Jump to content

adware not being picked up by any method

tranquilsea
 Share

Recommended Posts

tranquilsea

tranquilsea

Posted
Posted

A toddler went crazy on my computer and somehow managed to download malware that has been impossible to remove.  I have run multiple malwarebytes scans, virus scans and finally went on a search and destroy mission.  We use google chrome.  We are getting blinky ads and browser hijacks.  If I go into chrome/tools/extensions there are always random ads there.  We delete them and they come back.  We've narrowed it down to our user folders>appdata>roaming and this file is there:  appdataFr25.bin.  We delete it off of every ID and its' back again on reboot or the relaunching of a web browser.

 

Thanks in advance for any help you are able to offer.

 

Here are the logs that were requested in the post: I'm Infected

 

Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) D:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Curse) C:\Users\Annabelle\AppData\Local\Apps\2.0\441XQH9B.BWE\BM9OHJ03.XLX\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2685072 2015-05-07] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7573208 2014-04-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1385840 2014-04-15] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => D:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585048 2014-05-31] (Razer Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKU\S-1-5-21-2693548089-2634108147-588619525-1007\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28785792 2015-06-02] (Skype Technologies S.A.)
HKU\S-1-5-21-2693548089-2634108147-588619525-1007\...\Run: [EADM] => D:\EA Games\Origin\Origin.exe [3632112 2015-06-29] (Electronic Arts)
HKU\S-1-5-21-2693548089-2634108147-588619525-1007\...\Run: [GoogleChromeAutoLaunch_C791BC4D4C024EC8BE3DAE791776EF63] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-06-05] (Google Inc.)
HKU\S-1-5-21-2693548089-2634108147-588619525-1007\...\MountPoints2: {c9da9c74-d9e3-11e3-824c-806e6f6e6963} - "E:\Autorun.exe" 
AppInit_DLLs-x32: c:\progra~3\{d2b13~1\1170~1.1\neno.dll => "c:\progra~3\{d2b13~1\1170~1.1\neno.dll" File not found
Startup: C:\Users\Annabelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2014-06-26] ()
Startup: C:\Users\Katharyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk [2015-04-27]
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2693548089-2634108147-588619525-1007\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKU\S-1-5-21-2693548089-2634108147-588619525-1007\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-ca/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2693548089-2634108147-588619525-1007 -> DefaultScope {589B893E-773C-4941-88C2-0DCC718E621C} URL = 
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.9
Tcpip\..\Interfaces\{FE91E6DD-5479-4576-A92D-D9122C0BD17E}: [DhcpNameServer] 192.168.1.254 75.153.176.9
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-09-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-09-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Annabelle\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Annabelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-26]
CHR Extension: (Google Drive) - C:\Users\Annabelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-26]
CHR Extension: (YouTube) - C:\Users\Annabelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-26]
CHR Extension: (Google Search) - C:\Users\Annabelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-26]
CHR Extension: (Hola Better Internet Engine) - C:\Users\Annabelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\epbfmioobedknooiakdehepogalbgkng [2015-01-27]
CHR Extension: (MSN Homepage & Bing Search Engine) - C:\Users\Annabelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2014-10-27]
CHR Extension: (Hola Better Internet) - C:\Users\Annabelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-06-26]
CHR Extension: (Skype Click to Call) - C:\Users\Annabelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-10-27]
CHR Extension: (Google Wallet) - C:\Users\Annabelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-26]
CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\Annabelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp [2014-10-17]
CHR Extension: (Gmail) - C:\Users\Annabelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-26]
CHR Profile: C:\Users\Annabelle\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Annabelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-13]
CHR Extension: (Google Docs) - C:\Users\Annabelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-13]
CHR Extension: (Google Drive) - C:\Users\Annabelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Annabelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-13]
CHR Extension: (Adguard AdBlocker) - C:\Users\Annabelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2015-01-22]
CHR Extension: (YouTube) - C:\Users\Annabelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-13]
CHR Extension: (Google Search) - C:\Users\Annabelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-13]
CHR Extension: (MSN Homepage & Bing Search Engine) - C:\Users\Annabelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-01-13]
CHR Extension: (Google Sheets) - C:\Users\Annabelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-13]
CHR Extension: (Hola Better Internet) - C:\Users\Annabelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-01-13]
CHR Extension: (TicTaACoupon) - C:\Users\Annabelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iejpkejhhhpdbnfolipebajojgldpiof [2015-06-12]
CHR Extension: (Google Wallet) - C:\Users\Annabelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-13]
CHR Extension: (My Chrome Theme) - C:\Users\Annabelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2015-01-13]
CHR Extension: (Gmail) - C:\Users\Annabelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-13]
CHR Profile: C:\Users\Annabelle\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\Annabelle\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-06]
CHR Extension: (Google Docs) - C:\Users\Annabelle\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-06]
CHR Extension: (Google Drive) - C:\Users\Annabelle\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-06]
CHR Extension: (Adguard AdBlocker) - C:\Users\Annabelle\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2015-03-06]
CHR Extension: (YouTube) - C:\Users\Annabelle\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-06]
CHR Extension: (Google Search) - C:\Users\Annabelle\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-06]
CHR Extension: (Google Sheets) - C:\Users\Annabelle\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-06]
CHR Extension: (Hola Better Internet) - C:\Users\Annabelle\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-03-06]
CHR Extension: (TicTaACoupon) - C:\Users\Annabelle\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\iejpkejhhhpdbnfolipebajojgldpiof [2015-06-12]
CHR Extension: (Google Wallet) - C:\Users\Annabelle\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-06]
CHR Extension: (Gmail) - C:\Users\Annabelle\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-06]
CHR HKU\S-1-5-21-2693548089-2634108147-588619525-1007\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240576 2013-10-06] (DTS, Inc)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [233776 2015-05-19] (EasyAntiCheat Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-07] (NVIDIA Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
S2 MBAMService; D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1884304 2015-05-07] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22997648 2015-05-07] (NVIDIA Corporation)
S3 Origin Client Service; D:\EA Games\Origin\OriginClientService.exe [2004488 2015-06-29] (Electronic Arts)
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2012-05-07] ()
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [457496 2014-03-14] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-07] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
S3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39080 2014-05-18] (Razer Inc)
R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
S3 rzmpos; C:\Windows\System32\drivers\rzmpos.sys [34984 2014-05-18] (Razer Inc)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-01 11:18 - 2015-07-01 11:19 - 00000000 ____D C:\FRST
2015-07-01 11:08 - 2015-07-01 11:12 - 00000024 _____ C:\Users\Annabelle\AppData\Roaming\appdataFr25.bin
2015-07-01 10:04 - 2015-07-01 10:04 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Apple Computer
