Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis log, please help


  • This topic is locked This topic is locked
9 replies to this topic

#1 flickering

flickering

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 13 October 2014 - 07:58 AM

Logfile of Trend Micro HijackThis v2.0.5

Scan saved at 7:48:48 AM, on 10/13/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17278)
 
 
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Chris\Downloads\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
O4 - HKLM\..\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [DellSystemDetect] C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [MaxDownloadMgr] "C:\Users\Chris\AppData\Local\Temp\Stp2A58_TMP.EXE"
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
O9 - Extra 'Tools' menuitem: Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.dell.com
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel® Integrated Clock Controller Service - Intel® ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Intel® Turbo Boost Technology Monitor 2.6 (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 11274 bytes


BC AdBot (Login to Remove)

 


#2 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:08:56 AM

Posted 15 October 2014 - 02:27 PM

Hello flickering,

Welcome to Bleeping Computer! :welcome:

My name is Cody and I'll be helping you clean up your computer. :)

I will reply to your posts as soon as possible -- typically within 24 hours. In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, I just ask for notice ahead of time.

Please do note any time differences between us. If I do not respond within 48 hours, feel free to send me a private message.

==========================================================================

Some points for you to keep in mind:

  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. 
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.

==========================================================================

Farbar Recovery Scan Tool (FRST)

  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop.
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should.
  • Double click the icon.
  • Click Yes to the disclaimer.
  • Make sure the Addition.txt box is checked.
  • Click Scan and allow the program to run.
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen.
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply

==========================================================================

 

Also, what problems are you experiencing?


Edited by TheShooter93, 15 October 2014 - 02:32 PM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#3 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:08:56 AM

Posted 18 October 2014 - 09:25 AM

3 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#4 flickering

flickering
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 19 October 2014 - 06:11 PM

Hi. Sorry for my late reply. I installed malware on my computer that was posing as a java update. I ran certain cleaners like adware and malware bytes, and I'm just not sure if it's all gone really. My computer seems like it is running slower than it was before, and I was hoping posting a hijack this log a more knowledgeable person would be able to point at something suspicious. I guess you could say my issue is paranoia. Thank you for any help. 

 

