000\...409d6c4515e9\InprocServer32: [Default-shell32] <==== ATTENTION! Startup: C:\Users\Daryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TheHunter Hack Tool.lnk [2015-03-15] ShortcutTarget: TheHunter Hack Tool.lnk -> C:\ProgramData\{ce310c20-84c0-ba62-ce31-10c2084c3082}\TheHunter Hack Tool.exe (No File) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Toolbar: HKU\S-1-5-21-3472384728-3891243327-1104791788-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File S4 np20ugt; C:\Users\Daryl\AppData\Roaming\bf5n8tqv.bat [89 2012-09-01] () [File not signed] C:\Users\Daryl\AppData\Roaming\bf5n8tqv.bat CHR Extension: (TreMendOusSalee) - C:\Users\Daryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\figfkcnjhphoacbljgmpogfhhpmlelfm [2015-04-10] 2015-04-10 08:33 - 2015-04-28 07:51 - 00000020 _____ () C:\Users\Daryl\AppData\Roaming\appdataFr3.bin 2015-04-10 04:54 - 2015-04-10 09:49 - 00000000 ____D () C:\Program Files (x86)\BorderlineInstance 2015-04-10 04:53 - 2015-04-10 09:48 - 00000000 ____D () C:\Program Files (x86)\TreMendOusSalee 2015-04-10 04:53 - 2015-04-10 09:48 - 00000000 ____D () C:\Program Files (x86)\NoNNoeizzeBrowwsEE 2015-04-10 04:53 - 2015-04-10 09:48 - 00000000 ____D () C:\Program Files (x86)\Bookmarks Button 2015-04-10 04:53 - 2015-04-10 04:53 - 00000000 ____D () C:\ProgramData\16636086434125824409 2012-09-01 17:29 - 2012-09-01 17:29 - 0086080 _____ () C:\Users\Daryl\AppData\Roaming\aftr4sb.dat 2015-04-10 08:33 - 2015-04-28 07:51 - 0000020 _____ () C:\Users\Daryl\AppData\Roaming\appdataFr3.bin 2012-09-01 17:29 - 2012-09-01 17:29 - 0000089 ____H () C:\Users\Daryl\AppData\Roaming\bf5n8tqv.bat 2012-09-01 17:29 - 2012-09-01 17:29 - 0090176 _____ () C:\Users\Daryl\AppData\Roaming\lj1y6nb.dat 2012-09-01 17:28 - 2012-09-01 17:28 - 0060992 _____ () C:\Users\Daryl\AppData\Roaming\serjs58n.dat 2012-09-03 17:41 - 2012-09-03 17:41 - 0060992 _____ () C:\Users\Daryl\AppData\Roaming\slr8k5s.dat 2014-03-15 16:54 - 2014-03-15 16:54 - 0012586 _____ () C:\ProgramData\mptmqteo.hmi C:\Users\Jessie\AppData\Local\Temp\AskPIP_FF_.exe C:\Users\Jessie\AppData\Local\Temp\hsbing_717_active.exe C:\Users\Jessie\AppData\Local\Temp\nvSCPAPI.dll C:\Users\Jessie\AppData\Local\Temp\nvStInst.exe C:\Users\Jessie\AppData\Local\Temp\tbSomo.dll Hosts: EmptyTemp: Reboot: end ***************** Processes closed successfully. ATTENTION: System Restore is disabled. => Error: No automatic fix found for this entry. HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully. "HKU\S-1-5-21-3472384728-3891243327-1104791788-1000\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}" => Key deleted successfully. C:\Users\Daryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TheHunter Hack Tool.lnk => Moved successfully. C:\ProgramData\{ce310c20-84c0-ba62-ce31-10c2084c3082}\TheHunter Hack Tool.exe not found. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-21-3472384728-3891243327-1104791788-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully. HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found. np20ugt => Service deleted successfully. C:\Users\Daryl\AppData\Roaming\bf5n8tqv.bat => Moved successfully. C:\Users\Daryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\figfkcnjhphoacbljgmpogfhhpmlelfm => Moved successfully. C:\Users\Daryl\AppData\Roaming\appdataFr3.bin => Moved successfully. C:\Program Files (x86)\BorderlineInstance => Moved successfully. C:\Program Files (x86)\TreMendOusSalee => Moved successfully. C:\Program Files (x86)\NoNNoeizzeBrowwsEE => Moved successfully. C:\Program Files (x86)\Bookmarks Button => Moved successfully. C:\ProgramData\16636086434125824409 => Moved successfully. C:\Users\Daryl\AppData\Roaming\aftr4sb.dat => Moved successfully. "C:\Users\Daryl\AppData\Roaming\appdataFr3.bin" => File/Directory not found. "C:\Users\Daryl\AppData\Roaming\bf5n8tqv.bat" => File/Directory not found. C:\Users\Daryl\AppData\Roaming\lj1y6nb.dat => Moved successfully. C:\Users\Daryl\AppData\Roaming\serjs58n.dat => Moved successfully. C:\Users\Daryl\AppData\Roaming\slr8k5s.dat => Moved successfully. C:\ProgramData\mptmqteo.hmi => Moved successfully. C:\Users\Jessie\AppData\Local\Temp\AskPIP_FF_.exe => Moved successfully. C:\Users\Jessie\AppData\Local\Temp\hsbing_717_active.exe => Moved successfully. C:\Users\Jessie\AppData\Local\Temp\nvSCPAPI.dll => Moved successfully. C:\Users\Jessie\AppData\Local\Temp\nvStInst.exe => Moved successfully. C:\Users\Jessie\AppData\Local\Temp\tbSomo.dll => Moved successfully. C:\Windows\System32\Drivers\etc\hosts => Moved successfully. Hosts was reset successfully. EmptyTemp: => Removed 1.4 GB temporary data. The system needed a reboot. ==== End of Fixlog 11:01:36 ====
  7. Oh boy.. well let's go ahead and try to get this disinfected. Thank you for all your help.
  8. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2015 01 Ran by Daryl at 2015-04-28 09:14:29 Running from C:\Users\Daryl\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3472384728-3891243327-1104791788-500 - Administrator - Disabled) Daryl (S-1-5-21-3472384728-3891243327-1104791788-1000 - Administrator - Enabled) => C:\Users\Daryl Guest (S-1-5-21-3472384728-3891243327-1104791788-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-3472384728-3891243327-1104791788-1003 - Limited - Enabled) Jessie (S-1-5-21-3472384728-3891243327-1104791788-1001 - Administrator - Enabled) => C:\Users\Jessie ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated) Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.) Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated) Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated) Adobe Reader 9.5.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{20384EBF-4F10-13F0-07C6-7A6C87FD83DF}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.) Anomaly Warzone Earth (HKLM-x32\...\Steam App 91200) (Version: - 11 bit studios) APB Reloaded (HKLM-x32\...\Steam App 113400) (Version: - ) ARMA 2 (HKLM-x32\...\Steam App 33900) (Version: - Bohemia Interactive) ARMA 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version: - Bohemia Interactive) Ashampoo Burning Studio 12 v.12.0.1 (HKLM-x32\...\Ashampoo Burning Studio 12_is1) (Version: 12.0.1 - Ashampoo GmbH & Co. KG) Ashampoo Burning Studio 12 v.12.0.5 (HKLM-x32\...\{91B33C97-93EB-244C-F687-71D85E45A206}_is1) (Version: 12.0.5 - Ashampoo GmbH & Co. KG) Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.1.0 - Asmedia Technology) ASRock App Charger v1.0.4 (HKLM\...\ASRock App Charger_is1) (Version: - ASRock Inc.) ASRock InstantBoot v1.29 (HKLM-x32\...\ASRock InstantBoot_is1) (Version: - ) Audiosurf (HKLM-x32\...\Steam App 12900) (Version: - Dylan Fitterer) Awesomenauts (HKLM-x32\...\Steam App 204300) (Version: - Ronimo Games) Batman: Arkham City GOTY (HKLM-x32\...\Steam App 200260) (Version: - Rocksteady Studios) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - ) Besiege (HKLM-x32\...\Steam App 346010) (Version: - Spiderling Studios) Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software) calibre (HKLM-x32\...\{3CA0D836-B5E7-463D-A1C5-9F49B3E3EDE6}) (Version: 2.20.0 - Kovid Goyal) CameraHelperMsi (x32 Version: 13.50.854.0 - Logitech) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform) Counter-Strike: Global Offensive Beta (HKLM-x32\...\Steam App 730) (Version: - ) Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve) CPUID CPU-Z 1.60 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) Curse Client (HKU\S-1-5-21-3472384728-3891243327-1104791788-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse) DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0335 - Disc Soft Ltd) Dead Island (HKLM-x32\...\Steam App 91310) (Version: - Techland) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve) Dragonball Xenoverse (HKLM-x32\...\Dragonball Xenoverse_is1) (Version: - ) Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version: - Trendy Entertainment) erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Bethesda Softworks) Fitbit Connect (HKLM-x32\...\{D3CD091B-296B-48E9-9F0F-E9FE53E02E41}) (Version: 1.0.3.5511 - Fitbit Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden gpedt.msc 1.0 (HKLM-x32\...\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1) (Version: - Richard) Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version: - Rockstar) Gtuner (HKLM-x32\...\Gtuner) (Version: 3.06 - ConsoleTuner) Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.) Hotline Miami (HKLM-x32\...\Steam App 219150) (Version: - Dennaton Games) Insurgency (HKLM-x32\...\Steam App 222880) (Version: - New World Interactive) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation) K-Lite Codec Pack 8.7.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.7.0 - ) Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve) Logitech G35 (HKLM\...