2015-06-30 23:10 - 2015-06-30 23:10 - 00000000 ____D C:\Users\Kyle\AppData\Local\Apple
2015-06-30 01:49 - 2015-06-30 01:49 - 00000000 ____D C:\Users\Kyle\AppData\Local\Apps\2.0
2015-06-28 21:57 - 2015-06-28 21:57 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Rogue Legacy
2015-06-26 09:01 - 2015-06-26 09:01 - 00000706 _____ C:\Users\Katharyn\Downloads\Setup                          (2).website
2015-06-26 09:00 - 2015-06-26 09:00 - 00000706 _____ C:\Users\Katharyn\Downloads\Setup                         .website
2015-06-26 09:00 - 2015-06-26 09:00 - 00000706 _____ C:\Users\Katharyn\Downloads\Setup                          (1).website
2015-06-23 15:55 - 2015-06-23 15:55 - 00000000 ____D C:\Users\Kyle\AppData\Local\Apple Computer
2015-06-23 15:55 - 2015-06-23 15:55 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-06-22 07:22 - 2015-06-22 07:22 - 00000000 ____D C:\Users\Annabelle\AppData\Roaming\Apple Computer
2015-06-21 18:33 - 2015-07-01 07:36 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-21 18:33 - 2015-06-21 18:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-21 18:33 - 2015-06-21 18:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-21 18:33 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-21 18:33 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-21 18:33 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-21 18:25 - 2015-06-23 15:55 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Apple Computer
2015-06-21 14:23 - 2015-06-21 14:23 - 00000000 ____D C:\Users\Katharyn\AppData\Local\Apple
2015-06-21 13:21 - 2015-06-21 13:21 - 00000000 ____D C:\Users\Katharyn\AppData\Roaming\Apple Computer
2015-06-21 09:31 - 2015-06-21 09:55 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Apple Computer
2015-06-21 09:31 - 2015-06-21 09:31 - 00000000 ____D C:\Users\Kevin\AppData\Local\Apple Computer
2015-06-21 09:31 - 2015-06-21 09:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-06-21 09:31 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-06-21 09:30 - 2015-06-21 09:30 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-06-21 09:30 - 2015-06-21 09:30 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2015-06-21 09:30 - 2015-06-21 09:30 - 00000000 ____D C:\Users\Kevin\AppData\Local\Apple
2015-06-21 09:30 - 2015-06-21 09:30 - 00000000 ____D C:\ProgramData\Apple Computer
2015-06-21 09:30 - 2015-06-21 09:30 - 00000000 ____D C:\ProgramData\Apple
2015-06-21 09:30 - 2015-06-21 09:30 - 00000000 ____D C:\Program Files\iPod
2015-06-21 09:30 - 2015-06-21 09:30 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-06-21 09:30 - 2015-06-21 09:30 - 00000000 ____D C:\Program Files\Bonjour
2015-06-21 09:30 - 2015-06-21 09:30 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-06-21 09:30 - 2015-06-21 09:30 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-06-21 09:30 - 2015-06-21 09:30 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-06-17 12:39 - 2015-06-18 15:53 - 00000000 ____D C:\Users\Katharyn\AppData\Local\Battle.net
2015-06-17 12:39 - 2015-06-17 12:40 - 00000000 ____D C:\Users\Katharyn\AppData\Roaming\Battle.net
2015-06-17 12:39 - 2015-06-17 12:39 - 00000000 ____D C:\Users\Katharyn\AppData\Local\Blizzard Entertainment
2015-06-14 00:18 - 2015-06-14 18:00 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\.StarMade
2015-06-12 08:13 - 2015-07-01 08:13 - 00000380 _____ C:\Windows\Tasks\PersonalityCheck.job
2015-06-12 08:13 - 2015-06-22 08:13 - 00000000 ____D C:\ProgramData\{ba2585a9-50f9-bb5f-ba25-585a950f16a5}
2015-06-12 08:13 - 2015-06-12 08:13 - 00004096 _____ C:\Windows\SysWOW64\ntwdblib.dll
2015-06-12 08:13 - 2015-06-12 08:13 - 00003274 _____ C:\Windows\System32\Tasks\PersonalityCheck
2015-06-10 15:15 - 2015-06-10 15:28 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\FEZ
2015-06-10 15:15 - 2014-06-15 17:09 - 00012005 _____ C:\Users\Kyle\AppData\Roaming\alsoft.ini
2015-06-09 17:56 - 2015-05-27 07:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-09 17:56 - 2015-05-27 07:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-09 17:56 - 2015-05-25 06:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-09 17:56 - 2015-05-25 06:07 - 01430528 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-09 17:56 - 2015-05-22 20:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-09 17:56 - 2015-05-22 20:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-09 17:56 - 2015-05-22 20:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-09 17:56 - 2015-05-22 20:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-09 17:56 - 2015-05-22 20:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-09 17:56 - 2015-05-22 19:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-09 17:56 - 2015-05-22 19:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-09 17:56 - 2015-05-22 19:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-09 17:56 - 2015-05-22 19:47 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-06-09 17:56 - 2015-05-22 19:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-06-09 17:56 - 2015-05-22 19:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-09 17:56 - 2015-05-22 19:38 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-09 17:56 - 2015-05-22 19:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-09 17:56 - 2015-05-22 19:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-09 17:56 - 2015-05-22 19:28 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-06-09 17:56 - 2015-05-22 19:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-09 17:56 - 2015-05-22 19:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-09 17:56 - 2015-05-22 19:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-09 17:56 - 2015-05-22 12:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-09 17:56 - 2015-05-22 12:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-09 17:56 - 2015-05-22 12:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-09 17:56 - 2015-05-22 11:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-09 17:56 - 2015-05-22 11:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-09 17:56 - 2015-05-22 11:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-09 17:56 - 2015-05-22 11:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-09 17:56 - 2015-05-22 11:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-09 17:56 - 2015-05-22 11:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-06-09 17:56 - 2015-05-22 11:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-09 17:56 - 2015-05-22 11:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-06-09 17:56 - 2015-05-22 11:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-06-09 17:56 - 2015-05-22 11:08 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-09 17:56 - 2015-05-22 11:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-09 17:56 - 2015-05-22 11:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-09 17:56 - 2015-05-22 10:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-09 17:56 - 2015-05-22 10:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-09 17:56 - 2015-05-22 10:49 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-06-09 17:56 - 2015-05-22 10:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-09 17:56 - 2015-05-22 10:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-09 17:56 - 2015-05-22 06:08 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-09 17:56 - 2015-05-21 09:47 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-09 17:56 - 2015-05-21 06:08 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-09 17:56 - 2015-05-21 06:08 - 01020928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-09 17:56 - 2015-05-21 06:08 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-09 17:56 - 2015-05-21 06:08 - 00422912 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-09 17:56 - 2015-05-21 06:08 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-09 17:56 - 2015-05-21 06:08 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-09 17:56 - 2015-04-24 19:34 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-09 17:56 - 2015-04-24 19:33 - 00549888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-09 17:56 - 2015-04-16 15:07 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-09 17:56 - 2015-04-15 23:17 - 00325464 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2015-06-09 17:56 - 2015-04-13 15:37 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
2015-06-09 17:56 - 2015-04-13 15:34 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll
2015-06-09 17:56 - 2015-04-09 17:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2015-06-09 17:56 - 2015-04-09 17:17 - 01018880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2015-06-09 17:56 - 2015-04-08 15:41 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rgb9rast.dll