===================================================

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-10-2014
Ran by Chris (administrator) on FARSEER on 19-10-2014 18:00:46
Running from C:\Users\Chris\Downloads
Loaded Profile: Chris (Available profiles: Chris)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
() C:\Program Files\Synaptics\SynTP\DellTouchpad.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6842000 2012-09-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1230992 2012-09-27] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5757328 2012-10-19] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtPreLoad.exe [64640 2012-12-28] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2918200 2012-09-20] (Synaptics Incorporated)
HKLM\...\Run: [DellWPF] => C:\Program Files\Synaptics\SynTP\DellTouchpad.exe [4875576 2012-09-20] ()
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2548248 2014-04-23] (Sony Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [129664 2012-12-28] ( (Qualcomm Atheros Commnucations))
HKU\S-1-5-21-3652495273-4159136407-3845384349-1001\...\Run: [DellSystemDetect] => C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
HKU\S-1-5-21-3652495273-4159136407-3845384349-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-3652495273-4159136407-3845384349-1001\...\Run: [MaxDownloadMgr] => "C:\Users\Chris\AppData\Local\Temp\Stp2A58_TMP.EXE" <===== ATTENTION
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {B83CE28B-164C-4FCC-9FDD-2A887ADB6551} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @virtools.com/3DviaPlayer -> C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Chris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z059&partner_id=308&product_id=435&affiliate_id=&channel=rjacs&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110527&user_guid=028677A353614E3EB20EBC0BB3C586F4&machine_id=65619ca06fbbcea39ad0fdfa0eab8414&browser=CR&os=win&os_version=6.1-x64-SP0
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-22]
CHR Extension: (Google Docs) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-22]
CHR Extension: (Google Drive) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-22]
CHR Extension: (YouTube) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-22]
CHR Extension: (Adblock Plus) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-09-22]
CHR Extension: (Add to Amazon Wish List) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2014-09-22]
CHR Extension: (Google Search) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-22]
CHR Extension: (Google Sheets) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-22]
CHR Extension: (AdBlock) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-09-22]
CHR Extension: (Keep My Opt-Outs) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe [2014-09-22]
CHR Extension: (Video Download Helper) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldcccbolclahdbkahlppenfodnheapah [2014-10-04]
CHR Extension: (Google Wallet) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-22]
CHR Extension: (Gmail) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-22]
CHR HKLM-x32\...\Chrome\Extension: [aaaaidcfcofkdlnflloenblifgibdejh] - C:\ProgramData\AskPartnerNetwork\Toolbar\MTVV7\CRX\ToolbarCR.crx []
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [226944 2012-12-28] (Qualcomm Atheros Commnucations)
S4 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-06-19] (Dell Products, LP.) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-06-05] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-05-09] (Microsoft Corporation)
S4 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481816 2014-04-23] (Sony Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-08-31] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-09-13] (SoftThinks SAS)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
S4 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
S2 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-20] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-09-20] (Synaptics Incorporated)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S3 avchv; \SystemRoot\system32\DRIVERS\avchv.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-19 18:00 - 2014-10-19 18:01 - 00019039 _____ () C:\Users\Chris\Downloads\FRST.txt
2014-10-19 17:59 - 2014-10-19 18:00 - 00000000 ____D () C:\FRST
2014-10-19 17:57 - 2014-10-19 17:58 - 02112512 _____ (Farbar) C:\Users\Chris\Downloads\FRST64.exe
2014-10-16 18:05 - 2014-10-16 18:05 - 00000000 ___RD () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-10-15 20:19 - 2014-09-03 19:10 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-10-15 20:19 - 2014-09-03 18:57 - 00921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-10-15 20:19 - 2014-09-03 18:49 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-10-15 20:18 - 2014-10-09 17:16 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-10-15 20:18 - 2014-10-08 17:09 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-10-15 20:18 - 2014-09-18 20:24 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-10-15 20:18 - 2014-09-13 01:02 - 02779648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-10-15 20:18 - 2014-09-13 00:30 - 03117568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-10-15 20:18 - 2014-08-28 20:58 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-10-15 20:18 - 2014-08-28 18:56 - 02646016 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-10-15 20:18 - 2014-08-28 18:47 - 02321920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-10-15 18:03 - 2014-09-27 17:25 - 04183040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-10-15 18:03 - 2014-09-13 01:29 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-10-15 18:03 - 2014-09-13 00:49 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-10-15 18:02 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-10-15 18:02 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-10-15 18:02 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-10-15 18:01 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-10-15 18:01 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-10-15 18:01 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-10-15 18:01 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-10-15 18:01 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-10-15 18:01 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-10-15 18:01 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-10-15 18:01 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-10-15 18:01 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-10-15 18:01 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-10-15 18:01 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-10-15 18:01 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-10-15 18:01 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-10-15 18:01 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-10-15 18:01 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-10-15 18:01 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-10-15 18:01 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-10-15 18:01 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-10-15 18:01 - 2014-09-18 19:42 - 00363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-10-15 18:01 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-10-15 18:01 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-10-15 18:01 - 2014-09-18 19:20 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-10-15 18:01 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-10-15 18:01 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-10-15 