Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

i noticed system32, plus system64 and syswow64 in my windows folder


  • This topic is locked This topic is locked
42 replies to this topic

#1 chrisrich1

chrisrich1

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 07 October 2014 - 01:07 PM

im not sure if its a virus or not but from research i think it is a rootkit and im trying to get rid of the junk, my computer has been laggy and my conection has been slow on the internet. need help figuring out a safe way to remove these files

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17280  BrowserJavaVersion: 10.67.2
Run by chris at 12:49:49 on 2014-10-07
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.16383.12700 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2015\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe
C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe
C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
C:\Program Files (x86)\Linksys AE6000\WPS_Mon.exe
C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
D:\program Files (86)\Steam\Steam.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
D:\program Files (86)\Steam\bin\steamwebhelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Origin\OriginClientService.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
D:\Downloads\FRST64.exe
D:\Downloads\FRST64.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://feed.helperbar.com/?publisher=MuvicAMBS&dpid=MuvicAMBS&co=US&userid=9d3b4384-48d9-77c5-6716-d1cf85eb7be9&searchtype=hp&installDate={installDate}&barcodeid={barcodeID}&um={UM}
uSearch Bar = hxxp://feed.helperbar.com/?publisher=MuvicAMBS&dpid=MuvicAMBS&co=US&userid=9d3b4384-48d9-77c5-6716-d1cf85eb7be9&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}
uSearch Page = hxxp://feed.helperbar.com/?publisher=MuvicAMBS&dpid=MuvicAMBS&co=US&userid=9d3b4384-48d9-77c5-6716-d1cf85eb7be9&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}
mStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=20.3.0.36
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=MuvicAMBS&dpid=MuvicAMBS&co=US&userid=9d3b4384-48d9-77c5-6716-d1cf85eb7be9&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}
mWinlogon: Userinit = C:\Windows\System32\userinit.exe
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coieplg.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\ips\ipsbho.dll
BHO: {6fcaba44-a441-481f-895e-bddfd81a6cc2} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coieplg.dll
uRun: [Steam] "D:\program Files (86)\Steam\steam.exe" -silent
uRun: [EA Core] "C:\Program Files (x86)\Origin\LegacyPM\Core.exe" -silent
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
dRunOnce: [AOD] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe AutoTune
uPolicies-Explorer: NoDriveAutorun = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: >>> DIAL <<< - C:\Windows\numb.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{761CAFA1-CC40-466A-AF76-BC24EDB2AA32} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{761CAFA1-CC40-466A-AF76-BC24EDB2AA32}\7616D65602F6E6D27657563747 : DHCPNameServer = 192.168.3.1
TCP: Interfaces\{CFDD54B9-EADB-4DFE-B0A3-05297E239CA3} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{CFDD54B9-EADB-4DFE-B0A3-05297E239CA3}\7627567602C696E6B6 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{EEBDA3D5-F475-46E8-82CD-67D1160BCD28} : DHCPNameServer = 192.168.1.1
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll
SSODL: WebCheck - <orphaned>
IFEO: bitguard.exe - tasklist.exe
IFEO: bprotect.exe - tasklist.exe
IFEO: bpsvc.exe - tasklist.exe
IFEO: browserdefender.exe - tasklist.exe
IFEO: browserprotect.exe - tasklist.exe
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe
x64-BHO: Safer-Surf: {4BE01651-740C-BFCC-E0B2-F5AAE0C29AD5} - LocalServer32 - <no file>
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coieplg.dll
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coieplg.dll
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-IFEO: bitguard.exe - tasklist.exe
x64-IFEO: bprotect.exe - tasklist.exe
x64-IFEO: bpsvc.exe - tasklist.exe
x64-IFEO: browserdefender.exe - tasklist.exe
x64-IFEO: browserprotect.exe - tasklist.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\z19vfitk.default\
FF - prefs.js: browser.startup.homepage - hxxps://mysearch.avg.com?pid=safeguard&sg=&cid=%7b4f85dec8-3e7c-4fa4-b87b-5ea88e20d867%7d&mid=595ef783946d47d089abbd2b2bae1dbc-0f30609646006e0eb2a8c674a8fcf2e08283bd3e&ds=ts023&coid=avgtbdists&cmpid=&v=18.1.9.786&lang=en&pr=sa&d=2014-02-06%2010%3a49%3a30&sap=hp
FF - prefs.js: keyword.URL - hxxp://feed.helperbar.com/?publisher=MuvicAMBS&dpid=MuvicAMBS&co=US&userid=9d3b4384-48d9-77c5-6716-d1cf85eb7be9&searchtype=ds&installDate={installDate}&barcodeid={barcodeID}&um={UM}&q=
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Users\chris\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll
FF - plugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\z19vfitk.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: security.csp.enable - false
.
.
.
.
.
.
.
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: browser.sessionstore.resume_session_once - true
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-6-18 190744]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-7-18 313624]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-8-6 123672]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-6-18 31512]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1506000.020\symds64.sys [2014-9-25 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1506000.020\symefa64.sys [2014-9-25 1148120]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-6-18 153368]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-7-24 247576]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-8-20 243480]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-7-2 270616]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2014-1-13 50976]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton 360\NortonData\21.5.0.19\Definitions\BASHDefs\20141003.001\BHDrvx64.sys [2014-10-3 1587416]
R1 ccSet_MCLIENT;Norton Management Settings Manager;C:\Windows\System32\drivers\MCLIENTx64\0302020.00C\ccsetx64.sys [2014-1-6 168096]
R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1506000.020\ccsetx64.sys [2014-9-25 162392]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-7-2 283200]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton 360\NortonData\21.5.0.19\Definitions\IPSDefs\20141006.001\IDSviA64.sys [2014-10-6 633560]
R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\System32\drivers\jswpslwfx.sys [2008-10-1 26624]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1506000.020\ironx64.sys [2014-9-25 266968]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1506000.020\symnets.sys [2014-9-25 593112]
R2 {73526619-C24F-470B-9BED-53D455FBB5C6};Power Control [2013/03/20 18:22:04];C:\Program Files (x86)\Cyberlink\PowerDVD12\Common\NavFilter\000.fcl [2013-2-25 130320]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-9-15 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2014-9-15 344064]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2014-2-11 59616]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [2014-9-5 3364368]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [2014-9-5 293448]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2013-3-20 89864]
R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2013-3-20 77576]
R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2013-3-20 294664]
R2 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-9-26 189736]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2014-8-27 441176]
R2 MCLIENT;Norton Management;C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccsvchst.exe [2014-1-6 143928]
R2 MSI_SuperCharger;MSI_SuperCharger;C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [2014-7-3 162800]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe [2014-9-25 265040]
R2 ntk_PowerDVD12;ntk_PowerDVD12;C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2013-3-20 83704]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2013-8-24 27136]
R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2014-9-17 792928]
R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2013-10-8 609056]
R2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [2014-8-11 1820184]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2014-6-21 94720]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-9-15 142640]
R3 NTIOLib_1_0_3;NTIOLib_1_0_3;C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [2014-7-3 13368]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;D:\program Files (86)\Live Update\NTIOLib_X64.sys [2014-9-14 14136]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-8-27 107912]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-8-27 226696]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-9-15 939224]
R3 rzendpt;rzendpt;C:\Windows\System32\drivers\rzendpt.sys [2014-5-19 39080]
R3 rzudd;Razer Keyboard Driver;C:\Windows\System32\drivers\rzudd.sys [2014-5-19 155816]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2014-1-13 56448]
R3 VX6000;Microsoft LifeCam VX-6000;C:\Windows\System32\drivers\VX6000Xp.sys [2009-6-30 2143600]
S2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2014-2-11 59616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 MSI_LiveUpdate_Service;MSI_LiveUpdate_Service;D:\program Files (86)\Live Update\MSI_LiveUpdate_Service.exe [2014-9-14 1722320]
S3 AE6000;Linksys AE6000 Driver;C:\Windows\System32\drivers\AE6000w764.sys [2013-8-1 2196512]
S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-7-26 46136]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-1-22 108800]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-11 111616]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]
S3 jswpsapi;Jumpstart Wifi Protected Setup;C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe [2008-2-29 942080]
S3 massfilter_hs;ZTE HandSet Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter_hs.sys [2014-4-13 11776]
S3 NTIOLib_1_0_2;NTIOLib_1_0_2;C:\Program Files (x86)\MSI\BIOSUnlockCPUCore\NTIOLib_X64.sys [2011-7-25 14136]
S3 OnlineStorageService;OnlineStorageService;C:\Program Files\Trend Micro SafeSync\hrfscore.exe [2013-7-25 7908664]
S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCAMp50a64.sys [2011-7-25 43328]
S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCASp50a64.sys [2011-7-25 41280]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2013-8-24 50720]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2014-1-13 16152]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-27 1255736]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;C:\Windows\System32\drivers\WN111v2w7x.sys [2010-4-27 783360]
.
=============== Created Last 30 ================
.
2014-10-07 17:34:12    --------    d-----w-    C:\FRST
2014-10-07 09:35:21    --------    d-----w-    C:\ProgramData\SecTaskMan
2014-10-07 09:35:13    --------    d-----w-    C:\Program Files (x86)\Security Task Manager
2014-10-07 09:17:30    --------    d-----w-    C:\Users\chris\AppData\Roaming\AVG2015
2014-10-07 09:17:08    --------    d-----w-    C:\Users\chris\AppData\Roaming\TuneUp Software
2014-10-07 09:17:04    --------    d--h--w-    C:\$AVG
2014-10-07 09:17:04    --------    d-----w-    C:\ProgramData\AVG2015
2014-10-07 09:16:53    --------    d-----w-    C:\Program Files (x86)\AVG
2014-10-07 09:06:07    --------    d-----w-    C:\Users\chris\AppData\Local\MFAData
2014-10-07 09:06:07    --------    d-----w-    C:\Users\chris\AppData\Local\Avg2015
2014-10-07 09:06:07    --------    d-----w-    C:\ProgramData\MFAData
2014-10-07 05:47:00    --------    d-----w-    C:\Program Files (x86)\PhotoScape
2014-10-05 19:46:27    --------    d-----w-    C:\Users\chris\AppData\Local\Chromium
2014-10-05 19:01:18    --------    d-----w-    C:\Program Files (x86)\Rockstar Games
2014-10-05 02:30:52    --------    d-----w-    C:\Users\chris\AppData\Local\4A Games
2014-10-05 02:27:33    --------    d-----w-    C:\Program Files (x86)\NVIDIA Corporation
2014-10-03 00:54:51    --------    d-----w-    C:\Users\chris\AppData\Roaming\Utherverse
2014-10-02 05:43:50    --------    d-----w-    C:\Users\chris\AppData\Roaming\SlimCleaner
2014-09-30 19:44:38    519680    ----a-w-    C:\Windows\SysWow64\qdvd.dll
2014-09-30 19:44:38    371712    ----a-w-    C:\Windows\System32\qdvd.dll
2014-09-30 04:09:14    --------    d-----w-    C:\Program Files (x86)\AMD AVT
2014-09-28 04:01:06    --------    d-----w-    C:\Windows\SysWow64\xlive
2014-09-28 01:28:23    --------    d-sh--w-    C:\ProgramData\DSS
2014-09-28 01:28:22    --------    d-----w-    C:\ProgramData\Codemasters
2014-09-28 01:23:44    --------    d-----w-    C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-09-28 01:21:25    19087360    ----a-w-    C:\Windows\SysWow64\mkl_blueripple.dll
2014-09-28 01:21:25    1417216    ----a-w-    C:\Windows\SysWow64\rapture3d_oal.dll
2014-09-28 01:21:25    --------    d-----w-    C:\Program Files (x86)\BRS
2014-09-28 01:21:24    466456    ----a-w-    C:\Windows\System32\wrap_oal.dll
2014-09-28 01:21:24    444952    ----a-w-    C:\Windows\SysWow64\wrap_oal.dll
2014-09-28 01:21:24    122904    ----a-w-    C:\Windows\System32\OpenAL32.dll
2014-09-28 01:21:24    109080    ----a-w-    C:\Windows\SysWow64\OpenAL32.dll
2014-09-28 01:21:24    --------    d-----w-    C:\Program Files (x86)\OpenAL
2014-09-25 07:00:10    876248    ----a-w-    C:\Windows\System32\drivers\N360x64\1506000.020\srtsp64.sys
2014-09-25 07:00:10    593112    ----a-r-    C:\Windows\System32\drivers\N360x64\1506000.020\symnets.sys
2014-09-25 07:00:10    493656    ----a-r-    C:\Windows\System32\drivers\N360x64\1506000.020\symds64.sys
2014-09-25 07:00:10    37592    ----a-w-    C:\Windows\System32\drivers\N360x64\1506000.020\srtspx64.sys
2014-09-25 07:00:10    266968    ----a-w-    C:\Windows\System32\drivers\N360x64\1506000.020\ironx64.sys
2014-09-25 07:00:10    23568    ----a-r-    C:\Windows\System32\drivers\N360x64\1506000.020\symelam.sys
2014-09-25 07:00:10    162392    ----a-r-    C:\Windows\System32\drivers\N360x64\1506000.020\ccsetx64.sys
2014-09-25 07:00:10    1148120    ----a-r-    C:\Windows\System32\drivers\N360x64\1506000.020\symefa64.sys
2014-09-25 07:00:07    --------    d-----w-    C:\Windows\System32\drivers\N360x64\1506000.020
2014-09-24 02:51:50    --------    d-----w-    C:\Users\chris\AppData\Roaming\Tropico 3
2014-09-24 00:29:59    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2014-09-24 00:29:59    2048    ----a-w-    C:\Windows\System32\tzres.dll
2014-09-20 06:58:40    163504    ----a-w-    C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-09-19 23:13:52    --------    d-----w-    C:\Users\chris\AppData\Local\Splashtop
2014-09-19 19:55:08    --------    d-----w-    C:\Users\chris\New folder (2)
2014-09-19 19:46:43    --------    d-----w-    C:\ProgramData\Splashtop
2014-09-19 19:46:21    --------    d-----w-    C:\Program Files (x86)\Splashtop
2014-09-19 19:05:27    --------    d-----w-    C:\Users\chris\AppData\Local\Dataram_Corporation
2014-09-19 14:24:54    --------    d-----w-    C:\Users\chris\AppData\Local\Wondershare
2014-09-19 14:24:53    --------    d-----w-    C:\Program Files (x86)\Common Files\Wondershare
2014-09-19 14:24:32    --------    d-----w-    C:\Users\chris\AppData\Roaming\Wondershare
2014-09-17 16:05:43    111016    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2014-09-17 16:05:07    98216    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-09-15 23:21:34    51200    ----a-w-    C:\Windows\System32\kdbsdk64.dll
2014-09-15 23:19:58    38912    ----a-w-    C:\Windows\SysWow64\kdbsdk32.dll
2014-09-15 22:32:04    128384    ----a-w-    C:\Windows\System32\amdhcp64.dll
2014-09-15 22:32:04    118096    ----a-w-    C:\Windows\SysWow64\amdhcp32.dll
2014-09-15 22:32:00    78432    ----a-w-    C:\Windows\System32\atimpc64.dll
2014-09-15 22:32:00    78432    ----a-w-    C:\Windows\System32\amdpcom64.dll
2014-09-15 22:32:00    71704    ----a-w-    C:\Windows\SysWow64\atimpc32.dll
2014-09-15 22:32:00    71704    ----a-w-    C:\Windows\SysWow64\amdpcom32.dll
2014-09-15 22:31:48    126848    ----a-w-    C:\Windows\SysWow64\atiuxpag.dll
2014-09-15 22:31:30    9254184    ----a-w-    C:\Windows\SysWow64\atidxx32.dll
2014-09-15 22:29:04    293088    ----a-w-    C:\Windows\System32\drivers\amdacpksd.sys
2014-09-15 22:26:58    16750080    ----a-w-    C:\Windows\System32\drivers\atikmdag.sys
2014-09-15 22:18:06    235008    ----a-w-    C:\Windows\System32\clinfo.exe
2014-09-15 22:18:00    98816    ----a-w-    C:\Windows\System32\OpenVideo64.dll
2014-09-15 22:17:58    83456    ----a-w-    C:\Windows\SysWow64\OpenVideo.dll
2014-09-15 22:17:56    86528    ----a-w-    C:\Windows\System32\OVDecode64.dll
2014-09-15 22:17:56    73216    ----a-w-    C:\Windows\SysWow64\OVDecode.dll
2014-09-15 22:17:54    33867264    ----a-w-    C:\Windows\System32\amdocl64.dll
2014-09-15 22:16:18    65024    ----a-w-    C:\Windows\System32\OpenCL.dll
2014-09-15 22:14:54    5316096    ----a-w-    C:\Windows\System32\amdhsasc64.dll
2014-09-15 22:14:54    4335616    ----a-w-    C:\Windows\SysWow64\amdhsasc.dll
2014-09-15 22:13:24    27918336    ----a-w-    C:\Windows\System32\atio6axx.dll
2014-09-15 22:09:38    48128    ----a-w-    C:\Windows\System32\amdmmcl6.dll
2014-09-15 22:09:36    37888    ----a-w-    C:\Windows\SysWow64\amdmmcl.dll
2014-09-15 22:09:10    127488    ----a-w-    C:\Windows\System32\mantle64.dll
2014-09-15 22:09:04    113664    ----a-w-    C:\Windows\SysWow64\mantle32.dll
2014-09-15 22:09:00    5639168    ----a-w-    C:\Windows\System32\amdmantle64.dll
2014-09-15 22:07:48    367104    ----a-w-    C:\Windows\System32\atiapfxx.exe
2014-09-15 22:07:46    62464    ----a-w-    C:\Windows\System32\aticalrt64.dll
2014-09-15 22:07:44    52224    ----a-w-    C:\Windows\SysWow64\aticalrt.dll
2014-09-15 22:07:42    55808    ----a-w-    C:\Windows\System32\aticalcl64.dll
2014-09-15 22:07:42    49152    ----a-w-    C:\Windows\SysWow64\aticalcl.dll
2014-09-15 22:07:36    15716352    ----a-w-    C:\Windows\System32\aticaldd64.dll
2014-09-15 22:06:46    14302208    ----a-w-    C:\Windows\SysWow64\aticaldd.dll
2014-09-15 22:05:52    4480000    ----a-w-    C:\Windows\SysWow64\amdmantle32.dll
2014-09-15 22:03:28    442368    ----a-w-    C:\Windows\System32\atidemgy.dll
2014-09-15 22:03:26    31232    ----a-w-    C:\Windows\System32\atimuixx.dll
2014-09-15 22:03:24    619008    ----a-w-    C:\Windows\System32\atieclxx.exe
2014-09-15 22:03:18    239616    ----a-w-    C:\Windows\System32\atiesrxx.exe
2014-09-15 22:03:12    91648    ----a-w-    C:\Windows\System32\mantleaxl64.dll
2014-09-15 22:03:08    85504    ----a-w-    C:\Windows\SysWow64\mantleaxl32.dll
2014-09-15 22:03:04    190976    ----a-w-    C:\Windows\System32\atitmm64.dll
2014-09-15 22:00:04    95744    ----a-w-    C:\Windows\System32\amdave64.dll
2014-09-15 21:59:50    89088    ----a-w-    C:\Windows\System32\atisamu64.dll
2014-09-15 21:59:46    80896    ----a-w-    C:\Windows\SysWow64\atisamu32.dll
2014-09-15 21:59:40    827392    ----a-w-    C:\Windows\System32\coinst_14.30.dll
2014-09-15 21:59:20    1210880    ----a-w-    C:\Windows\System32\atiadlxx.dll
2014-09-15 21:59:14    75264    ----a-w-    C:\Windows\System32\atig6pxx.dll
2014-09-15 21:59:12    69632    ----a-w-    C:\Windows\System32\atiglpxx.dll
2014-09-15 21:59:12    146944    ----a-w-    C:\Windows\System32\atig6txx.dll
2014-09-15 21:59:06    576000    ----a-w-    C:\Windows\System32\drivers\atikmpag.sys
2014-09-15 21:58:54    43520    ----a-w-    C:\Windows\System32\drivers\ati2erec.dll
2014-09-15 19:07:37    939224    ----a-w-    C:\Windows\System32\drivers\Rt64win7.sys
2014-09-15 19:07:37    73800    ----a-w-    C:\Windows\System32\RtNicProp64.dll
2014-09-15 10:40:15    177752    ----a-w-    C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2014-09-15 10:40:15    --------    d-----w-    C:\Program Files\Common Files\Symantec Shared
2014-09-15 10:39:57    --------    d-----w-    C:\Windows\System32\drivers\N360x64
2014-09-15 10:39:56    --------    d-----w-    C:\Program Files (x86)\Norton 360
2014-09-14 20:03:34    --------    d-----w-    C:\MSILU
2014-09-14 18:46:47    --------    d-----w-    C:\Users\chris\Unigine Sanctuary
2014-09-14 18:46:28    --------    d-----w-    C:\Program Files (x86)\Unigine
2014-09-11 19:38:09    144664    ----a-w-    C:\Windows\SysWow64\secman.dll
2014-09-11 19:38:09    --------    d-----w-    C:\Users\chris\AppData\Roaming\Samsung
2014-09-11 19:38:05    --------    d-----w-    C:\Program Files (x86)\Samsung
2014-09-11 08:00:18    2777088    ----a-w-    C:\Windows\System32\msmpeg2vdec.dll
2014-09-11 08:00:18    2285056    ----a-w-    C:\Windows\SysWow64\msmpeg2vdec.dll
2014-09-11 02:07:00    --------    d-----w-    C:\Users\chris\.jmc
2014-09-11 02:06:53    --------    d-----w-    C:\Users\chris\.eclipse
2014-09-11 01:12:23    --------    d-----w-    C:\Program Files (x86)\Mikhail Prokofiev
2014-09-11 00:37:57    --------    d-----w-    C:\Users\chris\workspace
2014-09-10 15:30:56    --------    d-----w-    C:\Users\chris\AppData\Roaming\SyncDroid
2014-09-10 15:30:53    --------    d-----w-    C:\SyncDroid
2014-09-10 15:04:57    708168    ----a-w-    C:\Windows\System32\WinUSBCoInstaller.dll
2014-09-10 15:04:57    1490656    ----a-w-    C:\Windows\System32\WdfCoInstaller01007.dll
2014-09-10 15:04:40    --------    d-----w-    C:\Program Files\SAMSUNG
2014-09-10 14:55:23    --------    d-----w-    C:\Users\chris\AppData\Roaming\Kingosoft
2014-09-10 14:55:23    --------    d-----w-    C:\Users\chris\AppData\Local\Kingosoft
2014-09-10 14:55:18    --------    d-----w-    C:\Program Files (x86)\Kingo ROOT
2014-09-10 11:07:14    793600    ----a-w-    C:\Windows\SysWow64\TSWorkspace.dll
2014-09-10 11:07:14    1031168    ----a-w-    C:\Windows\System32\TSWorkspace.dll
2014-09-10 11:00:52    2565120    ----a-w-    C:\Windows\System32\d3d10warp.dll
2014-09-10 11:00:51    1987584    ----a-w-    C:\Windows\SysWow64\d3d10warp.dll
2014-09-10 11:00:42    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-09-10 11:00:42    728064    ----a-w-    C:\Windows\System32\kerberos.dll
2014-09-10 11:00:42    550912    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2014-09-10 11:00:42    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-09-10 11:00:42    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-09-10 11:00:40    578048    ----a-w-    C:\Windows\System32\aepdu.dll
2014-09-10 11:00:40    424448    ----a-w-    C:\Windows\System32\aeinv.dll
2014-09-10 02:33:36    --------    d-----w-    C:\Program Files (x86)\Fraps
.
==================== Find3M  ====================
.
2014-10-07 17:20:08    16152    ----a-w-    C:\Windows\System32\drivers\SWDUMon.sys
2014-10-07 17:19:07    65536    ----a-w-    C:\Windows\System32\spu_storage.bin
2014-09-24 12:48:40    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-24 12:48:40    701104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-15 22:31:50    144328    ----a-w-    C:\Windows\System32\atiuxp64.dll
2014-09-15 22:31:46    118096    ----a-w-    C:\Windows\System32\atiu9p64.dll
2014-09-15 22:31:44    100032    ----a-w-    C:\Windows\SysWow64\atiu9pag.dll
2014-09-15 22:31:42    1335544    ----a-w-    C:\Windows\System32\aticfx64.dll
2014-09-15 22:31:40    1113576    ----a-w-    C:\Windows\SysWow64\aticfx32.dll
2014-09-15 22:31:34    10826488    ----a-w-    C:\Windows\System32\atidxx64.dll
2014-09-15 22:31:22    7207592    ----a-w-    C:\Windows\SysWow64\atiumdva.dll
2014-09-15 22:31:16    7028336    ----a-w-    C:\Windows\SysWow64\atiumdag.dll
2014-09-15 22:31:06    8044976    ----a-w-    C:\Windows\System32\atiumd6a.dll
2014-09-15 22:31:02    8296296    ----a-w-    C:\Windows\System32\atiumd64.dll
2014-09-15 22:17:04    28770304    ----a-w-    C:\Windows\SysWow64\amdocl.dll
2014-09-15 22:16:18    58880    ----a-w-    C:\Windows\SysWow64\OpenCL.dll
2014-09-15 22:08:08    23375360    ----a-w-    C:\Windows\SysWow64\atioglxx.dll
2014-09-15 22:00:00    90112    ----a-w-    C:\Windows\SysWow64\amdave32.dll
2014-09-15 21:59:16    900608    ----a-w-    C:\Windows\SysWow64\atiadlxy.dll
2014-09-15 21:59:12    69632    ----a-w-    C:\Windows\SysWow64\atiglpxx.dll
2014-09-15 21:59:08    133632    ----a-w-    C:\Windows\SysWow64\atigktxx.dll
2014-08-23 02:07:00    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2014-08-23 00:59:01    3163648    ----a-w-    C:\Windows\System32\win32k.sys
2014-08-21 02:45:10    243480    ----a-w-    C:\Windows\System32\drivers\avgldx64.sys
2014-08-18 22:29:49    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-08-18 22:29:35    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53    5833728    ----a-w-    C:\Windows\System32\jscript9.dll
2014-08-18 22:15:34    547328    ----a-w-    C:\Windows\System32\vbscript.dll
2014-08-18 22:15:09    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-08-18 22:14:38    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10    83968    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2014-08-18 22:08:55    4232704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-08-18 22:03:47    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-08-18 22:03:37    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-08-18 22:03:01    758272    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-08-18 21:57:44    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26    454656    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-08-18 21:45:23    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-08-18 21:45:12    72704    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09    61952    ----a-w-    C:\Windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24    597504    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17    2104832    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-08-18 21:23:16    1249280    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48    60416    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13    2310656    ----a-w-    C:\Windows\System32\wininet.dll
2014-08-18 21:08:54    2014208    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44    1068032    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48    1812992    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-08-11 15:09:11    50976    ----a-w-    C:\Windows\System32\drivers\avgtpx64.sys
2014-08-07 02:39:52    123672    ----a-w-    C:\Windows\System32\drivers\avgmfx64.sys
2014-08-06 09:49:51    43520    ----a-w-    C:\Windows\SysWow64\CmdLineExt03.dll
2014-07-25 07:35:46    875688    ----a-w-    C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 04:47:06    869544    ----a-w-    C:\Windows\System32\msvcr120_clr0400.dll
2014-07-24 19:06:36    247576    ----a-w-    C:\Windows\System32\drivers\avgidsdrivera.sys
2014-07-20 22:11:07    282296    ----a-w-    C:\Windows\SysWow64\PnkBstrB.xtr
2014-07-20 22:11:07    282296    ----a-w-    C:\Windows\SysWow64\PnkBstrB.exe
2014-07-18 20:53:26    313624    ----a-w-    C:\Windows\System32\drivers\avgloga.sys
2014-07-14 02:02:45    1216000    ----a-w-    C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58    664064    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
.
============= FINISH: 12:50:05.69 ===============
 



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:33 PM

Posted 09 October 2014 - 05:11 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

The C:\Windows\system64 folder is usually used by the ZeroAccess rootkit.