\{27607A94-33AC-4AA7-AACE-95AF6ACA3E30}) (Version: 1.1.178 - Logitech) Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..) Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.) LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Mark of the Ninja (HKLM-x32\...\Steam App 214560) (Version: - Klei Entertainment) Marvel Heroes 2015 (HKLM-x32\...\Steam App 226320) (Version: - Gazillion Entertainment) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation) Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Monaco (HKLM-x32\...\Steam App 113020) (Version: - Pocketwatch Games) Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version: - TaleWorlds Entertainment) Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 16.0.2 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NBA 2K15 (HKLM-x32\...\TkJBMksxNQ==_is1) (Version: 1 - ) NVIDIA 3D Vision Controller Driver 349.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 349.95 - NVIDIA Corporation) NVIDIA 3D Vision Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 350.12 - NVIDIA Corporation) NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation) NVIDIA Graphics Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation) NVIDIA PhysX System Software 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.) PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version: - ) PdaNet+ for Android 4.15 (HKLM-x32\...\PdaNet_is1) (Version: - June Fabrics Technology Inc) PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version: - Sony Online Entertainment) Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.) QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6392 - Realtek Semiconductor Corp.) Reign Of Kings (HKLM-x32\...\Steam App 344760) (Version: - Code}{atch) Rust (HKLM-x32\...\Steam App 252490) (Version: - Facepunch Studios) Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15022.8 - Samsung Electronics Co., Ltd.) Samsung Kies3 (x32 Version: 3.2.15022.8 - Samsung Electronics Co., Ltd.) Hidden Scribblenauts Unlimited (HKLM-x32\...\Steam App 218680) (Version: - 5th Cell Media) Serious Sam 3: BFE (HKLM-x32\...\Steam App 41070) (Version: - Croteam) SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.) Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.) Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version: - United Front Games) Sonic & All-Stars Racing Transformed (HKLM-x32\...\Steam App 212480) (Version: - Sumo Digital) Spotify (HKU\S-1-5-21-3472384728-3891243327-1104791788-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) System Requirements Lab CYRI (HKLM-x32\...\{705216C1-BA52-4B16-AFE4-4143B340D62D}) (Version: 6.0.12.6 - Husdawg, LLC) Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version: - Code Sector) Terraria (HKLM-x32\...\Steam App 105600) (Version: - ) The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios) The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios) The Sims 4 (HKLM-x32\...\VGhlU2ltczQ=_is1) (Version: 1 - ) The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.732.20 - Electronic Arts Inc.) The Walking Dead (HKLM-x32\...\Steam App 207610) (Version: - ) Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT) Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.) Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies) Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) War Thunder (HKLM-x32\...\Steam App 236390) (Version: - Gaijin Entertainment) Warhammer 40,000 Space Marine (HKLM-x32\...\Steam App 55150) (Version: - Relic) Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation) Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation) WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH) World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment) Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org) Zero Assumption Recovery Version 9 (HKLM-x32\...\Zero Assumption Recovery_is1) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3472384728-3891243327-1104791788-1000_Classes\CLSID\{2e36278b-7158-4983-86bb-361476ff07de}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation) ==================== Restore Points ========================= ATTENTION: System Restore is disabled. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2012-05-14 19:11 - 00000894 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 secure.nero.com/us/secure.asp 127.0.0.1 activation@nero.com ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1068A1E1-F573-49EF-97DC-8288B560412C} - System32\Tasks\{4A126F29-68D3-41E5-BD8D-0F6A892B16BE} => pcalua.exe -a C:\Users\Daryl\Downloads\ARMA2_OA_Build_95168\ARMA2_OA_Build_95168.exe -d C:\Users\Daryl\Downloads\ARMA2_OA_Build_95168 Task: {27157C47-B340-41CD-9391-37B0B5BC358A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {28F8F141-2E65-481D-99F9-B8F03DD9F356} - System32\Tasks\{C2054620-A0C6-4127-A48C-B4F41A711577} => pcalua.exe -a C:\Users\Daryl\Downloads\ARMA2_OA_Build_95417\ARMA2_OA_Build_95417.exe -d C:\Users\Daryl\Downloads\ARMA2_OA_Build_95417 Task: {2DA4F1FD-AF6C-4B1F-AEC6-2A860C4EBE8D} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {3797FABC-A245-452C-BA67-76608E1A25D3} - System32\Tasks\{6625D140-6040-4826-ADDD-120A62333C59} => pcalua.exe -a C:\Users\Daryl\Downloads\ARMA2_OA_Build_95883\ARMA2_OA_Build_95883.exe -d C:\Users\Daryl\Downloads\ARMA2_OA_Build_95883 Task: {3D432748-CDD4-455E-8253-54C97CEE465C} - System32\Tasks\{A6160631-8509-41BB-BDB2-20A7D2B1CEA4} => pcalua.exe -a D:\ARMA2_OA_Build_93348\ARMA2_OA_Build_93348.exe -d D:\ARMA2_OA_Build_93348 Task: {4E557CB1-F78A-4D6F-BF9B-2571DDB9D138} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {52687A62-1C75-4A63-A010-289D7E081FCC} - System32\Tasks\{CA85425A-81A6-400D-9477-DDAF024EF01C} => pcalua.exe -a "C:\Program Files (x86)\ReadyCoupon\ReadyCoupon.exe" -c /s /n /i:"ExecuteCommands;UninstallCommands" "" Task: {54EBE995-3864-4C12-8EC1-24EA2F2AB03E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-18] (Google Inc.) Task: {6E012910-D704-48C0-A3DE-56CF54D58221} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-18] (Adobe Systems Incorporated) Task: {9A3C42A6-7059-43D9-A017-A7BD787539E4} - System32\Tasks\{76FF96A9-22E1-4E97-904E-37C6B5B5186B} => pcalua.exe -a C:\Users\Daryl\Downloads\ARMA2_OA_Build_94876\ARMA2_OA_Build_94876.exe -d C:\Users\Daryl\Downloads\ARMA2_OA_Build_94876 Task: {C8464A56-7334-43E4-A990-6B5E1E338AFC} - System32\Tasks\{0795CCEB-A2C7-4976-A567-AD11EC8AB97F} => pcalua.exe -a C:\Users\Daryl\Downloads\ARMA2_OA_Build_95389\ARMA2_OA_Build_95389.exe -d C:\Users\Daryl\Downloads\ARMA2_OA_Build_95389 Task: {C850DA77-775D-42D4-A509-2F59A101C087} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {CC71B711-5443-467F-9DD1-53C5063928DC} - System32\Tasks\{A15EB4E9-5038-4241-BBAF-4F973AA0894D} => pcalua.exe -a C:\Users\Daryl\Downloads\ARMA2_OA_Build_96476\ARMA2_OA_Build_96476.exe -d C:\Users\Daryl\Downloads\ARMA2_OA_Build_96476 Task: {D1FBD824-27C7-4905-8ABF-A4500D31462B} - System32\Tasks\{B78529DF-78B8-4793-8BEB-8ABAA34FF92A} => pcalua.exe -a C:\Users\Daryl\Downloads\ARMA2_OA_Build_96751\ARMA2_OA_Build_96751.exe Task: {D83BB66C-BF25-42DE-B380-8F2A99627092} - System32\Tasks\{E803EBAE-736A-4F28-A66B-CD61FD6AF44F} => pcalua.exe -a "D:\Program Files\Steam\steam.exe" -c steam://uninstall/44320 Task: {D9779688-C5FB-4095-97C4-82F582B30D69} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-18] (Google Inc.) Task: {E70ED4BA-486C-4C5A-B6E3-498BD1D77DF4} - System32\Tasks\{651DEE53-5D48-4597-BC0B-A74B46D8F98C} => pcalua.exe -a C:\Users\Daryl\Downloads\ARMA2_OA_Build_96061\ARMA2_OA_Build_96061.exe -d C:\Users\Daryl\Downloads\ARMA2_OA_Build_96061 Task: {EE27586C-E1D0-46C3-819B-FE3DE2639F69} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd) Task: {F286E922-33B5-4407-BA01-8BB818824BD3} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2014-04-10 19:57 - 2015-04-08 17:30 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2013-03-15 20:15 - 2013-03-15 20:15 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2012-04-26 06:23 - 2012-02-17 20:55 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll 2014-12-15 22:28 - 2012-01-29 17:55 - 00657920 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll 2014-12-15 22:28 - 2012-01-20 15:55 - 00678400 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll 2012-03-19 22:09 - 2012-03-19 22:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2015-04-08 08:40 - 2015-03-27 23:45 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, the associated entry will be removed from the registry.) IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3472384728-3891243327-1104791788-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Daryl\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 209.18.47.61 - 209.18.47.62 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: BEService => 3 MSCONFIG\Services: cphs => 3 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: np20ugt => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: Steam Client Service => 3 MSCONFIG\Services: SwitchBoard => 3 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk => C:\Windows\pss\Rainmeter.