18:01 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-10-15 18:01 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-10-15 18:01 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-10-15 18:00 - 2014-09-07 22:15 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-10-15 18:00 - 2014-09-07 20:46 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-10-15 18:00 - 2014-09-07 20:46 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-10-15 18:00 - 2014-09-07 19:08 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-10-15 18:00 - 2014-09-07 19:07 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-10-15 18:00 - 2014-09-07 19:05 - 03448320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-10-15 18:00 - 2014-09-07 19:04 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-10-15 18:00 - 2014-09-07 19:04 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-10-15 18:00 - 2014-09-07 19:03 - 01702400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-10-15 18:00 - 2014-09-07 19:03 - 00839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-10-15 18:00 - 2014-09-07 18:59 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-10-15 18:00 - 2014-09-07 18:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-10-15 18:00 - 2014-09-07 18:56 - 00672256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-10-15 18:00 - 2014-09-07 18:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-10-15 18:00 - 2014-09-03 19:12 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-10-15 18:00 - 2014-09-03 19:01 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-10-15 17:59 - 2014-08-15 23:08 - 21195616 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-10-15 17:59 - 2014-08-15 22:16 - 18722600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-10-15 17:59 - 2014-08-15 19:17 - 08757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-10-15 17:59 - 2014-08-15 19:13 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-10-15 17:59 - 2014-08-15 19:13 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-10-15 17:58 - 2014-08-15 23:08 - 01507648 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-10-15 17:58 - 2014-08-15 23:01 - 01710184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-10-15 17:58 - 2014-08-15 22:58 - 01112512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-10-15 17:58 - 2014-08-15 22:57 - 02498880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-10-15 17:58 - 2014-08-15 22:57 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-10-15 17:58 - 2014-08-15 22:16 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-10-15 17:58 - 2014-08-15 22:03 - 01467384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-10-15 17:58 - 2014-08-15 20:31 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-10-15 17:58 - 2014-08-15 20:04 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2014-10-15 17:58 - 2014-08-15 19:58 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-10-15 17:58 - 2014-08-15 19:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2014-10-15 17:58 - 2014-08-15 19:46 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2014-10-15 17:58 - 2014-08-15 19:45 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-10-15 17:58 - 2014-08-15 19:43 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2014-10-15 17:58 - 2014-08-15 19:43 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2014-10-15 17:58 - 2014-08-15 19:31 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2014-10-15 17:58 - 2014-08-15 19:31 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
2014-10-15 17:58 - 2014-08-15 19:29 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-15 17:58 - 2014-08-15 19:23 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-10-15 17:58 - 2014-08-15 19:22 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-10-15 17:58 - 2014-08-15 19:22 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-10-15 17:58 - 2014-08-15 19:19 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-15 17:58 - 2014-08-15 19:18 - 04758528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-10-15 17:58 - 2014-08-15 19:14 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-10-15 17:58 - 2014-08-15 19:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-10-15 17:58 - 2014-08-15 19:11 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-10-15 17:58 - 2014-08-15 19:10 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-10-15 17:58 - 2014-08-15 19:08 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-10-15 17:58 - 2014-08-15 19:07 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-10-15 17:58 - 2014-07-31 18:22 - 00388729 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-10-13 07:43 - 2014-10-13 07:43 - 00388608 _____ (Trend Micro Inc.) C:\Users\Chris\Downloads\HijackThis.exe
2014-10-12 15:34 - 2014-10-12 15:34 - 00000000 ____D () C:\Users\Chris\My Games
2014-10-11 12:21 - 2014-10-11 12:21 - 00000000 ____D () C:\WINDOWS\B83FC356B7C0441F8A4DD71E088E7974.TMP
2014-10-10 16:35 - 2014-10-10 16:35 - 00000000 ____D () C:\Users\Chris\Documents\Shiner
2014-10-08 21:09 - 2014-10-08 21:09 - 00000679 _____ () C:\WINDOWS\setupact.log
2014-10-08 21:09 - 2014-10-08 21:09 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-10-08 19:09 - 2014-10-18 15:38 - 00105318 _____ () C:\WINDOWS\DirectX.log
2014-10-06 16:54 - 2014-10-06 16:54 - 00001409 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-10-06 16:54 - 2014-10-06 16:54 - 00001397 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-10-06 16:54 - 2014-10-06 16:54 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-10-06 16:54 - 2014-10-06 16:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-10-06 16:53 - 2014-10-06 18:51 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-06 16:53 - 2014-10-06 17:01 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-10-06 16:53 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2014-10-06 16:46 - 2014-10-06 16:47 - 05582481 _____ (Swearware) C:\Users\Chris\Downloads\ComboFix.exe
2014-10-06 16:36 - 2014-10-06 16:36 - 00000000 ____D () C:\Users\Chris\AppData\Local\Max Secure Software
2014-10-06 16:35 - 2014-10-06 16:36 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\GetRightToGo
2014-10-06 16:34 - 2014-10-06 16:35 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Chris\Downloads\spybot-2.4.exe
2014-10-06 16:33 - 2014-10-06 16:33 - 00368256 _____ (RegNow.com) C:\Users\Chris\Downloads\Download_MaxSDDMnew.exe
2014-09-23 08:05 - 2014-09-23 08:05 - 00000000 ____D () C:\NPE
2014-09-23 07:30 - 2014-09-23 08:20 - 00000000 ____D () C:\Users\Chris\AppData\Local\NPE
2014-09-23 07:30 - 2014-09-23 07:30 - 00000000 ____D () C:\ProgramData\Norton
2014-09-23 07:29 - 2014-09-23 07:29 - 03060320 ____N (Symantec Corporation) C:\Users\Chris\Downloads\NPE.exe
2014-09-22 21:25 - 2014-09-22 21:26 - 87520056 _____ (AVG Technologies) C:\Users\Chris\Downloads\avg_tuh_stf_all_2015_105_24c4 (1).exe
2014-09-22 21:21 - 2014-09-22 21:21 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\AVG
2014-09-22 21:21 - 2014-09-22 21:21 - 00000000 ____D () C:\Users\Chris\AppData\Local\Avg
2014-09-22 21:19 - 2014-09-22 21:22 - 00000000 ____D () C:\ProgramData\AVG
2014-09-22 21:18 - 2014-09-22 21:19 - 87520056 _____ (AVG Technologies) C:\Users\Chris\Downloads\avg_tuh_stf_all_2015_105_24c4.exe
2014-09-22 20:59 - 2014-09-22 20:59 - 00002442 _____ () C:\WINDOWS\System32\Tasks\0914avUpdateInfo
2014-09-22 20:59 - 2014-09-22 20:59 - 00000000 ____D () C:\ProgramData\Avg_Update_0914av
2014-09-22 20:54 - 2014-09-22 20:54 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\TuneUp Software