 

 

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  • I will reply back later today since I am at work right now.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 chrisrich1

chrisrich1
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 09 October 2014 - 02:53 PM

here is the results of the farbar recovery scan tool

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-10-2014
Ran by chris (administrator) on BLACK-EDITION on 09-10-2014 14:48:35
Running from D:\Downloads
Loaded Profile: chris (Available profiles: chris & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(CyberLink) C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccsvchst.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
(Cisco Consumer Products LLC) C:\Program Files (x86)\Linksys AE6000\WPS_Mon.exe
(SlimWare Utilities, Inc.) C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginClientService.exe
(CyberLink Corp.) C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro SafeSync\hrfscore.exe
(Valve Corporation) D:\program Files (86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) D:\program Files (86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) D:\program Files (86)\Steam\bin\steamwebhelper.exe
(SCS Software) D:\program Files (86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
(Valve Corporation) D:\program Files (86)\Steam\GameOverlayUI.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Valve Corporation) D:\program Files (86)\Steam\bin\steamwebhelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Farbar) D:\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2991856 2013-02-20] (Logitech, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672664 1999-12-31] (Realtek Semiconductor)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43608 2010-09-07] ()
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2640408 2014-08-25] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2024800 2014-06-04] (Wondershare)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3593744 2014-09-05] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3957517088-2007298891-2815225478-1000\...\Run: [Steam] => D:\program Files (86)\Steam\steam.exe [1938624 2014-10-02] (Valve Corporation)
HKU\S-1-5-21-3957517088-2007298891-2815225478-1000\...\Run: [EA Core] => "C:\Program Files (x86)\Origin\LegacyPM\Core.exe" -silent
HKU\S-1-5-21-3957517088-2007298891-2815225478-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3600216 2014-09-15] (Electronic Arts)
HKU\S-1-5-21-3957517088-2007298891-2815225478-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [1967616 2014-04-17] (AMD)
HKU\S-1-5-21-3957517088-2007298891-2815225478-1000\...\MountPoints2: {0b68e91c-bfc5-11e3-aa7d-6c626d4af44f} - H:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A02B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-21-3957517088-2007298891-2815225478-1000\...\MountPoints2: {306d10a9-91a1-11e2-ad0e-806e6f6e6963} - F:\SETUP.EXE
HKU\S-1-5-21-3957517088-2007298891-2815225478-1000\...\MountPoints2: {ad2812b1-c0c5-11e1-8c0e-6c626d4af44f} - G:\setup.exe
HKU\S-1-5-21-3957517088-2007298891-2815225478-1000\...\MountPoints2: {c1dd71a1-7e1d-11e3-a20b-6c626d4af44f} - H:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A02B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-21-3957517088-2007298891-2815225478-1000\...\MountPoints2: {e4e1101e-b734-11e0-a772-806e6f6e6963} - I:\aocsetup.exe /autorun
HKU\S-1-5-18\...\RunOnce: [AOD] => C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-15] (Advanced Micro Devices, Inc.)
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
ShellIconOverlayIdentifiers: [00HumyoPaired] -> {A203F945-39E9-4286-AFA2-F3ADFCD5FAAA} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll (Trend Micro Inc.)
ShellIconOverlayIdentifiers: [00HumyoPriority] -> {6F1BB626-1107-4b82-B322-54C5E64461B8} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll (Trend Micro Inc.)
ShellIconOverlayIdentifiers: [00HumyoProblem] -> {7479C9AF-DA81-4944-92E5-23E49390BB2B} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll (Trend Micro Inc.)
ShellIconOverlayIdentifiers: [00HumyoSynced] -> {7479C9AF-DA81-4944-92E5-23E49390BB2A} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll (Trend Micro Inc.)
ShellIconOverlayIdentifiers: [00HumyoSyncing] -> {7479C9AF-DA81-4944-92E5-23E49390BB29} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll (Trend Micro Inc.)
ShellIconOverlayIdentifiers: [00HumyoUnavailable] -> {66669544-5639-4922-99C8-CE7A86651364} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll (Trend Micro Inc.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [00HumyoPaired] -> {A203F945-39E9-4286-AFA2-F3ADFCD5FAAA} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension32.dll (Trend Micro Inc.)
ShellIconOverlayIdentifiers-x32: [00HumyoPriority] -> {6F1BB626-1107-4b82-B322-54C5E64461B8} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension32.dll (Trend Micro Inc.)
ShellIconOverlayIdentifiers-x32: [00HumyoProblem] -> {7479C9AF-DA81-4944-92E5-23E49390BB2B} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension32.dll (Trend Micro Inc.)
ShellIconOverlayIdentifiers-x32: [00HumyoSynced] -> {7479C9AF-DA81-4944-92E5-23E49390BB2A} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension32.dll (Trend Micro Inc.)
ShellIconOverlayIdentifiers-x32: [00HumyoSyncing] -> {7479C9AF-DA81-4944-92E5-23E49390BB29} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension32.dll (Trend Micro Inc.)
ShellIconOverlayIdentifiers-x32: [00HumyoUnavailable] -> {66669544-5639-4922-99C8-CE7A86651364} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension32.dll (Trend Micro Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?publisher=MuvicAMBS&dpid=MuvicAMBS&co=US&userid=9d3b4384-48d9-77c5-6716-d1cf85eb7be9&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://feed.helperbar.com/?publisher=MuvicAMBS&dpid=MuvicAMBS&co=US&userid=9d3b4384-48d9-77c5-6716-d1cf85eb7be9&searchtype=hp&installDate={installDate}&barcodeid={barcodeID}&um={UM}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?publisher=MuvicAMBS&dpid=MuvicAMBS&co=US&userid=9d3b4384-48d9-77c5-6716-d1cf85eb7be9&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=20.3.0.36
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchURL = http://home.microsoft.com/access/autosearch.asp?p=%s
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=136&systemid=102&v=a13277-379&apn_uid=0785716040144255&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=136&systemid=102&v=a13277-379&apn_uid=0785716040144255&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms}
SearchScopes: HKCU - DefaultScope {C6019C81-534D-4CD6-826B-31585D014C10} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?publisher=MuvicAMBS&dpid=MuvicAMBS&co=US&userid=9d3b4384-48d9-77c5-6716-d1cf85eb7be9&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://searchou.com/?affil=7&uid=5ce7a9ab-8c74-11e2-a1f3-6c626d4af44f&q={searchTerms}
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = https://search.blekko.com/ws/?source=5a76da41&tbp=rbox&toolbarid=searchcom_001&u=20120520E096452F825BE55C40FF35E8&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={E12FEF48-26BE-40C1-B543-22AC943FB032}&mid=595ef783946d47d089abbd2b2bae1dbc-0f30609646006e0eb2a8c674a8fcf2e08283bd3e&lang=en&ds=ts023&coid=avgtbdists&cmpid=&pr=sa&d=2014-02-06 10:49:30&v=18.1.9.799&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=136&systemid=102&v=a13277-379&apn_uid=0785716040144255&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms}
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=o0&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKCU - {C6019C81-534D-4CD6-826B-31585D014C10} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {C7576B9D-B442-46bc-AF74-080A9E723E01} URL = http://websearch.search-results.com/redirect?client=ie&tb=GET-SRS&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=get001&apn_uid=6928616D-8E23-4F64-AA37-B3184D9BD2DB&apn_sauid=FC73804B-8F13-40D9-8DFC-EE386A9B596F
SearchScopes: HKCU - {D0CB148A-6384-4BAD-B04C-B81BF4C0BF7A} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=091D8F92-E80E-4CAD-8C1C-18E047555F1F&apn_sauid=D1A6347F-D1EB-41F5-8CE4-494370E68122
BHO: Safer-Surf -> {4BE01651-740C-BFCC-E0B2-F5AAE0C29AD5} ->  No File
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: No Name -> {6fcaba44-a441-481f-895e-bddfd81a6cc2} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\z19vfitk.default
FF NewTab: hxxp://feed.helperbar.com/?publisher=MuvicAMBS&dpid=MuvicAMBS&co=US&userid=9d3b4384-48d9-77c5-6716-d1cf85eb7be9&searchtype=nt&installDate={installDate}&barcodeid={barcodeID}&um={UM}
FF SearchEngineOrder.1: Ask.com
FF Homepage: https://mysearch.avg.com?pid=safeguard&sg=&cid=%7b4f85dec8-3e7c-4fa4-b87b-5ea88e20d867%7d&mid=595ef783946d47d089abbd2b2bae1dbc-0f30609646006e0eb2a8c674a8fcf2e08283bd3e&ds=ts023&coid=avgtbdists&cmpid=&v=18.1.9.786&lang=en&pr=sa&d=2014-02-06%2010%3a49%3a30&sap=hp
FF Keyword.URL: hxxp://feed.helperbar.com/?publisher=MuvicAMBS&dpid=MuvicAMBS&co=US&userid=9d3b4384-48d9-77c5-6716-d1cf85eb7be9&searchtype=ds&installDate={installDate}&barcodeid={barcodeID}&um={UM}&q=
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: TorchVLC -> C:\Users\chris\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll (VideoLAN)
FF user.js: detected! => C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\z19vfitk.default\user.js
FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\z19vfitk.default\searchplugins\Ask.xml
FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\z19vfitk.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\z19vfitk.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\z19vfitk.default\searchplugins\safesearch.xml
FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\z19vfitk.default\searchplugins\search-results.xml
FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\z19vfitk.default\searchplugins\Searchou.xml
FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\z19vfitk.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: YouTube Unblocker - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\z19vfitk.default\Extensions\youtubeunblocker@unblocker.yt [2014-06-15]
FF Extension: Garmin Communicator - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\z19vfitk.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-23]
FF Extension: Personas Plus - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\z19vfitk.default\Extensions\personas@christopher.beard.xpi [2011-07-26]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-03-09]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.799
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.799 [2014-08-25]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.5.0.19\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.5.0.19\coFFPlgn [2014-10-07]
FF HKCU\...\Firefox\Extensions: [{D2C6173E-3EF8-F41A-372B-0F73D7C8020B}] - C:\Program Files (x86)\ver1Safer-Surf\177.xpi

Chrome:
=======
CHR Profile: C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Safer-Surf) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibhlbcbdelgpmpkpdpaakklajcbbobdo [2014-08-20]
CHR Extension: (MAgoniPicc) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmidicghlnpnkllbbibaceemgbpfllh [2013-03-14]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-25]
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-02-02]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3364368 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [293448 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 CLHNServiceForPowerDVD12; C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [89864 2013-02-25] (CyberLink Corp.)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-02-25] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-02-25] (CyberLink)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [441176 2014-08-27] (Garmin Ltd or its subsidiaries)
S3 jswpsapi; C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe [942080 2008-02-29] (Atheros Communications, Inc.) [File not signed]
R2 MCLIENT; C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe [143928 2012-12-04] (Symantec Corporation)
S2 MSI_LiveUpdate_Service; D:\program Files (86)\Live Update\MSI_LiveUpdate_Service.exe [1722320 2014-08-26] (Micro-Star International)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [162800 2014-03-17] (MSI)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
R3 OnlineStorageService; C:\Program Files\Trend Micro SafeSync\hrfscore.exe [7908664 2012-07-12] (Trend Micro Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-04-24] ()
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AE6000; C:\Windows\System32\DRIVERS\AE6000w764.sys [2196512 2013-01-25] (Ralink Technology Corp.)
S2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [247576 2014-07-24] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [270616 2014-07-02] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.5.0.19\Definitions\BASHDefs\20141003.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 ccSet_MCLIENT; C:\Windows\system32\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys [168096 2012-10-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-07-02] (DT Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-08-26] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-08-26] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.5.0.19\Definitions\IPSDefs\20141008.001\IDSvia64.sys [633560 2014-09-12] (Symantec Corporation)
R1 JSWPSLWF; C:\Windows\SysWOW64\DRIVERS\jswpslwfx.sys [26624 2008-10-01] (Atheros Communications, Inc.)
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [11776 2010-06-28] (HandSet Incorporated)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.5.0.19\Definitions\VirusDefs\20141008.016\ENG64.SYS [129752 2014-10-01] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.5.0.19\Definitions\VirusDefs\20141008.016\EX64.SYS [2137304 2014-10-01] (Symantec Corporation)
S3 NTIOLib_1_0_2; C:\Program Files (x86)\MSI\BIOSUnlockCPUCore\NTIOLib_X64.sys [14136 2010-04-21] (MSI)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 NTIOLib_1_0_4; D:\program Files (86)\Live Update\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
R2 ntk_PowerDVD12; C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [83704 2012-09-10] (Cyberlink Corp.)
S3 PCAMp50a64; C:\Windows\System32\Drivers\PCAMp50a64.sys [43328 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [41280 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39080 2014-05-19] (Razer Inc)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-10-07] ()
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2014-07-23] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-07-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-09-15] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-07-23] (Symantec Corporation)
R3 VX6000; C:\Windows\System32\DRIVERS\VX6000Xp.sys [2143600 2009-06-30] (Microsoft Corporation
)
S3 WN111v2; C:\Windows\System32\DRIVERS\WN111v2w7x.sys [783360 2010-04-27] (Atheros Communications, Inc.)
U4 Wubeh0krs; No ImagePath
R2 {73526619-C24F-470B-9BED-53D455FBB5C6}; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [130320 2013-02-25] (CyberLink Corp.)
S3 BioNTDrv; \??\C:\Program Files (x86)\Paragon Software\Migrate OS to SSD 3.0\program\BioNTDrv.SYS [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S2 iocbios2; \??\C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [X]
S3 ipadtst; \??\C:\Program Files (x86)\MSI\Super-Charger\ipadtst_64.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S4 RAMDiskVE; System32\Drivers\RAMDiskVE.sys [X]
U2 wuaserv; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVC: ICAM3NT5 -> No ServiceDLL Path.