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Daryl^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\Windows\pss\CurseClientStartup.ccip.Startup MSCONFIG\startupfolder: C:^Users^Daryl^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk => C:\Windows\pss\PdaNet Desktop.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun MSCONFIG\startupreg: Fitbit Connect => "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun MSCONFIG\startupreg: Google Update => "C:\Users\Daryl\AppData\Local\Google\Update\GoogleUpdate.exe" /c MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide MSCONFIG\startupreg: msetux => "C:\Windows\System32\rundll32.exe" "C:\Users\Daryl\AppData\Roaming\msetux.dll",EvalCode MSCONFIG\startupreg: NBAgent => "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: ROC_ROC_APR2013_AV => C:\Users\Daryl\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 86b62c6883ca47d0b2516d16b2d189c9-ad1491be2ce6c122f6b66faa90e70c2decf7d34c --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013 MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Daryl\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe MSCONFIG\startupreg: THX TruStudio NB Settings => "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r MSCONFIG\startupreg: THXCfg64 => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE MSCONFIG\startupreg: XFastUsb => C:\Program Files (x86)\XFastUsb\XFastUsb.exe ==================== FirewallRules (whitelisted) =============== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) FirewallRules: [{48DF6BCC-686F-4D38-B5F0-5277108FB29C}] => (Allow) LPort=80 FirewallRules: [{FD69E350-B9D1-4C26-B378-579DF3F772AD}] => (Allow) LPort=80 FirewallRules: [{8275D868-492E-4B66-945C-56E59DC84702}] => (Allow) LPort=80 FirewallRules: [TCP Query User{9A49D5CE-432C-45B7-8EE7-395E8417E703}D:\program files\steam\steam.exe] => (Allow) D:\program files\steam\steam.exe FirewallRules: [uDP Query User{16F852B4-BF92-4702-9113-94004C848E56}D:\program files\steam\steam.exe] => (Allow) D:\program files\steam\steam.exe FirewallRules: [{017BE8C7-3A22-43AB-8204-EE1165C77D9C}] => (Allow) D:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe FirewallRules: [{F3C0170D-7C2D-44BF-AFBE-443E0C708828}] => (Allow) D:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe FirewallRules: [TCP Query User{D2A25E4D-E9A9-46F4-B50F-C032E55DD047}D:\program files\steam\steamapps\common\counter-strike source\hl2.exe] => (Allow) D:\program files\steam\steamapps\common\counter-strike source\hl2.exe FirewallRules: [uDP Query User{7112BDA3-CF51-4E44-9963-824B8877D86A}D:\program files\steam\steamapps\common\counter-strike source\hl2.exe] => (Allow) D:\program files\steam\steamapps\common\counter-strike source\hl2.exe FirewallRules: [{0AFB428A-5265-4E9B-BA1E-C070AD9161C7}] => (Allow) D:\Program Files\Steam\steamapps\common\Team Fortress 2\hl2.exe FirewallRules: [{0FFFF8C1-51D8-41CE-A35F-9C9994647A95}] => (Allow) D:\Program Files\Steam\steamapps\common\Team Fortress 2\hl2.exe FirewallRules: [{472A84A1-ED90-4905-AD24-55FC9DF8FE22}] => (Allow) D:\Program Files\Steam\steamapps\common\Awesomenauts\AwesomenautsLauncher.exe FirewallRules: [{FD48D76D-C670-48AD-9965-98155482A17E}] => (Allow) D:\Program Files\Steam\steamapps\common\Awesomenauts\AwesomenautsLauncher.exe FirewallRules: [{B5C4D574-924E-48C2-BE5E-81BA52543B78}] => (Allow) D:\Program Files\Steam\steamapps\common\Sonic & All-Stars Racing Transformed\ASN_App_PcDx9_Final.exe FirewallRules: [{10C896F9-216C-4D16-A5B6-3AE7D692F625}] => (Allow) D:\Program Files\Steam\steamapps\common\Sonic & All-Stars Racing Transformed\ASN_App_PcDx9_Final.exe FirewallRules: [{FB4B9053-3A94-4A32-88D7-45DA34C9D483}] => (Allow) D:\Program Files\Steam\steamapps\common\Sonic & All-Stars Racing Transformed\Launcher.exe FirewallRules: [{317B394B-4890-4620-AD02-D18CC8644379}] => (Allow) D:\Program Files\Steam\steamapps\common\Sonic & All-Stars Racing Transformed\Launcher.exe FirewallRules: [{DB135C20-29CC-4A44-B32E-A88C78597850}] => (Allow) D:\Program Files\Steam\steamapps\common\Call of Duty Ghosts\iw6mp64_ship.exe FirewallRules: [{D5540CCE-4B8B-42C0-A570-33AE495E81E0}] => (Allow) D:\Program Files\Steam\steamapps\common\Call of Duty Ghosts\iw6mp64_ship.exe FirewallRules: [{39DF694A-F9BD-4975-BBA3-D6CFDCA25859}] => (Allow) D:\Program Files\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe FirewallRules: [{FBA57D93-FF97-4863-B9CE-445A3F2024FB}] => (Allow) D:\Program Files\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe FirewallRules: [{A5062045-DCA9-4DDA-AB1F-2AC5D1782E2D}] => (Allow) D:\Program Files\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe FirewallRules: [{B32A144B-E0EA-441D-B4EF-DE85EBEC130F}] => (Allow) D:\Program Files\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe FirewallRules: [{49B117F2-7BD5-49A1-87D2-5D384E651B16}] => (Allow) D:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{B6306530-9538-454E-9A70-3A3A6F856BA2}] => (Allow) D:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [TCP Query User{A4C825E5-44F2-40D8-B9C4-1E7DDF5711FC}D:\program files\steam\steamapps\common\batman arkham city goty\binaries\win32\batmanac.exe] => (Allow) D:\program files\steam\steamapps\common\batman arkham city goty\binaries\win32\batmanac.exe FirewallRules: [uDP Query User{05C9956B-B378-4463-B465-6BAE2B79DDB5}D:\program files\steam\steamapps\common\batman arkham city goty\binaries\win32\batmanac.exe] => (Allow) D:\program files\steam\steamapps\common\batman arkham city goty\binaries\win32\batmanac.exe FirewallRules: [{BF3C9DB7-D607-4543-A540-0569288EF3A9}] => (Allow) D:\Program Files\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe FirewallRules: [{49B99D37-02F0-4AF9-A6DC-9EC1A90C80B2}] => (Allow) D:\Program Files\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe FirewallRules: [{F9E083A9-A09F-4D2C-AC66-5C0FF33E0F0B}] => (Allow) D:\Program Files\Steam\steamapps\common\Terraria\Terraria.exe FirewallRules: [{A377125C-4D5D-4327-B0FD-C6342005029A}] => (Allow) D:\Program Files\Steam\steamapps\common\Terraria\Terraria.exe FirewallRules: [{5A83AEC6-6CBC-4FD8-8110-DB0F1393300A}] => (Allow) D:\Program Files\Steam\steamapps\common\Monaco\MONACO.exe FirewallRules: [{77C7346C-736A-434A-B865-37BEE0966DBC}] => (Allow) D:\Program Files\Steam\steamapps\common\Monaco\MONACO.exe FirewallRules: [{7029CB0B-5D9C-4868-BF57-E701E613ED2A}] => (Allow) D:\Program Files\Steam\steamapps\common\rust\rust.exe FirewallRules: [{CD273A6D-BE62-45E3-BEFE-837E139456E6}] => (Allow) D:\Program Files\Steam\steamapps\common\rust\rust.exe FirewallRules: [{B164EB74-CD1D-40AE-9B52-0F8E03A4384D}] => (Allow) D:\Program Files\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe FirewallRules: [{3782D211-059F-44A7-9877-9D27E6B18193}] => (Allow) D:\Program Files\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe FirewallRules: [{5D5059C7-DC6B-47E3-B025-FAEB83A5E7AE}] => (Allow) D:\Program Files\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe FirewallRules: [{2F4AB13A-0DF9-495E-8EBA-335CFD1E2545}] => (Allow) D:\Program Files\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe FirewallRules: [{53B34A57-E097-4A5B-9B73-72DE1802C94C}] => (Allow) C:\Users\Daryl\AppData\Roaming\Spotify\spotify.exe FirewallRules: [{47260D74-058A-45B8-8D79-2E6F7FD709F1}] => (Allow) C:\Users\Daryl\AppData\Roaming\Spotify\spotify.exe FirewallRules: [{E992BC12-6958-40CA-8399-22E9D9C3FFE3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{DCC97CF9-475D-4CE0-BEA2-400BB2737897}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{026AB76E-2E9C-4B6A-BA0B-BC04C66E4A09}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{CEF8F353-4051-4A28-9D69-DBA98A9F6E91}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{DF7E44E6-54FA-4E46-94C7-0343F510DFF1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{5FEAA292-4467-4803-907A-09074C305577}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{9A387B3B-4037-4109-AFFB-EA5DA5E02FEB}] => (Allow) D:\Program Files\Steam\steamapps\common\Dungeon Defenders\Binaries\Win32\DungeonDefenders.exe FirewallRules: [{F1CD55DA-03C7-4060-967C-D830EF4E491A}] => (Allow) D:\Program Files\Steam\steamapps\common\Dungeon Defenders\Binaries\Win32\DungeonDefenders.exe FirewallRules: [{D10EEB9D-7A8A-4BCC-8E61-213C789CCD05}] => (Allow) D:\Program Files\Steam\steamapps\common\War Thunder\launcher.exe FirewallRules: [{9C076B04-94C5-4319-A0C0-1D46654FA4E0}] => (Allow) D:\Program Files\Steam\steamapps\common\War Thunder\launcher.exe FirewallRules: [{90AD49D4-7D53-406C-BB7C-3315AF470C21}] => (Allow) D:\Program Files\Steam\steamapps\common\Anomaly Warzone Earth\AnomalyWarzoneEarth.exe FirewallRules: [{BD21BF16-829B-43EA-8AE2-C5F2CB3FBDC3}] => (Allow) D:\Program Files\Steam\steamapps\common\Anomaly Warzone Earth\AnomalyWarzoneEarth.exe FirewallRules: [{66A73272-A188-45FB-AB59-FC36DCB43285}] => (Allow) D:\Program Files\Steam\steamapps\common\portal 2\portal2.exe FirewallRules: [{6EF7C6D0-47F7-4E3A-A203-78291B77C8F2}] => (Allow) D:\Program Files\Steam\steamapps\common\portal 2\portal2.exe FirewallRules: [{0911FE5B-0B53-47A8-9B40-A2B0AF99EB38}] => (Allow) D:\Program Files\Steam\steamapps\common\mark_of_the_ninja\bin\game.exe FirewallRules: [{1E5C6E38-92B9-403B-9F57-9C1BBDDBAEB6}] => (Allow) D:\Program Files\Steam\steamapps\common\mark_of_the_ninja\bin\game.exe FirewallRules: [{388DE20D-93B0-40E6-BA80-ECF37953EFAD}] => (Allow) D:\Program Files\Steam\bin\steamwebhelper.exe FirewallRules: [{83AA2634-5A13-44C5-8CC1-A498EFE8774C}] => (Allow) D:\Program Files\Steam\bin\steamwebhelper.exe FirewallRules: [TCP Query User{37BFAB0D-86B1-4C8B-BFD3-E603272CF957}D:\program files\diablo iii\diablo iii.exe] => (Allow) D:\program files\diablo iii\diablo iii.exe FirewallRules: [uDP Query User{9CA65088-BE7C-4B64-A640-1CD63BBA173D}D:\program files\diablo iii\diablo iii.exe] => (Allow) D:\program files\diablo iii\diablo iii.exe FirewallRules: [{7210A056-435E-4A97-9952-365A2E7BBD5D}] => (Allow) D:\Program Files\Steam\steamapps\common\Audiosurf\engine\QuestViewer.exe FirewallRules: [{0453361E-47EF-4615-9120-B9A8DF1700C4}] => (Allow) D:\Program Files\Steam\steamapps\common\Audiosurf\engine\QuestViewer.exe FirewallRules: [TCP Query User{8C080345-2F8D-43AC-88F0-8AFE5C290DE6}D:\program files\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) D:\program files\steam\steamapps\common\awesomenauts\awesomenauts.exe FirewallRules: [uDP Query User{4AF5DD34-0C8F-45E3-BA20-16F43CC1753A}D:\program files\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) D:\program files\steam\steamapps\common\awesomenauts\awesomenauts.exe FirewallRules: [{FC011A72-9A69-4099-9FB9-E36536D34DFD}] => (Allow) D:\Program Files\Steam\steamapps\common\The Walking Dead\WalkingDead101.exe FirewallRules: [{A090206E-4F42-45E7-8B2E-E315EBF7792B}] => (Allow) D:\Program Files\Steam\steamapps\common\The Walking Dead\WalkingDead101.exe FirewallRules: [{902DB92F-B58F-4E9D-A257-517F712BC748}] => (Allow) D:\Program Files\The Sims 4\Game\Bin\TS4.exe FirewallRules: [{0BB87C43-7182-490B-A25D-91295DDFB382}] => (Allow) D:\Program Files\The Sims 4\Game\Bin\TS4.exe FirewallRules: [{54E304CE-AFD2-4F55-9A06-490CFB8ABE80}] => (Allow) D:\Program Files\Steam\steamapps\common\insurgency2\insurgency.exe FirewallRules: [{2653F14F-20ED-4A86-8B15-67F747EE003B}] => (Allow) D:\Program Files\Steam\steamapps\common\insurgency2\insurgency.exe FirewallRules: [{3CC2A49F-61F3-452E-A384-AD6D8950956A}] => (Allow) C:\Users\Daryl\AppData\Roaming\ACEStream\engine\ace_engine.exe FirewallRules: [{DE8D1B45-7518-4B91-BF88-6E9E8D02AC36}] => (Allow) C:\Users\Daryl\AppData\Roaming\ACEStream\engine\ace_engine.exe FirewallRules: [{D13AC959-E1A6-44D2-BF66-1CB36D4927EB}] => (Allow) C:\Windows\SysWOW64\muzapp.exe FirewallRules: [{A71DEE64-3082-498D-B74C-ADAAA7563AB9}] => (Allow) C:\Windows\SysWOW64\muzapp.exe FirewallRules: [{5714D90D-D051-46BD-B04E-4B8AE798544D}] => (Allow) D:\Program Files\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win32\MarvelHeroes2015.exe FirewallRules: [{68B44682-AE42-4AF3-A855-523C4FF53036}] => (Allow) D:\Program Files\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win32\MarvelHeroes2015.exe FirewallRules: [{00B7064B-E97C-46BB-88C5-BE22AD4CC25E}] => (Allow) D:\Program Files\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe FirewallRules: [{1B517190-1120-47DD-9151-FFE03B945A13}] => (Allow) D:\Program Files\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe FirewallRules: [{F70AC9FE-8C95-4195-9838-C6BBDAB8F921}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe FirewallRules: [{18D779BF-F363-4EB4-9452-632F7C7A221A}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe FirewallRules: [{46631546-1422-4A62-BF3E-6040ED3C93DC}] => (Allow) D:\Program Files\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2015.exe FirewallRules: [{2B0F7A07-FB91-48F5-B8B3-203884B4C819}] => (Allow) D:\Program Files\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2015.exe FirewallRules: [TCP Query User{7BF94D5C-9853-4578-8893-99820B4E4984}D:\program files\dying light\dyinglightgame.exe] => (Allow) D:\program files\dying light\dyinglightgame.exe FirewallRules: [uDP Query User{FD86358F-75F3-4EDC-8CB1-D9557BFEB58D}D:\program files\dying light\dyinglightgame.exe] => (Allow) D:\program files\dying light\dyinglightgame.exe FirewallRules: [{356FCF54-7406-42AC-9EF0-A548D2F7956A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{7931C1DE-5283-4831-ADAC-A9F3061A2D71}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{862B8BFC-625B-4946-B5BD-4D89BCD248E6}] => (Allow) D:\Program Files\Steam\steamapps\common\Besiege\Besiege.exe FirewallRules: [{C74D1A03-C2AB-44E8-9F77-C6F4421A0CEB}] => (Allow) D:\Program Files\Steam\steamapps\common\Besiege\Besiege.exe FirewallRules: [{9E546C70-F79D-412F-AF3D-70DC3CCBAD26}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{BC61446A-42E6-4CD3-ACF1-10907C9FF81D}] => (Allow) D:\Program Files\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe FirewallRules: [{87BAA1F6-EE92-4F61-9ACC-C77A7DB327E9}] => (Allow) D:\Program Files\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe FirewallRules: [{DC8FCC16-395F-426F-BBB6-73A42B641F4E}] => (Allow) D:\Program Files\Steam\steamapps\common\Reign Of Kings\ROK.exe FirewallRules: [{CE10226B-B066-4363-81C7-666E32CCC75F}] => (Allow) D:\Program Files\Steam\steamapps\common\Reign Of Kings\ROK.exe FirewallRules: [{030A2BFC-9DA6-4FD4-AF06-196CD3DC4BF8}] => (Allow) D:\Program Files\Steam\steamapps\common\Dead Island\DeadIslandGame.exe FirewallRules: [{EDE8E348-11E3-4158-A9DB-8C1928291DBA}] => (Allow) D:\Program Files\Steam\steamapps\common\Dead Island\DeadIslandGame.exe FirewallRules: [{AEEB0EC2-EE73-4D2C-A77B-88E9817D4388}] => (Allow) D:\Program Files\Steam\steamapps\common\hotline_miami\HotlineMiami.exe FirewallRules: [{4D59D664-9E61-4B81-9A7E-B8E6BE4D9AA8}] => (Allow) D:\Program Files\Steam\steamapps\common\hotline_miami\HotlineMiami.exe FirewallRules: [{F2C8AB57-7490-45EC-8ACD-149FB1FDB824}] => (Allow) D:\Program Files\Steam\steamapps\common\MountBlade Warband\mb_warband.exe FirewallRules: [{22369F88-DBFF-4953-A04C-AE34CFF45603}] => (Allow) D:\Program Files\Steam\steamapps\common\MountBlade Warband\mb_warband.exe FirewallRules: [{AE558493-1355-4144-9C14-51D0AC4D25B5}] => (Allow) D:\Program Files\Steam\steamapps\common\warhammer 40,000 space marine\SpaceMarine.exe FirewallRules: [{7DDFEF84-DBA9-49EF-8530-04C113AB223E}] => (Allow) D:\Program Files\Steam\steamapps\common\warhammer 40,000 space marine\SpaceMarine.exe FirewallRules: [{23A88C45-12F4-446D-945E-9FAD7A7FEA84}] => (Allow) D:\Program Files\Steam\steamapps\common\Reign Of Kings\Reign of Kings.exe FirewallRules: [{D84373E1-02BF-4764-B442-7A7CF895C9E5}] => (Allow) D:\Program Files\Steam\steamapps\common\Reign Of Kings\Reign of Kings.exe FirewallRules: [{9D1F475B-9C99-4FEA-A97F-586E73296559}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{19C69FF9-F70D-4214-818C-1C298FECB374}] => (Allow) C:\Users\Daryl\AppData\Local\Apps\2.0\RGBXT4AW.HWE\WHM08VAH.NRB\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\CurseClient.exe FirewallRules: [{DADF9939-0BF7-4B76-946C-50D824A37E0D}] => (Allow) C:\Users\Daryl\AppData\Local\Apps\2.0\RGBXT4AW.HWE\WHM08VAH.NRB\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\CurseClient.exe FirewallRules: [{211C6696-15E6-488F-8175-0AAE181B0E03}] => (Allow) D:\Program Files\Steam\steamapps\common\rust\legacy\rust.exe FirewallRules: [{3076C035-FC1B-4F27-86E8-1F6A66402DD5}] => (Allow) D:\Program Files\Steam\steamapps\common\rust\legacy\rust.