2014-09-22 20:53 - 2014-09-23 08:04 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-09-22 20:49 - 2014-09-23 08:04 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-22 20:49 - 2014-09-22 20:49 - 00000000 ____D () C:\Users\Chris\AppData\Local\MFAData
2014-09-22 20:42 - 2014-09-22 20:42 - 04579176 _____ (AVG Technologies) C:\Users\Chris\Downloads\avg_free_stb_all_2015_5315_cnet.exe
2014-09-22 20:29 - 2014-09-22 20:29 - 00011626 _____ () C:\WINDOWS\system32\.crusader
2014-09-22 20:16 - 2014-09-22 20:17 - 01373475 _____ () C:\Users\Chris\Downloads\adwcleaner_3.310 (1).exe
2014-09-22 20:07 - 2014-09-22 20:30 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-22 20:02 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-09-22 16:35 - 2014-09-22 20:14 - 00000000 ____D () C:\AdwCleaner
2014-09-22 16:31 - 2014-09-22 16:31 - 11194928 _____ (SurfRight B.V.) C:\Users\Chris\Downloads\HitmanPro_x64.exe
2014-09-22 16:31 - 2014-09-22 16:31 - 01373475 _____ () C:\Users\Chris\Downloads\adwcleaner_3.310.exe
2014-09-22 15:35 - 2014-09-22 15:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2014-09-22 15:35 - 2014-09-22 15:35 - 00000000 ____D () C:\Program Files\Classic Shell
2014-09-22 15:34 - 2014-09-22 15:35 - 06791360 _____ (IvoSoft) C:\Users\Chris\Downloads\ClassicShellSetup_4_1_0 (3).exe
2014-09-22 15:33 - 2014-09-22 15:33 - 06791360 _____ (IvoSoft) C:\Users\Chris\Downloads\ClassicShellSetup_4_1_0 (2).exe
2014-09-22 15:30 - 2014-09-22 15:30 - 06791360 _____ (IvoSoft) C:\Users\Chris\Downloads\ClassicShellSetup_4_1_0 (1).exe
2014-09-22 15:30 - 2014-09-22 15:30 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Chris\Downloads\SpyHunter-Installer (1).exe
2014-09-22 15:25 - 2014-09-22 15:25 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-09-22 15:25 - 2014-09-22 15:25 - 00000000 _____ () C:\autoexec.bat
2014-09-22 15:24 - 2014-09-22 15:24 - 01024790 _____ (Thisisu) C:\Users\Chris\Downloads\JRT.exe
2014-09-22 15:24 - 2014-09-22 15:24 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-22 15:24 - 2012-06-22 11:01 - 00022704 _____ () C:\WINDOWS\system32\Drivers\EsgScanner.sys
2014-09-22 15:23 - 2014-09-22 19:45 - 00000000 ____D () C:\WINDOWS\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-09-22 15:21 - 2014-09-22 15:21 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Chris\Downloads\SpyHunter-Installer.exe
2014-09-22 14:59 - 2014-09-22 14:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-22 14:58 - 2014-10-19 17:09 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-22 14:58 - 2014-10-19 09:04 - 00003894 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-22 14:58 - 2014-10-19 09:04 - 00003658 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-22 14:58 - 2014-10-19 09:04 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-22 14:26 - 2014-09-22 14:26 - 00000299 _____ () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk
2014-09-22 14:08 - 2014-09-22 14:08 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\subinacl.exe
2014-09-22 14:08 - 2014-09-22 14:08 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-09-22 14:07 - 2014-09-22 14:08 - 00753184 _____ () C:\Users\Chris\Downloads\Adware-Removal-Tool-v3.9.1.exe
2014-09-22 13:56 - 2014-09-29 18:48 - 00029920 _____ () C:\WINDOWS\PFRO.log
2014-09-22 13:14 - 2014-09-22 13:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-22 13:12 - 2014-09-22 13:13 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Chris\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-22 13:11 - 2014-10-19 16:37 - 02066607 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-22 12:34 - 2014-09-22 12:34 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\LavasoftStatistics
2014-09-22 12:33 - 2014-09-22 12:33 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-09-22 12:30 - 2014-09-22 12:31 - 02806920 _____ () C:\Users\Chris\Downloads\Adaware_Installer.exe
2014-09-22 11:58 - 2014-09-22 11:59 - 00000000 ____D () C:\Program Files (x86)\grassmow
2014-09-22 11:53 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-09-22 11:53 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-09-22 11:53 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-09-22 11:51 - 2014-09-22 12:23 - 00000000 ___HD () C:\Users\Public\Temp
2014-09-22 11:49 - 2014-09-22 12:01 - 00000258 __RSH () C:\ProgramData\ntuser.pol
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-25 13:58 - 2014-05-28 06:30 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6E47AB0E-44E6-47AB-8197-B858503CBCFB}
2014-12-25 13:58 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-10-19 17:50 - 2014-07-21 21:50 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-10-19 17:37 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-10-19 16:56 - 2013-12-16 15:25 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\ClassicShell
2014-10-18 15:39 - 2013-07-12 18:33 - 00000000 ____D () C:\Users\Chris\Documents\My Games
2014-10-18 15:39 - 2013-05-22 22:02 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-16 19:34 - 2013-05-22 00:37 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3652495273-4159136407-3845384349-1001
2014-10-16 18:03 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-16 18:03 - 2013-08-22 09:44 - 00492656 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-10-16 18:01 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-10-16 18:00 - 2014-07-10 21:20 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-10-16 18:00 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-10-16 18:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-10-16 18:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-10-16 18:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-10-16 18:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-10-15 21:28 - 2013-06-22 22:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-15 21:27 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-10-15 21:21 - 2013-08-13 12:54 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-15 21:01 - 2013-05-23 20:12 - 103265616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-10-14 19:05 - 2013-06-03 00:02 - 00000157 _____ () C:\WINDOWS\SysWOW64\SystemPreferences.xml
2014-10-13 07:46 - 2013-05-22 00:29 - 00000000 ____D () C:\Users\Chris\AppData\Local\VirtualStore
2014-10-12 15:34 - 2014-05-09 19:34 - 00000000 ____D () C:\Users\Chris
2014-10-11 18:00 - 2013-05-23 19:58 - 00000000 ____D () C:\Users\Chris\AppData\Local\CrashDumps
2014-10-10 20:53 - 2014-01-08 20:45 - 00000000 ____D () C:\Users\Chris\Documents\Proteus
2014-10-10 09:15 - 2014-01-23 20:10 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-10-10 09:14 - 2014-01-23 20:11 - 00000000 ____D () C:\Users\Chris\AppData\Local\Battle.net
2014-10-08 19:05 - 2014-07-23 19:49 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-10-08 19:04 - 2014-07-23 19:41 - 00000000 ____D () C:\ProgramData\Origin
2014-10-08 19:01 - 2014-07-23 19:41 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-29 17:45 - 2013-08-22 10:38 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-09-29 17:45 - 2013-08-22 10:38 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-27 18:51 - 2014-03-18 05:03 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-09-27 18:43 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-09-23 07:59 - 2012-07-26 03:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-09-22 21:36 - 2014-05-09 22:23 - 00000000 ___DC () C:\WINDOWS\Panther
2014-09-22 21:36 - 2013-06-22 22:42 - 00000000 ____D () C:\Users\Chris\AppData\Local\Microsoft Help
2014-09-22 20:59 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-09-22 20:13 - 2014-05-09 20:39 - 00001190 _____ () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-22 14:59 - 2013-05-22 01:11 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-22 14:58 - 2014-06-10 20:10 - 00000000 ____D () C:\Users\Chris\AppData\Local\Deployment