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-09 00:46 - 2014-10-09 00:46 - 00000221 _____ () C:\Users\chris\Desktop\Pirates of Black Cove Gold.url
2014-10-09 00:46 - 2014-10-09 00:46 - 00000221 _____ () C:\Users\chris\Desktop\Knights and Merchants.url
2014-10-09 00:12 - 2014-10-09 00:12 - 00000220 _____ () C:\Users\chris\Desktop\Crash Time II.url
2014-10-08 16:30 - 2014-10-08 16:44 - 00000000 ____D () C:\Users\chris\Documents\Euro Truck Simulator 2
2014-10-07 12:50 - 2014-10-07 12:50 - 00038965 ____N () C:\Users\chris\Desktop\dds.txt
2014-10-07 12:50 - 2014-10-07 12:50 - 00017721 ____N () C:\Users\chris\Desktop\attach.txt
2014-10-07 12:50 - 2014-10-07 12:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2014-10-07 12:50 - 2014-10-07 12:50 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-10-07 12:34 - 2014-10-09 14:48 - 00000000 ____D () C:\FRST
2014-10-07 12:29 - 2014-10-07 12:29 - 00001152 _____ () C:\Users\Public\Desktop\Install Microsoft LifeCam.lnk
2014-10-07 04:35 - 2014-10-07 04:41 - 00000000 ____D () C:\ProgramData\SecTaskMan
2014-10-07 04:35 - 2014-10-07 04:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
2014-10-07 04:35 - 2014-10-07 04:35 - 00000000 ____D () C:\Program Files (x86)\Security Task Manager
2014-10-07 04:17 - 2014-10-07 05:17 - 00000000 ____D () C:\ProgramData\AVG2015
2014-10-07 04:17 - 2014-10-07 04:17 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-10-07 04:17 - 2014-10-07 04:17 - 00000000 ___HD () C:\$AVG
2014-10-07 04:17 - 2014-10-07 04:17 - 00000000 ____D () C:\Users\chris\AppData\Roaming\TuneUp Software
2014-10-07 04:17 - 2014-10-07 04:17 - 00000000 ____D () C:\Users\chris\AppData\Roaming\AVG2015
2014-10-07 04:17 - 2014-10-07 04:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-10-07 04:16 - 2014-10-07 04:16 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-10-07 04:06 - 2014-10-09 14:19 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-07 04:06 - 2014-10-07 04:27 - 00000000 ____D () C:\Users\chris\AppData\Local\Avg2015
2014-10-07 04:06 - 2014-10-07 04:06 - 00000000 ____D () C:\Users\chris\AppData\Local\MFAData
2014-10-07 00:47 - 2014-10-07 00:55 - 00000000 ____D () C:\Program Files (x86)\PhotoScape
2014-10-07 00:47 - 2014-10-07 00:54 - 00001035 ____N () C:\Users\chris\Desktop\PhotoScape.lnk
2014-10-07 00:47 - 2014-10-07 00:47 - 00001035 _____ () C:\Users\Guest\Desktop\PhotoScape.lnk
2014-10-07 00:46 - 2012-05-01 00:52 - 18376624 ____N (Mooii) C:\Users\chris\Desktop\PhotoScape_V3.6.2.exe
2014-10-05 14:46 - 2014-10-05 14:46 - 00000000 ____D () C:\Users\chris\Documents\Rockstar Games
2014-10-05 14:46 - 2014-10-05 14:46 - 00000000 ____D () C:\Users\chris\AppData\Local\Chromium
2014-10-05 14:01 - 2014-10-05 14:01 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2014-10-04 21:36 - 2014-10-04 21:36 - 00000000 ____D () C:\Users\chris\Documents\4A Games
2014-10-04 21:30 - 2014-10-04 21:30 - 00000000 ____D () C:\Users\chris\AppData\Local\4A Games
2014-10-04 21:27 - 2014-10-04 21:27 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-10-04 21:27 - 2014-10-04 21:27 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-10-04 01:27 - 2014-10-04 01:27 - 00000000 ____D () C:\ProgramData\CyberLink
2014-10-03 00:37 - 2014-10-03 00:37 - 00000221 ____N () C:\Users\chris\Desktop\Trucks & Trailers.url
2014-10-03 00:35 - 2014-10-03 00:35 - 00000221 ____N () C:\Users\chris\Desktop\Euro Truck Simulator 2.url
2014-10-03 00:34 - 2014-10-03 00:34 - 00000221 ____N () C:\Users\chris\Desktop\Euro Truck Simulator.url
2014-10-03 00:34 - 2014-10-03 00:34 - 00000221 ____N () C:\Users\chris\Desktop\Bus Driver.url
2014-10-03 00:33 - 2014-10-03 00:33 - 00000221 ____N () C:\Users\chris\Desktop\Scania Truck Driving Simulator.url
2014-10-03 00:32 - 2014-10-03 00:32 - 00000221 ____N () C:\Users\chris\Desktop\Metro Last Light Redux.url
2014-10-02 21:18 - 2014-10-02 21:18 - 00000924 ____N () C:\Users\chris\Desktop\Frozen Throne.lnk
2014-10-02 21:18 - 2014-10-02 21:18 - 00000921 ____N () C:\Users\chris\Desktop\Warcraft III.lnk
2014-10-02 21:18 - 2014-10-02 21:18 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warcraft III Reign of Chaos & The Frozen Throne
2014-10-02 20:05 - 2014-10-02 20:05 - 00081096 _____ () C:\Users\chris\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-02 19:54 - 2014-10-02 19:54 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-10-02 19:54 - 2014-10-02 19:54 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Utherverse
2014-10-02 17:22 - 2014-10-02 17:22 - 00001890 _____ () C:\Windows\diagwrn.xml
2014-10-02 17:22 - 2014-10-02 17:22 - 00001890 _____ () C:\Windows\diagerr.xml
2014-10-02 00:43 - 2014-10-02 00:43 - 00000000 ____D () C:\Users\chris\AppData\Roaming\SlimCleaner
2014-10-01 23:54 - 2014-10-01 23:55 - 00000000 ____D () C:\Users\chris\Desktop\New folder (2)
2014-09-30 14:44 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 14:44 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-29 23:09 - 2014-09-29 23:09 - 00055976 _____ () C:\Windows\SysWOW64\CCCInstall_201409292309061857.log
2014-09-29 23:09 - 2014-09-29 23:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-09-29 23:09 - 2014-09-29 23:09 - 00000000 ____D () C:\ProgramData\ATI
2014-09-29 23:09 - 2014-09-29 23:09 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-09-28 22:05 - 2014-09-28 22:05 - 00000221 ____N () C:\Users\chris\Desktop\Just Cause 2 Multiplayer Mod.url
2014-09-28 22:04 - 2014-09-28 22:04 - 00000219 ____N () C:\Users\chris\Desktop\Just Cause 2.url
2014-09-28 22:02 - 2014-09-28 22:02 - 00000220 ____N () C:\Users\chris\Desktop\The Elder Scrolls V Skyrim.url
2014-09-28 21:43 - 2014-09-28 21:43 - 00003092 _____ () C:\Windows\System32\Tasks\{33572D7E-5E3B-41F3-9360-9E794F882699}
2014-09-28 21:30 - 2014-09-28 21:30 - 00000221 ____N () C:\Users\chris\Desktop\L.A. Noire.url
2014-09-28 21:27 - 2014-09-28 21:27 - 00000220 ____N () C:\Users\chris\Desktop\Grand Theft Auto IV.url
2014-09-28 21:27 - 2014-09-28 21:27 - 00000220 ____N () C:\Users\chris\Desktop\Grand Theft Auto Episodes from Liberty City.url
2014-09-28 21:26 - 2014-09-28 21:26 - 00000221 ____N () C:\Users\chris\Desktop\Max Payne 3.url
2014-09-28 21:23 - 2014-09-28 21:23 - 00000220 ____N () C:\Users\chris\Desktop\Max Payne.url
2014-09-28 21:23 - 2014-09-28 21:23 - 00000220 ____N () C:\Users\chris\Desktop\Max Payne 2 The Fall of Max Payne.url
2014-09-28 21:22 - 2014-09-28 21:22 - 00000220 ____N () C:\Users\chris\Desktop\FINAL FANTASY VIII.url
2014-09-28 21:21 - 2014-09-28 21:21 - 00000220 ____N () C:\Users\chris\Desktop\FINAL FANTASY VII.url
2014-09-28 21:18 - 2014-09-28 21:18 - 00000219 ____N () C:\Users\chris\Desktop\Deus Ex Game of the Year Edition.url
2014-09-28 20:13 - 2014-09-28 20:13 - 00076819 _____ () C:\Users\chris\Documents\Untitled (9).wma
2014-09-28 20:11 - 2014-09-28 20:11 - 00180089 _____ () C:\Users\chris\Documents\Untitled (8).wma
2014-09-28 20:03 - 2014-09-28 20:13 - 00072329 _____ () C:\Users\chris\Documents\Untitled (7).wma
2014-09-28 19:59 - 2014-09-28 19:59 - 00054369 _____ () C:\Users\chris\Documents\Untitled (6).wma
2014-09-28 19:58 - 2014-09-28 19:58 - 00045389 _____ () C:\Users\chris\Documents\Untitled (5).wma
2014-09-28 19:57 - 2014-09-28 19:59 - 00076819 _____ () C:\Users\chris\Documents\Untitled (4).wma
2014-09-28 19:57 - 2014-09-28 19:57 - 00049879 _____ () C:\Users\chris\Documents\Untitled (3).wma
2014-09-28 15:55 - 2014-09-28 15:55 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2014-09-28 15:55 - 2014-09-28 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-09-27 23:01 - 2014-09-27 23:01 - 00001338 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
2014-09-27 23:01 - 2014-09-27 23:01 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2014-09-27 23:01 - 2014-09-27 23:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
2014-09-27 20:36 - 2014-09-27 20:36 - 00000000 ____D () C:\Users\chris\Documents\Games for Windows - LIVE Demos
2014-09-27 20:28 - 2014-09-27 20:28 - 00000000 __SHD () C:\ProgramData\DSS
2014-09-27 20:28 - 2014-09-27 20:28 - 00000000 ____D () C:\ProgramData\Codemasters
2014-09-27 20:23 - 2014-09-27 23:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-09-27 20:21 - 2014-09-27 20:28 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2014-09-27 20:21 - 2014-09-27 20:28 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2014-09-27 20:21 - 2014-09-27 20:28 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2014-09-27 20:21 - 2014-09-27 20:28 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2014-09-27 20:21 - 2014-09-27 20:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound
2014-09-27 20:21 - 2014-09-27 20:28 - 00000000 ____D () C:\Program Files (x86)\BRS
2014-09-27 20:21 - 2014-09-27 20:21 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2014-09-27 20:21 - 2011-03-19 15:16 - 01417216 _____ (Blue Ripple Sound Limited) C:\Windows\SysWOW64\rapture3d_oal.dll
2014-09-27 20:21 - 2010-09-22 13:12 - 19087360 _____ (Intel Corporation / Blue Ripple Sound Limited) C:\Windows\SysWOW64\mkl_blueripple.dll
2014-09-27 08:36 - 2014-09-27 08:36 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-09-25 19:49 - 2014-09-25 19:55 - 00000000 ____D () C:\Users\chris\Desktop\New folder (4)
2014-09-25 00:10 - 2014-09-25 00:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-23 21:51 - 2014-09-30 13:09 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Tropico 3
2014-09-23 19:29 - 2014-09-09 17:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 19:29 - 2014-09-09 16:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-23 09:16 - 2014-09-23 09:16 - 00000220 ____N () C:\Users\chris\Desktop\Tropico 3 - Steam Special Edition.url
2014-09-23 06:02 - 2014-10-02 17:58 - 00000000 ____D () C:\Users\chris\Documents\Square Enix
2014-09-21 05:40 - 2014-09-21 05:40 - 00000000 ____D () C:\Users\chris\Documents\Respawn
2014-09-21 02:08 - 2014-09-27 08:57 - 00000855 _____ () C:\Users\Public\Desktop\Titanfall.lnk
2014-09-21 02:08 - 2014-09-21 02:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Titanfall
2014-09-19 20:36 - 2014-09-20 05:04 - 00000000 ____D () C:\Users\chris\Desktop\New folder (3)
2014-09-19 20:06 - 2014-09-19 20:06 - 00003094 _____ () C:\Windows\System32\Tasks\{FFD837B2-7C2D-4DF3-9611-25C07919B449}
2014-09-19 18:13 - 2014-09-19 18:13 - 00000000 ____D () C:\Users\chris\AppData\Local\Splashtop
2014-09-19 14:55 - 2014-09-28 16:13 - 00000000 ____D () C:\Users\chris\New folder (2)
2014-09-19 14:46 - 2014-09-19 14:46 - 00000000 ____D () C:\ProgramData\Splashtop
2014-09-19 14:46 - 2014-09-19 14:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Splashtop Remote
2014-09-19 14:46 - 2014-09-19 14:46 - 00000000 ____D () C:\Program Files (x86)\Splashtop
2014-09-19 14:12 - 2014-09-19 14:12 - 00000219 ____N () C:\Users\chris\Desktop\Supreme Commander.url
2014-09-19 14:12 - 2014-09-19 14:12 - 00000219 ____N () C:\Users\chris\Desktop\Supreme Commander Forged Alliance.url
2014-09-19 14:06 - 2014-09-19 14:06 - 41944368 ____C () C:\RAMDisk.img
2014-09-19 14:05 - 2014-09-19 14:05 - 00001697 _____ () C:\Users\Public\Desktop\Radeon RAMDisk Configuration Utility.lnk
2014-09-19 14:05 - 2014-09-19 14:05 - 00000000 ____D () C:\Users\chris\AppData\Local\Dataram_Corporation
2014-09-19 14:05 - 2014-09-19 14:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Radeon RAMDisk
2014-09-19 13:54 - 2014-09-28 21:59 - 00000169 ____N () C:\Users\chris\Desktop\DiRT 3.url
2014-09-19 13:24 - 2014-09-19 13:24 - 00002837 ____N () C:\Users\chris\Unigine_Heaven_Benchmark_4.0_20140919_1324.html
2014-09-19 12:30 - 2014-09-19 12:30 - 00003411 ____N () C:\Users\chris\Documents\unigine_20140919_1230.html
2014-09-19 12:26 - 2014-09-19 12:26 - 00002836 ____N () C:\Users\chris\Documents\Unigine_Heaven_Benchmark_4.0_20140919_1226.html
2014-09-19 12:19 - 2014-09-19 12:19 - 00002666 ____N () C:\Users\chris\Documents\Unigine_Valley_Benchmark_1.0_20140919_1219.html
2014-09-19 12:04 - 2014-09-19 12:04 - 00003028 _____ () C:\Windows\System32\Tasks\{D57B896B-F078-495C-866A-5C3E3BD59D47}
2014-09-19 09:24 - 2014-09-19 09:32 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Wondershare
2014-09-19 09:24 - 2014-09-19 09:24 - 00000000 ____D () C:\Users\chris\AppData\Local\Wondershare
2014-09-19 09:20 - 2014-09-19 09:24 - 00000000 ____D () C:\Users\Public\Documents\Wondershare
2014-09-19 00:13 - 2014-09-19 00:13 - 00000868 _____ () C:\Users\Public\Desktop\Bejeweled 3.lnk
2014-09-19 00:13 - 2014-09-19 00:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bejeweled 3
2014-09-17 11:05 - 2014-09-17 11:05 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-17 11:05 - 2014-09-17 11:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-17 11:05 - 2014-09-17 11:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-17 11:05 - 2014-09-17 11:05 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-09-17 11:05 - 2014-09-17 11:05 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-17 11:05 - 2014-09-17 11:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-17 11:05 - 2014-09-17 11:05 - 00000000 ____D () C:\Program Files\Java
2014-09-17 11:05 - 2014-09-17 11:05 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-15 18:21 - 2014-09-15 18:21 - 00051200 _____ () C:\Windows\system32\kdbsdk64.dll
2014-09-15 18:19 - 2014-09-15 18:19 - 00038912 _____ () C:\Windows\SysWOW64\kdbsdk32.dll
2014-09-15 17:32 - 2014-09-15 17:32 - 00128384 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2014-09-15 17:32 - 2014-09-15 17:32 - 00118096 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2014-09-15 17:32 - 2014-09-15 17:32 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2014-09-15 17:32 - 2014-09-15 17:32 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2014-09-15 17:32 - 2014-09-15 17:32 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2014-09-15 17:32 - 2014-09-15 17:32 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2014-09-15 17:31 - 2014-09-15 17:31 - 09254184 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2014-09-15 17:31 - 2014-09-15 17:31 - 00126848 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2014-09-15 17:29 - 2014-09-15 17:29 - 00293088 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2014-09-15 17:26 - 2014-09-15 17:26 - 16750080 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2014-09-15 17:18 - 2014-09-15 17:18 - 00235008 _____ () C:\Windows\system32\clinfo.exe
2014-09-15 17:18 - 2014-09-15 17:18 - 00098816 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll
2014-09-15 17:17 - 2014-09-15 17:17 - 33867264 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2014-09-15 17:17 - 2014-09-15 17:17 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll
2014-09-15 17:17 - 2014-09-15 17:17 - 00083456 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2014-09-15 17:17 - 2014-09-15 17:17 - 00073216 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2014-09-15 17:16 - 2014-09-15 17:16 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-09-15 17:14 - 2014-09-15 17:14 - 05316096 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdhsasc64.dll
2014-09-15 17:14 - 2014-09-15 17:14 - 04335616 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdhsasc.dll
2014-09-15 17:13 - 2014-09-15 17:13 - 27918336 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2014-09-15 17:11 - 2014-09-15 17:11 - 00001913 ____N () C:\Users\chris\Desktop\XML Notepad 2007.lnk
2014-09-15 17:11 - 2014-09-15 17:11 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XML Notepad 2007
2014-09-15 17:09 - 2014-09-15 17:09 - 05639168 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2014-09-15 17:09 - 2014-09-15 17:09 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2014-09-15 17:09 - 2014-09-15 17:09 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2014-09-15 17:09 - 2014-09-15 17:09 - 00048128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2014-09-15 17:09 - 2014-09-15 17:09 - 00037888 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2014-09-15 17:07 - 2014-09-15 17:07 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2014-09-15 17:07 - 2014-09-15 17:07 - 03437632 _____ () C:\Windows\system32\atiumd6a.cap
2014-09-15 17:07 - 2014-09-15 17:07 - 00609272 _____ () C:\Windows\SysWOW64\atiapfxx.blb
2014-09-15 17:07 - 2014-09-15 17:07 - 00609272 _____ () C:\Windows\system32\atiapfxx.blb
2014-09-15 17:07 - 2014-09-15 17:07 - 00367104 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2014-09-15 17:07 - 2014-09-15 17:07 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2014-09-15 17:07 - 2014-09-15 17:07 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2014-09-15 17:07 - 2014-09-15 17:07 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2014-09-15 17:07 - 2014-09-15 17:07 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2014-09-15 17:06 - 2014-09-15 17:06 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2014-09-15 17:05 - 2014-09-15 17:05 - 04480000 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2014-09-15 17:05 - 2014-09-15 17:05 - 00069876 _____ () C:\Windows\system32\energy-report.xml
2014-09-15 17:03 - 2014-09-15 17:03 - 03471376 _____ () C:\Windows\SysWOW64\atiumdva.cap
2014-09-15 17:03 - 2014-09-15 17:03 - 00619008 _____ (AMD) C:\Windows\system32\atieclxx.exe
2014-09-15 17:03 - 2014-09-15 17:03 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2014-09-15 17:03 - 2014-09-15 17:03 - 00239616 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2014-09-15 17:03 - 2014-09-15 17:03 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
2014-09-15 17:03 - 2014-09-15 17:03 - 00091648 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2014-09-15 17:03 - 2014-09-15 17:03 - 00085504 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2014-09-15 17:03 - 2014-09-15 17:03 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll
2014-09-15 17:01 - 2014-09-15 17:01 - 00055955 _____ () C:\Windows\system32\energy-report.html
2014-09-15 17:00 - 2014-09-15 17:00 - 00095744 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2014-09-15 16:59 - 2014-09-15 16:59 - 01210880 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2014-09-15 16:59 - 2014-09-15 16:59 - 00827392 _____ (AMD) C:\Windows\system32\coinst_14.30.dll
2014-09-15 16:59 - 2014-09-15 16:59 - 00576000 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2014-09-15 16:59 - 2014-09-15 16:59 - 00146944 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2014-09-15 16:59 - 2014-09-15 16:59 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2014-09-15 16:59 - 2014-09-15 16:59 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2014-09-15 16:59 - 2014-09-15 16:59 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2014-09-15 16:59 - 2014-09-15 16:59 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2014-09-15 16:58 - 2014-09-15 16:58 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2014-09-15 16:04 - 2014-09-15 16:04 - 00000914 _____ () C:\Users\Public\Desktop\Populous The Beginning.lnk
2014-09-15 16:04 - 2014-09-15 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Populous The Beginning
2014-09-15 14:07 - 1999-12-31 19:00 - 00939224 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2014-09-15 14:07 - 1999-12-31 19:00 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2014-09-15 05:40 - 2014-09-27 08:31 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-09-15 05:40 - 2014-09-27 08:31 - 00002319 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-09-15 05:40 - 2014-09-15 05:40 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-09-15 05:40 - 2014-09-15 05:40 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-09-15 05:40 - 2014-09-15 05:40 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-09-15 05:39 - 2014-09-27 08:31 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-09-15 05:39 - 2014-09-27 08:31 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-09-15 05:39 - 2014-09-15 05:39 - 00000000 ____D () C:\Program Files (x86)\Norton 360
2014-09-14 15:11 - 2014-09-15 05:42 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-09-14 15:11 - 2014-09-15 05:39 - 00001308 ____N () C:\Users\chris\Desktop\Norton Installation Files.lnk
2014-09-14 15:04 - 2014-10-07 13:02 - 00000000 ____D () C:\Users\chris\Desktop\New folder
2014-09-14 15:03 - 2014-09-14 15:03 - 00000838 _____ () C:\Users\Public\Desktop\MSI Live Update 6.lnk
2014-09-14 15:03 - 2014-09-14 15:03 - 00000000 ____D () C:\MSILU
2014-09-14 14:53 - 2014-09-28 22:04 - 00000220 ____N () C:\Users\chris\Desktop\Call of Duty Black Ops - Multiplayer.url
2014-09-14 14:53 - 2014-09-14 14:53 - 00000220 ____N () C:\Users\chris\Desktop\The Elder Scrolls IV Oblivion.url
2014-09-14 14:52 - 2014-09-14 14:52 - 00000219 ____N () C:\Users\chris\Desktop\X-Tension.url
2014-09-14 14:52 - 2014-09-14 14:52 - 00000219 ____N () C:\Users\chris\Desktop\X3 Terran Conflict.url
2014-09-14 14:52 - 2014-09-14 14:52 - 00000219 ____N () C:\Users\chris\Desktop\X3 Reunion.url
2014-09-14 14:52 - 2014-09-14 14:52 - 00000219 ____N () C:\Users\chris\Desktop\X2 The Threat.url
2014-09-14 14:52 - 2014-09-14 14:52 - 00000219 ____N () C:\Users\chris\Desktop\X Beyond the Frontier.url
2014-09-14 13:55 - 2014-09-14 13:55 - 00002121 _____ () C:\Users\Public\Desktop\Heaven Benchmark 4.0.lnk
2014-09-14 13:51 - 2014-09-14 13:51 - 00003404 ____N () C:\Users\chris\unigine_20140914_1351.html
2014-09-14 13:46 - 2014-09-19 12:26 - 00000000 ____D () C:\Users\chris\Unigine Sanctuary
2014-09-14 13:46 - 2014-09-14 13:55 - 00000000 ____D () C:\Program Files (x86)\Unigine
2014-09-14 13:46 - 2014-09-14 13:46 - 00001059 ____N () C:\Users\chris\Desktop\Sanctuary Demo v2.3.lnk
2014-09-14 13:46 - 2014-09-14 13:46 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unigine
2014-09-14 13:16 - 2014-09-14 13:55 - 59688960 ____R () C:\Users\chris\Downloads\Unigine_Tropics-1.3.msi
2014-09-14 13:15 - 2014-09-14 13:45 - 30514688 ____R () C:\Users\chris\Downloads\Unigine_Sanctuary-2.3.msi
2014-09-14 13:14 - 2014-09-14 13:14 - 00000856 ____N () C:\Users\chris\Desktop\µTorrent.lnk
2014-09-14 13:14 - 2014-09-14 13:14 - 00000836 ____N () C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-09-11 14:38 - 2014-10-02 19:49 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Samsung
2014-09-11 14:38 - 2014-10-02 19:49 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-09-11 14:38 - 2014-09-11 14:38 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-09-11 14:38 - 2014-09-11 14:38 - 00000000 ____D () C:\Users\chris\Documents\SelfMV
2014-09-11 14:38 - 2014-09-11 14:38 - 00000000 ____D () C:\Users\chris\Documents\samsung
2014-09-11 14:38 - 2014-05-07 17:42 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll
2014-09-11 03:03 - 2014-08-19 13:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 03:03 - 2014-08-19 12:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 03:03 - 2014-08-18 18:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 03:03 - 2014-08-18 17:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 03:03 - 2014-08-18 17:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 03:03 - 2014-08-18 17:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 03:03 - 2014-08-18 17:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 03:03 - 2014-08-18 17:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 03:03 - 2014-08-18 17:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 03:03 - 2014-08-18 17:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 03:03 - 2014-08-18 17:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 03:03 - 2014-08-18 17:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 03:03 - 2014-08-18 17:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 03:03 - 2014-08-18 17:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 03:03 - 2014-08-18 17:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 03:03 - 2014-08-18 17:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 03:03 - 2014-08-18 17:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 03:03 - 2014-08-18 17:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 03:03 - 2014-08-18 17:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 03:03 - 2014-08-18 16:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 03:03 - 2014-08-18 16:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 03:03 - 2014-08-18 16:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 03:03 - 2014-08-18 16:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-11 03:03 - 2014-08-18 16:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 03:03 - 2014-08-18 16:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 03:03 - 2014-08-18 16:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 03:03 - 2014-08-18 16:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-11 03:03 - 2014-08-18 16:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 03:03 - 2014-08-18 16:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 03:03 - 2014-08-18 16:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 03:03 - 2014-08-18 16:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 03:03 - 2014-08-18 16:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 03:03 - 2014-08-18 16:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 03:03 - 2014-08-18 16:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-11 03:03 - 2014-08-18 16:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 03:03 - 2014-08-18 16:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 03:03 - 2014-08-18 16:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 03:03 - 2014-08-18 16:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 03:03 - 2014-08-18 16:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 03:03 - 2014-08-18 16:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 03:03 - 2014-08-18 16:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 03:03 - 2014-08-18 16:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 03:03 - 2014-08-18 16:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-11 03:03 - 2014-08-18 16:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 03:03 - 2014-08-18 16:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 03:03 - 2014-08-18 16:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 03:03 - 2014-08-18 16:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 03:03 - 2014-08-18 16:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 03:03 - 2014-08-18 16:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 03:03 - 2014-08-18 16:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 03:03 - 2014-08-18 16:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-11 03:03 - 2014-08-18 15:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 03:03 - 2014-08-18 15:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 03:03 - 2014-08-18 15:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 03:03 - 2014-08-18 15:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 03:03 - 2014-08-18 15:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-11 03:00 - 2014-06-26 21:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 03:00 - 2014-06-26 20:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 21:07 - 2014-09-10 21:07 - 00000000 ____D () C:\Users\chris\.jmc
2014-09-10 21:06 - 2014-09-10 21:06 - 00000000 ____D () C:\Users\chris\.eclipse
2014-09-10 20:12 - 2014-10-02 19:47 - 00000000 ____D () C:\Users\chris\Documents\UniTemp
2014-09-10 20:12 - 2014-09-10 20:12 - 00000000 ____D () C:\Program Files (x86)\Mikhail Prokofiev
2014-09-10 19:37 - 2014-09-10 19:37 - 00000000 ____D () C:\Users\chris\workspace
2014-09-10 10:30 - 2014-09-12 00:49 - 00000000 ____D () C:\Users\chris\AppData\Roaming\SyncDroid
2014-09-10 10:30 - 2014-09-10 10:33 - 00000000 ____D () C:\Users\chris\Documents\SyncDroid
2014-09-10 10:30 - 2014-09-10 10:30 - 00000722 _____ () C:\Users\Public\Desktop\SyncDroid.lnk
2014-09-10 10:30 - 2014-09-10 10:30 - 00000000 ____D () C:\SyncDroid
2014-09-10 10:30 - 2014-09-10 10:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SyncDroid
2014-09-10 10:17 - 2014-09-10 10:17 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-09-10 10:04 - 2014-09-10 10:04 - 00000000 ____D () C:\Program Files\SAMSUNG
2014-09-10 10:04 - 2013-05-01 23:23 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2014-09-10 10:04 - 2013-05-01 23:23 - 00708168 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller.dll
2014-09-10 09:55 - 2014-10-02 19:43 - 00000000 ____D () C:\Program Files (x86)\Kingo ROOT
2014-09-10 09:55 - 2014-09-10 09:55 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Kingosoft
2014-09-10 09:55 - 2014-09-10 09:55 - 00000000 ____D () C:\Users\chris\AppData\Local\Kingosoft
2014-09-10 06:07 - 2014-08-01 06:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 06:07 - 2014-08-01 06:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 06:00 - 2014-09-04 21:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 06:00 - 2014-09-04 21:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 06:00 - 2014-07-06 21:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 06:00 - 2014-07-06 21:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 06:00 - 2014-07-06 20:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 06:00 - 2014-07-06 20:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 06:00 - 2014-07-06 20:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 06:00 - 2014-06-23 22:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 06:00 - 2014-06-23 21:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-09 21:33 - 2014-09-09 21:33 - 00000967 _____ () C:\Users\Public\Desktop\Fraps.lnk
2014-09-09 21:33 - 2014-09-09 21:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2014-09-09 21:33 - 2014-09-09 21:33 - 00000000 ____D () C:\Program Files (x86)\Fraps