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/28/2015 08:33:31 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: CurseClient.exe, version: 4.0.0.10, time stamp: 0x5436d39d Faulting module name: KERNELBASE.dll, version: 6.1.7601.18798, time stamp: 0x5507b87a Exception code: 0xe0434f4d Fault offset: 0x000000000001aaad Faulting process id: 0x%9 Faulting application start time: 0xCurseClient.exe0 Faulting application path: CurseClient.exe1 Faulting module path: CurseClient.exe2 Report Id: CurseClient.exe3 Error: (04/28/2015 08:16:12 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/26/2015 03:46:25 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/26/2015 03:45:51 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: CurseClient.exe, version: 4.0.0.10, time stamp: 0x5436d39d Faulting module name: KERNELBASE.dll, version: 6.1.7601.18798, time stamp: 0x5507b87a Exception code: 0xe0434f4d Fault offset: 0x000000000001aaad Faulting process id: 0x%9 Faulting application start time: 0xCurseClient.exe0 Faulting application path: CurseClient.exe1 Faulting module path: CurseClient.exe2 Report Id: CurseClient.exe3 Error: (04/26/2015 11:25:51 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/26/2015 11:24:12 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: CurseClient.exe, version: 4.0.0.10, time stamp: 0x5436d39d Faulting module name: KERNELBASE.dll, version: 6.1.7601.18798, time stamp: 0x5507b87a Exception code: 0xe0434f4d Fault offset: 0x000000000001aaad Faulting process id: 0x%9 Faulting application start time: 0xCurseClient.exe0 Faulting application path: CurseClient.exe1 Faulting module path: CurseClient.exe2 Report Id: CurseClient.exe3 Error: (04/26/2015 10:51:25 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/26/2015 10:50:53 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: CurseClient.exe, version: 4.0.0.10, time stamp: 0x5436d39d Faulting module name: KERNELBASE.dll, version: 6.1.7601.18798, time stamp: 0x5507b87a Exception code: 0xe0434f4d Fault offset: 0x000000000001aaad Faulting process id: 0x%9 Faulting application start time: 0xCurseClient.exe0 Faulting application path: CurseClient.exe1 Faulting module path: CurseClient.exe2 Report Id: CurseClient.exe3 System errors: ============= Error: (04/28/2015 08:14:15 AM) (Source: volmgr) (EventID: 46) (User: ) Description: Crash dump initialization failed! Error: (04/28/2015 08:13:39 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (04/28/2015 08:13:39 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Fitbit Connect Service service terminated unexpectedly. It has done this 3 time(s). Error: (04/28/2015 08:13:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Modules Installer service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. Error: (04/28/2015 08:13:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (04/28/2015 08:13:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (04/28/2015 08:13:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Fitbit Connect Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error: (04/28/2015 08:13:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Office Software Protection Platform service terminated unexpectedly. It has done this 1 time(s). Error: (04/28/2015 08:13:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (04/28/2015 08:13:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Microsoft Office Sessions: ========================= Error: (04/28/2015 08:33:31 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: CurseClient.exe4.0.0.105436d39dKERNELBASE.dll6.1.7601.187985507b87ae0434f4d000000000001aaad Error: (04/28/2015 08:16:12 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/26/2015 03:46:25 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/26/2015 03:45:51 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: CurseClient.exe4.0.0.105436d39dKERNELBASE.dll6.1.7601.187985507b87ae0434f4d000000000001aaad Error: (04/26/2015 11:25:51 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/26/2015 11:24:12 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: CurseClient.exe4.0.0.105436d39dKERNELBASE.dll6.1.7601.187985507b87ae0434f4d000000000001aaad Error: (04/26/2015 10:51:25 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/26/2015 10:50:53 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: CurseClient.exe4.0.0.105436d39dKERNELBASE.dll6.1.7601.187985507b87ae0434f4d000000000001aaad CodeIntegrity Errors: =================================== Date: 2012-04-23 23:02:45.289 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-04-23 23:02:45.289 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-04-23 23:00:57.135 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-04-23 23:00:57.135 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-04-23 22:57:26.117 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-04-23 22:57:26.117 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-04-23 22:56:08.454 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-04-23 22:56:08.454 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-04-23 22:54:39.367 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-04-23 22:54:39.351 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel® Core i5-2500 CPU @ 3.30GHz Percentage of memory in use: 21% Total physical RAM: 8103.52 MB Available physical RAM: 6395.75 MB Total Pagefile: 8101.71 MB Available Pagefile: 6221.3 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:59.53 GB) (Free:7.25 GB) NTFS Drive d: (HDD) (Fixed) (Total:1397.26 GB) (Free:343.31 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 59.6 GB) (Disk ID: 5DA2DBCC) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=59.5 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: AAD0F69D) Partition 1: (Active) - (Size=1397.3 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  9. Hi Borislav! Thank you so much for replying. Here are my logs: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2015 01 Ran by Daryl (administrator) on DARYL-PC on 28-04-2015 09:14:12 Running from C:\Users\Daryl\Desktop Loaded Profiles: Daryl (Available profiles: Daryl & Jessie) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (AMD) C:\Windows\System32\atieclxx.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Spotify Ltd) C:\Users\Daryl\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Logitech©) C:\Program Files (x86)\Logitech\G35\G35.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_223_ActiveX.exe (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-27] (NVIDIA Corporation) HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [Logitech G35] => C:\Program Files (x86)\Logitech\G35\G35.exe [1811800 2010-10-05] (Logitech©) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess? HKU\S-1-5-21-3472384728-3891243327-1104791788-1000\...\Run: [zASRockInstantBoot] => [X] HKU\S-1-5-21-3472384728-3891243327-1104791788-1000\...\Run: [steam] => D:\Program Files\Steam\steam.exe [2889408 2015-04-13] (Valve Corporation) HKU\S-1-5-21-3472384728-3891243327-1104791788-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673184 2013-07-03] (Disc Soft Ltd) HKU\S-1-5-21-3472384728-3891243327-1104791788-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd) HKU\S-1-5-21-3472384728-3891243327-1104791788-1000\...\Run: [spotify Web Helper] => C:\Users\Daryl\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-02-15] (Spotify Ltd) HKU\S-1-5-21-3472384728-3891243327-1104791788-1000\...\Run: [AceWebException] => C:\Users\Daryl\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe HKU\S-1-5-21-3472384728-3891243327-1104791788-1000\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-3472384728-3891243327-1104791788-1000\...\MountPoints2: {e72a9c21-6c68-11e2-9c03-bc5ff435603a} - H:\LaunchU3.exe -a HKU\S-1-5-21-3472384728-3891243327-1104791788-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation) HKU\S-1-5-21-3472384728-3891243327-1104791788-1000\...409d6c4515e9\InprocServer32: [Default-shell32] <==== ATTENTION! Startup: C:\Users\Daryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2014-10-24] () Startup: C:\Users\Daryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TheHunter Hack Tool.lnk [2015-03-15] ShortcutTarget: TheHunter Hack Tool.lnk -> C:\ProgramData\{ce310c20-84c0-ba62-ce31-10c2084c3082}\TheHunter Hack Tool.exe (No File) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKU\S-1-5-21-3472384728-3891243327-1104791788-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3472384728-3891243327-1104791788-1000 -> DefaultScope {DE73AEB0-240D-4fad-8986-34A0746E8462} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3472384728-3891243327-1104791788-1000 -> {DE73AEB0-240D-4fad-8986-34A0746E8462} URL = https://www.google.com/search?q={searchTerms} BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation) Toolbar: HKU\S-1-5-21-3472384728-3891243327-1104791788-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 FireFox: ======== FF ProfilePath: C:\Users\Daryl\AppData\Roaming\Mozilla\Firefox\Profiles\g03ff0aw.