2015-06-09 17:56 - 2015-04-08 15:07 - 00410336 _____ C:\Windows\system32\ApnDatabase.xml
2015-06-09 17:56 - 2015-04-01 15:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-06-09 17:56 - 2015-04-01 15:30 - 02483712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-06-09 17:56 - 2015-03-31 21:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2015-06-09 17:56 - 2015-03-31 21:18 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2015-06-09 17:56 - 2015-03-31 21:17 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2015-06-09 17:56 - 2015-03-31 21:08 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2015-06-09 17:56 - 2015-03-31 20:46 - 03633664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-06-09 17:56 - 2015-03-31 20:17 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-06-09 17:56 - 2015-03-31 20:17 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-06-09 17:56 - 2015-03-31 19:53 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2015-06-09 17:56 - 2015-03-31 19:53 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2015-06-09 17:56 - 2015-03-31 19:45 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2015-06-09 17:56 - 2015-03-31 19:45 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2015-06-09 17:56 - 2015-03-31 19:14 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-06-09 17:56 - 2015-03-31 19:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2015-06-09 17:56 - 2015-03-19 20:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2015-06-09 17:56 - 2015-03-19 20:08 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-06-09 17:56 - 2015-03-19 19:37 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-06-09 17:56 - 2015-03-19 19:07 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-06-09 17:56 - 2015-03-01 18:43 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
2015-06-09 17:56 - 2015-03-01 18:21 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2015-06-05 12:24 - 2015-06-05 12:24 - 00000000 ____D C:\Users\Thomas\AppData\Local\NBGI
2015-06-05 11:37 - 2015-06-05 11:37 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\DarkSoulsII
2015-06-04 10:18 - 2015-06-04 10:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2015-06-04 09:48 - 2015-06-26 13:54 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2015-06-02 21:50 - 2015-06-02 21:50 - 00000000 ____D C:\Users\Katharyn\AppData\Local\GWX
2015-06-01 18:43 - 2015-06-01 18:43 - 00000000 ____D C:\Users\Thomas\AppData\Local\GWX
2015-06-01 11:32 - 2015-06-01 11:32 - 00000000 ____D C:\Users\Kyle\AppData\Local\GWX
2015-06-01 07:26 - 2015-06-01 07:26 - 00000000 ____D C:\Users\Annabelle\AppData\Local\GWX
2015-06-01 06:08 - 2015-06-01 06:08 - 00000000 ____D C:\Users\Kevin\AppData\Local\GWX
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-01 11:07 - 2014-10-27 07:24 - 00000000 ____D C:\Users\Annabelle\AppData\Roaming\Skype
2015-07-01 11:05 - 2014-05-17 13:07 - 00000000 ____D C:\ProgramData\Origin
2015-07-01 11:01 - 2014-05-12 09:30 - 02006319 _____ C:\Windows\WindowsUpdate.log
2015-07-01 11:00 - 2014-06-26 13:08 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2693548089-2634108147-588619525-1007
2015-07-01 11:00 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\sru
2015-07-01 10:59 - 2015-01-12 10:38 - 00003946 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B9D6D58C-AD53-475D-B5F6-CA23AD8E98E4}
2015-07-01 10:55 - 2014-05-12 08:23 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-01 10:51 - 2014-05-12 09:49 - 00006462 _____ C:\Windows\SysWOW64\Gms.log
2015-07-01 10:50 - 2014-06-26 13:40 - 00000000 ____D C:\Users\Annabelle\AppData\Local\Deployment
2015-07-01 10:49 - 2014-05-12 09:36 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-01 10:49 - 2013-08-22 07:46 - 00086090 _____ C:\Windows\setupact.log
2015-07-01 10:49 - 2013-08-22 07:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-01 10:49 - 2013-08-22 06:25 - 01048576 ___SH C:\Windows\system32\config\BBI
2015-07-01 10:14 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\AppReadiness
2015-07-01 10:09 - 2014-06-04 20:34 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2693548089-2634108147-588619525-1006
2015-07-01 10:04 - 2014-12-13 21:35 - 00000000 ____D C:\Users\Thomas\OneDrive
2015-07-01 10:00 - 2014-05-16 13:42 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2693548089-2634108147-588619525-1001
2015-07-01 09:54 - 2014-05-16 13:40 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{DDFEE783-4E15-43CA-B887-D266A6E5388E}
2015-07-01 09:50 - 2014-05-12 07:43 - 00270192 _____ C:\Windows\PFRO.log
2015-07-01 09:50 - 2013-08-22 07:44 - 00346976 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-01 09:47 - 2014-12-28 08:17 - 00000000 __SHD C:\Users\Kevin\AppData\Local\EmieBrowserModeList
2015-07-01 09:47 - 2014-06-11 18:18 - 00000000 __SHD C:\Users\Kevin\AppData\Local\EmieUserList
2015-07-01 09:47 - 2014-06-11 18:18 - 00000000 __SHD C:\Users\Kevin\AppData\Local\EmieSiteList
2015-07-01 08:28 - 2014-05-16 14:13 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-01 08:25 - 2014-06-02 12:01 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2015-07-01 08:20 - 2014-05-16 13:41 - 00000000 ____D C:\Users\Kevin\AppData\Local\Google
2015-07-01 08:13 - 2015-01-31 22:58 - 00000000 ____D C:\Users\Kyle\AppData\Local\Google
2015-07-01 08:13 - 2014-06-26 13:03 - 00000000 ____D C:\Users\Annabelle\AppData\Local\Google
2015-07-01 03:02 - 2015-02-02 16:58 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Skype
2015-06-30 09:49 - 2014-05-17 12:02 - 00000000 ___DO C:\Users\Katharyn\SkyDrive
2015-06-29 20:11 - 2014-05-17 12:07 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2693548089-2634108147-588619525-1003
2015-06-29 17:18 - 2014-06-02 11:56 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{AF6C1DCC-46F6-42C9-9CBB-E7F3B36EF059}
2015-06-29 05:47 - 2015-01-31 23:03 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2693548089-2634108147-588619525-1008
2015-06-28 21:45 - 2015-02-09 19:53 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-06-27 04:52 - 2015-03-20 06:02 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{FD378582-4D53-47AE-A3B9-9B1009709115}
2015-06-26 17:34 - 2015-04-05 13:41 - 00000000 ____D C:\Users\Kyle\AppData\Local\Battle.net
2015-06-26 16:22 - 2014-05-26 12:31 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2015-06-25 09:18 - 2014-07-02 14:32 - 00000000 ____D C:\Users\Katharyn\AppData\Roaming\.minecraft
2015-06-25 01:59 - 2014-06-26 13:33 - 00000000 ____D C:\Users\Annabelle\AppData\Local\Battle.net
2015-06-24 22:22 - 2015-05-23 14:42 - 00000000 ____D C:\Users\Kyle\AppData\Local\ftblauncher
2015-06-24 11:24 - 2014-06-26 13:33 - 00000000 ____D C:\Users\Annabelle\AppData\Roaming\Battle.net
2015-06-24 06:42 - 2013-08-22 08:20 - 00000000 ____D C:\Windows\CbsTemp
2015-06-21 18:50 - 2015-04-28 17:53 - 00000000 ____D C:\ProgramData\Browser
2015-06-21 18:50 - 2015-04-27 14:30 - 00000000 ____D C:\Users\Annabelle\AppData\Local\288673453
2015-06-20 01:01 - 2014-05-12 09:31 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-19 20:02 - 2013-08-22 08:38 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-19 20:02 - 2013-08-22 08:38 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-19 10:40 - 2014-05-16 13:37 - 00000000 ____D C:\Users\Kevin
2015-06-18 16:21 - 2014-05-23 19:17 - 00000000 ____D C:\Users\Katharyn\AppData\Roaming\Origin
2015-06-17 12:26 - 2015-01-27 10:47 - 00252416 ___SH C:\Users\Katharyn\Downloads\Thumbs.db
2015-06-14 12:34 - 2015-04-05 13:41 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Battle.net
2015-06-13 19:31 - 2015-02-14 12:50 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\.minecraft
2015-06-13 02:16 - 2014-09-23 21:46 - 00000000 ____D C:\Users\Thomas\AppData\Local\Battle.net
2015-06-10 08:31 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\rescache
2015-06-10 01:49 - 2014-12-11 22:41 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-10 01:49 - 2014-07-09 16:20 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-10 01:49 - 2013-08-22 08:36 - 00000000 ___RD C:\Windows\ToastData
2015-06-10 01:49 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-09 19:47 - 2014-05-17 14:36 - 00000000 ____D C:\Windows\system32\MRT
2015-06-09 19:43 - 2014-05-17 14:36 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-08 07:39 - 2014-10-23 16:15 - 00000000 ____D C:\ProgramData\Skype
2015-06-05 11:39 - 2014-07-06 14:43 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-06-04 10:19 - 2014-05-26 12:22 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
 