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-09 14:47 - 2012-10-17 17:28 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-09 14:41 - 2012-04-29 19:17 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-09 11:41 - 2012-04-29 19:17 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-09 03:00 - 2011-07-25 22:15 - 01175074 _____ () C:\Windows\WindowsUpdate.log
2014-10-09 00:46 - 2011-07-27 21:41 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-10-08 23:56 - 2014-08-29 03:17 - 00004176 _____ () C:\Windows\setupact.log
2014-10-08 20:50 - 2009-07-13 23:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-08 20:50 - 2009-07-13 23:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-08 00:29 - 2012-06-22 08:17 - 00060928 ___SH () C:\Users\chris\Desktop\Thumbs.db
2014-10-07 12:25 - 2009-07-14 00:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-07 12:20 - 2014-01-13 20:16 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-10-07 12:20 - 2014-01-13 20:16 - 00002836 _____ () C:\Windows\System32\Tasks\SlimDrivers Startup
2014-10-07 12:20 - 2014-01-13 20:16 - 00000410 _____ () C:\Windows\Tasks\SlimDrivers Startup.job
2014-10-07 12:20 - 2013-07-24 21:16 - 00000000 ____D () C:\ProgramData\Origin
2014-10-07 12:20 - 2013-07-24 21:16 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-10-07 12:20 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-07 12:19 - 2014-08-13 07:59 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2014-10-07 05:44 - 2011-08-07 18:33 - 00000000 ____D () C:\Users\chris\AppData\Local\CrashDumps
2014-10-07 04:36 - 2013-03-14 01:57 - 00000000 ____D () C:\ProgramData\MAgoniPicc
2014-10-07 04:35 - 2014-08-25 08:51 - 00000000 ____D () C:\Program Files (x86)\Age of Empires II HD The Forgotten
2014-10-07 00:47 - 2012-04-29 19:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
2014-10-05 22:13 - 2014-04-24 09:49 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Raptr
2014-10-05 14:01 - 2011-07-26 00:00 - 00644987 _____ () C:\Windows\DirectX.log
2014-10-04 21:27 - 2013-11-16 09:55 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-03 00:08 - 2014-08-12 14:17 - 00000000 ____D () C:\Users\chris\AppData\Roaming\uTorrent
2014-10-03 00:08 - 2014-07-03 00:28 - 00000000 ___HD () C:\SuperChargerProfile
2014-10-03 00:08 - 2013-07-24 21:22 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-10-03 00:08 - 2013-07-17 08:25 - 00000000 ____D () C:\Users\Guest
2014-10-03 00:08 - 2012-04-29 19:17 - 00000000 ____D () C:\Users\chris\AppData\Roaming\PhotoScape
2014-10-03 00:08 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-03 00:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\security
2014-10-03 00:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-10-02 21:18 - 2011-07-26 00:28 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-10-02 21:15 - 2011-12-25 18:01 - 00000000 ____D () C:\Windows\pss
2014-10-02 21:14 - 2011-07-25 22:21 - 00000000 ____D () C:\Users\chris
2014-10-02 20:31 - 2011-07-25 23:10 - 00008192 __RSH () C:\BOOTSECT.BAK
2014-10-02 19:56 - 2012-05-19 03:32 - 00000000 ____D () C:\AMD
2014-10-02 19:52 - 2012-06-11 22:43 - 00000000 ____D () C:\Program Files (x86)\Cyberlink
2014-10-02 19:52 - 2011-07-25 22:33 - 00000000 ___HD () C:\Program Files (x86)\installshield installation information
2014-10-02 19:51 - 2014-06-14 20:35 - 00000000 ____D () C:\Users\chris\AppData\Local\jZip
2014-10-02 19:44 - 2011-09-03 19:11 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games
2014-10-02 17:22 - 2014-08-29 03:17 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-02 01:04 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-02 00:58 - 2014-03-13 22:05 - 00000000 ____D () C:\Users\chris\AppData\Local\Skyrim
2014-10-01 23:51 - 2014-03-18 09:56 - 00000000 ____D () C:\Users\chris\Documents\Nexus Mod Manager
2014-10-01 14:00 - 2014-04-24 09:49 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-09-30 22:29 - 2014-03-18 09:56 - 00000890 _____ () C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2014-09-30 22:29 - 2014-03-18 09:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2014-09-30 22:29 - 2014-03-18 09:56 - 00000000 ____D () C:\Program Files\Nexus Mod Manager
2014-09-29 23:09 - 2014-04-24 21:09 - 00000000 ____D () C:\Program Files\AMD
2014-09-29 23:09 - 2011-07-26 01:23 - 00000000 ____D () C:\ProgramData\AMD
2014-09-29 23:09 - 2011-07-26 00:32 - 00000000 ____D () C:\Program Files (x86)\AMD
2014-09-29 23:08 - 2011-07-26 00:30 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-09-28 22:05 - 2014-02-26 23:12 - 00000220 ____N () C:\Users\chris\Desktop\Red Faction Guerrilla.url
2014-09-28 22:04 - 2014-03-14 19:00 - 00000220 ____N () C:\Users\chris\Desktop\The Elder Scrolls III Morrowind.url
2014-09-28 21:51 - 2014-04-25 20:37 - 00000000 ____D () C:\Users\chris\Documents\Egosoft
2014-09-28 21:50 - 2012-01-19 14:22 - 00000000 ____D () C:\Users\chris\AppData\Roaming\.minecraft
2014-09-28 20:32 - 2014-07-01 09:28 - 00000000 ____D () C:\Users\chris\AppData\Local\ftblauncher
2014-09-28 15:55 - 2013-11-16 09:55 - 00001888 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-09-28 15:55 - 2013-11-16 09:55 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-09-28 15:55 - 2011-10-13 17:09 - 00000000 ____D () C:\ProgramData\Garmin
2014-09-28 15:55 - 2011-07-26 00:32 - 00000000 ____D () C:\Program Files\DIFX
2014-09-27 23:01 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-27 23:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-27 20:28 - 2011-07-25 23:53 - 00000000 ____D () C:\Users\chris\Documents\My Games
2014-09-27 08:31 - 2014-08-23 05:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-27 08:31 - 2010-11-20 22:47 - 04840394 _____ () C:\Windows\PFRO.log
2014-09-27 08:31 - 2009-07-13 23:45 - 00310760 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-24 07:48 - 2012-10-17 17:28 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 07:48 - 2012-04-01 20:11 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 07:48 - 2011-07-26 16:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-23 08:17 - 2014-03-18 09:56 - 00000000 ____D () C:\Users\chris\AppData\Local\Black_Tree_Gaming
2014-09-20 20:30 - 2013-08-21 17:56 - 00000000 ____D () C:\Users\chris\AppData\Roaming\TS3Client
2014-09-19 23:48 - 2014-09-03 00:05 - 00000000 ____D () C:\Users\chris\AppData\Local\LOOT
2014-09-19 19:40 - 2012-11-14 23:19 - 00000000 ____D () C:\Users\chris\AppData\Roaming\ftblauncher
2014-09-19 19:36 - 2014-03-13 06:02 - 04980105 ____N () C:\Users\chris\Desktop\ftb_launcher.exe
2014-09-19 12:20 - 2013-03-31 14:12 - 02128896 _____ () C:\Users\chris\AppData\Local\file__0.localstorage
2014-09-19 12:07 - 2011-07-26 01:23 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-09-17 11:05 - 2014-01-18 13:37 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-17 11:05 - 2014-01-18 13:37 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-17 11:05 - 2014-01-18 13:37 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-17 11:05 - 2013-11-03 15:41 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-17 05:56 - 2013-11-03 15:45 - 00000024 ____N () C:\Users\chris\random.dat
2014-09-17 05:50 - 2013-11-03 15:45 - 00000044 ____N () C:\Users\chris\jagex_cl_runescape_LIVE.dat
2014-09-17 05:48 - 2013-11-03 15:36 - 00000000 ____D () C:\Program Files (x86)\SwiftKit
2014-09-15 17:31 - 2012-12-19 15:50 - 07028336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2014-09-15 17:31 - 2012-12-19 15:09 - 01113576 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2014-09-15 17:31 - 2012-12-19 14:44 - 07207592 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2014-09-15 17:31 - 2012-12-19 14:30 - 00100032 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2014-09-15 17:31 - 2012-04-05 20:34 - 08044976 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2014-09-15 17:31 - 2012-04-05 20:23 - 08296296 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2014-09-15 17:31 - 2011-09-08 11:51 - 00118096 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2014-09-15 17:31 - 2011-05-24 22:06 - 01335544 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2014-09-15 17:31 - 2011-05-24 21:49 - 10826488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2014-09-15 17:31 - 2011-05-24 21:24 - 00144328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2014-09-15 17:19 - 2011-12-25 17:54 - 00007596 _____ () C:\Users\chris\AppData\Local\resmon.resmoncfg
2014-09-15 17:17 - 2014-04-17 21:19 - 28770304 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2014-09-15 17:16 - 2014-04-17 21:17 - 00058880 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-09-15 17:08 - 2014-04-17 20:51 - 23375360 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2014-09-15 17:00 - 2014-04-17 20:08 - 00090112 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2014-09-15 16:59 - 2014-04-17 20:09 - 00900608 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2014-09-15 16:59 - 2014-04-17 20:07 - 00133632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2014-09-15 16:59 - 2014-04-17 20:07 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2014-09-15 14:07 - 2011-07-25 23:33 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-09-15 05:46 - 2013-08-20 17:49 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Skype
2014-09-15 05:42 - 2011-07-31 15:19 - 00000000 ____D () C:\Users\chris\Documents\Symantec
2014-09-15 05:42 - 2011-07-31 15:18 - 00000000 ____D () C:\ProgramData\Norton
2014-09-14 18:00 - 2014-01-03 06:13 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2014-09-14 15:06 - 2012-05-27 21:01 - 00159232 ___SH () C:\Users\chris\Documents\Thumbs.db
2014-09-14 15:03 - 2011-07-25 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2014-09-14 14:41 - 2014-07-02 23:29 - 00010854 _____ () C:\Windows\SysWOW64\Utility.xml
2014-09-14 14:00 - 2011-07-26 00:32 - 00306032 _____ () C:\Windows\DPINST.LOG
2014-09-14 13:55 - 2013-03-31 14:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unigine
2014-09-11 23:20 - 2014-04-13 10:29 - 00000000 ____D () C:\Users\chris\.android
2014-09-11 03:02 - 2013-07-19 06:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 03:02 - 2012-04-24 16:15 - 00774632 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-11 03:00 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-11 03:00 - 2011-07-29 21:20 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-09 21:26 - 2012-04-13 09:06 - 00000000 ____D () C:\Fraps
2014-09-09 21:24 - 2012-04-13 09:06 - 00003148 _____ () C:\Windows\System32\Tasks\FRAPS

Files to move or delete:
====================
C:\Users\chris\jagex_cl_runescape_LIVE.dat
C:\Users\chris\jagex_cl_runescape_LIVE1.dat
C:\Users\chris\memory.bat
C:\Users\chris\random.dat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64


LastRegBack: 2014-09-18 19:14

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-10-2014
Ran by chris at 2014-10-09 14:49:01
Running from D:\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.34024 - BitTorrent Inc.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
ACP Application (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.0.626 - Adobe Systems, Inc.)
Age of Empires II HD The Forgotten (HKLM-x32\...\QWdlb2ZFbXBpcmVzSUlIRFRoZUZvcmdvdHRlbg==_is1) (Version: 1 - )
AMD Accelerated Video Transcoding (Version: 13.30.100.40915 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
AMD Fuel (Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Steady Video Plug-In  (Version: 2.07.0000 - AMD) Hidden
AMD USB Filter Driver (x32 Version: 1.0.15.94 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5315 - AVG Technologies)
AVG 2015 (Version: 15.0.4181 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5315 - AVG Technologies) Hidden
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.1.9.799 - AVG Technologies)
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.0.0 - Electronic Arts)
Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
BIOS Code Unlocked Technology (HKLM-x32\...\BIOS Code Unlocked Technology_is1) (Version:  - msi, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
Bus Driver (HKLM-x32\...\Steam App 302080) (Version:  - SCS Software)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
Cisco Linksys AE6000 Driver (HKLM-x32\...\{02221266-B345-4544-A5C3-A995520E774D}) (Version: 1.1.0.3 - Cisco Consumer Products LLC)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
Command & Conquer™ 4 Tiberian Twilight (HKLM-x32\...\{82696435-8572-4D8B-A230-D1AA567D0F0F}) (Version: 1.0.0.0 - Electronic Arts)
Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ Red Alert™ 3 and Uprising (HKLM-x32\...\{3C315BF7-4B64-4024-8102-174A197437FA}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
ControlCenter (HKLM-x32\...\ControlCenter_is1) (Version:  - msi, Inc.)
Crash Time II (HKLM-x32\...\Steam App 11390) (Version:  - RTL interactive)
Creation Kit (HKLM-x32\...\Steam App 202480) (Version:  - bgs.bethsoft.com)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2625.57 - CyberLink Corp.)
CyberLink PowerDVD 12 (x32 Version: 12.0.2625.57 - CyberLink Corp.) Hidden
CyberLink WaveEditor (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 1.0.1.2318 - CyberLink Corp.)
CyberLink WaveEditor (x32 Version: 1.0.1.2318 - CyberLink Corp.) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0315 - DT Soft Ltd)
Deus Ex: Game of the Year Edition (HKLM-x32\...\Steam App 6910) (Version:  - Ion Storm)
DiRT 3 (HKLM-x32\...\Steam App 44320) (Version:  - Codemasters Racing Studio)
EasyViewer (HKLM-x32\...\InstallShield_{EECD7B96-1416-4D3A-B12D-0D2512120C36}) (Version: 1.3.0.9 - MSI)
EasyViewer (x32 Version: 1.3.0.9 - MSI) Hidden
Elevated Installer (x32 Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Euro Truck Simulator (HKLM-x32\...\Steam App 232010) (Version:  - SCS Software)
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version:  - SCS Software)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
FINAL FANTASY VII (HKLM-x32\...\Steam App 39140) (Version:  - Square Enix)
FINAL FANTASY VIII (HKLM-x32\...\Steam App 39150) (Version:  - SQUARE ENIX)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.0.0.0 - Futuremark Corporation)
FXAA Post Process Injector (HKLM-x32\...\FXAA Post Process Injector) (Version:  - )
Garmin Express (HKLM-x32\...\{22939821-cd61-449c-8a03-cff0af03c156}) (Version: 3.2.18.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version:  - Rockstar North / Toronto)
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.65.11 - JMicron Technology Corp.)
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche)
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version:  - JC2-MP Team)
Knights and Merchants (HKLM-x32\...\Steam App 253900) (Version:  - Topware Interactive)
L.A. Noire (HKLM-x32\...\Steam App 110800) (Version:  - Team Bondi)
Logitech SetPoint 6.52 (HKLM\...\sp6) (Version: 6.52.74 - Logitech)
LOOT (HKLM-x32\...\LOOT) (Version: 0.6.0 - LOOT Development Team)
Max Payne (HKLM-x32\...\Steam App 12140) (Version:  - Remedy Entertainment)
Max Payne 2: The Fall of Max Payne (HKLM-x32\...\Steam App 12150) (Version:  - Remedy Entertainment)
Max Payne 3 (HKLM-x32\...\Steam App 204100) (Version:  - Rockstar Studios)
Metro: Last Light Redux (HKLM-x32\...\Steam App 287390) (Version:  - 4A Games)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0 - Microsoft Corporation) Hidden
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSI Live Update (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.0.009 - MSI)
MSI Super Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.025 - MSI)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.3 - Black Tree Gaming)
Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
Norton Management (HKLM-x32\...\MCLIENT) (Version: 3.2.2.12 - Symantec Corporation)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.2.0416 - Bethesda Softworks)
Oblivion mod manager 1.1.12 (HKLM-x32\...\Oblivion mod manager_is1) (Version:  - Timeslip)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Pirates of Black Cove Gold (HKLM-x32\...\Steam App 254040) (Version:  - )
Populous The Beginning  (HKLM-x32\...\{3A180340-08DA-11d1-8AA4-00A0C930178C}) (Version: 1.0.0.1 - Electronic Arts)
Radeon RAMDisk (HKLM-x32\...\{90AC17CF-3394-4349-A1B8-ECC2C18CD787}) (Version: 4.4.0.32 - Dataram, Inc.)
RangeMax Wireless-N USB Adapter WN111v2 (HKLM-x32\...\InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}) (Version: 3.0.0.5 - NETGEAR)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Rapture3D 2.4.8 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.15.20888 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.86.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7283 - Realtek Semiconductor Corp.)
Red Faction: Guerrilla  (HKLM-x32\...\Steam App 20500) (Version:  - Volition)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.39.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.39.0 - Renesas Electronics Corporation) Hidden
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.0 - SAMSUNG Electronics Co., Ltd.)
Scania Truck Driving Simulator (HKLM-x32\...\Steam App 258760) (Version:  - SCS Software)
Seagate Manager Installer (HKLM-x32\...\InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}) (Version: 2.01.0600 - Seagate)
Seagate Manager Installer (x32 Version: 2.01.0600 - Seagate) Hidden
Security Task Manager 1.8g (HKLM-x32\...\Security Task Manager) (Version: 1.8g - Neuber Software)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SlimCleaner (HKLM-x32\...\{6B8D6199-EE44-4FD7-813A-6D8C62C9B384}) (Version: 4.0.30878 - SlimWare Utilities, Inc.)
SlimComputer (HKLM-x32\...\{574BF026-4487-4051-BCE5-83C4E40AAF6D}) (Version: 1.3.30878 - SlimWare Utilities, Inc.)
SlimDrivers (HKLM-x32\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.)
Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.6.0.4 - Splashtop Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Supreme Commander (HKLM-x32\...\Steam App 9350) (Version:  - Gas Powered Games)
Supreme Commander: Forged Alliance (HKLM-x32\...\Steam App 9420) (Version:  - Gas Powered Games)
SwiftKit (HKCU\...\SwiftKit) (Version:  - )
SyncDroid version 1.2.4 (HKLM-x32\...\{BE7E35A4-59E5-412B-9B18-57B4938B8C0B}_is1) (Version: 1.2.4 - JunTu Software, Inc.)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamingGenie (HKLM-x32\...\{AF9B9CCF-D1B4-44B4-A030-BFCF5686AA5E}_is1) (Version: 1.0.1.3 - MSI)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.11 - TeamSpeak Systems GmbH)
The Elder Scrolls III: Morrowind (HKLM-x32\...\Steam App 22320) (Version:  - Bethesda Game Studios®)
The Elder Scrolls IV: Oblivion  (HKLM-x32\...\Steam App 22330) (Version:  - Bethesda Game Studios)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.7.2 - Electronic Arts)
Torch (HKCU\...\Torch) (Version: 33.0.0.7326 - Torch Media, Inc) <==== ATTENTION
Trend Micro SafeSync (HKLM\...\HFRS_is1) (Version: 5.1.0.1173 - Trend Micro)
Tropico 3 - Steam Special Edition (HKLM-x32\...\Steam App 23490) (Version:  - Haemimont Games)
Trucks & Trailers (HKLM-x32\...\Steam App 302060) (Version:  - SCS Software)
Unigine Sanctuary Demo v2.3 (HKLM-x32\...\{A76A2E24-6590-44B4-8126-FAB1A7993A64}) (Version: 1.0 - Unigine Corp.)
Unigine Valley Benchmark Advanced version 1.0 (HKLM-x32\...\Unigine Valley Benchmark Advanced_is1) (Version: 1.0 - Unigine Corp.)
Unofficial Oblivion Patch v3.2.0 (HKLM-x32\...\Unofficial Oblivion Patch_is1) (Version: 3.2.0 - Quarn and Kivan)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Warcraft III Reign of Chaos & The Frozen Throne (HKLM-x32\...\Warcraft III Reign of Chaos & The Frozen Throne) (Version:  - )
Warhammer 40,000: Dawn Of War - Gold Edition (HKLM-x32\...\{83F12F73-D52E-40C0-93B1-463C311C4E17}) (Version: 1.40 - THQ)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinZip 15.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C3}) (Version: 15.5.9510 - WinZip Computing, S.L. )
WN111v2 (x32 Version: 3.0.0.5 - NETGEAR) Hidden
Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 0.3.0.5 - Wrye & Wrye Bash Development Team)
X3: Albion Prelude (HKLM-x32\...\Steam App 201310) (Version:  - Egosoft)
XML Notepad 2007 (HKLM-x32\...\{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}) (Version: 2.3.0.0 - Microsoft Corporation)
X-Universe Plugin Manager 1.47 (HKLM-x32\...\X-Universe Plugin Manager_is1) (Version: 1.47 - Cycrow)
zlib_and_png_libs_64 (HKLM\...\{54859CED-4458-4C89-B488-175EA766CD70}) (Version: 1.0.110 - Axialmedia)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

07-10-2014 09:16:48 Installed AVG 2015
07-10-2014 09:16:56 Installed AVG 2015
07-10-2014 09:26:18 Installerte Microsoft Office Outlook MUI (Norwegian (Bokmål)) 2010

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {146FE9BE-4407-43FB-BCE7-38DF1B31EC9C} - System32\Tasks\Norton Management\Norton Error Processor => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe [2012-10-18] (Symantec Corporation)
Task: {18347AFD-8127-4E1A-8F8B-B862C25C5219} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-29] (Google Inc.)
Task: {23BDC655-AF65-49BC-9362-6E28B9FAE6EB} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {634A5A0B-7CD5-4615-8FAD-69C442193A4E} - System32\Tasks\SlimDrivers Startup => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe [2013-09-24] (SlimWare Utilities, Inc.)
Task: {755FEE10-FD9A-4D27-87CE-B551353508CF} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-27] ()
Task: {86A8D480-ADA4-454A-8A9A-A2FA6E6A3155} - System32\Tasks\SlimCleaner Run => C:\Program Files (x86)\SlimCleaner\SlimCleaner.exe [2013-07-10] (SlimWare Utilities, Inc.)
Task: {972CFB12-9826-408C-8518-D5ED6E79C4CE} - System32\Tasks\Norton Management\Norton Error Analyzer => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe [2012-10-18] (Symantec Corporation)
Task: {9D13C84D-943C-439C-B10E-8EC71D04033B} - \DTReg No Task File <==== ATTENTION
Task: {A325DF5E-D4EC-4D6F-B650-DDA1B1C5D2E6} - System32\Tasks\{25AAE8BC-11CB-47C9-B286-5D31DAF7173D} => Firefox.exe
Task: {A694A690-1BA1-4F66-8D17-0F5700B5579C} - System32\Tasks\Logon_Trigger_WPS_Mon_Task => C:\Program Files (x86)\Linksys AE6000\WPS_Mon.exe [2012-12-20] (Cisco Consumer Products LLC)
Task: {A8B53CC1-0806-46E2-8F09-3E90F2157BA5} - System32\Tasks\SlimComputer Run => C:\Program Files (x86)\SlimComputer\SlimComputer.exe [2013-07-10] (SlimWare Utilities, Inc.)
Task: {C016F618-FADC-49D8-BFF6-E2EA1DC9558F} - \DTChk No Task File <==== ATTENTION
Task: {C75242B6-906B-4182-AF82-809531FCC06A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-29] (Google Inc.)
Task: {E6450313-71F9-4B7B-A8B1-6276AD2CF504} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {EBDA2A0B-6878-4BA6-BADA-69F0F39E496F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {ED479DC2-C7F4-4793-8EBC-CEB5209E5AD0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {EE2CC7A0-2E01-4738-BBA3-A5854072C24A} - System32\Tasks\FRAPS => C:\Fraps\fraps.exe
Task: {EF87B965-580B-42C4-9821-6547579BDD61} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Safer-Surf Update.job => ? <==== ATTENTION
Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe

==================== Loaded Modules (whitelisted) =============

2014-09-15 18:13 - 2014-09-15 18:13 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-04-24 11:41 - 2014-04-24 11:41 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2010-01-02 09:42 - 2010-01-02 09:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-08-11 10:09 - 2014-08-11 10:09 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
2014-01-13 20:21 - 2014-08-25 17:19 - 02640408 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
2014-09-15 18:13 - 2014-09-15 18:13 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-08-07 14:25 - 2013-08-07 14:25 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-08-11 10:09 - 2014-08-11 10:09 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
2013-08-01 21:08 - 2012-11-27 14:12 - 01210256 ____N () C:\Program Files (x86)\Linksys AE6000\RaWLAPI.dll
2014-03-01 15:55 - 2014-09-15 20:15 - 00962560 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll
2014-03-01 15:55 - 2014-09-15 20:15 - 00024064 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll
2014-03-01 15:55 - 2014-09-15 20:15 - 00025088 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll
2014-03-01 15:55 - 2014-09-15 20:15 - 00217088 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2014-03-01 15:55 - 2014-09-15 20:15 - 00261632 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2014-03-01 15:55 - 2014-09-15 20:15 - 00019968 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll
2014-03-01 15:55 - 2014-09-15 20:15 - 00302592 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll
2014-03-01 15:55 - 2014-09-15 20:15 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2014-09-19 09:24 - 2014-06-04 10:21 - 00571904 ____N () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-09-19 09:24 - 2014-05-19 17:19 - 00137728 ____N () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2014-01-13 20:21 - 2014-08-25 17:19 - 01654296 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\TBAPI.dll
2014-08-29 03:29 - 2014-08-21 13:15 - 01171456 _____ () D:\program Files (86)\Steam\libavcodec-56.dll
2014-08-29 03:29 - 2014-08-21 13:15 - 00442368 _____ () D:\program Files (86)\Steam\libavutil-54.dll
2014-08-29 03:29 - 2014-08-21 13:15 - 00332800 _____ () D:\program Files (86)\Steam\libavresample-2.dll
2013-07-22 01:06 - 2014-10-01 18:16 - 00774656 _____ () D:\program Files (86)\Steam\SDL2.dll
2014-05-28 16:22 - 2014-10-02 16:43 - 02226880 _____ () D:\program Files (86)\Steam\video.dll
2014-08-29 03:29 - 2014-08-21 13:15 - 00403968 _____ () D:\program Files (86)\Steam\libavformat-56.dll
2014-08-29 03:29 - 2014-08-21 13:15 - 00485888 _____ () D:\program Files (86)\Steam\libswscale-3.dll
2013-07-22 01:06 - 2014-10-02 16:43 - 00679616 _____ () D:\program Files (86)\Steam\bin\chromehtml.DLL
2013-07-22 01:06 - 2014-09-04 18:29 - 34589376 _____ () D:\program Files (86)\Steam\bin\libcef.dll
2014-08-16 10:54 - 2014-09-04 18:29 - 00837824 _____ () D:\program Files (86)\Steam\bin\ffmpegsumo.dll
2013-07-22 01:06 - 2014-10-02 16:43 - 00350400 _____ () D:\program Files (86)\Steam\steam.dll
2014-10-03 00:35 - 2014-10-03 18:00 - 00432136 _____ () D:\program Files (86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\swopenal32.dll
2014-09-25 00:10 - 2014-09-25 00:10 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-08-11 10:09 - 2014-08-11 10:09 - 00693784 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\NativeBrowserApi\18.1.9\NativeBrowserApi.dll
2014-09-10 10:51 - 2014-09-10 10:51 - 16825520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:4FC01C57