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-18] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-18] () FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-25] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-08] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-08] (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-21] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-21] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3472384728-3891243327-1104791788-1000: @acestream.net/acestreamplugin,version=3.0.3 -> C:\Users\Daryl\AppData\Roaming\ACEStream\player\npace_plugin.dll [2014-12-07] (Innovative Digital Technologies) Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR HomePage: Default -> https://www.google.com/ CHR StartupUrls: Default -> "https://www.google.com/" CHR Profile: C:\Users\Daryl\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (YouTube) - C:\Users\Daryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-18] CHR Extension: (Slinky Elegant) - C:\Users\Daryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmanlajnpdncmhfkiccmbgeocgbncfln [2015-04-26] CHR Extension: (Adblock Plus) - C:\Users\Daryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-18] CHR Extension: (Google Search) - C:\Users\Daryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-18] CHR Extension: (TreMendOusSalee) - C:\Users\Daryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\figfkcnjhphoacbljgmpogfhhpmlelfm [2015-04-10] CHR Extension: (Bookmark Manager) - C:\Users\Daryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-02-22] CHR Extension: (SparkChess 7) - C:\Users\Daryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\khgabmflimjjbclkmljlpmgaleanedem [2014-01-18] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Daryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-27] CHR Extension: (Webcam Toy) - C:\Users\Daryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2014-01-18] CHR Extension: (Google Wallet) - C:\Users\Daryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-18] CHR Extension: (Battlelog Emblem Editor Extended) - C:\Users\Daryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\noagedoiolkfaoaknohhepocfeooibjb [2015-04-03] CHR Extension: (Gmail) - C:\Users\Daryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-18] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-03-15] () [File not signed] R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1436192 2014-05-19] (Fitbit, Inc.) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-27] (NVIDIA Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation) S4 np20ugt; C:\Users\Daryl\AppData\Roaming\bf5n8tqv.bat [89 2012-09-01] () [File not signed] R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-27] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-27] (NVIDIA Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-03-15] () S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-07-04] (Disc Soft Ltd) R3 LADF_DHP2; C:\Windows\System32\DRIVERS\ladfDHP2amd64.sys [62168 2010-09-29] (Logitech) R3 LADF_SBVM; C:\Windows\System32\DRIVERS\ladfSBVMamd64.sys [377176 2010-09-29] (Logitech) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-27] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [34016 2014-05-28] (Microsoft Corporation) S3 Andbus; system32\DRIVERS\lgandbus64.sys [X] S3 AndDiag; system32\DRIVERS\lganddiag64.sys [X] S3 AndGps; system32\DRIVERS\lgandgps64.sys [X] S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [X] S3 dgderdrv; System32\drivers\dgderdrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-28 09:14 - 2015-04-28 09:14 - 00015235 _____ () C:\Users\Daryl\Desktop\FRST.txt 2015-04-28 08:47 - 2015-04-28 09:14 - 00000000 ____D () C:\FRST 2015-04-28 08:47 - 2015-04-28 08:47 - 02100736 _____ (Farbar) C:\Users\Daryl\Desktop\FRST64.exe 2015-04-28 08:08 - 2015-04-28 08:08 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-DARYL-PC-Windows-7-Home-Premium-(64-bit).dat 2015-04-28 08:08 - 2015-04-28 08:08 - 00000000 ____D () C:\RegBackup 2015-04-28 08:07 - 2015-04-28 08:07 - 02224640 _____ () C:\Users\Daryl\Desktop\adwcleaner_4.202.exe 2015-04-28 08:06 - 2015-04-28 08:06 - 02716174 _____ (Thisisu) C:\Users\Daryl\Desktop\JRT.exe 2015-04-26 10:54 - 2015-04-26 10:54 - 00000000 _____ () C:\autoexec.bat 2015-04-26 10:50 - 2015-04-26 10:50 - 00087992 _____ () C:\Users\Daryl\AppData\Local\GDIPFONTCACHEV1.DAT 2015-04-26 10:49 - 2015-04-28 08:14 - 00000840 _____ () C:\Windows\setupact.log 2015-04-26 10:49 - 2015-04-26 10:49 - 04900016 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-04-26 10:49 - 2015-04-26 10:49 - 00000354 _____ () C:\Windows\PFRO.log 2015-04-26 10:49 - 2015-04-26 10:49 - 00000000 _____ () C:\Windows\setuperr.log 2015-04-26 10:48 - 2015-04-26 10:49 - 00167516 _____ () C:\Users\Daryl\Documents\cc_20150426_104854.reg 2015-04-26 00:30 - 2015-04-26 00:30 - 00003200 _____ () C:\Windows\System32\Tasks\{CA85425A-81A6-400D-9477-DDAF024EF01C} 2015-04-22 10:26 - 2015-04-08 16:32 - 00560968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2015-04-22 10:25 - 2015-04-08 20:58 - 31570064 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 30397072 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 25375048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 24053576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 15818528 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 15716232 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 14617288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 14006752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 12852784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 11380728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 10423952 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2015-04-22 10:25 - 2015-04-08 20:58 - 02935416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 02896528 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 02573456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 01895568 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435012.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435012.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 01086424 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 01047368 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 01037640 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 00970568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 00962192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 00927440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 00499344 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 00402576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 00346256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 00175880 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 00154256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 00150648 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2015-04-22 10:25 - 2015-04-08 20:58 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2015-04-15 01:26 - 2015-04-01 19:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-04-15 01:26 - 2015-03-24 23:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-04-15 01:26 - 2015-03-24 23:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-04-15 01:26 - 2015-03-24 23:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-04-15 01:26 - 2015-03-24 23:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-04-15 01:26 - 2015-03-24 23:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-04-15 01:26 - 2015-03-24 23:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-04-15 01:26 - 2015-03-24 23:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-04-15 01:26 - 2015-03-24 23:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-04-15 01:26 - 2015-03-24 23:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-04-15 01:26 - 2015-03-24 23:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-04-15 01:26 - 2015-03-24 23:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-04-15 01:26 - 2015-03-24 23:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-04-15 01:26 - 2015-03-24 23:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-04-15 01:26 - 2015-03-24 23:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-04-15 01:26 - 2015-03-24 23:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-04-15 01:26 - 2015-03-24 23:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-04-15 01:26 - 2015-03-22 23:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-04-15 01:26 - 2015-03-22 23:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-04-15 01:26 - 2015-03-22 23:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-04-15 01:26 - 2015-03-22 23:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-04-15 01:26 - 2015-03-22 23:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-04-15 01:26 - 2015-03-22 23:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-04-15 01:26 - 2015-03-22 23:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-04-15 01:26 - 2015-03-22 23:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-04-15 01:26 - 2015-03-17 01:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-04-15 01:26 - 2015-03-17 01:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-04-15 01:26 - 2015-03-17 01:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-04-15 01:26 - 2015-03-17 01:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-04-15 01:26 - 2015-03-17 01:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-04-15 01:26 - 2015-03-17 01:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-04-15 01:26 - 2015-03-17 01:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-04-15 01:26 - 2015-03-17 01:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-04-15 01:26 - 2015-03-17 01:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-04-15 01:26 - 2015-03-17 01:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-04-15 01:26 - 2015-03-17 01:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-04-15 01:26 - 2015-03-17 01:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-04-15 01:26 - 2015-03-17 01:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-04-15 01:26 - 2015-03-17 01:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-04-15 01:26 - 2015-03-17 01:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-04-15 01:26 - 2015-03-17 01:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-04-15 01:26 - 2015-03-17 01:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-04-15 01:26 - 2015-03-17 01:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-04-15 01:26 - 2015-03-17 01:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-04-15 01:26 - 2015-03-17 01:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-04-15 01:26 - 2015-03-17 01:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-04-15 01:26 - 2015-03-17 01:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-04-15 01:26 - 2015-03-17 01:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-04-15 01:26 - 2015-03-17 01:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-04-15 01:26 - 2015-03-17 01:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-04-15 01:26 - 2015-03-17 01:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-04-15 01:26 - 2015-03-17 01:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-04-15 01:26 - 2015-03-17 01:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-04-15 01:26 - 2015-03-17 01:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-04-15 01:26 - 2015-03-17 01:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-04-15 01:26 - 2015-03-17 01:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-04-15 01:26 - 2015-03-17 01:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 01:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-04-15 01:26 - 2015-03-17 01:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-04-15 01:26 - 2015-03-17 00:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-04-15 01:26 - 2015-03-17 00:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-04-15 01:26 - 2015-03-17 00:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-04-15 01:26 - 2015-03-17 00:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-04-15 01:26 - 2015-03-17 00:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-04-15 01:26 - 2015-03-17 00:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-04-15 01:26 - 2015-03-17 00:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-04-15 01:26 - 2015-03-17 00:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-04-15 01:26 - 2015-03-17 00:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-04-15 01:26 - 2015-03-17 00:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-04-15 01:26 - 2015-03-17 00:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-04-15 01:26 - 2015-03-17 00:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-04-15 01:26 - 2015-03-17 00:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-04-15 01:26 - 2015-03-17 00:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-04-15 01:26 - 2015-03-17 00:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-04-15 01:26 - 2015-03-17 00:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-04-15 01:26 - 2015-03-17 00:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-04-15 01:26 - 2015-03-17 00:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-04-15 01:26 - 2015-03-17 00:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-04-15 01:26 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-04-15 01:26 - 2015-03-16 23:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-04-15 01:26 - 2015-03-16 23:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-04-15 01:26 - 2015-03-16 23:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-04-15 01:26 - 2015-03-16 23:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-04-15 01:26 - 2015-03-16 23:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-04-15 01:26 - 2015-03-16 23:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-04-15 01:26 - 2015-03-13 00:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-04-15 01:26 - 2015-03-13 00:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-04-15 01:26 - 2015-03-12 23:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-04-15 01:26 - 2015-03-12 23:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-04-15 01:26 - 2015-03-12 23:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-04-15 01:26 - 2015-03-12 23:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-04-15 01:26 - 2015-03-12 23:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-04-15 01:26 - 2015-03-12 23:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-04-15 01:26 - 2015-03-12 23:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-04-15 01:26 - 2015-03-12 22:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-04-15 01:26 - 2015-03-12 22:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-04-15 01:26 - 2015-03-09 23:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-04-15 01:26 - 2015-03-09 23:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2015-04-15 01:26 - 2015-03-09 23:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2015-04-15 01:26 - 2015-03-09 23:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2015-04-15 01:26 - 2015-03-05 01:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-04-15 01:26 - 2015-03-05 00:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2015-04-15 01:26 - 2015-02-24 23:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys 2015-04-15 01:25 - 2015-04-01 20:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-04-15 01:25 - 2015-03-13 00:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-04-15 01:25 - 2015-03-13 00:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-04-15 01:25 - 2015-03-13 00:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-04-15 01:25 - 2015-03-13 00:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-04-15 01:25 - 2015-03-13 00:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-04-15 01:25 - 2015-03-13 00:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-04-15 01:25 - 2015-03-13 00:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-04-15 01:25 - 2015-03-13 00:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-04-15 01:25 - 2015-03-12 23:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-04-15 01:25 - 2015-03-12 23:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-04-15 01:25 - 2015-03-12 23:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-04-15 01:25 - 2015-03-12 23:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-04-15 01:25 - 2015-03-12 23:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-04-15 01:25 - 2015-03-12 23:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-04-15 01:25 - 2015-03-12 23:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-04-15 01:25 - 2015-03-12 23:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-04-15 01:25 - 2015-03-12 23:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-04-15 01:25 - 2015-03-12 23:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-04-15 01:25 - 2015-03-12 23:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-04-15 01:25 - 2015-03-12 23:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-04-15 01:25 - 2015-03-12 23:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-04-15 01:25 - 2015-03-12 23:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-04-15 01:25 - 2015-03-12 23:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-04-15 01:25 - 2015-03-12 23:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-04-15 01:25 - 2015-03-12 23:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-04-15 01:25 - 2015-03-12 23:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-04-15 01:25 - 2015-03-12 23:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-04-15 01:25 - 2015-03-12 23:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-04-15 01:25 - 2015-03-12 23:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-04-15 01:25 - 2015-03-12 23:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-04-15 01:25 - 2015-03-12 23:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-04-15 01:25 - 2015-03-12 23:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-04-15 