==================== Files in the root of some directories =======
 
2015-07-01 11:08 - 2015-07-01 11:12 - 0000024 _____ () C:\Users\Annabelle\AppData\Roaming\appdataFr25.bin
2014-05-12 09:45 - 2014-05-12 09:45 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Annabelle\AppData\Local\Temp\823873755523258331c.exe
C:\Users\Annabelle\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Annabelle\AppData\Local\Temp\ntwdblib.dll
C:\Users\Annabelle\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Annabelle\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Annabelle\AppData\Local\Temp\nvStInst.exe
C:\Users\Annabelle\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Katharyn\AppData\Local\Temp\EADEDEE.exe
C:\Users\Katharyn\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Kevin\AppData\Local\Temp\EADDC28.exe
C:\Users\Kevin\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Kevin\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Kevin\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Kevin\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Kevin\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Kevin\AppData\Local\Temp\nvStInst.exe
C:\Users\Kevin\AppData\Local\Temp\SIntf16.dll
C:\Users\Kevin\AppData\Local\Temp\SIntf32.dll
C:\Users\Kevin\AppData\Local\Temp\SIntfNT.dll
C:\Users\Kevin\AppData\Local\Temp\UninstallEADM.dll
C:\Users\Kyle\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Thomas\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-30 06:03
 
==================== End of log ============================
 
Next Log:
 