2014-09-22 14:04 - 2013-01-24 12:02 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-09-22 13:56 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\PLA
2014-09-22 12:45 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Common Files\System
2014-09-22 12:16 - 2013-08-31 16:53 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-22 12:11 - 2013-07-03 00:11 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-22 12:02 - 2014-01-01 22:34 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-22 11:53 - 2013-10-22 09:27 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-22 11:49 - 2013-08-22 10:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-09-22 11:49 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2014-09-22 01:42 - 2013-05-23 20:47 - 00278152 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-09-21 13:29 - 2014-05-19 21:43 - 00000000 ____D () C:\Users\Chris\Documents\Dolphin Emulator
2014-09-20 18:20 - 2013-05-22 21:54 - 00000000 ____D () C:\Users\Chris\AppData\Local\softthinks
2014-09-19 21:40 - 2014-07-27 15:48 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\FEZ
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-16 20:19
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-10-2014
Ran by Chris at 2014-10-19 18:03:43
Running from C:\Users\Chris\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
3DVIA player 5.0.0.20 (HKLM-x32\...\{B01DD1A4-F4E1-4CE7-AB6E-3168C5BD5D30}) (Version: 5.0.20 - 3DVIA)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.)
Antichamber (HKLM-x32\...\Steam App 219890) (Version:  - Alexander Bruce)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.24 - Piriform)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Clive Barker's Undying (HKLM-x32\...\{631A0B87-B0B7-4B47-00A2-119A4B942EB6}) (Version:  - )
Clive Barker's Undying (HKLM-x32\...\GOGPACKUNDYING_is1) (Version: 2.0.0.5 - GOG.com)
Costume Quest (HKLM-x32\...\Steam App 115100) (Version:  - Double Fine Productions)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415a - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (x32 Version: 10.0.1.1913 - CyberLink Corp.) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1904 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1904 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.4318.52 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.0.0.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.0.0.2 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{D9ED3EFC-AB00-4CE0-ADED-80EE6B1158A7}) (Version: 2.2.2000.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.3.1.5 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 16.2.12.17 - Synaptics Incorporated)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Deponia Demo (HKLM-x32\...\Steam App 217830) (Version:  - Daedalic Entertainment)
Deus Ex - Invisible War (HKLM-x32\...\GOGPACKDEUSEX2_is1) (Version: 2.0.0.8 - GOG.com)
Dolphin (HKLM-x32\...\Dolphin) (Version: 4.0.2 - Dolphin Development Team)
Dust: An Elysian Tail (HKLM-x32\...\Steam App 236090) (Version:  - Humble Hearts LLC)
DVDFab 9.0.4.2 (27/05/2013) (HKLM-x32\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
ePSXe 1.9.0 (HKLM-x32\...\ePSXe) (Version: 1.9.0 - ePSXe)
FEZ (HKLM-x32\...\Steam App 224760) (Version:  - Polytron Corporation)
Giana Sisters: Twisted Dreams (HKLM-x32\...\Steam App 223220) (Version:  - Black Forest Games)
GOG.com Heroes of Might and Magic 3 (HKLM\...\{1d3c859c-1028-4822-b0a7-da4f7bbc18bc}.sdb) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Grim Fandango (HKLM-x32\...\bgbennyboyGrimReplacementSetup_is1) (Version: 1.0 - Quick and Easy Software)
Guacamelee! Gold Edition (HKLM-x32\...\Steam App 214770) (Version:  - DrinkBox Studios)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version:  - Valve)
HandBrake 0.9.9 (HKLM-x32\...\HandBrake) (Version: 0.9.9 - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of Might and Magic 3 Complete (HKLM-x32\...\GOGPACKHOMM3COMPLETE_is1) (Version: 2.0.0.16 - GOG.com)
higan-x64 .94 (HKLM-x32\...\higan-x64) (Version: .94 - higan-x64)
Hotline Miami (HKLM-x32\...\Steam App 219150) (Version:  - Dennaton Games)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Killing Floor (HKLM-x32\...\Steam App 1250) (Version:  - Tripwire Interactive)
King's Quest Collection™ (HKLM-x32\...\{29BB5153-133B-4C82-AF51-BF303F2BFD63}) (Version: 1.00.0000 - Sierra)
Lara Croft and the Guardian of Light Demo (HKLM-x32\...\Steam App 35150) (Version:  - Crystal Dynamics)
Left 4 Dead (HKLM-x32\...\Steam App 500) (Version:  - Valve)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
MasterCook 11 (HKLM-x32\...\{25CA5771-2536-4D47-A12F-E9AF3B5ADB81}) (Version: 1.00.0000 - Valusoft)
MergeModule_x64 (Version: 8.0.00 - Sony Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Monaco (HKLM-x32\...\Steam App 113020) (Version:  - Pocketwatch Games)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MTV Toolbar (HKLM-x32\...\{4D545656-3700-A76A-76A7-A758B70C0A00}) (Version: 12.10.0.3486 - APN, LLC)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.4.6308.28 - PC-Doctor, Inc.)
My Game Long Name (HKLM\...\UDK-6c143809-bb98-485e-a859-2803fa138850) (Version:  - Epic Games, Inc.)
Neverwinter Nights 2 Complete (HKLM-x32\...\GOGPACKNWN2COMPLETE_is1) (Version: 2.1.0.6 - GOG.com)
NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
OverDrive Media Console (HKLM-x32\...\{7326DA0C-C09B-491C-81FF-6DA12B2256BB}) (Version: 3.3.0 - OverDrive, Inc.)
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Pinball Arcade (HKLM-x32\...\Steam App 238260) (Version:  - FarSight Studios)
Pinball FX2 (HKLM-x32\...\Steam App 226980) (Version:  - Zen Studios)
PlayMemories Home (HKLM-x32\...\{7EA1A4E8-A5CE-4626-87DC-6DEF99BAE931}) (Version: 8.1.11.04230 - Sony Corporation)
Project Zomboid Demo (HKLM-x32\...\Steam App 264910) (Version:  - Indie Stone Studios)
Quake Live (HKLM-x32\...\Steam App 282440) (Version:  - id Software)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.218 - Qualcomm Atheros Communications)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.012 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6741 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
ResidualVM 0.1.1 (HKLM-x32\...\ResidualVM_is1) (Version:  - The ResidualVM Team)
Sam & Max 301: The Penal Zone (HKLM-x32\...\Steam App 31220) (Version:  - Telltale Games)
Sam & Max 302: The Tomb of Sammun-Mak (HKLM-x32\...\Steam App 31230) (Version:  - Telltale Games)
Sam & Max 303: They Stole Max's Brain! (HKLM-x32\...\Steam App 31240) (Version:  - Telltale Games)
Sam & Max 304: Beyond the Alley of the Dolls (HKLM-x32\...\Steam App 31250) (Version:  - Telltale Games)
Sam & Max 305: The City that Dares not Sleep (HKLM-x32\...\Steam App 31260) (Version:  - Telltale Games)
Sam and Max Beyond Time and Space (HKLM-x32\...\GOGPACKSAMANDMAXSEASON2_is1) (Version: 2.0.0.10 - GOG.com)
Sam and Max Save the World (HKLM-x32\...\GOGPACKSAMANDMAXSEASON1_is1) (Version: 2.0.0.25 - GOG.com)
Sam and Max Save the World (HKLM-x32\...\Sam and Max Save the World_is1) (Version:  - GOG.com)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Shadowrun Returns (HKLM-x32\...\Steam App 234650) (Version:  - Harebrained Schemes)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Snes9x 1.53 (HKLM-x32\...\Snes9x) (Version: 1.53 - Snes9x)