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SplashtopRemoteService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WN111v2 Smart Wizard.lnk => C:\Windows\pss\NETGEAR WN111v2 Smart Wizard.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk => C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartup
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: CarboniteSetupLite => "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: Garmin Lifetime Updater => C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
MSCONFIG\startupreg: JMB36X IDE Setup => C:\Windows\RaidTool\xInsIDE.exe
MSCONFIG\startupreg: MaxMenuMgr => "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-3957517088-2007298891-2815225478-500 - Administrator - Disabled)
chris (S-1-5-21-3957517088-2007298891-2815225478-1000 - Administrator - Enabled) => C:\Users\chris
Guest (S-1-5-21-3957517088-2007298891-2815225478-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-3957517088-2007298891-2815225478-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: iocbios2
Description: iocbios2
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: iocbios2
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft ISATAP Adapter #4
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/08/2014 02:53:24 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for D:\program Files (86)\Steam\steam.exe

Error: (10/08/2014 01:54:05 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {0cf6ff86-c89e-4add-9376-b89a86aac22d}

Error: (10/08/2014 06:56:27 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108

Error: (10/07/2014 00:58:17 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {0cf6ff86-c89e-4add-9376-b89a86aac22d}

Error: (10/07/2014 00:21:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/07/2014 00:20:49 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for D:\program Files (86)\Steam\steam.exe

Error: (10/07/2014 00:20:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MSI_LiveUpdate_Service.exe, version: 1.0.0.4, time stamp: 0x53fc4ecd
Faulting module name: MSI_LiveUpdate_Service.exe, version: 1.0.0.4, time stamp: 0x53fc4ecd
Exception code: 0xc0000417
Fault offset: 0x0010d3b2
Faulting process id: 0xc08
Faulting application start time: 0xMSI_LiveUpdate_Service.exe0
Faulting application path: MSI_LiveUpdate_Service.exe1
Faulting module path: MSI_LiveUpdate_Service.exe2
Report Id: MSI_LiveUpdate_Service.exe3

Error: (10/07/2014 05:44:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 32.0.3.5379, time stamp: 0x54224e6b
Faulting module name: mozalloc.dll, version: 32.0.3.5379, time stamp: 0x54221b67
Exception code: 0x80000003
Fault offset: 0x0000141b
Faulting process id: 0x1430
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (10/07/2014 04:42:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Live Update.exe, version: 6.0.9.0, time stamp: 0x53fc5f53
Faulting module name: Live Update.exe, version: 6.0.9.0, time stamp: 0x53fc5f53
Exception code: 0xc000000d
Fault offset: 0x000df719
Faulting process id: 0x22d8
Faulting application start time: 0xLive Update.exe0
Faulting application path: Live Update.exe1
Faulting module path: Live Update.exe2
Report Id: Live Update.exe3

Error: (10/07/2014 04:11:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FalloutNV.exe, version: 1.4.0.525, time stamp: 0x4e0d50ed
Faulting module name: FalloutNV.exe, version: 1.4.0.525, time stamp: 0x4e0d50ed
Exception code: 0xc0000005
Fault offset: 0x0015770f
Faulting process id: 0x1ef0
Faulting application start time: 0xFalloutNV.exe0
Faulting application path: FalloutNV.exe1
Faulting module path: FalloutNV.exe2
Report Id: FalloutNV.exe3


System errors:
=============
Error: (10/09/2014 09:47:18 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (10/08/2014 10:35:20 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (10/08/2014 11:33:11 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (10/08/2014 01:57:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (10/08/2014 01:57:41 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (10/08/2014 01:57:41 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (10/08/2014 01:57:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (10/08/2014 01:57:41 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (10/08/2014 01:57:41 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (10/08/2014 01:57:41 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801


Microsoft Office Sessions:
=========================
Error: (10/08/2014 02:53:24 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Failed to add firewall exception for D:\program Files (86)\Steam\steam.exe

Error: (10/08/2014 01:54:05 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {0cf6ff86-c89e-4add-9376-b89a86aac22d}

Error: (10/08/2014 06:56:27 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108

Error: (10/07/2014 00:58:17 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {0cf6ff86-c89e-4add-9376-b89a86aac22d}

Error: (10/07/2014 00:21:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/07/2014 00:20:49 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Failed to add firewall exception for D:\program Files (86)\Steam\steam.exe

Error: (10/07/2014 00:20:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MSI_LiveUpdate_Service.exe1.0.0.453fc4ecdMSI_LiveUpdate_Service.exe1.0.0.453fc4ecdc00004170010d3b2c0801cfe252ef591e84D:\program Files (86)\Live Update\MSI_LiveUpdate_Service.exeD:\program Files (86)\Live Update\MSI_LiveUpdate_Service.exe30415c4f-4e46-11e4-84a1-6c626d4af44f

Error: (10/07/2014 05:44:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe32.0.3.537954224e6bmozalloc.dll32.0.3.537954221b67800000030000141b143001cfe2142334c0cbC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllde31b8b7-4e0e-11e4-93ea-6c626d4af44f

Error: (10/07/2014 04:42:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Live Update.exe6.0.9.053fc5f53Live Update.exe6.0.9.053fc5f53c000000d000df71922d801cfe212f5dc2497D:\program Files (86)\Live Update\Live Update.exeD:\program Files (86)\Live Update\Live Update.exe38864915-4e06-11e4-93ea-6c626d4af44f

Error: (10/07/2014 04:11:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: FalloutNV.exe1.4.0.5254e0d50edFalloutNV.exe1.4.0.5254e0d50edc00000050015770f1ef001cfe20e941f20c1D:\program Files (86)\Steam\steamapps\common\fallout new vegas\FalloutNV.exeD:\program Files (86)\Steam\steamapps\common\fallout new vegas\FalloutNV.exeee8e5da8-4e01-11e4-93ea-6c626d4af44f


==================== Memory info ===========================

Processor: AMD Phenom™ II X6 1090T Processor
Percentage of memory in use: 55%
Total physical RAM: 16383.18 MB
Available physical RAM: 7235.01 MB
Total Pagefile: 16397.36 MB
Available Pagefile: 6516.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.79 GB) (Free:37.8 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (storage) (Fixed) (Total:1397.25 GB) (Free:542.62 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:111.79 GB) (Free:67.73 GB) NTFS
Drive f: (RED) (CDROM) (Total:7.76 GB) (Free:0 GB) UDF
Drive h: () (Removable) (Total:7.45 GB) (Free:0.84 GB) FAT32
Drive r: () (Fixed) (Total:1397.26 GB) (Free:594.28 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 4C51ADCD)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 01EA01EA)
Partition 1: (Active) - (Size=1397.3 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 54DC024B)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 4 (MBR Code: Windows XP) (Size: 1397.3 GB) (Disk ID: C9416CB5)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:33 PM

Posted 09 October 2014 - 05:39 PM

Hi,

 

 

I do not recommend that you have more than one anti virus product installed and running on your computer at a time.  The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms".  It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either AVG 2015 or Norton 360.

 

 

 

Please download the following file => [attachment=155960:fixlist.txt] and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

 

Regards,

Georgi


cXfZ4wS.png


#5 chrisrich1

chrisrich1
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 09 October 2014 - 07:47 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-10-2014
Ran by chris at 2014-10-09 19:44:01 Run:1
Running from C:\Users\chris\Desktop\New folder (4)
Loaded Profile: chris (Available profiles: chris & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
closeprocesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3957517088-2007298891-2815225478-1000\...\MountPoints2: {0b68e91c-bfc5-11e3-aa7d-6c626d4af44f} - H:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A02B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-21-3957517088-2007298891-2815225478-1000\...\MountPoints2: {306d10a9-91a1-11e2-ad0e-806e6f6e6963} - F:\SETUP.EXE
HKU\S-1-5-21-3957517088-2007298891-2815225478-1000\...\MountPoints2: {ad2812b1-c0c5-11e1-8c0e-6c626d4af44f} - G:\setup.exe
HKU\S-1-5-21-3957517088-2007298891-2815225478-1000\...\MountPoints2: {c1dd71a1-7e1d-11e3-a20b-6c626d4af44f} - H:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A02B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-21-3957517088-2007298891-2815225478-1000\...\MountPoints2: {e4e1101e-b734-11e0-a772-806e6f6e6963} - I:\aocsetup.exe /autorun
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?publisher=MuvicAMBS&dpid=MuvicAMBS&co=US&userid=9d3b4384-48d9-77c5-6716-d1cf85eb7be9&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://feed.helperbar.com/?publisher=MuvicAMBS&dpid=MuvicAMBS&co=US&userid=9d3b4384-48d9-77c5-6716-d1cf85eb7be9&searchtype=hp&installDate={installDate}&barcodeid={barcodeID}&um={UM}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?publisher=MuvicAMBS&dpid=MuvicAMBS&co=US&userid=9d3b4384-48d9-77c5-6716-d1cf85eb7be9&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=136&systemid=102&v=a13277-379&apn_uid=0785716040144255&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=136&systemid=102&v=a13277-379&apn_uid=0785716040144255&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?publisher=MuvicAMBS&dpid=MuvicAMBS&co=US&userid=9d3b4384-48d9-77c5-6716-d1cf85eb7be9&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://searchou.com/?affil=7&uid=5ce7a9ab-8c74-11e2-a1f3-6c626d4af44f&q={searchTerms}
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = https://search.blekko.com/ws/?source=5a76da41&tbp=rbox&toolbarid=searchcom_001&u=20120520E096452F825BE55C40FF35E8&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=136&systemid=102&v=a13277-379&apn_uid=0785716040144255&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms}
SearchScopes: HKCU - {C7576B9D-B442-46bc-AF74-080A9E723E01} URL = http://websearch.search-results.com/redirect?client=ie&tb=GET-SRS&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=get001&apn_uid=6928616D-8E23-4F64-AA37-B3184D9BD2DB&apn_sauid=FC73804B-8F13-40D9-8DFC-EE386A9B596F
SearchScopes: HKCU - {D0CB148A-6384-4BAD-B04C-B81BF4C0BF7A} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=091D8F92-E80E-4CAD-8C1C-18E047555F1F&apn_sauid=D1A6347F-D1EB-41F5-8CE4-494370E68122
BHO: Safer-Surf -> {4BE01651-740C-BFCC-E0B2-F5AAE0C29AD5} ->  No File
BHO-x32: No Name -> {6fcaba44-a441-481f-895e-bddfd81a6cc2} ->  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
cmd: netsh winsock reset catalog
FF NewTab: hxxp://feed.helperbar.com/?publisher=MuvicAMBS&dpid=MuvicAMBS&co=US&userid=9d3b4384-48d9-77c5-6716-d1cf85eb7be9&searchtype=nt&installDate={installDate}&barcodeid={barcodeID}&um={UM}
FF SearchEngineOrder.1: Ask.com
FF Keyword.URL: hxxp://feed.helperbar.com/?publisher=MuvicAMBS&dpid=MuvicAMBS&co=US&userid=9d3b4384-48d9-77c5-6716-d1cf85eb7be9&searchtype=ds&installDate={installDate}&barcodeid={barcodeID}&um={UM}&q=
FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\z19vfitk.default\searchplugins\Ask.xml
FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\z19vfitk.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\z19vfitk.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\z19vfitk.default\searchplugins\safesearch.xml
FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\z19vfitk.default\searchplugins\search-results.xml
FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\z19vfitk.default\searchplugins\Searchou.xml
FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\z19vfitk.default\searchplugins\Web Search.xml
FF HKCU\...\Firefox\Extensions: [{D2C6173E-3EF8-F41A-372B-0F73D7C8020B}] - C:\Program Files (x86)\ver1Safer-Surf\177.xpi
CHR Extension: (Safer-Surf) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibhlbcbdelgpmpkpdpaakklajcbbobdo [2014-08-20]
CHR Extension: (MAgoniPicc) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmidicghlnpnkllbbibaceemgbpfllh [2013-03-14]
U4 Wubeh0krs; No ImagePath
NETSVC: ICAM3NT5 -> No ServiceDLL Path.
Unlock: C:\Windows\system64
DeleteJunctionsIndirectory: C:\Windows\system64
cmd: Dir /s /a:l C:\*
Task: {9D13C84D-943C-439C-B10E-8EC71D04033B} - \DTReg No Task File <==== ATTENTION
Task: {C016F618-FADC-49D8-BFF6-E2EA1DC9558F} - \DTChk No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Safer-Surf Update.job => ? <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:4FC01C57
emptytemp:
end
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKU\S-1-5-21-3957517088-2007298891-2815225478-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0b68e91c-bfc5-11e3-aa7d-6c626d4af44f} - H:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A02B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}" => Key not found.
"HKCR\CLSID\{0b68e91c-bfc5-11e3-aa7d-6c626d4af44f} - H:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A02B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}" => Key not found.
"HKU\S-1-5-21-3957517088-2007298891-2815225478-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{306d10a9-91a1-11e2-ad0e-806e6f6e6963}" => Key deleted successfully.
"HKCR\CLSID\{306d10a9-91a1-11e2-ad0e-806e6f6e6963}" => Key not found.
"HKU\S-1-5-21-3957517088-2007298891-2815225478-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad2812b1-c0c5-11e1-8c0e-6c626d4af44f}" => Key deleted successfully.
"HKCR\CLSID\{ad2812b1-c0c5-11e1-8c0e-6c626d4af44f}" => Key not found.
"HKU\S-1-5-21-3957517088-2007298891-2815225478-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1dd71a1-7e1d-11e3-a20b-6c626d4af44f} - H:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A02B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}" => Key not found.
"HKCR\CLSID\{c1dd71a1-7e1d-11e3-a20b-6c626d4af44f} - H:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A02B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}" => Key not found.
"HKU\S-1-5-21-3957517088-2007298891-2815225478-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4e1101e-b734-11e0-a772-806e6f6e6963}" => Key deleted successfully.
"HKCR\CLSID\{e4e1101e-b734-11e0-a772-806e6f6e6963}" => Key not found.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\jumpflip" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchinstaller.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings64.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\umbrella.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\volaro" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vonteera" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroids.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroidsservice.exe" => Key deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}" => Key deleted successfully.
"HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => Key deleted successfully.
"HKCR\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}" => Key deleted successfully.
"HKCR\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}" => Key deleted successfully.
"HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C7576B9D-B442-46bc-AF74-080A9E723E01}" => Key deleted successfully.
"HKCR\CLSID\{C7576B9D-B442-46bc-AF74-080A9E723E01}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D0CB148A-6384-4BAD-B04C-B81BF4C0BF7A}" => Key deleted successfully.
"HKCR\CLSID\{D0CB148A-6384-4BAD-B04C-B81BF4C0BF7A}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4BE01651-740C-BFCC-E0B2-F5AAE0C29AD5}" => Key deleted successfully.
"HKCR\CLSID\{4BE01651-740C-BFCC-E0B2-F5AAE0C29AD5}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6fcaba44-a441-481f-895e-bddfd81a6cc2}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{6fcaba44-a441-481f-895e-bddfd81a6cc2}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value deleted successfully.
"HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}" => Key not found.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll

=========  netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========

Firefox newtab deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox Keyword.URL deleted successfully.
C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\z19vfitk.default\searchplugins\Ask.xml => Moved successfully.
C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\z19vfitk.default\searchplugins\askcom.xml => Moved successfully.
C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\z19vfitk.default\searchplugins\conduit-search.xml => Moved successfully.
C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\z19vfitk.default\searchplugins\safesearch.xml => Moved successfully.
C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\z19vfitk.default\searchplugins\search-results.xml => Moved successfully.
C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\z19vfitk.default\searchplugins\Searchou.xml => Moved successfully.
C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\z19vfitk.default\searchplugins\Web Search.xml => Moved successfully.
HKCU\Software\Mozilla\Firefox\Extensions\\{D2C6173E-3EF8-F41A-372B-0F73D7C8020B} => value deleted successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibhlbcbdelgpmpkpdpaakklajcbbobdo => Moved successfully.
C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmidicghlnpnkllbbibaceemgbpfllh => Moved successfully.
Wubeh0krs => Service deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ICAM3NT5 => Deleted successfully.
"C:\Windows\system64" => File/Directory unlocked successfully.
"C:\Windows\system64" => Deleting reparse point and unlocking started.
"C:\Windows\system64" => Deleting reparse point and unlocking done.
"C:\Windows\system64" => Deleting reparse point and unlocking completed.

=========  Dir /s /a:l C:\* =========

 Volume in drive C has no label.
 Volume Serial Number is D444-5160

 Directory of C:\

07/14/2009  12:08 AM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes

 Directory of C:\ProgramData

07/14/2009  12:08 AM    <JUNCTION>     Application Data [C:\ProgramData]
07/14/2009  12:08 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/14/2009  12:08 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/14/2009  12:08 AM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/14/2009  12:08 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009  12:08 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes

 Directory of C:\Users

07/14/2009  12:08 AM    <SYMLINKD>     All Users [C:\ProgramData]
07/14/2009  12:08 AM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes

 Directory of C:\Users\All Users

07/14/2009  12:08 AM    <JUNCTION>     Application Data [C:\ProgramData]
07/14/2009  12:08 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/14/2009  12:08 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/14/2009  12:08 AM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/14/2009  12:08 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009  12:08 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes

 Directory of C:\Users\chris

07/25/2011  10:21 PM    <JUNCTION>     Application Data [C:\Users\chris\AppData\Roaming]
07/25/2011  10:21 PM    <JUNCTION>     Cookies [C:\Users\chris\AppData\Roaming\Microsoft\Windows\Cookies]
07/25/2011  10:21 PM    <JUNCTION>     Local Settings [C:\Users\chris\AppData\Local]
07/25/2011  10:21 PM    <JUNCTION>     My Documents [C:\Users\chris\Documents]
07/25/2011  10:21 PM    <JUNCTION>     NetHood [C:\Users\chris\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/25/2011  10:21 PM    <JUNCTION>     PrintHood [C:\Users\chris\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/25/2011  10:21 PM    <JUNCTION>     Recent [C:\Users\chris\AppData\Roaming\Microsoft\Windows\Recent]
07/25/2011  10:21 PM    <JUNCTION>     SendTo [C:\Users\chris\AppData\Roaming\Microsoft\Windows\SendTo]
07/25/2011  10:21 PM    <JUNCTION>     Start Menu [C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu]
07/25/2011  10:21 PM    <JUNCTION>     Templates [C:\Users\chris\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes

 Directory of C:\Users\chris\AppData\Local

07/25/2011  10:21 PM    <JUNCTION>     Application Data [C:\Users\chris\AppData\Local]
07/25/2011  10:21 PM    <JUNCTION>     History [C:\Users\chris\AppData\Local\Microsoft\Windows\History]
07/25/2011  10:21 PM    <JUNCTION>     Temporary Internet Files [C:\Users\chris\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes

 Directory of C:\Users\chris\Documents

07/25/2011  10:21 PM    <JUNCTION>     My Music [C:\Users\chris\Music]
07/25/2011  10:21 PM    <JUNCTION>     My Pictures [C:\Users\chris\Pictures]
07/25/2011  10:21 PM    <JUNCTION>     My Videos [C:\Users\chris\Videos]
               0 File(s)              0 bytes

 Directory of C:\Users\Default

07/14/2009  12:08 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009  12:08 AM    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/14/2009  12:08 AM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
07/14/2009  12:08 AM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
07/14/2009  12:08 AM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009  12:08 AM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009  12:08 AM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009  12:08 AM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009  12:08 AM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009  12:08 AM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes

 Directory of C:\Users\Default\AppData\Local

07/14/2009  12:08 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
07/14/2009  12:08 AM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009  12:08 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes

 Directory of C:\Users\Default\Documents

07/14/2009  12:08 AM    <JUNCTION>     My Music [C:\Users\Default\Music]
07/14/2009  12:08 AM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
07/14/2009  12:08 AM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes

 Directory of C:\Users\Guest

07/17/2013  08:25 AM    <JUNCTION>     Application Data [C:\Users\Guest\AppData\Roaming]
07/17/2013  08:25 AM    <JUNCTION>     Cookies [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies]
07/17/2013  08:25 AM    <JUNCTION>     Local Settings [C:\Users\Guest\AppData\Local]
07/17/2013  08:25 AM    <JUNCTION>     My Documents [C:\Users\Guest\Documents]
07/17/2013  08:25 AM    <JUNCTION>     NetHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/17/2013  08:25 AM    <JUNCTION>     PrintHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/17/2013  08:25 AM    <JUNCTION>     Recent [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Recent]
07/17/2013  08:25 AM    <JUNCTION>     SendTo [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\SendTo]
07/17/2013  08:25 AM    <JUNCTION>     Start Menu [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu]
07/17/2013  08:25 AM    <JUNCTION>     Templates [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes

 Directory of C:\Users\Guest\AppData\Local

07/17/2013  08:25 AM    <JUNCTION>     Application Data [C:\Users\Guest\AppData\Local]
07/17/2013  08:25 AM    <JUNCTION>     History [C:\Users\Guest\AppData\Local\Microsoft\Windows\History]
07/17/2013  08:25 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes

 Directory of C:\Users\Guest\Documents

07/17/2013  08:25 AM    <JUNCTION>     My Music [C:\Users\Guest\Music]
07/17/2013  08:25 AM    <JUNCTION>     My Pictures [C:\Users\Guest\Pictures]
07/17/2013  08:25 AM    <JUNCTION>     My Videos [C:\Users\Guest\Videos]
               0 File(s)              0 bytes

 Directory of C:\Users\Public\Documents

07/14/2009  12:08 AM    <JUNCTION>     My Music [C:\Users\Public\Music]
07/14/2009  12:08 AM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
07/14/2009  12:08 AM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes

 Directory of C:\Windows\SysWOW64\config\systemprofile

05/19/2012  03:40 AM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
05/19/2012  03:40 AM    <JUNCTION>     Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
05/19/2012  03:40 AM    <JUNCTION>     Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
05/19/2012  03:40 AM    <JUNCTION>     My Documents [C:\Windows\system32\config\systemprofile\Documents]
05/19/2012  03:40 AM    <JUNCTION>     NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
05/19/2012  03:40 AM    <JUNCTION>     PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
05/19/2012  03:40 AM    <JUNCTION>     Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
05/19/2012  03:40 AM    <JUNCTION>     SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
05/19/2012  03:40 AM    <JUNCTION>     Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
05/19/2012  03:40 AM    <JUNCTION>     Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes

 Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local

05/19/2012  03:40 AM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
05/19/2012  03:40 AM    <JUNCTION>     History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
05/19/2012  03:40 AM    <JUNCTION>     Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes

 Directory of C:\Windows\SysWOW64\config\systemprofile\Documents

05/19/2012  03:40 AM    <JUNCTION>     My Music [C:\Windows\system32\config\systemprofile\Music]
05/19/2012  03:40 AM    <JUNCTION>     My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
05/19/2012  03:40 AM    <JUNCTION>     My Videos [C:\Windows\system32\config\systemprofile\Videos]
               0 File(s)              0 bytes

     Total Files Listed:
               0 File(s)              0 bytes
              82 Dir(s)  42,102,464,512 bytes free

========= End of CMD: =========

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9D13C84D-943C-439C-B10E-8EC71D04033B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D13C84D-943C-439C-B10E-8EC71D04033B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DTReg" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C016F618-FADC-49D8-BFF6-E2EA1DC9558F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C016F618-FADC-49D8-BFF6-E2EA1DC9558F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DTChk" => Key not found.
C:\Windows\Tasks\Safer-Surf Update.job => Moved successfully.
C:\ProgramData\Temp => ":4FC01C57" ADS removed successfully.
 



#6 chrisrich1

chrisrich1
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 09 October 2014 - 07:49 PM

the tool encountered a error after a few minuets of running and closed im not sure if it completed or not? should i run it again



#7 chrisrich1

chrisrich1
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 09 October 2014 - 08:19 PM

after restarting i see a massive reduction in the running processes which was at 90 some odd process, it now is signifigantly less at about 44.

 

 

to add to this system64 is now empty and i was able to remove the empty folder so now im only left with system32 and sysWOW64


Edited by chrisrich1, 09 October 2014 - 08:36 PM.


#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:33 PM

Posted 10 October 2014 - 07:30 AM

the tool encountered a error after a few minuets of running and closed im not sure if it completed or not? should i run it again

 

Hi,

 

Please run a new scan with FRST (make sure that Addition.txt is ticked before you press the Scan button) and then post both logs in your next reply.


cXfZ4wS.png


#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:33 PM

Posted 10 October 2014 - 07:32 AM

after restarting i see a massive reduction in the running processes which was at 90 some odd process, it now is signifigantly less at about 44.

 

 

to add to this system64 is now empty and i was able to remove the empty folder so now im only left with system32 and sysWOW64

 

Please don't do things on your own but wait for instructions. You was able to delete the folder because we unlocked it and removed the junction point. The reason I didn't delete the folder yet was that I wanted to make sure the junction point was removed properly...