Ran by Annabelle at 2015-07-01 11:19:41
Running from D:\Annabelle's Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2693548089-2634108147-588619525-500 - Administrator - Disabled)
Annabelle (S-1-5-21-2693548089-2634108147-588619525-1007 - Administrator - Enabled) => C:\Users\Annabelle
Guest (S-1-5-21-2693548089-2634108147-588619525-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2693548089-2634108147-588619525-1010 - Limited - Enabled)
Katharyn (S-1-5-21-2693548089-2634108147-588619525-1003 - Limited - Enabled) => C:\Users\Katharyn
Kevin (S-1-5-21-2693548089-2634108147-588619525-1001 - Administrator - Enabled) => C:\Users\Kevin
Kyle (S-1-5-21-2693548089-2634108147-588619525-1008 - Limited - Enabled) => C:\Users\Kyle
Thomas (S-1-5-21-2693548089-2634108147-588619525-1006 - Limited - Enabled) => C:\Users\Thomas
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MX880 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series) (Version:  - Canon Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Curse Client (HKU\S-1-5-21-2693548089-2634108147-588619525-1007\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05.0.0 - Electronic Arts)
Fallout 3 - Game of the Year Edition (HKLM-x32\...\Steam App 22370) (Version:  - Bethesda Game Studios)
FEZ (HKLM-x32\...\Steam App 224760) (Version:  - Polytron Corporation)
Five Nights at Freddy's (HKLM-x32\...\Steam App 319510) (Version:  - Scott Cawthon)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Guns of Icarus Online (HKLM-x32\...\Steam App 209080) (Version:  - Muse Games)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Indie Game: The Movie (HKLM-x32\...\Steam App 207080) (Version:  - BlinkWorks Media)
Intel® Chipset Device Software (x32 Version: 10.0.14 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 19.1 - Intel)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Small Basic v1.0 (HKLM-x32\...\{7AAA27E4-CDB3-49C0-AA2D-41827C001BA3}) (Version: 1.0.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Might & Magic: Clash of Heroes (HKLM-x32\...\Steam App 61700) (Version:  - Capybara Games)
Nero 12 Essentials OEM.a01 (HKLM-x32\...\{2AC099EA-CC1C-4E4E-BDFC-0353DCF13DD0}) (Version: 12.5.00400 - Nero AG)
NVIDIA 3D Vision Controller Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.11 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.11 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.3.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.3.31 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 344.11 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.5.1.571 - Electronic Arts, Inc.)
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.66 - Razer Inc)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.13 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7233 - Realtek Semiconductor Corp.)
Rogue Legacy (HKLM-x32\...\Steam App 241600) (Version:  - Cellar Door Games)
RollerCoaster Tycoon 2 (HKLM-x32\...\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}) (Version:  - )
RollerCoaster Tycoon 2: Wacky Worlds (HKLM-x32\...\{B1AD83A0-DC92-41E3-B111-E9472349768C}) (Version:  - )
RuneScape Launcher 1.2.4 (HKLM-x32\...\{789FF9AB-5FE2-43C8-9FBE-1C3CF9E8A6E9}) (Version: 1.2.4 - Jagex Ltd)
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.3.31 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
SimCity 4 Deluxe (HKLM-x32\...\Steam App 24780) (Version:  - EA - Maxis)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
Starbound - Unstable (HKLM-x32\...\Steam App 367540) (Version:  - )
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version:  - Team Meat)
Super Meat Boy Editor (HKLM-x32\...\Steam App 40810) (Version:  - )
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.8.61.1020 - Electronic Arts Inc.)
The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version:  - Galactic Cafe)
Uplay (HKLM-x32\...\Uplay) (Version: 4.4 - Ubisoft)
Valiant Hearts: The Great War™ / Soldats Inconnus : Mémoires de la Grande Guerre™ (HKLM-x32\...\Steam App 260230) (Version:  - Ubisoft Montpellier)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Warframe (HKLM-x32\...\Steam App 230410) (Version:  - Digital Extremes)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2693548089-2634108147-588619525-1007_Classes\CLSID\{a3fd8959-dee2-4d69-a07c-b5a418ee8f71}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
 