Snes9x-x64 1.53 (HKLM-x32\...\Snes9x-x64) (Version: 1.53 - Snes9x-x64)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Superbrothers: Sword & Sworcery EP (HKLM-x32\...\Steam App 204060) (Version:  - Capybara)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab CYRI (HKLM-x32\...\{19B0831B-0C18-4103-86E4-90FCD04CD3B9}) (Version: 6.0.12.5 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts)
The Swapper (HKLM-x32\...\Steam App 231160) (Version:  - Olli Harjola, Otto Hantula, Tom Jubert, Carlo Castellano)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version:  - )
The Witcher Enhanced Edition Director's Cut (HKLM-x32\...\GOGPACKWITCHEREEDC_is1) (Version: 2.0.0.12 - GOG.com)
Torchlight (HKLM-x32\...\Steam App 41500) (Version:  - Runic Games)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Wing Commander III (HKLM-x32\...\{F96B9930-E22A-44D6-81B5-6C8E92C21B4B}) (Version: 2.0.0.2 - Electronic Arts)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)
ZSNESw 1.51 (HKLM-x32\...\ZSNESw) (Version: 1.51 - ZSNESw)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3652495273-4159136407-3845384349-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3652495273-4159136407-3845384349-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Chris\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652495273-4159136407-3845384349-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Chris\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652495273-4159136407-3845384349-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Chris\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3652495273-4159136407-3845384349-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Chris\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
01-10-2014 04:44:25 Scheduled Checkpoint
09-10-2014 00:07:34 Installed DirectX
10-10-2014 21:33:08 Installed DirectX
11-10-2014 22:28:43 Installed DirectX
15-10-2014 23:34:35 Windows Update
17-10-2014 00:54:40 Installed DirectX
18-10-2014 20:36:27 Installed DirectX
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2014-09-22 15:25 - 2014-09-22 15:25 - 00000000 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {31FC8887-D42B-4788-8C21-9CE602A64BF7} - System32\Tasks\0914avUpdateInfo => C:\ProgramData\Avg_Update_0914av\0914av_AVG-Secure-Search-Update.exe [2014-09-14] ()
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {36AEC30A-3F13-4643-9D63-C67A777140F8} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-09-05] (PC-Doctor, Inc.)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {4378E94C-1F38-4AC4-A8E8-AF43BBDF171D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {4601D330-544A-42D0-BB2F-70E9F484CB87} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4B08ACEA-ABF7-45C2-80B1-A26D3F9EB9DF} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)
Task: {52B8BEB2-0F96-43B6-BEF5-DFA9E7709170} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-09-20] (Synaptics Incorporated)
Task: {56D859C3-B085-4BD1-8343-6C154AD01343} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {57E7CEB4-BCB7-43A6-9489-CCB89D9CA084} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-22] (Google Inc.)
Task: {5D5F9435-D0D7-458A-A734-5322451B30C7} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {66ECD45F-F32B-4E8F-9F46-5FC345E69038} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-22] (Google Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8FB456D6-E139-4335-A3EC-CD08ABA858EB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-10-15] (Microsoft Corporation)
Task: {9816CB64-B99F-456F-8A31-535DC9C2C74F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {AF8482A8-FD12-4E91-985C-6038DE8C3ACB} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {BF58E14B-1069-43E0-80DD-BB525A2FD9CD} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D08F1AB1-8F5E-4779-937E-7A750E734C77} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E2ACF668-4308-4463-9ECA-B3DD4467FB01} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {E3BDCA69-0278-4D27-AE94-D673C4802877} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {E6CEC88C-0E85-47EE-9BAA-6E973A90375D} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-01-24 11:57 - 2012-04-24 21:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-12-28 13:39 - 2012-12-28 13:39 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2012-12-28 13:36 - 2012-12-28 13:36 - 00084480 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2012-12-28 13:41 - 2012-12-28 13:41 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
2013-01-24 10:50 - 2012-09-20 19:40 - 04875576 _____ () C:\Program Files\Synaptics\SynTP\DellTouchpad.exe
2014-10-06 16:53 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-10-06 16:53 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-10-06 16:53 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-10-06 16:53 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-10-06 16:53 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-01-24 11:49 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-08-31 18:56 - 2014-08-21 13:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-31 18:57 - 2014-08-21 13:15 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-31 18:57 - 2014-08-21 13:15 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2013-04-23 18:30 - 2014-09-03 14:28 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-07-21 21:32 - 2014-09-22 23:32 - 02226880 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-31 18:56 - 2014-08-21 13:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-31 18:57 - 2014-08-21 13:15 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-05-03 15:35 - 2014-09-22 23:32 - 00679616 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-03-26 16:16 - 2014-09-04 18:29 - 34589376 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-08-31 18:57 - 2014-09-04 18:29 - 00837824 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
2014-10-16 19:20 - 2014-10-09 21:03 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libglesv2.dll
2014-10-16 19:20 - 2014-10-09 21:03 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libegl.dll
2014-10-16 19:20 - 2014-10-09 21:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll
2014-10-16 19:20 - 2014-10-09 21:03 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll
2014-10-16 19:20 - 2014-10-09 21:04 - 14902600 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: APNMCP => 2
MSCONFIG\Services: DellDigitalDelivery => 2
MSCONFIG\Services: PMBDeviceInfoProvider => 2
MSCONFIG\Services: SftService => 2
MSCONFIG\Services: ZAtheros Wlan Agent => 2
HKLM\...\StartupApproved\Run: => "BtPreLoad"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "ApnTBMon"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "YTDownloader"
HKCU\...\StartupApproved\Run: => "DellSystemDetect"
HKCU\...\StartupApproved\Run: => "OfficeSyncProcess"
HKCU\...\StartupApproved\Run: => "YTDownloader"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3652495273-4159136407-3845384349-500 - Administrator - Disabled)
Chris (S-1-5-21-3652495273-4159136407-3845384349-1001 - Administrator - Enabled) => C:\Users\Chris
Guest (S-1-5-21-3652495273-4159136407-3845384349-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/11/2014 06:00:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PathOfExileSteam.exe, version: 0.0.0.0, time stamp: 0x542ba5cb
Faulting module name: ntdll.dll, version: 6.3.9600.17114, time stamp: 0x53648f36
Exception code: 0xc0000374
Fault offset: 0x000df636
Faulting process id: 0x96c
Faulting application start time: 0xPathOfExileSteam.exe0
Faulting application path: PathOfExileSteam.exe1
Faulting module path: PathOfExileSteam.exe2
Report Id: PathOfExileSteam.exe3
Faulting package full name: PathOfExileSteam.exe4
Faulting package-relative application ID: PathOfExileSteam.exe5
 