 

 

Regards,

Georgi


cXfZ4wS.png


#10 chrisrich1

chrisrich1
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 10 October 2014 - 02:07 PM

sorry it was still in my recycle bin so i restored it for the scan

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-10-2014
Ran by chris (administrator) on BLACK-EDITION on 10-10-2014 14:03:21
Running from C:\Users\chris\Desktop
Loaded Profile: chris (Available profiles: chris & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(CyberLink Corp.) C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccsvchst.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro SafeSync\hrfscore.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(Cisco Consumer Products LLC) C:\Program Files (x86)\Linksys AE6000\WPS_Mon.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginClientService.exe
(Valve Corporation) D:\program Files (86)\Steam\Steam.exe
(Valve Corporation) D:\program Files (86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) D:\program Files (86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) D:\program Files (86)\Steam\bin\steamwebhelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Farbar) C:\Users\chris\Desktop\FRST64(1).exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\wscstub.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2991856 2013-02-20] (Logitech, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672664 1999-12-31] (Realtek Semiconductor)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43608 2010-09-07] ()
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2024800 2014-06-04] (Wondershare)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3957517088-2007298891-2815225478-1000\...\Run: [Steam] => D:\program Files (86)\Steam\steam.exe [1938624 2014-10-09] (Valve Corporation)
HKU\S-1-5-21-3957517088-2007298891-2815225478-1000\...\Run: [EA Core] => "C:\Program Files (x86)\Origin\LegacyPM\Core.exe" -silent
HKU\S-1-5-21-3957517088-2007298891-2815225478-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3600216 2014-09-15] (Electronic Arts)
HKU\S-1-5-21-3957517088-2007298891-2815225478-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [1967616 2014-04-17] (AMD)
HKU\S-1-5-21-3957517088-2007298891-2815225478-1000\...\MountPoints2: {0b68e91c-bfc5-11e3-aa7d-6c626d4af44f} - H:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A02B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-21-3957517088-2007298891-2815225478-1000\...\MountPoints2: {c1dd71a1-7e1d-11e3-a20b-6c626d4af44f} - H:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A02B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-18\...\RunOnce: [AOD] => C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-15] (Advanced Micro Devices, Inc.)
ShellIconOverlayIdentifiers: [00HumyoPaired] -> {A203F945-39E9-4286-AFA2-F3ADFCD5FAAA} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll (Trend Micro Inc.)
ShellIconOverlayIdentifiers: [00HumyoPriority] -> {6F1BB626-1107-4b82-B322-54C5E64461B8} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll (Trend Micro Inc.)
ShellIconOverlayIdentifiers: [00HumyoProblem] -> {7479C9AF-DA81-4944-92E5-23E49390BB2B} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll (Trend Micro Inc.)
ShellIconOverlayIdentifiers: [00HumyoSynced] -> {7479C9AF-DA81-4944-92E5-23E49390BB2A} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll (Trend Micro Inc.)
ShellIconOverlayIdentifiers: [00HumyoSyncing] -> {7479C9AF-DA81-4944-92E5-23E49390BB29} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll (Trend Micro Inc.)
ShellIconOverlayIdentifiers: [00HumyoUnavailable] -> {66669544-5639-4922-99C8-CE7A86651364} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll (Trend Micro Inc.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [00HumyoPaired] -> {A203F945-39E9-4286-AFA2-F3ADFCD5FAAA} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension32.dll (Trend Micro Inc.)
ShellIconOverlayIdentifiers-x32: [00HumyoPriority] -> {6F1BB626-1107-4b82-B322-54C5E64461B8} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension32.dll (Trend Micro Inc.)
ShellIconOverlayIdentifiers-x32: [00HumyoProblem] -> {7479C9AF-DA81-4944-92E5-23E49390BB2B} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension32.dll (Trend Micro Inc.)
ShellIconOverlayIdentifiers-x32: [00HumyoSynced] -> {7479C9AF-DA81-4944-92E5-23E49390BB2A} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension32.dll (Trend Micro Inc.)
ShellIconOverlayIdentifiers-x32: [00HumyoSyncing] -> {7479C9AF-DA81-4944-92E5-23E49390BB29} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension32.dll (Trend Micro Inc.)
ShellIconOverlayIdentifiers-x32: [00HumyoUnavailable] -> {66669544-5639-4922-99C8-CE7A86651364} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension32.dll (Trend Micro Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=20.3.0.36
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchURL = http://home.microsoft.com/access/autosearch.asp?p=%s
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {C6019C81-534D-4CD6-826B-31585D014C10} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=o0&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKCU - {C6019C81-534D-4CD6-826B-31585D014C10} URL = https://www.google.com/search?q={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\z19vfitk.default
FF Homepage: hxxp://www.mysearchresults.com/?c=9001&t=03
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: TorchVLC -> C:\Users\chris\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll (VideoLAN)
FF user.js: detected! => C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\z19vfitk.default\user.js
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: YouTube Unblocker - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\z19vfitk.default\Extensions\youtubeunblocker@unblocker.yt [2014-06-15]
FF Extension: Garmin Communicator - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\z19vfitk.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-23]
FF Extension: Personas Plus - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\z19vfitk.default\Extensions\personas@christopher.beard.xpi [2011-07-26]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-03-09]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.5.0.19\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.5.0.19\coFFPlgn [2014-10-09]