==================== Restore Points =========================
 
18-06-2015 16:27:37 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
20-06-2015 01:01:53 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
21-06-2015 09:30:48 Installed iTunes
28-06-2015 21:49:06 Installed DirectX
01-07-2015 08:14:04 Software Removal Tool
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1C061BBB-EC4C-486B-A54D-7EDCAE7DD8AD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-06-09] (Microsoft Corporation)
Task: {574B29FD-F3AE-4499-AB2E-225DCA4926E0} - \TidyNetwork Update No Task File <==== ATTENTION
Task: {7B856195-2F11-4BAC-AA17-D48DBFF4C192} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EB336BDC-1153-4861-AAC2-D2B7F8A70CD5} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
Task: {F16BB711-8142-458A-9696-A67A07722A4A} - System32\Tasks\PersonalityCheck => c:\programdata\{ba2585a9-50f9-bb5f-ba25-585a950f16a5}\823873755523258331c.exe [2014-06-12] () <==== ATTENTION
Task: C:\Windows\Tasks\PersonalityCheck.job => c:\programdata\{ba2585a9-50f9-bb5f-ba25-585a950f16a5}\823873755523258331c.exe <==== ATTENTION
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-05-12 09:36 - 2014-09-13 14:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-12 09:45 - 2012-10-29 00:48 - 00927232 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
2015-06-21 09:15 - 2015-06-21 09:15 - 00016384 ____N () C:\Users\Annabelle\AppData\Local\Apps\2.0\441XQH9B.BWE\BM9OHJ03.XLX\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\Curse.CurseClient.WowDb.dll
2014-06-26 13:40 - 2014-06-26 13:40 - 00035840 _____ () C:\Users\Annabelle\AppData\Local\Apps\2.0\441XQH9B.BWE\BM9OHJ03.XLX\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\Curse.Advertising.dll
2015-06-21 09:15 - 2015-06-21 09:15 - 00099840 ____N () C:\Users\Annabelle\AppData\Local\Apps\2.0\441XQH9B.BWE\BM9OHJ03.XLX\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\Curse.CurseClient.CMOD2.dll
2014-05-12 09:45 - 2015-07-01 10:49 - 00032768 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\PEbiosinterface32.dll
2014-05-12 09:45 - 2012-05-07 09:04 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\ATKEX.dll
2015-05-19 09:47 - 2015-05-07 17:36 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-03-20 08:43 - 2014-03-20 08:43 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-06-09 17:15 - 2015-06-05 11:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libglesv2.dll
2015-06-09 17:15 - 2015-06-05 11:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Katharyn\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Thomas\OneDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2693548089-2634108147-588619525-1007\Control Panel\Desktop\\Wallpaper -> C:\Users\Annabelle\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.254 - 75.153.176.9
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: c2cautoupdatesvc => 2
MSCONFIG\Services: c2cpnrsvc => 2
MSCONFIG\Services: SkypeUpdate => 2
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{E8653ECC-D6EE-4026-AFB3-8189E7C88999}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{2FDC8263-B957-4774-B60F-68FC8958CC56}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E122C2B5-E7F3-4035-86B5-81E83F43A9D7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{C9629225-8C22-4301-9006-DF2EF1B6D1F8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{36B42E74-E5AF-4F7A-AEBA-AFD3BD28FAFB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{25D90D76-A28A-43F4-8727-192D9F6650B1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5E70324C-A37B-4FAC-AB9A-B24AF349C535}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B066151A-634B-46C4-997E-642A8366D200}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{17EB8F71-08BA-4F3C-951E-50F68D337A6E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Baldur's Gate Enhanced Edition\BGEE.exe
FirewallRules: [{6671F5E6-B03D-4376-AC40-DBAB9E01FA29}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Baldur's Gate Enhanced Edition\BGEE.exe
FirewallRules: [{2DF69C6E-3246-45BC-A25E-A3DE4DFAEFAD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{85B274ED-B443-4BBD-9D96-E888101E862C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{7690AC5C-E604-418E-B1A1-9AE35DF5B39D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{FED3F89A-1308-40B6-BDDC-5672924CCB71}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{EC7209AD-D29A-4316-95D9-02362C589125}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{F72B86BA-EC7A-4F03-BAB1-EC78081D5E3C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{33AEF834-ABF7-4829-8B86-0AD83F7F13BB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{33D234CC-B21B-4F5A-A22A-B7A43798BF23}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{FB84CBAC-14B5-4E3B-8D24-11AB1C802B97}] => (Allow) D:\Battle.net\Battle.net.exe
FirewallRules: [{B1792CBA-E939-47E0-9FFE-ED7544811358}] => (Allow) D:\Battle.net\Battle.net.exe
FirewallRules: [{04301106-7E6C-4834-BFE7-6D8631E4A810}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{D4A28C7C-8C4E-4977-A0C5-7DE426ABF554}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{CAEB35D5-81EC-429A-AD1C-C60E3C83769F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{331E8C89-DBF2-4001-8210-79979E758847}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{F2AD6FDF-C799-4E15-918C-2449A58BB39C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FEZ\FEZ.exe
FirewallRules: [{5CED8E3B-CFB7-424E-973D-83E1E9094955}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FEZ\FEZ.exe
FirewallRules: [{79A3BF93-4E13-433A-B898-CA1A3C0533B4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FEZ\FEZ_LaunchOptions.exe
FirewallRules: [{1E471BD2-D8BF-4665-B4B8-4E35E0FC9962}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FEZ\FEZ_LaunchOptions.exe
FirewallRules: [{D3B6FE9E-7AAF-4759-A31C-585909F8B0A8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{883EE0EC-AC76-43C0-AC2E-C675CE4B9CF7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{B65B419B-9B2E-400A-933F-B2C8BF53356C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Indie Game The Movie\IGTM.exe
FirewallRules: [{0C4D7177-79F8-43AA-B739-1C2477E51139}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Indie Game The Movie\IGTM.exe
FirewallRules: [{563A88DC-2997-4255-9F77-3D4CDFB27B7A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{282C07B3-518F-4852-A0E5-A7AD6EA2E6D7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [TCP Query User{F0921A08-7963-404E-91E8-DE207A6D0307}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [uDP Query User{9126FBD5-0044-43A5-A43D-13FC79ABAEAF}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{CC27D0BB-3D2B-4A49-911E-ACE0CF2621EF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Valiant Hearts\Valiant Hearts.exe
FirewallRules: [{0D54FD25-8A2A-437F-8292-B0BD9C7D96BE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Valiant Hearts\Valiant Hearts.exe
FirewallRules: [{312CE3BA-5312-415F-895A-43EC3B57E8D9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout 3 goty\FalloutLauncher.exe
FirewallRules: [{E4328F86-53E8-4B63-8231-CD0E261152AF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout 3 goty\FalloutLauncher.exe
FirewallRules: [{E6EAD9DF-86FD-4A20-A2E4-671C0127FB6D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{28630E14-6821-446C-9D62-77E6E936111D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{2C4A6093-FAD9-4FB6-9859-E3B048BC4126}C:\programdata\battle.net\agent\agent.3346\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3346\agent.exe
FirewallRules: [uDP Query User{7DB8A347-929E-4275-9F65-037030B3C907}C:\programdata\battle.net\agent\agent.3346\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3346\agent.exe