Error: (10/11/2014 00:28:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: trine.exe, version: 1.0.0.1, time stamp: 0x4a450321
Faulting module name: trine.exe, version: 1.0.0.1, time stamp: 0x4a450321
Exception code: 0xc0000005
Fault offset: 0x000f9ca2
Faulting process id: 0xf7c
Faulting application start time: 0xtrine.exe0
Faulting application path: trine.exe1
Faulting module path: trine.exe2
Report Id: trine.exe3
Faulting package full name: trine.exe4
Faulting package-relative application ID: trine.exe5
 
Error: (10/11/2014 00:21:31 PM) (Source: MsiInstaller) (EventID: 1013) (User: Farseer)
Description: Product: NVIDIA PhysX -- Installation terminated
 
Error: (10/10/2014 07:59:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program proteus.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1220
 
Start Time: 01cfe4ee240390ac
 
Termination Time: 4294967295
 
Application Path: C:\Program Files (x86)\Steam\steamapps\common\Proteus\proteus.exe
 
Report Id: c7fb4a58-50e1-11e4-bec7-9c2a7038ce22
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (10/05/2014 08:50:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.3.9600.17284, time stamp: 0x53f816dc
Faulting module name: AltTab.dll, version: 6.3.9600.17031, time stamp: 0x53086412
Exception code: 0xc0000094
Fault offset: 0x0000000000009768
Faulting process id: 0x10e8
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5
 
Error: (10/05/2014 03:25:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GSGameExe.exe, version: 0.0.0.0, time stamp: 0x5367b958
Faulting module name: GSGameExe.exe, version: 0.0.0.0, time stamp: 0x5367b958
Exception code: 0xc0000005
Fault offset: 0x000e4dbc
Faulting process id: 0xb94
Faulting application start time: 0xGSGameExe.exe0
Faulting application path: GSGameExe.exe1
Faulting module path: GSGameExe.exe2
Report Id: GSGameExe.exe3
Faulting package full name: GSGameExe.exe4
Faulting package-relative application ID: GSGameExe.exe5
 
Error: (09/22/2014 07:45:44 PM) (Source: MsiInstaller) (EventID: 11721) (User: Farseer)
Description: Product: SpyHunter -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: , location: WiseCustomCall, command: g0
 
 
System errors:
=============
Error: (10/19/2014 01:00:01 PM) (Source: DCOM) (EventID: 10010) (User: Farseer)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (10/19/2014 00:59:31 PM) (Source: DCOM) (EventID: 10010) (User: Farseer)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (10/18/2014 07:10:40 AM) (Source: DCOM) (EventID: 10010) (User: Farseer)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (10/17/2014 05:20:03 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.
 
Error: (10/16/2014 10:45:42 PM) (Source: DCOM) (EventID: 10010) (User: Farseer)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (10/16/2014 06:03:49 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (10/16/2014 06:03:46 PM) (Source: Service Control Manager) (EventID: 7018) (User: )
Description: Detected circular dependencies auto-starting services. Check the service dependency tree.
 
Error: (10/16/2014 06:03:46 PM) (Source: Service Control Manager) (EventID: 7019) (User: )
Description: The EsgScanner service depends on a service in a group which starts later. Change the order in the service dependency tree to ensure that all services required to start this service are starting before this service is started.
 
Error: (10/15/2014 09:00:09 PM) (Source: DCOM) (EventID: 10010) (User: Farseer)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (10/15/2014 08:59:39 PM) (Source: DCOM) (EventID: 10010) (User: Farseer)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
 
Microsoft Office Sessions:
=========================
Error: (10/11/2014 06:00:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PathOfExileSteam.exe0.0.0.0542ba5cbntdll.dll6.3.9600.1711453648f36c0000374000df63696c01cfe5a5f9cf2a9fC:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exeC:\WINDOWS\SYSTEM32\ntdll.dll562d8f4f-519a-11e4-bec7-9c2a7038ce22
 
Error: (10/11/2014 00:28:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: trine.exe1.0.0.14a450321trine.exe1.0.0.14a450321c0000005000f9ca2f7c01cfe577e3ca5170C:\Program Files (x86)\Steam\steamapps\common\Trine Demo\trine.exeC:\Program Files (x86)\Steam\steamapps\common\Trine Demo\trine.exe0bb1fae0-516c-11e4-bec7-9c2a7038ce22
 
Error: (10/11/2014 00:21:31 PM) (Source: MsiInstaller) (EventID: 1013) (User: Farseer)
Description: Product: NVIDIA PhysX -- Installation terminated(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (10/10/2014 07:59:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: proteus.exe0.0.0.0122001cfe4ee240390ac4294967295C:\Program Files (x86)\Steam\steamapps\common\Proteus\proteus.exec7fb4a58-50e1-11e4-bec7-9c2a7038ce22
 
Error: (10/05/2014 08:50:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.3.9600.1728453f816dcAltTab.dll6.3.9600.1703153086412c0000094000000000000976810e801cfdff371ae418dC:\WINDOWS\explorer.exeC:\WINDOWS\System32\AltTab.dll2645591f-4cfb-11e4-bec2-9c2a7038ce22
 
Error: (10/05/2014 03:25:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GSGameExe.exe0.0.0.05367b958GSGameExe.exe0.0.0.05367b958c0000005000e4dbcb9401cfe0d832b329adC:\Program Files (x86)\Steam\SteamApps\common\Giana Sisters Twisted Dreams\GSGameExe.exeC:\Program Files (x86)\Steam\SteamApps\common\Giana Sisters Twisted Dreams\GSGameExe.execca7e543-4ccd-11e4-bec2-9c2a7038ce22
 
Error: (09/22/2014 07:45:44 PM) (Source: MsiInstaller) (EventID: 11721) (User: Farseer)
Description: Product: SpyHunter -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: , location: WiseCustomCall, command: g0 (NULL)(NULL)(NULL)(NULL)(NULL)
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-10-19 15:00:48.751
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-10-19 15:00:47.969
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-10-19 15:00:47.571
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-10-19 15:00:47.290
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-10-19 15:00:46.991
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-10-19 15:00:46.694
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-10-19 15:00:46.413
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-10-19 15:00:46.109
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-10-19 15:00:41.953
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-10-19 15:00:40.195
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3337U CPU @ 1.80GHz
Percentage of memory in use: 67%
Total physical RAM: 3965.27 MB
Available physical RAM: 1269.59 MB
Total Pagefile: 5565.27 MB
Available Pagefile: 1957.16 MB
Total Virtual: 131072 MB
Available Virtual: 131071.81 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:455.87 GB) (Free:173.96 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: F950422D)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#5 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:08:56 AM

Posted 21 October 2014 - 07:30 AM

Hello flickering,

Just a couple entries to clean up and some general information I would like to share, but so far no signs of an infection. We will do an additional scan to be sure.