01:25 - 2015-03-12 23:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-04-15 01:25 - 2015-03-12 22:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-04-15 01:25 - 2015-03-12 22:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-04-15 01:25 - 2015-03-12 22:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-04-15 01:25 - 2015-03-12 22:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-04-15 01:25 - 2015-03-12 22:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-04-15 01:25 - 2015-03-12 22:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-04-15 01:25 - 2015-03-12 22:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-04-15 01:25 - 2015-03-12 22:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-04-15 01:25 - 2015-03-12 22:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-04-15 01:25 - 2015-03-12 22:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-04-15 01:25 - 2015-03-12 22:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-04-15 01:25 - 2015-03-12 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-04-15 01:25 - 2015-03-04 00:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys 2015-04-15 01:25 - 2015-03-04 00:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll 2015-04-15 01:25 - 2015-03-04 00:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll 2015-04-14 16:44 - 2015-04-14 16:44 - 00000000 ____D () C:\Users\Daryl\AppData\Local\openvr 2015-04-10 08:33 - 2015-04-28 07:51 - 00000020 _____ () C:\Users\Daryl\AppData\Roaming\appdataFr3.bin 2015-04-10 04:54 - 2015-04-10 09:49 - 00000000 ____D () C:\Program Files (x86)\BorderlineInstance 2015-04-10 04:53 - 2015-04-10 09:48 - 00000000 ____D () C:\Program Files (x86)\TreMendOusSalee 2015-04-10 04:53 - 2015-04-10 09:48 - 00000000 ____D () C:\Program Files (x86)\NoNNoeizzeBrowwsEE 2015-04-10 04:53 - 2015-04-10 09:48 - 00000000 ____D () C:\Program Files (x86)\Bookmarks Button 2015-04-10 04:53 - 2015-04-10 04:53 - 00000000 ____D () C:\ProgramData\16636086434125824409 2015-04-04 03:00 - 2015-04-04 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX 2015-04-04 03:00 - 2015-04-04 03:00 - 00000000 ___SD () C:\Windows\system32\GWX ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-28 09:08 - 2012-04-25 19:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-04-28 08:59 - 2014-01-18 15:32 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-28 08:54 - 2012-04-25 19:35 - 00000000 ____D () C:\Users\Daryl\AppData\Roaming\uTorrent 2015-04-28 08:22 - 2009-07-14 00:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-28 08:22 - 2009-07-14 00:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-28 08:20 - 2009-07-14 01:13 - 00786622 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-28 08:17 - 2012-04-23 21:23 - 01739313 _____ () C:\Windows\WindowsUpdate.log 2015-04-28 08:14 - 2014-12-07 22:21 - 00000000 ____D () C:\Users\Daryl\AppData\Local\Deployment 2015-04-28 08:14 - 2014-04-10 19:57 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-04-28 08:14 - 2014-01-18 15:32 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-28 08:14 - 2012-11-14 19:13 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs 2015-04-28 08:14 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-28 08:13 - 2014-01-01 21:30 - 00000000 ____D () C:\AdwCleaner 2015-04-26 15:43 - 2014-08-06 07:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-04-26 11:25 - 2014-08-06 07:17 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-04-26 10:47 - 2014-01-01 21:08 - 00000000 ____D () C:\Program Files\CCleaner 2015-04-26 00:47 - 2012-10-28 13:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-04-22 21:39 - 2012-10-20 21:38 - 00000000 ____D () C:\Users\Daryl\AppData\Roaming\vlc 2015-04-22 10:29 - 2014-04-10 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2015-04-22 10:26 - 2014-04-10 19:44 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2015-04-16 01:24 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat 2015-04-15 03:47 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache 2015-04-15 03:22 - 2014-12-10 04:19 - 00000000 ____D () C:\Windows\system32\appraiser 2015-04-15 03:22 - 2014-05-07 07:23 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-04-15 03:22 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2015-04-15 03:06 - 2012-10-27 07:57 - 00778744 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2015-04-15 03:06 - 2012-06-09 11:21 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-04-15 03:05 - 2013-08-15 03:00 - 00000000 ____D () C:\Windows\system32\MRT 2015-04-12 21:41 - 2015-02-15 15:35 - 00000000 ____D () C:\Users\Daryl\AppData\Roaming\Spotify 2015-04-12 18:55 - 2015-02-15 15:36 - 00000000 ____D () C:\Users\Daryl\AppData\Local\Spotify 2015-04-10 11:06 - 2012-04-29 08:22 - 00000000 ____D () C:\Users\Daryl\AppData\Roaming\DAEMON Tools Lite 2015-04-10 11:03 - 2012-11-12 19:10 - 00000000 ____D () C:\Users\Daryl\AppData\Roaming\Skype 2015-04-10 09:49 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\IME 2015-04-08 20:58 - 2014-04-10 19:56 - 17176128 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll 2015-04-08 20:58 - 2014-04-10 19:56 - 12689592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2015-04-08 20:58 - 2014-04-10 19:56 - 03317344 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2015-04-08 20:58 - 2014-04-10 19:56 - 00029329 _____ () C:\Windows\system32\nvinfo.pb 2015-04-08 17:30 - 2014-10-26 22:13 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2015-04-08 17:30 - 2014-04-10 19:57 - 06841488 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2015-04-08 17:30 - 2014-04-10 19:57 - 03478344 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2015-04-08 17:30 - 2014-04-10 19:57 - 00936264 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe 2015-04-08 17:30 - 2014-04-10 19:57 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2015-04-08 17:30 - 2014-04-10 19:57 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2015-04-08 13:52 - 2014-04-10 19:57 - 04336074 _____ () C:\Windows\system32\nvcoproc.bin 2015-04-06 11:16 - 2013-12-15 10:10 - 00000000 ____D () C:\Users\Daryl\AppData\Local\Battle.net 2015-04-05 17:00 - 2013-12-15 10:10 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2015-04-01 11:16 - 2012-04-23 21:57 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-03-29 22:05 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF ==================== Files in the root of some directories ======= 2015-03-25 09:41 - 2015-03-25 09:41 - 0000132 _____ () C:\Users\Daryl\AppData\Roaming\Adobe BMP Format CS5 Prefs 2012-09-01 17:29 - 2012-09-01 17:29 - 0086080 _____ () C:\Users\Daryl\AppData\Roaming\aftr4sb.dat 2015-04-10 08:33 - 2015-04-28 07:51 - 0000020 _____ () C:\Users\Daryl\AppData\Roaming\appdataFr3.bin 2012-09-01 17:29 - 2012-09-01 17:29 - 0000089 ____H () C:\Users\Daryl\AppData\Roaming\bf5n8tqv.bat 2015-03-15 12:49 - 2015-03-17 08:31 - 0000100 _____ () C:\Users\Daryl\AppData\Roaming\LauncherSettings_live.cfg 2012-09-01 17:29 - 2012-09-01 17:29 - 0090176 _____ () C:\Users\Daryl\AppData\Roaming\lj1y6nb.dat 2012-09-01 17:28 - 2012-09-01 17:28 - 0060992 _____ () C:\Users\Daryl\AppData\Roaming\serjs58n.dat 2012-09-03 17:41 - 2012-09-03 17:41 - 0060992 _____ () C:\Users\Daryl\AppData\Roaming\slr8k5s.dat 2015-03-15 12:56 - 2015-03-15 14:37 - 0000040 _____ () C:\Users\Daryl\AppData\Roaming\TheHunterSettings_steam_live.cfg 2015-03-25 09:42 - 2015-03-25 09:42 - 0001456 _____ () C:\Users\Daryl\AppData\Local\Adobe Save for Web 12.0 Prefs 2014-03-15 16:54 - 2014-03-15 16:54 - 0012586 _____ () C:\ProgramData\mptmqteo.hmi Some content of TEMP: ==================== C:\Users\Daryl\AppData\Local\Temp\Quarantine.exe C:\Users\Daryl\AppData\Local\Temp\sqlite3.dll C:\Users\Jessie\AppData\Local\Temp\AskPIP_FF_.exe C:\Users\Jessie\AppData\Local\Temp\FoodBuzzInstaller.exe C:\Users\Jessie\AppData\Local\Temp\GenericUninstall.exe C:\Users\Jessie\AppData\Local\Temp\hsbing_717_active.exe C:\Users\Jessie\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe C:\Users\Jessie\AppData\Local\Temp\nvSCPAPI.dll C:\Users\Jessie\AppData\Local\Temp\nvStInst.exe C:\Users\Jessie\AppData\Local\Temp\setup.exe C:\Users\Jessie\AppData\Local\Temp\tbSomo.dll C:\Users\Jessie\AppData\Local\Temp\uninstaller.exe C:\Users\Jessie\AppData\Local\Temp\unlockphone1setup.exe C:\Users\Jessie\AppData\Local\Temp\WSSetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-24 11:40 ==================== End Of Log ============================
  10. Hi I've been working on trying to get my web browser, Google Chrome, cleaned up from a nasty popup with the name "EnormouSales". It puts ads in my pages, makes random words on webpages clickable, and sometimes opens a popup. Can anyone help me out?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.