FirewallRules: [{7258A8B6-77D9-4CDF-8538-5E77DC604D57}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{F3E0ECFF-1D4B-4F0B-ABDE-C06E7D208AB7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{6E6A7914-5B59-4B02-B0AC-955362C917BB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{C00266E7-EF91-4710-B184-8050ECD55070}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [TCP Query User{CE6042B5-C8DB-4A03-8065-FD5096B5E8C7}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [uDP Query User{610F06DB-5331-4472-BB6C-0DC15F66789C}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{E40780EC-B0B2-49D2-93B0-9BE129A47735}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{92231BB0-0DF8-49D6-BC2C-E04EF6B9298B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{126083C3-E1CA-4FA1-BCD5-1818E822C26F}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{3CF4538E-54B4-4F28-AD9C-D9FF12585582}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{21A94484-DF89-4124-BC3B-C6FF35BF9F6D}] => (Allow) D:\EA Games\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{3ECE6AEE-E42A-4900-9A6C-BAE95F94AB36}] => (Allow) D:\EA Games\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [TCP Query User{98EFA64F-7BE3-4A29-B00C-9D63118BF256}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [uDP Query User{C0EF04B6-4C8C-4C33-A9AB-818A69C46C39}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{A55FE563-6F33-4D90-88E0-D657E7528B63}D:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Block) D:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [uDP Query User{85B24AA3-9AAD-46ED-8889-7415433E01FC}D:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Block) D:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [TCP Query User{54E1E1F7-8946-4221-91C8-7141EF5F77C5}D:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Block) D:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [uDP Query User{FF922043-8D85-4D16-BF7D-BA9C1351864B}D:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Block) D:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [{A6B08651-0177-490F-8157-B587F7150F1D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SimCity 4 Deluxe\Apps\SimCity 4.exe
FirewallRules: [{B7A8E1C7-A7E4-4A23-ACD7-CE0F01AE6055}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SimCity 4 Deluxe\Apps\SimCity 4.exe
FirewallRules: [{D42CEB75-03E1-4426-92C2-7AF8A7D06B16}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Might and Magic Clash of Heroes\ClashOfHeroes.exe
FirewallRules: [{CDDEC5CD-2653-4A0D-8151-E064268B7487}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Might and Magic Clash of Heroes\ClashOfHeroes.exe
FirewallRules: [{E2C489D1-174B-45B2-A62B-E331DF892A66}] => (Allow) D:\SteamLibrary\steamapps\common\Five Nights at Freddy's\FiveNightsatFreddys.exe
FirewallRules: [{466A2864-6DF4-46B2-8C8F-3CA77385D019}] => (Allow) D:\SteamLibrary\steamapps\common\Five Nights at Freddy's\FiveNightsatFreddys.exe
FirewallRules: [TCP Query User{73196037-A381-4F0C-B712-D122A59E9698}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [uDP Query User{7F7C4D97-DEBC-41FF-AF91-2BE6FC5FE2B0}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [TCP Query User{CAA04234-A97F-4DD3-A7C7-FA591598EB9B}C:\users\kyle\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\kyle\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [uDP Query User{AA91289B-5C9E-4254-843E-9DFF3CBC550B}C:\users\kyle\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\kyle\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{2E59AFFC-00B9-48FE-9942-E393063395C1}] => (Allow) D:\SteamLibrary\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{1B749CDE-C47D-41F8-83EA-4898E9C64700}] => (Allow) D:\SteamLibrary\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{BFAE95C4-CF79-45B3-840E-AB65C43D0486}] => (Allow) D:\SteamLibrary\steamapps\common\The Stanley Parable\stanley.exe
FirewallRules: [{F1285ACA-1016-4496-A2B9-A7BC66DD902D}] => (Allow) D:\SteamLibrary\steamapps\common\The Stanley Parable\stanley.exe
FirewallRules: [{00104D58-B84B-4FBF-8F4E-EEF363699F4F}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{83064304-B6C9-4D79-99DD-EC0BEBE834DC}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{443F0F0C-6031-41F9-9646-6A67C080557D}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{A2DED165-E5CE-420B-AAE4-097A9BCABD56}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{734B815B-6B9E-41B6-B06A-9B35F6767C9F}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{9666329F-7F46-4D51-A7BE-25AAFE964474}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{0B2515D3-27AF-431F-9DB0-5A98BDF01CE0}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{D8EAB5E7-1974-46E6-8CFD-014C7156CF2E}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{0E61495A-13BE-439E-861C-0EE266C3B120}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{A80654B0-0621-4699-A164-E82B2DBE8C7D}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{9AF80B0C-2B4C-4029-9AB5-B3E8D939090D}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{D8E8A19D-70F2-4781-839C-3455DB48DAD4}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{4DAD591C-7844-4625-9BA5-2C2E9F317B4D}] => (Allow) D:\Hearthstone\Hearthstone.exe
FirewallRules: [{4A78E26F-5474-4F85-9987-7B8A33E801AC}] => (Allow) D:\Hearthstone\Hearthstone.exe
FirewallRules: [{E9C7DE47-FE24-468C-B59C-B3285D2D1CE6}] => (Allow) D:\SteamLibrary\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{E632FF85-7DCA-4D7A-9BEA-C211675046E0}] => (Allow) D:\SteamLibrary\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{EEED36B2-8DC8-4A63-9FBA-ACE6110EC567}] => (Allow) D:\SteamLibrary\steamapps\common\Rust\Rust.exe
FirewallRules: [{4295C86A-B0D9-4326-A7A7-4C2DE927F807}] => (Allow) D:\SteamLibrary\steamapps\common\Rust\Rust.exe
FirewallRules: [{DE6692E3-7907-448C-B75B-A555D31FB176}] => (Allow) D:\SteamLibrary\steamapps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [{0F944AA1-B1DB-44BB-B767-D0825E179609}] => (Allow) D:\SteamLibrary\steamapps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [{3FBF4E32-7923-403E-9B9C-E5C7E0AF6949}] => (Allow) D:\SteamLibrary\steamapps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{BA01B5D0-1B35-411F-BF07-93AA9A6117E9}] => (Allow) D:\SteamLibrary\steamapps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{DBA739F0-4F71-4EB1-BC3F-3E89CAF124B4}] => (Allow) D:\SteamLibrary\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [{6407FA91-9F0E-4293-8008-EB19069A4554}] => (Allow) D:\SteamLibrary\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [TCP Query User{13EE4EF5-232B-4AE4-B459-6EC09380DC4E}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [uDP Query User{F155C934-0BD8-4054-96DD-D96EC9C4B5ED}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [TCP Query User{5C8CD0DC-0509-485E-B61A-230068916BDB}C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [uDP Query User{409AD8A0-C4E3-4C1E-92CD-8ED3702BAE56}C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [{05545B86-1344-423C-B466-D205734B29DD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{FF283847-5FEF-44F8-8F3F-9525365C88E0}] => (Allow) D:\EA Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{8112A751-EE64-4A6B-BD8A-F0A33A4B7FC5}] => (Allow) D:\EA Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{5053652F-55D0-4BFA-BAF2-1B0F3434B992}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{E73C2E08-66C2-4E54-8345-6A9B5534AA59}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{6DC5B244-B4AD-41CB-840C-2BD99FAEF052}] => (Allow) D:\SteamLibrary\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{2CB6D042-44E2-4BEB-BB0D-AD7FE30B5011}] => (Allow) D:\SteamLibrary\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{D6DD44F5-0508-4D2F-8268-B81C70122DF8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FE02D30F-EA65-4D6F-BA61-940ADE51F787}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{78DC065A-D5AA-40B3-A7EB-B749430F4813}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{25879A30-43E1-4D39-8BA3-7996F0E8193D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6B632D62-3DA5-4EE6-91CC-046FD72A9D7F}] => (Allow) D:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F8C4B6D6-CD5C-4E36-A791-DE3C141EBFDC}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound - Unstable\win32\launcher\launcher.exe
FirewallRules: [{D919495F-4BC6-4491-B806-CD072C88BDBB}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound - Unstable\win32\launcher\launcher.exe
FirewallRules: [{BC5B7883-0F31-422D-8D98-DAEDD50A2D77}] => (Allow) D:\SteamLibrary\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{E30D315F-51C0-48FB-9698-941990ACC1C5}] => (Allow) D:\SteamLibrary\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{68C50E8B-D5B2-40C4-87D8-DB47FC272A0D}] => (Allow) D:\SteamLibrary\steamapps\common\Rogue Legacy\RogueLegacy.exe
FirewallRules: [{5C9AC1D0-7186-47FA-814E-CD21B3ABFF39}] => (Allow) D:\SteamLibrary\steamapps\common\Rogue Legacy\RogueLegacy.exe
FirewallRules: [TCP Query User{B78E90B4-1F14-40AC-8798-B154C1B28B47}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [uDP Query User{B32890B4-D080-4CE5-AB66-357F08FBEF94}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/01/2015 06:18:30 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
 