Chrome:
=======
CHR Profile: C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-25]
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-02-02]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed]
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 CLHNServiceForPowerDVD12; C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [89864 2013-02-25] (CyberLink Corp.)
S2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-02-25] (CyberLink)
S2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-02-25] (CyberLink)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [441176 2014-08-27] (Garmin Ltd or its subsidiaries)
S3 jswpsapi; C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe [942080 2008-02-29] (Atheros Communications, Inc.) [File not signed]
R2 MCLIENT; C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe [143928 2012-12-04] (Symantec Corporation)
S2 MSI_LiveUpdate_Service; D:\program Files (86)\Live Update\MSI_LiveUpdate_Service.exe [1722320 2014-08-26] (Micro-Star International)
S2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [162800 2014-03-17] (MSI)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
R3 OnlineStorageService; C:\Program Files\Trend Micro SafeSync\hrfscore.exe [7908664 2012-07-12] (Trend Micro Inc.)
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-04-24] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AE6000; C:\Windows\System32\DRIVERS\AE6000w764.sys [2196512 2013-01-25] (Ralink Technology Corp.)
S2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.5.0.19\Definitions\BASHDefs\20141003.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 ccSet_MCLIENT; C:\Windows\system32\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys [168096 2012-10-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-07-02] (DT Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-08-26] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-08-26] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.5.0.19\Definitions\IPSDefs\20141009.002\IDSvia64.sys [633560 2014-09-12] (Symantec Corporation)
R1 JSWPSLWF; C:\Windows\SysWOW64\DRIVERS\jswpslwfx.sys [26624 2008-10-01] (Atheros Communications, Inc.)
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [11776 2010-06-28] (HandSet Incorporated)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.5.0.19\Definitions\VirusDefs\20141009.016\ENG64.SYS [129752 2014-10-01] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.5.0.19\Definitions\VirusDefs\20141009.016\EX64.SYS [2137304 2014-10-01] (Symantec Corporation)
S3 NTIOLib_1_0_2; C:\Program Files (x86)\MSI\BIOSUnlockCPUCore\NTIOLib_X64.sys [14136 2010-04-21] (MSI)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 NTIOLib_1_0_4; D:\program Files (86)\Live Update\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
R2 ntk_PowerDVD12; C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [83704 2012-09-10] (Cyberlink Corp.)
S3 PCAMp50a64; C:\Windows\System32\Drivers\PCAMp50a64.sys [43328 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [41280 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39080 2014-05-19] (Razer Inc)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2014-07-23] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-07-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-09-15] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-07-23] (Symantec Corporation)
R3 VX6000; C:\Windows\System32\DRIVERS\VX6000Xp.sys [2143600 2009-06-30] (Microsoft Corporation
)
S3 WN111v2; C:\Windows\System32\DRIVERS\WN111v2w7x.sys [783360 2010-04-27] (Atheros Communications, Inc.)
R2 {73526619-C24F-470B-9BED-53D455FBB5C6}; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [130320 2013-02-25] (CyberLink Corp.)
S3 BioNTDrv; \??\C:\Program Files (x86)\Paragon Software\Migrate OS to SSD 3.0\program\BioNTDrv.SYS [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S2 iocbios2; \??\C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [X]
S3 ipadtst; \??\C:\Program Files (x86)\MSI\Super-Charger\ipadtst_64.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S4 RAMDiskVE; System32\Drivers\RAMDiskVE.sys [X]
U2 wuaserv; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-10 14:03 - 2014-10-10 14:03 - 00025255 _____ () C:\Users\chris\Desktop\FRST.txt
2014-10-10 13:14 - 2014-10-10 13:14 - 00001342 _____ () C:\Users\Public\Desktop\Command and Conquer and The Covert Operations.lnk
2014-10-10 13:14 - 2014-10-10 13:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Westwood Online
2014-10-10 13:14 - 2014-10-10 13:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Westwood Chat
2014-10-10 13:14 - 2014-10-10 13:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Command and Conquer and The Covert Operations
2014-10-10 13:14 - 2014-10-10 13:14 - 00000000 ____D () C:\Program Files (x86)\WestwoodOnline
2014-10-10 13:14 - 2014-10-10 13:14 - 00000000 ____D () C:\Program Files (x86)\WestwoodChat
2014-10-09 19:40 - 2014-10-09 14:46 - 02109952 _____ (Farbar) C:\Users\chris\Desktop\FRST64(1).exe
2014-10-09 15:25 - 2014-10-09 15:27 - 00000221 _____ () C:\Users\chris\Desktop\Kung Fu Strike The Warrior's Rise.url
2014-10-09 15:24 - 2014-10-09 15:24 - 00000221 _____ () C:\Users\chris\Desktop\East India Company Gold.url
2014-10-09 15:13 - 2014-10-09 15:13 - 00000221 _____ () C:\Users\chris\Desktop\The Journey Down Chapter One.url
2014-10-09 15:12 - 2014-10-09 15:12 - 00000221 _____ () C:\Users\chris\Desktop\Nosgoth.url
2014-10-09 15:11 - 2014-10-09 15:11 - 00000221 _____ () C:\Users\chris\Desktop\Gun Monkeys.url
2014-10-09 00:46 - 2014-10-09 00:46 - 00000221 _____ () C:\Users\chris\Desktop\Pirates of Black Cove Gold.url
2014-10-09 00:46 - 2014-10-09 00:46 - 00000221 _____ () C:\Users\chris\Desktop\Knights and Merchants.url
2014-10-09 00:12 - 2014-10-09 00:12 - 00000220 _____ () C:\Users\chris\Desktop\Crash Time II.url
2014-10-08 16:30 - 2014-10-10 00:53 - 00000000 ____D () C:\Users\chris\Documents\Euro Truck Simulator 2
2014-10-07 12:50 - 2014-10-07 12:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2014-10-07 12:50 - 2014-10-07 12:50 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-10-07 12:34 - 2014-10-10 14:03 - 00000000 ____D () C:\FRST
2014-10-07 12:29 - 2014-10-07 12:29 - 00001152 _____ () C:\Users\Public\Desktop\Install Microsoft LifeCam.lnk
2014-10-07 04:35 - 2014-10-07 04:41 - 00000000 ____D () C:\ProgramData\SecTaskMan
2014-10-07 04:35 - 2014-10-07 04:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
2014-10-07 04:35 - 2014-10-07 04:35 - 00000000 ____D () C:\Program Files (x86)\Security Task Manager
2014-10-07 04:17 - 2014-10-09 19:38 - 00000000 ____D () C:\ProgramData\AVG2015
2014-10-07 04:17 - 2014-10-09 19:37 - 00000000 ___HD () C:\$AVG
2014-10-07 04:17 - 2014-10-09 19:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-10-07 04:17 - 2014-10-07 04:17 - 00000000 ____D () C:\Users\chris\AppData\Roaming\TuneUp Software
2014-10-07 04:06 - 2014-10-09 19:38 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-07 04:06 - 2014-10-07 04:06 - 00000000 ____D () C:\Users\chris\AppData\Local\MFAData
2014-10-07 00:47 - 2014-10-07 00:55 - 00000000 ____D () C:\Program Files (x86)\PhotoScape
2014-10-07 00:47 - 2014-10-07 00:54 - 00001035 ____N () C:\Users\chris\Desktop\PhotoScape.lnk
2014-10-07 00:47 - 2014-10-07 00:47 - 00001035 _____ () C:\Users\Guest\Desktop\PhotoScape.lnk
2014-10-07 00:46 - 2012-05-01 00:52 - 18376624 ____N (Mooii) C:\Users\chris\Desktop\PhotoScape_V3.6.2.exe
2014-10-05 14:46 - 2014-10-05 14:46 - 00000000 ____D () C:\Users\chris\Documents\Rockstar Games
2014-10-05 14:46 - 2014-10-05 14:46 - 00000000 ____D () C:\Users\chris\AppData\Local\Chromium
2014-10-05 14:01 - 2014-10-05 14:01 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2014-10-04 21:36 - 2014-10-04 21:36 - 00000000 ____D () C:\Users\chris\Documents\4A Games
2014-10-04 21:30 - 2014-10-04 21:30 - 00000000 ____D () C:\Users\chris\AppData\Local\4A Games
2014-10-04 21:27 - 2014-10-04 21:27 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-10-04 21:27 - 2014-10-04 21:27 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-10-04 01:27 - 2014-10-04 01:27 - 00000000 ____D () C:\ProgramData\CyberLink
2014-10-03 00:37 - 2014-10-03 00:37 - 00000221 ____N () C:\Users\chris\Desktop\Trucks & Trailers.url
2014-10-03 00:35 - 2014-10-03 00:35 - 00000221 ____N () C:\Users\chris\Desktop\Euro Truck Simulator 2.url
2014-10-03 00:34 - 2014-10-03 00:34 - 00000221 ____N () C:\Users\chris\Desktop\Euro Truck Simulator.url
2014-10-03 00:34 - 2014-10-03 00:34 - 00000221 ____N () C:\Users\chris\Desktop\Bus Driver.url
2014-10-03 00:33 - 2014-10-03 00:33 - 00000221 ____N () C:\Users\chris\Desktop\Scania Truck Driving Simulator.url
2014-10-03 00:32 - 2014-10-03 00:32 - 00000221 ____N () C:\Users\chris\Desktop\Metro Last Light Redux.url
2014-10-02 21:18 - 2014-10-02 21:18 - 00000924 ____N () C:\Users\chris\Desktop\Frozen Throne.lnk
2014-10-02 21:18 - 2014-10-02 21:18 - 00000921 ____N () C:\Users\chris\Desktop\Warcraft III.lnk
2014-10-02 21:18 - 2014-10-02 21:18 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warcraft III Reign of Chaos & The Frozen Throne
2014-10-02 20:05 - 2014-10-02 20:05 - 00081096 _____ () C:\Users\chris\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-02 19:54 - 2014-10-02 19:54 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-10-02 19:54 - 2014-10-02 19:54 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Utherverse
2014-10-02 17:22 - 2014-10-02 17:22 - 00001890 _____ () C:\Windows\diagwrn.xml
2014-10-02 17:22 - 2014-10-02 17:22 - 00001890 _____ () C:\Windows\diagerr.xml
2014-10-02 00:43 - 2014-10-02 00:43 - 00000000 ____D () C:\Users\chris\AppData\Roaming\SlimCleaner
2014-10-01 23:54 - 2014-10-01 23:55 - 00000000 ____D () C:\Users\chris\Desktop\New folder (2)
2014-09-30 14:44 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 14:44 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-29 23:09 - 2014-09-29 23:09 - 00055976 _____ () C:\Windows\SysWOW64\CCCInstall_201409292309061857.log
2014-09-29 23:09 - 2014-09-29 23:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-09-29 23:09 - 2014-09-29 23:09 - 00000000 ____D () C:\ProgramData\ATI
2014-09-29 23:09 - 2014-09-29 23:09 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-09-28 22:05 - 2014-09-28 22:05 - 00000221 ____N () C:\Users\chris\Desktop\Just Cause 2 Multiplayer Mod.url
2014-09-28 22:04 - 2014-09-28 22:04 - 00000219 ____N () C:\Users\chris\Desktop\Just Cause 2.url
2014-09-28 22:02 - 2014-09-28 22:02 - 00000220 ____N () C:\Users\chris\Desktop\The Elder Scrolls V Skyrim.url
2014-09-28 21:43 - 2014-09-28 21:43 - 00003092 _____ () C:\Windows\System32\Tasks\{33572D7E-5E3B-41F3-9360-9E794F882699}
2014-09-28 21:30 - 2014-09-28 21:30 - 00000221 ____N () C:\Users\chris\Desktop\L.A. Noire.url
2014-09-28 21:27 - 2014-09-28 21:27 - 00000220 ____N () C:\Users\chris\Desktop\Grand Theft Auto IV.url
2014-09-28 21:27 - 2014-09-28 21:27 - 00000220 ____N () C:\Users\chris\Desktop\Grand Theft Auto Episodes from Liberty City.url
2014-09-28 21:26 - 2014-09-28 21:26 - 00000221 ____N () C:\Users\chris\Desktop\Max Payne 3.url
2014-09-28 21:23 - 2014-09-28 21:23 - 00000220 ____N () C:\Users\chris\Desktop\Max Payne.url
2014-09-28 21:23 - 2014-09-28 21:23 - 00000220 ____N () C:\Users\chris\Desktop\Max Payne 2 The Fall of Max Payne.url
2014-09-28 21:22 - 2014-09-28 21:22 - 00000220 ____N () C:\Users\chris\Desktop\FINAL FANTASY VIII.url
2014-09-28 21:21 - 2014-09-28 21:21 - 00000220 ____N () C:\Users\chris\Desktop\FINAL FANTASY VII.url
2014-09-28 21:18 - 2014-09-28 21:18 - 00000219 ____N () C:\Users\chris\Desktop\Deus Ex Game of the Year Edition.url
2014-09-28 20:13 - 2014-09-28 20:13 - 00076819 _____ () C:\Users\chris\Documents\Untitled (9).wma
2014-09-28 20:11 - 2014-09-28 20:11 - 00180089 _____ () C:\Users\chris\Documents\Untitled (8).wma
2014-09-28 20:03 - 2014-09-28 20:13 - 00072329 _____ () C:\Users\chris\Documents\Untitled (7).wma
2014-09-28 19:59 - 2014-09-28 19:59 - 00054369 _____ () C:\Users\chris\Documents\Untitled (6).wma
2014-09-28 19:58 - 2014-09-28 19:58 - 00045389 _____ () C:\Users\chris\Documents\Untitled (5).wma
2014-09-28 19:57 - 2014-09-28 19:59 - 00076819 _____ () C:\Users\chris\Documents\Untitled (4).wma
2014-09-28 19:57 - 2014-09-28 19:57 - 00049879 _____ () C:\Users\chris\Documents\Untitled (3).wma
2014-09-28 15:55 - 2014-09-28 15:55 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2014-09-28 15:55 - 2014-09-28 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-09-27 23:01 - 2014-09-27 23:01 - 00001338 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
2014-09-27 23:01 - 2014-09-27 23:01 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2014-09-27 23:01 - 2014-09-27 23:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
2014-09-27 20:36 - 2014-09-27 20:36 - 00000000 ____D () C:\Users\chris\Documents\Games for Windows - LIVE Demos
2014-09-27 20:28 - 2014-09-27 20:28 - 00000000 __SHD () C:\ProgramData\DSS
2014-09-27 20:28 - 2014-09-27 20:28 - 00000000 ____D () C:\ProgramData\Codemasters
2014-09-27 20:23 - 2014-09-27 23:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-09-27 20:21 - 2014-09-27 20:28 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2014-09-27 20:21 - 2014-09-27 20:28 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2014-09-27 20:21 - 2014-09-27 20:28 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2014-09-27 20:21 - 2014-09-27 20:28 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2014-09-27 20:21 - 2014-09-27 20:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound
2014-09-27 20:21 - 2014-09-27 20:28 - 00000000 ____D () C:\Program Files (x86)\BRS
2014-09-27 20:21 - 2014-09-27 20:21 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2014-09-27 20:21 - 2011-03-19 15:16 - 01417216 _____ (Blue Ripple Sound Limited) C:\Windows\SysWOW64\rapture3d_oal.dll
2014-09-27 20:21 - 2010-09-22 13:12 - 19087360 _____ (Intel Corporation / Blue Ripple Sound Limited) C:\Windows\SysWOW64\mkl_blueripple.dll
2014-09-27 08:36 - 2014-09-27 08:36 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-09-25 19:49 - 2014-10-09 20:15 - 00000000 ____D () C:\Users\chris\Desktop\New folder (4)
2014-09-25 00:10 - 2014-09-25 00:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-23 21:51 - 2014-09-30 13:09 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Tropico 3
2014-09-23 19:29 - 2014-09-09 17:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 19:29 - 2014-09-09 16:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-23 09:16 - 2014-09-23 09:16 - 00000220 ____N () C:\Users\chris\Desktop\Tropico 3 - Steam Special Edition.url
2014-09-23 06:02 - 2014-10-02 17:58 - 00000000 ____D () C:\Users\chris\Documents\Square Enix
2014-09-21 05:40 - 2014-09-21 05:40 - 00000000 ____D () C:\Users\chris\Documents\Respawn
2014-09-21 02:08 - 2014-09-27 08:57 - 00000855 _____ () C:\Users\Public\Desktop\Titanfall.lnk
2014-09-21 02:08 - 2014-09-21 02:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Titanfall
2014-09-19 20:36 - 2014-09-20 05:04 - 00000000 ____D () C:\Users\chris\Desktop\New folder (3)
2014-09-19 20:06 - 2014-09-19 20:06 - 00003094 _____ () C:\Windows\System32\Tasks\{FFD837B2-7C2D-4DF3-9611-25C07919B449}
2014-09-19 18:13 - 2014-09-19 18:13 - 00000000 ____D () C:\Users\chris\AppData\Local\Splashtop
2014-09-19 14:55 - 2014-09-28 16:13 - 00000000 ____D () C:\Users\chris\New folder (2)
2014-09-19 14:46 - 2014-09-19 14:46 - 00000000 ____D () C:\ProgramData\Splashtop
2014-09-19 14:46 - 2014-09-19 14:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Splashtop Remote
2014-09-19 14:46 - 2014-09-19 14:46 - 00000000 ____D () C:\Program Files (x86)\Splashtop
2014-09-19 14:12 - 2014-09-19 14:12 - 00000219 ____N () C:\Users\chris\Desktop\Supreme Commander.url
2014-09-19 14:12 - 2014-09-19 14:12 - 00000219 ____N () C:\Users\chris\Desktop\Supreme Commander Forged Alliance.url
2014-09-19 14:06 - 2014-09-19 14:06 - 41944368 ____C () C:\RAMDisk.img
2014-09-19 14:05 - 2014-09-19 14:05 - 00001697 _____ () C:\Users\Public\Desktop\Radeon RAMDisk Configuration Utility.lnk
2014-09-19 14:05 - 2014-09-19 14:05 - 00000000 ____D () C:\Users\chris\AppData\Local\Dataram_Corporation
2014-09-19 14:05 - 2014-09-19 14:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Radeon RAMDisk
2014-09-19 13:54 - 2014-09-28 21:59 - 00000169 ____N () C:\Users\chris\Desktop\DiRT 3.url
2014-09-19 13:24 - 2014-09-19 13:24 - 00002837 ____N () C:\Users\chris\Unigine_Heaven_Benchmark_4.0_20140919_1324.html
2014-09-19 12:30 - 2014-09-19 12:30 - 00003411 ____N () C:\Users\chris\Documents\unigine_20140919_1230.html
2014-09-19 12:26 - 2014-09-19 12:26 - 00002836 ____N () C:\Users\chris\Documents\Unigine_Heaven_Benchmark_4.0_20140919_1226.html
2014-09-19 12:19 - 2014-09-19 12:19 - 00002666 ____N () C:\Users\chris\Documents\Unigine_Valley_Benchmark_1.0_20140919_1219.html
2014-09-19 12:04 - 2014-09-19 12:04 - 00003028 _____ () C:\Windows\System32\Tasks\{D57B896B-F078-495C-866A-5C3E3BD59D47}
2014-09-19 09:24 - 2014-09-19 09:32 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Wondershare
2014-09-19 09:24 - 2014-09-19 09:24 - 00000000 ____D () C:\Users\chris\AppData\Local\Wondershare
2014-09-19 09:20 - 2014-09-19 09:24 - 00000000 ____D () C:\Users\Public\Documents\Wondershare
2014-09-19 00:13 - 2014-09-19 00:13 - 00000868 _____ () C:\Users\Public\Desktop\Bejeweled 3.lnk
2014-09-19 00:13 - 2014-09-19 00:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bejeweled 3
2014-09-17 11:05 - 2014-09-17 11:05 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-17 11:05 - 2014-09-17 11:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-17 11:05 - 2014-09-17 11:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-17 11:05 - 2014-09-17 11:05 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-09-17 11:05 - 2014-09-17 11:05 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-17 11:05 - 2014-09-17 11:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-17 11:05 - 2014-09-17 11:05 - 00000000 ____D () C:\Program Files\Java
2014-09-17 11:05 - 2014-09-17 11:05 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-15 18:21 - 2014-09-15 18:21 - 00051200 _____ () C:\Windows\system32\kdbsdk64.dll
2014-09-15 18:19 - 2014-09-15 18:19 - 00038912 _____ () C:\Windows\SysWOW64\kdbsdk32.dll
2014-09-15 17:32 - 2014-09-15 17:32 - 00128384 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2014-09-15 17:32 - 2014-09-15 17:32 - 00118096 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2014-09-15 17:32 - 2014-09-15 17:32 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2014-09-15 17:32 - 2014-09-15 17:32 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2014-09-15 17:32 - 2014-09-15 17:32 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2014-09-15 17:32 - 2014-09-15 17:32 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2014-09-15 17:31 - 2014-09-15 17:31 - 09254184 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2014-09-15 17:31 - 2014-09-15 17:31 - 00126848 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2014-09-15 17:29 - 2014-09-15 17:29 - 00293088 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2014-09-15 17:26 - 2014-09-15 17:26 - 16750080 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2014-09-15 17:18 - 2014-09-15 17:18 - 00235008 _____ () C:\Windows\system32\clinfo.exe
2014-09-15 17:18 - 2014-09-15 17:18 - 00098816 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll
2014-09-15 17:17 - 2014-09-15 17:17 - 33867264 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2014-09-15 17:17 - 2014-09-15 17:17 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll
2014-09-15 17:17 - 2014-09-15 17:17 - 00083456 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2014-09-15 17:17 - 2014-09-15 17:17 - 00073216 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2014-09-15 17:16 - 2014-09-15 17:16 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-09-15 17:14 - 2014-09-15 17:14 - 05316096 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdhsasc64.dll
2014-09-15 17:14 - 2014-09-15 17:14 - 04335616 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdhsasc.dll
2014-09-15 17:13 - 2014-09-15 17:13 - 27918336 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2014-09-15 17:11 - 2014-09-15 17:11 - 00001913 ____N () C:\Users\chris\Desktop\XML Notepad 2007.lnk
2014-09-15 17:11 - 2014-09-15 17:11 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XML Notepad 2007
2014-09-15 17:09 - 2014-09-15 17:09 - 05639168 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2014-09-15 17:09 - 2014-09-15 17:09 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2014-09-15 17:09 - 2014-09-15 17:09 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2014-09-15 17:09 - 2014-09-15 17:09 - 00048128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2014-09-15 17:09 - 2014-09-15 17:09 - 00037888 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2014-09-15 17:07 - 2014-09-15 17:07 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2014-09-15 17:07 - 2014-09-15 17:07 - 03437632 _____ () C:\Windows\system32\atiumd6a.cap
2014-09-15 17:07 - 2014-09-15 17:07 - 00609272 _____ () C:\Windows\SysWOW64\atiapfxx.blb
2014-09-15 17:07 - 2014-09-15 17:07 - 00609272 _____ () C:\Windows\system32\atiapfxx.blb
2014-09-15 17:07 - 2014-09-15 17:07 - 00367104 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2014-09-15 17:07 - 2014-09-15 17:07 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2014-09-15 17:07 - 2014-09-15 17:07 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2014-09-15 17:07 - 2014-09-15 17:07 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2014-09-15 17:07 - 2014-09-15 17:07 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2014-09-15 17:06 - 2014-09-15 17:06 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2014-09-15 17:05 - 2014-09-15 17:05 - 04480000 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2014-09-15 17:05 - 2014-09-15 17:05 - 00069876 _____ () C:\Windows\system32\energy-report.xml
2014-09-15 17:03 - 2014-09-15 17:03 - 03471376 _____ () C:\Windows\SysWOW64\atiumdva.cap
2014-09-15 17:03 - 2014-09-15 17:03 - 00619008 _____ (AMD) C:\Windows\system32\atieclxx.exe
2014-09-15 17:03 - 2014-09-15 17:03 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2014-09-15 17:03 - 2014-09-15 17:03 - 00239616 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2014-09-15 17:03 - 2014-09-15 17:03 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
2014-09-15 17:03 - 2014-09-15 17:03 - 00091648 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2014-09-15 17:03 - 2014-09-15 17:03 - 00085504 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2014-09-15 17:03 - 2014-09-15 17:03 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll
2014-09-15 17:01 - 2014-09-15 17:01 - 00055955 _____ () C:\Windows\system32\energy-report.html
2014-09-15 17:00 - 2014-09-15 17:00 - 00095744 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2014-09-15 16:59 - 2014-09-15 16:59 - 01210880 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2014-09-15 16:59 - 2014-09-15 16:59 - 00827392 _____ (AMD) C:\Windows\system32\coinst_14.30.dll
2014-09-15 16:59 - 2014-09-15 16:59 - 00576000 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2014-09-15 16:59 - 2014-09-15 16:59 - 00146944 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2014-09-15 16:59 - 2014-09-15 16:59 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2014-09-15 16:59 - 2014-09-15 16:59 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2014-09-15 16:59 - 2014-09-15 16:59 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2014-09-15 16:59 - 2014-09-15 16:59 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2014-09-15 16:58 - 2014-09-15 16:58 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2014-09-15 16:04 - 2014-09-15 16:04 - 00000914 _____ () C:\Users\Public\Desktop\Populous The Beginning.lnk
2014-09-15 16:04 - 2014-09-15 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Populous The Beginning
2014-09-15 14:07 - 1999-12-31 19:00 - 00939224 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2014-09-15 14:07 - 1999-12-31 19:00 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2014-09-15 05:40 - 2014-09-27 08:31 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-09-15 05:40 - 2014-09-27 08:31 - 00002319 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-09-15 05:40 - 2014-09-15 05:40 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-09-15 05:40 - 2014-09-15 05:40 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-09-15 05:40 - 2014-09-15 05:40 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-09-15 05:39 - 2014-09-27 08:31 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-09-15 05:39 - 2014-09-27 08:31 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-09-15 05:39 - 2014-09-15 05:39 - 00000000 ____D () C:\Program Files (x86)\Norton 360
2014-09-14 15:11 - 2014-09-15 05:42 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-09-14 15:11 - 2014-09-15 05:39 - 00001308 ____N () C:\Users\chris\Desktop\Norton Installation Files.lnk
2014-09-14 15:04 - 2014-10-09 20:15 - 00000000 ____D () C:\Users\chris\Desktop\New folder
2014-09-14 15:03 - 2014-09-14 15:03 - 00000838 _____ () C:\Users\Public\Desktop\MSI Live Update 6.lnk
2014-09-14 15:03 - 2014-09-14 15:03 - 00000000 ____D () C:\MSILU
2014-09-14 14:53 - 2014-09-28 22:04 - 00000220 ____N () C:\Users\chris\Desktop\Call of Duty Black Ops - Multiplayer.url
2014-09-14 14:53 - 2014-09-14 14:53 - 00000220 ____N () C:\Users\chris\Desktop\The Elder Scrolls IV Oblivion.url
2014-09-14 14:52 - 2014-09-14 14:52 - 00000219 ____N () C:\Users\chris\Desktop\X-Tension.url
2014-09-14 14:52 - 2014-09-14 14:52 - 00000219 ____N () C:\Users\chris\Desktop\X3 Terran Conflict.url
2014-09-14 14:52 - 2014-09-14 14:52 - 00000219 ____N () C:\Users\chris\Desktop\X3 Reunion.url
2014-09-14 14:52 - 2014-09-14 14:52 - 00000219 ____N () C:\Users\chris\Desktop\X2 The Threat.url
2014-09-14 14:52 - 2014-09-14 14:52 - 00000219 ____N () C:\Users\chris\Desktop\X Beyond the Frontier.url
2014-09-14 13:55 - 2014-09-14 13:55 - 00002121 _____ () C:\Users\Public\Desktop\Heaven Benchmark 4.0.lnk
2014-09-14 13:51 - 2014-09-14 13:51 - 00003404 ____N () C:\Users\chris\unigine_20140914_1351.html
2014-09-14 13:46 - 2014-09-19 12:26 - 00000000 ____D () C:\Users\chris\Unigine Sanctuary
2014-09-14 13:46 - 2014-09-14 13:55 - 00000000 ____D () C:\Program Files (x86)\Unigine
2014-09-14 13:46 - 2014-09-14 13:46 - 00001059 ____N () C:\Users\chris\Desktop\Sanctuary Demo v2.3.lnk
2014-09-14 13:46 - 2014-09-14 13:46 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unigine
2014-09-14 13:16 - 2014-09-14 13:55 - 59688960 ____R () C:\Users\chris\Downloads\Unigine_Tropics-1.3.msi
2014-09-14 13:15 - 2014-09-14 13:45 - 30514688 ____R () C:\Users\chris\Downloads\Unigine_Sanctuary-2.3.msi
2014-09-14 13:14 - 2014-09-14 13:14 - 00000856 ____N () C:\Users\chris\Desktop\µTorrent.lnk
2014-09-14 13:14 - 2014-09-14 13:14 - 00000836 ____N () C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-09-11 14:38 - 2014-10-02 19:49 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Samsung
2014-09-11 14:38 - 2014-10-02 19:49 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-09-11 14:38 - 2014-09-11 14:38 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-09-11 14:38 - 2014-09-11 14:38 - 00000000 ____D () C:\Users\chris\Documents\SelfMV
2014-09-11 14:38 - 2014-09-11 14:38 - 00000000 ____D () C:\Users\chris\Documents\samsung
2014-09-11 14:38 - 2014-05-07 17:42 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll
2014-09-11 03:03 - 2014-08-19 13:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 03:03 - 2014-08-19 12:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 03:03 - 2014-08-18 18:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 03:03 - 2014-08-18 17:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 03:03 - 2014-08-18 17:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 03:03 - 2014-08-18 17:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 03:03 - 2014-08-18 17:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 03:03 - 2014-08-18 17:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 03:03 - 2014-08-18 17:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 03:03 - 2014-08-18 17:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 03:03 - 2014-08-18 17:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 03:03 - 2014-08-18 17:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 03:03 - 2014-08-18 17:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 03:03 - 2014-08-18 17:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 03:03 - 2014-08-18 17:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 03:03 - 2014-08-18 17:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 03:03 - 2014-08-18 17:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 03:03 - 2014-08-18 17:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 03:03 - 2014-08-18 17:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 03:03 - 2014-08-18 16:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 03:03 - 2014-08-18 16:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 03:03 - 2014-08-18 16:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 03:03 - 2014-08-18 16:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-11 03:03 - 2014-08-18 16:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 03:03 - 2014-08-18 16:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 03:03 - 2014-08-18 16:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 03:03 - 2014-08-18 16:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-11 03:03 - 2014-08-18 16:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 03:03 - 2014-08-18 16:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 03:03 - 2014-08-18 16:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 03:03 - 2014-08-18 16:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 03:03 - 2014-08-18 16:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 03:03 - 2014-08-18 16:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 03:03 - 2014-08-18 16:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-11 03:03 - 2014-08-18 16:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 03:03 - 2014-08-18 16:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 03:03 - 2014-08-18 16:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 03:03 - 2014-08-18 16:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 03:03 - 2014-08-18 16:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 03:03 - 2014-08-18 16:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 03:03 - 2014-08-18 16:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 03:03 - 2014-08-18 16:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 03:03 - 2014-08-18 16:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-11 03:03 - 2014-08-18 16:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 03:03 - 2014-08-18 16:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 03:03 - 2014-08-18 16:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 03:03 - 2014-08-18 16:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 03:03 - 2014-08-18 16:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 03:03 - 2014-08-18 16:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 03:03 - 2014-08-18 16:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 03:03 - 2014-08-18 16:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-11 03:03 - 2014-08-18 15:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 03:03 - 2014-08-18 15:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 03:03 - 2014-08-18 15:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 03:03 - 2014-08-18 15:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 03:03 - 2014-08-18 15:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-11 03:00 - 2014-06-26 21:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 03:00 - 2014-06-26 20:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 21:07 - 2014-09-10 21:07 - 00000000 ____D () C:\Users\chris\.jmc
2014-09-10 21:06 - 2014-09-10 21:06 - 00000000 ____D () C:\Users\chris\.eclipse
2014-09-10 20:12 - 2014-10-02 19:47 - 00000000 ____D () C:\Users\chris\Documents\UniTemp
2014-09-10 20:12 - 2014-09-10 20:12 - 00000000 ____D () C:\Program Files (x86)\Mikhail Prokofiev
2014-09-10 19:37 - 2014-09-10 19:37 - 00000000 ____D () C:\Users\chris\workspace
2014-09-10 10:30 - 2014-09-12 00:49 - 00000000 ____D () C:\Users\chris\AppData\Roaming\SyncDroid
2014-09-10 10:30 - 2014-09-10 10:33 - 00000000 ____D () C:\Users\chris\Documents\SyncDroid
2014-09-10 10:30 - 2014-09-10 10:30 - 00000722 _____ () C:\Users\Public\Desktop\SyncDroid.lnk
2014-09-10 10:30 - 2014-09-10 10:30 - 00000000 ____D () C:\SyncDroid
2014-09-10 10:30 - 2014-09-10 10:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SyncDroid
2014-09-10 10:17 - 2014-09-10 10:17 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-09-10 10:04 - 2014-09-10 10:04 - 00000000 ____D () C:\Program Files\SAMSUNG
2014-09-10 10:04 - 2013-05-01 23:23 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2014-09-10 10:04 - 2013-05-01 23:23 - 00708168 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller.dll
2014-09-10 09:55 - 2014-10-02 19:43 - 00000000 ____D () C:\Program Files (x86)\Kingo ROOT
2014-09-10 09:55 - 2014-09-10 09:55 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Kingosoft
2014-09-10 09:55 - 2014-09-10 09:55 - 00000000 ____D () C:\Users\chris\AppData\Local\Kingosoft
2014-09-10 06:07 - 2014-08-01 06:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 06:07 - 2014-08-01 06:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 06:00 - 2014-09-04 21:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 06:00 - 2014-09-04 21:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 06:00 - 2014-07-06 21:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 06:00 - 2014-07-06 21:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 06:00 - 2014-07-06 20:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 06:00 - 2014-07-06 20:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 06:00 - 2014-07-06 20:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 06:00 - 2014-06-23 22:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 06:00 - 2014-06-23 21:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-10 14:00 - 2014-08-29 03:17 - 00004736 _____ () C:\Windows\setupact.log
2014-10-10 13:47 - 2012-10-17 17:28 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-10 13:41 - 2012-04-29 19:17 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-10 13:14 - 2013-07-24 21:22 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-10-10 13:14 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-10 11:41 - 2012-04-29 19:17 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-10 09:47 - 2011-07-25 22:15 - 01227649 _____ () C:\Windows\WindowsUpdate.log
2014-10-09 20:39 - 2014-01-13 20:16 - 00000410 _____ () C:\Windows\Tasks\SlimDrivers Startup.job
2014-10-09 20:37 - 2014-01-13 20:16 - 00002836 _____ () C:\Windows\System32\Tasks\SlimDrivers Startup
2014-10-09 20:37 - 2013-07-24 21:16 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-10-09 19:58 - 2009-07-13 23:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-09 19:58 - 2009-07-13 23:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-09 19:56 - 2009-07-14 00:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-09 19:55 - 2011-08-07 18:33 - 00000000 ____D () C:\Users\chris\AppData\Local\CrashDumps
2014-10-09 19:51 - 2014-08-13 07:59 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2014-10-09 19:51 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-09 19:44 - 2009-07-13 22:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-10-09 19:39 - 2013-07-24 21:16 - 00000000 ____D () C:\ProgramData\Origin
2014-10-09 19:38 - 2010-11-20 22:47 - 04851828 _____ () C:\Windows\PFRO.log
2014-10-09 15:25 - 2011-07-27 21:41 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-10-08 00:29 - 2012-06-22 08:17 - 00060928 ___SH () C:\Users\chris\Desktop\Thumbs.db
2014-10-07 04:36 - 2013-03-14 01:57 - 00000000 ____D () C:\ProgramData\MAgoniPicc
2014-10-07 04:35 - 2014-08-25 08:51 - 00000000 ____D () C:\Program Files (x86)\Age of Empires II HD The Forgotten
2014-10-07 00:47 - 2012-04-29 19:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
2014-10-05 22:13 - 2014-04-24 09:49 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Raptr
2014-10-05 14:01 - 2011-07-26 00:00 - 00644987 _____ () C:\Windows\DirectX.log
2014-10-04 21:27 - 2013-11-16 09:55 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-03 00:08 - 2014-08-12 14:17 - 00000000 ____D () C:\Users\chris\AppData\Roaming\uTorrent
2014-10-03 00:08 - 2014-07-03 00:28 - 00000000 ___HD () C:\SuperChargerProfile
2014-10-03 00:08 - 2013-07-17 08:25 - 00000000 ____D () C:\Users\Guest
2014-10-03 00:08 - 2012-04-29 19:17 - 00000000 ____D () C:\Users\chris\AppData\Roaming\PhotoScape
2014-10-03 00:08 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-03 00:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\security
2014-10-03 00:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-10-02 21:18 - 2011-07-26 00:28 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-10-02 21:15 - 2011-12-25 18:01 - 00000000 ____D () C:\Windows\pss
2014-10-02 21:14 - 2011-07-25 22:21 - 00000000 ____D () C:\Users\chris
2014-10-02 20:31 - 2011-07-25 23:10 - 00008192 __RSH () C:\BOOTSECT.BAK
2014-10-02 19:56 - 2012-05-19 03:32 - 00000000 ____D () C:\AMD
2014-10-02 19:52 - 2012-06-11 22:43 - 00000000 ____D () C:\Program Files (x86)\Cyberlink
2014-10-02 19:52 - 2011-07-25 22:33 - 00000000 ___HD () C:\Program Files (x86)\installshield installation information
2014-10-02 19:51 - 2014-06-14 20:35 - 00000000 ____D () C:\Users\chris\AppData\Local\jZip
2014-10-02 19:44 - 2011-09-03 19:11 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games
2014-10-02 17:22 - 2014-08-29 03:17 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-02 01:04 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-02 00:58 - 2014-03-13 22:05 - 00000000 ____D () C:\Users\chris\AppData\Local\Skyrim
2014-10-01 23:51 - 2014-03-18 09:56 - 00000000 ____D () C:\Users\chris\Documents\Nexus Mod Manager
2014-10-01 14:00 - 2014-04-24 09:49 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-09-30 22:29 - 2014-03-18 09:56 - 00000890 _____ () C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2014-09-30 22:29 - 2014-03-18 09:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2014-09-30 22:29 - 2014-03-18 09:56 - 00000000 ____D () C:\Program Files\Nexus Mod Manager
2014-09-29 23:09 - 2014-04-24 21:09 - 00000000 ____D () C:\Program Files\AMD
2014-09-29 23:09 - 2011-07-26 01:23 - 00000000 ____D () C:\ProgramData\AMD
2014-09-29 23:09 - 2011-07-26 00:32 - 00000000 ____D () C:\Program Files (x86)\AMD
2014-09-29 23:08 - 2011-07-26 00:30 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-09-28 22:05 - 2014-02-26 23:12 - 00000220 ____N () C:\Users\chris\Desktop\Red Faction Guerrilla.url
2014-09-28 22:04 - 2014-03-14 19:00 - 00000220 ____N () C:\Users\chris\Desktop\The Elder Scrolls III Morrowind.url
2014-09-28 21:51 - 2014-04-25 20:37 - 00000000 ____D () C:\Users\chris\Documents\Egosoft
2014-09-28 21:50 - 2012-01-19 14:22 - 00000000 ____D () C:\Users\chris\AppData\Roaming\.minecraft
2014-09-28 20:32 - 2014-07-01 09:28 - 00000000 ____D () C:\Users\chris\AppData\Local\ftblauncher
2014-09-28 15:55 - 2013-11-16 09:55 - 00001888 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-09-28 15:55 - 2013-11-16 09:55 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-09-28 15:55 - 2011-10-13 17:09 - 00000000 ____D () C:\ProgramData\Garmin
2014-09-28 15:55 - 2011-07-26 00:32 - 00000000 ____D () C:\Program Files\DIFX
2014-09-27 23:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-27 20:28 - 2011-07-25 23:53 - 00000000 ____D () C:\Users\chris\Documents\My Games
2014-09-27 08:31 - 2014-08-23 05:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-27 08:31 - 2009-07-13 23:45 - 00310760 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-24 07:48 - 2012-10-17 17:28 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 07:48 - 2012-04-01 20:11 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 07:48 - 2011-07-26 16:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-23 08:17 - 2014-03-18 09:56 - 00000000 ____D () C:\Users\chris\AppData\Local\Black_Tree_Gaming
2014-09-20 20:30 - 2013-08-21 17:56 - 00000000 ____D () C:\Users\chris\AppData\Roaming\TS3Client
2014-09-19 23:48 - 2014-09-03 00:05 - 00000000 ____D () C:\Users\chris\AppData\Local\LOOT
2014-09-19 19:40 - 2012-11-14 23:19 - 00000000 ____D () C:\Users\chris\AppData\Roaming\ftblauncher
2014-09-19 19:36 - 2014-03-13 06:02 - 04980105 ____N () C:\Users\chris\Desktop\ftb_launcher.exe
2014-09-19 12:20 - 2013-03-31 14:12 - 02128896 _____ () C:\Users\chris\AppData\Local\file__0.localstorage
2014-09-19 12:07 - 2011-07-26 01:23 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-09-17 11:05 - 2014-01-18 13:37 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-17 11:05 - 2014-01-18 13:37 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-17 11:05 - 2014-01-18 13:37 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-17 11:05 - 2013-11-03 15:41 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-17 05:56 - 2013-11-03 15:45 - 00000024 ____N () C:\Users\chris\random.dat
2014-09-17 05:50 - 2013-11-03 15:45 - 00000044 ____N () C:\Users\chris\jagex_cl_runescape_LIVE.dat
2014-09-17 05:48 - 2013-11-03 15:36 - 00000000 ____D () C:\Program Files (x86)\SwiftKit
2014-09-15 17:31 - 2012-12-19 15:50 - 07028336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2014-09-15 17:31 - 2012-12-19 15:09 - 01113576 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2014-09-15 17:31 - 2012-12-19 14:44 - 07207592 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2014-09-15 17:31 - 2012-12-19 14:30 - 00100032 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2014-09-15 17:31 - 2012-04-05 20:34 - 08044976 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2014-09-15 17:31 - 2012-04-05 20:23 - 08296296 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2014-09-15 17:31 - 2011-09-08 11:51 - 00118096 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2014-09-15 17:31 - 2011-05-24 22:06 - 01335544 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2014-09-15 17:31 - 2011-05-24 21:49 - 10826488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2014-09-15 17:31 - 2011-05-24 21:24 - 00144328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2014-09-15 17:19 - 2011-12-25 17:54 - 00007596 _____ () C:\Users\chris\AppData\Local\resmon.resmoncfg
2014-09-15 17:17 - 2014-04-17 21:19 - 28770304 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2014-09-15 17:16 - 2014-04-17 21:17 - 00058880 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-09-15 17:08 - 2014-04-17 20:51 - 23375360 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2014-09-15 17:00 - 2014-04-17 20:08 - 00090112 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2014-09-15 16:59 - 2014-04-17 20:09 - 00900608 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2014-09-15 16:59 - 2014-04-17 20:07 - 00133632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2014-09-15 16:59 - 2014-04-17 20:07 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2014-09-15 14:07 - 2011-07-25 23:33 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-09-15 05:46 - 2013-08-20 17:49 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Skype
2014-09-15 05:42 - 2011-07-31 15:19 - 00000000 ____D () C:\Users\chris\Documents\Symantec
2014-09-15 05:42 - 2011-07-31 15:18 - 00000000 ____D () C:\ProgramData\Norton
2014-09-14 18:00 - 2014-01-03 06:13 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2014-09-14 15:06 - 2012-05-27 21:01 - 00159232 ___SH () C:\Users\chris\Documents\Thumbs.db
2014-09-14 15:03 - 2011-07-25 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2014-09-14 14:41 - 2014-07-02 23:29 - 00010854 _____ () C:\Windows\SysWOW64\Utility.xml
2014-09-14 14:00 - 2011-07-26 00:32 - 00306032 _____ () C:\Windows\DPINST.LOG
2014-09-14 13:55 - 2013-03-31 14:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unigine
2014-09-11 23:20 - 2014-04-13 10:29 - 00000000 ____D () C:\Users\chris\.android
2014-09-11 03:02 - 2013-07-19 06:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 03:02 - 2012-04-24 16:15 - 00774632 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-11 03:00 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-11 03:00 - 2011-07-29 21:20 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Files to move or delete:
====================
C:\Users\chris\jagex_cl_runescape_LIVE.dat
C:\Users\chris\jagex_cl_runescape_LIVE1.dat
C:\Users\chris\memory.bat
C:\Users\chris\random.dat


Some content of TEMP:
====================
C:\Users\chris\AppData\Local\Temp\UNINSTALL.EXE


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-09 21:41

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-10-2014
Ran by chris at 2014-10-10 14:03:45
Running from C:\Users\chris\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.34024 - BitTorrent Inc.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
ACP Application (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.0.626 - Adobe Systems, Inc.)
Age of Empires II HD The Forgotten (HKLM-x32\...\QWdlb2ZFbXBpcmVzSUlIRFRoZUZvcmdvdHRlbg==_is1) (Version: 1 - )
AMD Accelerated Video Transcoding (Version: 13.30.100.40915 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
AMD Fuel (Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Steady Video Plug-In  (Version: 2.07.0000 - AMD) Hidden
AMD USB Filter Driver (x32 Version: 1.0.15.94 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.0.0 - Electronic Arts)
Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
BIOS Code Unlocked Technology (HKLM-x32\...\BIOS Code Unlocked Technology_is1) (Version:  - msi, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
Bus Driver (HKLM-x32\...\Steam App 302080) (Version:  - SCS Software)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
Cisco Linksys AE6000 Driver (HKLM-x32\...\{02221266-B345-4544-A5C3-A995520E774D}) (Version: 1.1.0.3 - Cisco Consumer Products LLC)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
Command & Conquer™ 4 Tiberian Twilight (HKLM-x32\...\{82696435-8572-4D8B-A230-D1AA567D0F0F}) (Version: 1.0.0.0 - Electronic Arts)
Command & Conquer™ and The Covert Operations™ (HKLM-x32\...\{050E298D-C9B8-4582-A332-26201268A297}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ Red Alert™ 3 and Uprising (HKLM-x32\...\{3C315BF7-4B64-4024-8102-174A197437FA}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
ControlCenter (HKLM-x32\...\ControlCenter_is1) (Version:  - msi, Inc.)
Crash Time II (HKLM-x32\...\Steam App 11390) (Version:  - RTL interactive)
Creation Kit (HKLM-x32\...\Steam App 202480) (Version:  - bgs.bethsoft.com)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2625.57 - CyberLink Corp.)
CyberLink PowerDVD 12 (x32 Version: 12.0.2625.57 - CyberLink Corp.) Hidden
CyberLink WaveEditor (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 1.0.1.2318 - CyberLink Corp.)
CyberLink WaveEditor (x32 Version: 1.0.1.2318 - CyberLink Corp.) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0315 - DT Soft Ltd)
Deus Ex: Game of the Year Edition (HKLM-x32\...\Steam App 6910) (Version:  - Ion Storm)
DiRT 3 (HKLM-x32\...\Steam App 44320) (Version:  - Codemasters Racing Studio)
East India Company Gold (HKLM-x32\...\Steam App 254000) (Version:  - )
EasyViewer (HKLM-x32\...\InstallShield_{EECD7B96-1416-4D3A-B12D-0D2512120C36}) (Version: 1.3.0.9 - MSI)
EasyViewer (x32 Version: 1.3.0.9 - MSI) Hidden
Elevated Installer (x32 Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Euro Truck Simulator (HKLM-x32\...\Steam App 232010) (Version:  - SCS Software)
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version:  - SCS Software)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
FINAL FANTASY VII (HKLM-x32\...\Steam App 39140) (Version:  - Square Enix)
FINAL FANTASY VIII (HKLM-x32\...\Steam App 39150) (Version:  - SQUARE ENIX)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.0.0.0 - Futuremark Corporation)
FXAA Post Process Injector (HKLM-x32\...\FXAA Post Process Injector) (Version:  - )
Garmin Express (HKLM-x32\...\{22939821-cd61-449c-8a03-cff0af03c156}) (Version: 3.2.18.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version:  - Rockstar North / Toronto)
Gun Monkeys (HKLM-x32\...\Steam App 239450) (Version:  - Size Five Games)
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.65.11 - JMicron Technology Corp.)
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche)
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version:  - JC2-MP Team)
Knights and Merchants (HKLM-x32\...\Steam App 253900) (Version:  - Topware Interactive)
Kung Fu Strike: The Warrior's Rise (HKLM-x32\...\Steam App 212030) (Version:  - Qooc Software )
L.A. Noire (HKLM-x32\...\Steam App 110800) (Version:  - Team Bondi)
Logitech SetPoint 6.52 (HKLM\...\sp6) (Version: 6.52.74 - Logitech)
LOOT (HKLM-x32\...\LOOT) (Version: 0.6.0 - LOOT Development Team)
Max Payne (HKLM-x32\...\Steam App 12140) (Version:  - Remedy Entertainment)
Max Payne 2: The Fall of Max Payne (HKLM-x32\...\Steam App 12150) (Version:  - Remedy Entertainment)
Max Payne 3 (HKLM-x32\...\Steam App 204100) (Version:  - Rockstar Studios)
Metro: Last Light Redux (HKLM-x32\...\Steam App 287390) (Version:  - 4A Games)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0 - Microsoft Corporation) Hidden
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSI Live Update (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.0.009 - MSI)
MSI Super Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.025 - MSI)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.3 - Black Tree Gaming)
Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
Norton Management (HKLM-x32\...\MCLIENT) (Version: 3.2.2.12 - Symantec Corporation)
Nosgoth (HKLM-x32\...\Steam App 200110) (Version:  - Psyonix)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.2.0416 - Bethesda Softworks)
Oblivion mod manager 1.1.12 (HKLM-x32\...\Oblivion mod manager_is1) (Version:  - Timeslip)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Pirates of Black Cove Gold (HKLM-x32\...\Steam App 254040) (Version:  - )
Populous The Beginning  (HKLM-x32\...\{3A180340-08DA-11d1-8AA4-00A0C930178C}) (Version: 1.0.0.1 - Electronic Arts)
Radeon RAMDisk (HKLM-x32\...\{90AC17CF-3394-4349-A1B8-ECC2C18CD787}) (Version: 4.4.0.32 - Dataram, Inc.)
RangeMax Wireless-N USB Adapter WN111v2 (HKLM-x32\...\InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}) (Version: 3.0.0.5 - NETGEAR)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Rapture3D 2.4.8 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.15.20888 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.86.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7283 - Realtek Semiconductor Corp.)
Red Faction: Guerrilla  (HKLM-x32\...\Steam App 20500) (Version:  - Volition)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.39.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.39.0 - Renesas Electronics Corporation) Hidden
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.0 - SAMSUNG Electronics Co., Ltd.)
Scania Truck Driving Simulator (HKLM-x32\...\Steam App 258760) (Version:  - SCS Software)
Seagate Manager Installer (HKLM-x32\...\InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}) (Version: 2.01.0600 - Seagate)
Seagate Manager Installer (x32 Version: 2.01.0600 - Seagate) Hidden
Security Task Manager 1.8g (HKLM-x32\...\Security Task Manager) (Version: 1.8g - Neuber Software)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SlimCleaner (HKLM-x32\...\{6B8D6199-EE44-4FD7-813A-6D8C62C9B384}) (Version: 4.0.30878 - SlimWare Utilities, Inc.)
SlimComputer (HKLM-x32\...\{574BF026-4487-4051-BCE5-83C4E40AAF6D}) (Version: 1.3.30878 - SlimWare Utilities, Inc.)
SlimDrivers (HKLM-x32\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.)
Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.6.0.4 - Splashtop Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Supreme Commander (HKLM-x32\...\Steam App 9350) (Version:  - Gas Powered Games)
Supreme Commander: Forged Alliance (HKLM-x32\...\Steam App 9420) (Version:  - Gas Powered Games)
SwiftKit (HKCU\...\SwiftKit) (Version:  - )
SyncDroid version 1.2.4 (HKLM-x32\...\{BE7E35A4-59E5-412B-9B18-57B4938B8C0B}_is1) (Version: 1.2.4 - JunTu Software, Inc.)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamingGenie (HKLM-x32\...\{AF9B9CCF-D1B4-44B4-A030-BFCF5686AA5E}_is1) (Version: 1.0.1.3 - MSI)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.11 - TeamSpeak Systems GmbH)
The Elder Scrolls III: Morrowind (HKLM-x32\...\Steam App 22320) (Version:  - Bethesda Game Studios®)
The Elder Scrolls IV: Oblivion  (HKLM-x32\...\Steam App 22330) (Version:  - Bethesda Game Studios)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Journey Down: Chapter One (HKLM-x32\...\Steam App 220090) (Version:  - SkyGoblin)
Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.7.2 - Electronic Arts)
Torch (HKCU\...\Torch) (Version: 33.0.0.7326 - Torch Media, Inc) <==== ATTENTION
Trend Micro SafeSync (HKLM\...\HFRS_is1) (Version: 5.1.0.1173 - Trend Micro)
Tropico 3 - Steam Special Edition (HKLM-x32\...\Steam App 23490) (Version:  - Haemimont Games)
Trucks & Trailers (HKLM-x32\...\Steam App 302060) (Version:  - SCS Software)
Unigine Sanctuary Demo v2.3 (HKLM-x32\...\{A76A2E24-6590-44B4-8126-FAB1A7993A64}) (Version: 1.0 - Unigine Corp.)
Unigine Valley Benchmark Advanced version 1.0 (HKLM-x32\...\Unigine Valley Benchmark Advanced_is1) (Version: 1.0 - Unigine Corp.)
Unofficial Oblivion Patch v3.2.0 (HKLM-x32\...\Unofficial Oblivion Patch_is1) (Version: 3.2.0 - Quarn and Kivan)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Warcraft III Reign of Chaos & The Frozen Throne (HKLM-x32\...\Warcraft III Reign of Chaos & The Frozen Throne) (Version:  - )
Warhammer 40,000: Dawn Of War - Gold Edition (HKLM-x32\...\{83F12F73-D52E-40C0-93B1-463C311C4E17}) (Version: 1.40 - THQ)
WestwoodChat (HKLM-x32\...\{7CAE6A67-AF7B-4A6A-8705-8AFACA45BB60}) (Version: 1.0.0.0 - WestwoodChat)
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinZip 15.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C3}) (Version: 15.5.9510 - WinZip Computing, S.L. )
WN111v2 (x32 Version: 3.0.0.5 - NETGEAR) Hidden
Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 0.3.0.5 - Wrye & Wrye Bash Development Team)
X3: Albion Prelude (HKLM-x32\...\Steam App 201310) (Version:  - Egosoft)
XML Notepad 2007 (HKLM-x32\...\{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}) (Version: 2.3.0.0 - Microsoft Corporation)
X-Universe Plugin Manager 1.47 (HKLM-x32\...\X-Universe Plugin Manager_is1) (Version: 1.47 - Cycrow)
zlib_and_png_libs_64 (HKLM\...\{54859CED-4458-4C89-B488-175EA766CD70}) (Version: 1.0.110 - Axialmedia)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

07-10-2014 09:16:56 Installed AVG 2015
07-10-2014 09:26:18 Installerte Microsoft Office Outlook MUI (Norwegian (Bokmål)) 2010
10-10-2014 00:36:53 Removed AVG 2015
10-10-2014 00:37:26 Removed AVG 2015

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {146FE9BE-4407-43FB-BCE7-38DF1B31EC9C} - System32\Tasks\Norton Management\Norton Error Processor => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe [2012-10-18] (Symantec Corporation)
Task: {18347AFD-8127-4E1A-8F8B-B862C25C5219} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-29] (Google Inc.)
Task: {23BDC655-AF65-49BC-9362-6E28B9FAE6EB} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {634A5A0B-7CD5-4615-8FAD-69C442193A4E} - System32\Tasks\SlimDrivers Startup => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe [2013-09-24] (SlimWare Utilities, Inc.)
Task: {755FEE10-FD9A-4D27-87CE-B551353508CF} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-27] ()
Task: {86A8D480-ADA4-454A-8A9A-A2FA6E6A3155} - System32\Tasks\SlimCleaner Run => C:\Program Files (x86)\SlimCleaner\SlimCleaner.exe [2013-07-10] (SlimWare Utilities, Inc.)
Task: {972CFB12-9826-408C-8518-D5ED6E79C4CE} - System32\Tasks\Norton Management\Norton Error Analyzer => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe [2012-10-18] (Symantec Corporation)
Task: {A325DF5E-D4EC-4D6F-B650-DDA1B1C5D2E6} - System32\Tasks\{25AAE8BC-11CB-47C9-B286-5D31DAF7173D} => Firefox.exe
Task: {A694A690-1BA1-4F66-8D17-0F5700B5579C} - System32\Tasks\Logon_Trigger_WPS_Mon_Task => C:\Program Files (x86)\Linksys AE6000\WPS_Mon.exe [2012-12-20] (Cisco Consumer Products LLC)
Task: {A8B53CC1-0806-46E2-8F09-3E90F2157BA5} - System32\Tasks\SlimComputer Run => C:\Program Files (x86)\SlimComputer\SlimComputer.exe [2013-07-10] (SlimWare Utilities, Inc.)
Task: {C75242B6-906B-4182-AF82-809531FCC06A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-29] (Google Inc.)
Task: {E6450313-71F9-4B7B-A8B1-6276AD2CF504} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {EBDA2A0B-6878-4BA6-BADA-69F0F39E496F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {ED479DC2-C7F4-4793-8EBC-CEB5209E5AD0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {EE2CC7A0-2E01-4738-BBA3-A5854072C24A} - System32\Tasks\FRAPS => C:\Fraps\fraps.exe
Task: {EF87B965-580B-42C4-9821-6547579BDD61} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe

==================== Loaded Modules (whitelisted) =============

2010-01-02 09:42 - 2010-01-02 09:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-09-15 18:13 - 2014-09-15 18:13 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-08-07 14:25 - 2013-08-07 14:25 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2013-08-01 21:08 - 2012-11-27 14:12 - 01210256 ____N () C:\Program Files (x86)\Linksys AE6000\RaWLAPI.dll
2014-03-01 15:55 - 2014-09-15 20:15 - 00962560 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll
2014-03-01 15:55 - 2014-09-15 20:15 - 00024064 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll
2014-03-01 15:55 - 2014-09-15 20:15 - 00025088 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll
2014-03-01 15:55 - 2014-09-15 20:15 - 00217088 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2014-03-01 15:55 - 2014-09-15 20:15 - 00261632 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2014-03-01 15:55 - 2014-09-15 20:15 - 00019968 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll
2014-03-01 15:55 - 2014-09-15 20:15 - 00302592 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll
2014-03-01 15:55 - 2014-09-15 20:15 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2014-09-19 09:24 - 2014-06-04 10:21 - 00571904 ____N () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-09-19 09:24 - 2014-05-19 17:19 - 00137728 ____N () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2014-08-29 03:29 - 2014-08-21 13:15 - 01171456 _____ () D:\program Files (86)\Steam\libavcodec-56.dll
2014-08-29 03:29 - 2014-08-21 13:15 - 00442368 _____ () D:\program Files (86)\Steam\libavutil-54.dll
2014-08-29 03:29 - 2014-08-21 13:15 - 00332800 _____ () D:\program Files (86)\Steam\libavresample-2.dll
2013-07-22 01:06 - 2014-10-01 18:16 - 00774656 _____ () D:\program Files (86)\Steam\SDL2.dll
2014-05-28 16:22 - 2014-10-09 12:54 - 02226880 _____ () D:\program Files (86)\Steam\video.dll
2014-08-29 03:29 - 2014-08-21 13:15 - 00403968 _____ () D:\program Files (86)\Steam\libavformat-56.dll
2014-08-29 03:29 - 2014-08-21 13:15 - 00485888 _____ () D:\program Files (86)\Steam\libswscale-3.dll
2013-07-22 01:06 - 2014-10-09 12:53 - 00682176 _____ () D:\program Files (86)\Steam\bin\chromehtml.DLL
2013-07-22 01:06 - 2014-09-04 18:29 - 34589376 _____ () D:\program Files (86)\Steam\bin\libcef.dll
2014-08-16 10:54 - 2014-09-04 18:29 - 00837824 _____ () D:\program Files (86)\Steam\bin\ffmpegsumo.dll
2014-09-25 00:10 - 2014-09-25 00:10 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-09-10 10:51 - 2014-09-10 10:51 - 16825520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SplashtopRemoteService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WN111v2 Smart Wizard.lnk => C:\Windows\pss\NETGEAR WN111v2 Smart Wizard.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk => C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartup
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: CarboniteSetupLite => "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: Garmin Lifetime Updater => C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
MSCONFIG\startupreg: JMB36X IDE Setup => C:\Windows\RaidTool\xInsIDE.exe
MSCONFIG\startupreg: MaxMenuMgr => "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-3957517088-2007298891-2815225478-500 - Administrator - Disabled)
chris (S-1-5-21-3957517088-2007298891-2815225478-1000 - Administrator - Enabled) => C:\Users\chris
Guest (S-1-5-21-3957517088-2007298891-2815225478-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-3957517088-2007298891-2815225478-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: iocbios2
Description: iocbios2
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: iocbios2
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft ISATAP Adapter #4
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/10/2014 00:58:01 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for D:\program Files (86)\Steam\steam.exe

Error: (10/09/2014 08:37:37 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for D:\program Files (86)\Steam\steam.exe

Error: (10/09/2014 07:55:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FRST64(1).exe, version: 8.10.2014.0, time stamp: 0x5436c37b
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc00000fd
Fault offset: 0x0000000000054ed6
Faulting process id: 0x968
Faulting application start time: 0xFRST64(1).exe0
Faulting application path: FRST64(1).exe1
Faulting module path: FRST64(1).exe2
Report Id: FRST64(1).exe3

Error: (10/09/2014 07:53:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/09/2014 07:52:20 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for D:\program Files (86)\Steam\steam.exe

Error: (10/09/2014 07:51:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MSI_LiveUpdate_Service.exe, version: 1.0.0.4, time stamp: 0x53fc4ecd
Faulting module name: MSI_LiveUpdate_Service.exe, version: 1.0.0.4, time stamp: 0x53fc4ecd
Exception code: 0xc0000417
Fault offset: 0x0010d3b2
Faulting process id: 0x914
Faulting application start time: 0xMSI_LiveUpdate_Service.exe0
Faulting application path: MSI_LiveUpdate_Service.exe1
Faulting module path: MSI_LiveUpdate_Service.exe2
Report Id: MSI_LiveUpdate_Service.exe3

Error: (10/09/2014 07:46:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FRST64(1).exe, version: 8.10.2014.0, time stamp: 0x5436c37b
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc00000fd
Fault offset: 0x0000000000054eea
Faulting process id: 0x1b58
Faulting application start time: 0xFRST64(1).exe0
Faulting application path: FRST64(1).exe1
Faulting module path: FRST64(1).exe2
Report Id: FRST64(1).exe3

Error: (10/09/2014 07:41:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program N360.exe version 12.11.4.4 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: fa0

Start Time: 01cfe42290399854

Termination Time: 4

Application Path: C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe

Report Id: 2f938f6e-5016-11e4-ac76-6c626d4af44f

Error: (10/09/2014 07:40:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/09/2014 07:38:57 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for D:\program Files (86)\Steam\steam.exe


System errors:
=============
Error: (10/10/2014 09:09:21 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort1.

Error: (10/10/2014 07:51:53 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (10/10/2014 00:58:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (10/10/2014 00:58:01 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (10/09/2014 08:37:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (10/09/2014 08:37:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (10/09/2014 08:37:44 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (10/09/2014 08:37:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (10/09/2014 08:37:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (10/09/2014 08:37:44 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.


Microsoft Office Sessions:
=========================
Error: (10/10/2014 00:58:01 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Failed to add firewall exception for D:\program Files (86)\Steam\steam.exe

Error: (10/09/2014 08:37:37 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Failed to add firewall exception for D:\program Files (86)\Steam\steam.exe

Error: (10/09/2014 07:55:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FRST64(1).exe8.10.2014.05436c37bntdll.dll6.1.7601.18247521eaf24c00000fd0000000000054ed696801cfe4248edbd48dC:\Users\chris\Desktop\FRST64(1).exeC:\Windows\SYSTEM32\ntdll.dll0f8e17ff-5018-11e4-978e-6c626d4af44f

Error: (10/09/2014 07:53:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/09/2014 07:52:20 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Failed to add firewall exception for D:\program Files (86)\Steam\steam.exe

Error: (10/09/2014 07:51:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MSI_LiveUpdate_Service.exe1.0.0.453fc4ecdMSI_LiveUpdate_Service.exe1.0.0.453fc4ecdc00004170010d3b291401cfe4245f96810aD:\program Files (86)\Live Update\MSI_LiveUpdate_Service.exeD:\program Files (86)\Live Update\MSI_LiveUpdate_Service.exea01a098b-5017-11e4-978e-6c626d4af44f

Error: (10/09/2014 07:46:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FRST64(1).exe8.10.2014.05436c37bntdll.dll6.1.7601.18247521eaf24c00000fd0000000000054eea1b5801cfe422ec8be041C:\Users\chris\Desktop\New folder (4)\FRST64(1).exeC:\Windows\SYSTEM32\ntdll.dllcdd5b502-5016-11e4-ac76-6c626d4af44f

Error: (10/09/2014 07:41:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: N360.exe12.11.4.4fa001cfe422903998544C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe2f938f6e-5016-11e4-ac76-6c626d4af44f

Error: (10/09/2014 07:40:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/09/2014 07:38:57 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Failed to add firewall exception for D:\program Files (86)\Steam\steam.exe


==================== Memory info ===========================

Processor: AMD Phenom™ II X6 1090T Processor
Percentage of memory in use: 21%
Total physical RAM: 16383.18 MB
Available physical RAM: 12865.08 MB
Total Pagefile: 16397.36 MB
Available Pagefile: 12864.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.79 GB) (Free:37.41 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (storage) (Fixed) (Total:1397.25 GB) (Free:533.83 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:111.79 GB) (Free:67.73 GB) NTFS
Drive f: (RED) (CDROM) (Total:7.76 GB) (Free:0 GB) UDF
Drive h: () (Removable) (Total:7.45 GB) (Free:0.84 GB) FAT32
Drive r: () (Fixed) (Total:1397.26 GB) (Free:594.28 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 4C51ADCD)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 01EA01EA)
Partition 1: (Active) - (Size=1397.3 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 54DC024B)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 4 (MBR Code: Windows XP) (Size: 1397.3 GB) (Disk ID: C9416CB5)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#11 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:33 PM

Posted 11 October 2014 - 09:19 AM

Hello,

 

Good. The infection seems to be removed.

 

However if you don't mind, I want to make sure there is nothing lurking on the system so just in case I want you to go through these steps:

 

The most of them should take no more than 5 minutes each (but the time they take to complete can vary depending on the size of your hard and the speed of your computer).

 

 

STEP 1

 

 

Please download the following file => [attachment=156020:fixlist.txt] and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

STEP 2

 

 

  • Please download RKill by Grinler from the link below and save it to your desktop.

    Rkill
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log.
  • Please post the log in your next reply.

 

 

 

STEP 3

 

 

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure that all options are checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please post the log in your next reply.

 

 

STEP 4

 

 

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

STEP 5

 

 

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

 

STEP 6

 

 

  • Please download RogueKillerX64.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Wait for the prescan to complete and then press the Scan button.
  • When done press the Report button.
  • Please copy and past the results in your next reply.

 

 

STEP 7
 

 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
     
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
     
  • Click the Start Scan button.
     
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
     
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 8

 

 

Please download Malwarebytes Anti-Malware to your desktop.
 

  • Double-click mbam-setup-2.0.2.1012.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may see this message box.
    • 'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

STEP 9

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

 

STEP 10

 

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

and then if there aren't any issues left I'll give you my final recommendations. :)

 

 

Regards,

Georgi


cXfZ4wS.png


#12 chrisrich1

chrisrich1
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 11 October 2014 - 01:27 PM

ok on step one do i need the old fixlist on there also because the new fixlist does not run by itself?



#13 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:33 PM

Posted 11 October 2014 - 01:48 PM

You don't need the old fixlist.txt. All you need is FRST.exe and the newest fixlist.txt to be stored in same folder... Then run FRST.exe and press the fix button and that's it.

 

 

Regards,

Georgi


cXfZ4wS.png


#14 chrisrich1

chrisrich1
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 11 October 2014 - 02:10 PM

i have the new fixlist text in the same location but it acts like there is no fixlist text



#15 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:33 PM

Posted 11 October 2014 - 02:16 PM

That's odd.

Try with the following fixlist.txt => [attachment=156035:fixlist.txt]


cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users