Error: (06/30/2015 02:02:22 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [5]
 
Error: (06/29/2015 05:16:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.3.9600.17667 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 651c
 
Start Time: 01d0b27cbcbd1abc
 
Termination Time: 11
 
Application Path: C:\Windows\Explorer.EXE
 
Report Id: 452cd5a5-1ebd-11e5-82c5-10c37b698c39
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (06/29/2015 07:07:20 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [0]
 
Error: (06/29/2015 05:36:48 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
 
Error: (06/28/2015 06:10:39 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
 
Error: (06/28/2015 01:37:26 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
 
Error: (06/28/2015 00:48:11 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
 
Error: (06/28/2015 00:16:35 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
 
Error: (06/28/2015 06:24:43 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [5]
 
 
System errors:
=============
Error: (07/01/2015 10:51:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (07/01/2015 09:52:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (07/01/2015 08:17:17 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (07/01/2015 08:00:44 AM) (Source: DCOM) (EventID: 10010) (User: Kevins-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (07/01/2015 03:02:40 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (07/01/2015 01:10:41 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 20. The Windows SChannel error state is 960.
 
Error: (06/30/2015 10:55:59 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 20. The Windows SChannel error state is 960.
 
Error: (06/30/2015 07:37:41 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 20. The Windows SChannel error state is 960.
 
Error: (06/30/2015 07:37:13 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 20. The Windows SChannel error state is 960.
 
Error: (06/30/2015 05:56:08 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 20. The Windows SChannel error state is 960.
 
 
Microsoft Office:
=========================
Error: (07/01/2015 06:18:30 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
 
Error: (06/30/2015 02:02:22 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [5]
 
Error: (06/29/2015 05:16:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.3.9600.17667651c01d0b27cbcbd1abc11C:\Windows\Explorer.EXE452cd5a5-1ebd-11e5-82c5-10c37b698c39
 
Error: (06/29/2015 07:07:20 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [0]
 
Error: (06/29/2015 05:36:48 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
 
Error: (06/28/2015 06:10:39 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
 
Error: (06/28/2015 01:37:26 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
 
Error: (06/28/2015 00:48:11 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
 
Error: (06/28/2015 00:16:35 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
 
Error: (06/28/2015 06:24:43 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [5]
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-06-06 07:20:45.985
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-06-06 07:20:45.875
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-06-06 07:20:45.781
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-15 06:50:35.188
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-15 06:50:35.082
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-15 06:50:34.976
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-15 06:50:34.868
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-15 06:50:34.762
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-15 06:50:34.657
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-15 06:50:34.548
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i5-4670K CPU @ 3.40GHz
Percentage of memory in use: 9%
Total physical RAM: 16326.19 MB
Available physical RAM: 14769.81 MB
Total Pagefile: 18758.19 MB
Available Pagefile: 17066.11 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:232.37 GB) (Free:2.92 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:931.39 GB) (Free:807.81 GB) NTFS
Drive e: (RCT2) (CDROM) (Total:0.54 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End of log ============================

 

Link to post
Share on other sites
_argus

_argus

Posted
Posted

Helllo,

My name is Argus and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not be able to help you if you do not follow my instructions.





warning.gif Rules and policies

We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 

 

 

 

 

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

 

 

 

Chrome installation is altered by malware (developer version). Reinstall is needed.

 

Export your bookmarks
https://support.google.com/chrome/answer/96816?hl=en


Close all Chrome windows and tabs.
Go to the Start menu > Control Panel.
Click Programs and Features.
Double-click Google Chrome.
Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, select the "Also delete your browsing data" checkbox.


Click Start, copy in search %LOCALAPPDATA%\ and remove folder Google

Download and install Chrome
https://www.google.com/intl/en/chrome/browser/desktop/

 

 

 

 

 

*******************************************************************************************************************************************************************

 

 

 

 

 

FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.


Please include their content into your next reply.

Link to post
Share on other sites
_argus

_argus

Posted
Posted

My pleasure.

 

 

The following will implement some post-cleanup procedures:


Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings

    [*]Push Run and wait until the tool completes his work. [*]All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)


The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

Link to post
Share on other sites
  • 4 weeks later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.