Please do the following.  :)

=============================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt

HKU\S-1-5-21-3652495273-4159136407-3845384349-1001\...\Run: [MaxDownloadMgr] => "C:\Users\Chris\AppData\Local\Temp\Stp2A58_TMP.EXE" <===== ATTENTION 
C:\WINDOWS\ACF5FE1B377240688B872D2A6EFD0A05.TMP 
C:\WINDOWS\B83FC356B7C0441F8A4DD71E088E7974.TMP 
CHR HomePage: Default -> hxxp://www.startnow.com/?
src=startpage&provider=Bing&provider_code=Z059&partner_id=308&product_id=435&affiliate_id=&channel=rjacs&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110527&user_guid=028677A353614E3EB20EBC0BB3C586F4&machine_id=65619ca06fbbcea39ad0fdfa0eab8414&browser=CR&os=win&os_version=6.1-x64-SP0
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

=============================================

I see the following pieces of software on your computer:

  • Max Secure Software
  • TuneUp Software

These are considered registry cleaners -- please see the following information about these types of programs.

Registry Cleaner Response

BleepingComputer DOES NOT recommend the use of registry cleaners/optimizers (Wise Registry Cleaner) or the registry cleaner component of software for several reasons:

  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.
    • The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
  • Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

If you persist in using a registry cleaner you should always backup the registry before doing so.

=============================================

Malwarebytes Antimalware

GUZVCQN.jpg Please download Malwarebytes Anti-Malware to your desktop.

  • Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
  • At the end, remove the checkmark next to Enable free trial of Malwarebytes Anti-Malware Premium and keep the checkmark next to Launch Malwarebytes Anti-Malware, then click Finish.
  • Once launched it will automatically scan for updates. If an update is found, it will download and install the latest version.
  • Once the program has loaded, click the Scan tab at the top.
  • Select Threat Scan and click Scan Now >>.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

=============================================

 

Lastly, I see evidence of ComboFix being downloaded to your computer.

 

Have you run this software?


Edited by TheShooter93, 21 October 2014 - 07:31 AM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#6 flickering

flickering
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 21 October 2014 - 08:47 AM

I had attempted to run ComboFix, but it told me my OS was incompatible. I gathered from this website afterwards that ComboFix is a no no. Here are the two logs you requested: (or maybe not, I ran malwarebytes and it found no malicious software. It did not appear to save a log of any kind. I'm not sure if this is normal.)

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-10-2014
Ran by Chris at 2014-10-21 07:56:17 Run:1
Running from C:\Users\Chris\Downloads
Loaded Profile: Chris (Available profiles: Chris)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-3652495273-4159136407-3845384349-1001\...\Run: [MaxDownloadMgr] => "C:\Users\Chris\AppData\Local\Temp\Stp2A58_TMP.EXE" <===== ATTENTION 
C:\WINDOWS\ACF5FE1B377240688B872D2A6EFD0A05.TMP 
C:\WINDOWS\B83FC356B7C0441F8A4DD71E088E7974.TMP 
CHR HomePage: Default -> hxxp://www.startnow.com/?
src=startpage&provider=Bing&provider_code=Z059&partner_id=308&product_id=435&affiliate_id=&channel=rjacs&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110527&user_guid=028677A353614E3EB20EBC0BB3C586F4&machine_id=65619ca06fbbcea39ad0fdfa0eab8414&browser=CR&os=win&os_version=6.1-x64-SP0
*****************
 
HKU\S-1-5-21-3652495273-4159136407-3845384349-1001\Software\Microsoft\Windows\CurrentVersion\Run\\MaxDownloadMgr => value deleted successfully.
C:\WINDOWS\ACF5FE1B377240688B872D2A6EFD0A05.TMP => Moved successfully.
C:\WINDOWS\B83FC356B7C0441F8A4DD71E088E7974.TMP => Moved successfully.
Chrome HomePage deleted successfully.
src=startpage&provider=Bing&provider_code=Z059&partner_id=308&product_id=435&affiliate_id=&channel=rjacs&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110527&user_guid=028677A353614E3EB20EBC0BB3C586F4&machine_id=65619ca06fbbcea39ad0fdfa0eab8414&browser=CR&os=win&os_version=6.1-x64-SP0 => Error: No automatic fix found for this entry.
 
==== End of Fixlog ====


#7 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:08:56 AM

Posted 21 October 2014 - 09:48 AM

Hello flickering,

 

Your logs look good, just a final FRST Scan log is needed to confirm that your system is clean.

 

Please include one in your next post. :)


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#8 flickering

flickering
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 21 October 2014 - 10:34 AM

Hey, thanks a lot Cody. I really appreciate the time. 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-10-2014
Ran by Chris (administrator) on FARSEER on 21-10-2014 10:29:57
Running from C:\Users\Chris\Downloads
Loaded Profile: Chris (Available profiles: Chris)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
() C:\Program Files\Synaptics\SynTP\DellTouchpad.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6842000 2012-09-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1230992 2012-09-27] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5757328 2012-10-19] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtPreLoad.exe [64640 2012-12-28] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2918200 2012-09-20] (Synaptics Incorporated)
HKLM\...\Run: [DellWPF] => C:\Program Files\Synaptics\SynTP\DellTouchpad.exe [4875576 2012-09-20] ()
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2548248 2014-04-23] (Sony Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [129664 2012-12-28] ( (Qualcomm Atheros Commnucations))
HKU\S-1-5-21-3652495273-4159136407-3845384349-1001\...\Run: [DellSystemDetect] => C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
HKU\S-1-5-21-3652495273-4159136407-3845384349-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {B83CE28B-164C-4FCC-9FDD-2A887ADB6551} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @virtools.com/3DviaPlayer -> C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Chris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z059&partner_id=308&product_id=435&affiliate_id=&channel=rjacs&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110527&user_guid=028677A353614E3EB20EBC0BB3C586F4&machine_id=65619ca06fbbcea39ad0fdfa0eab8414&browser=CR&os=win&os_version=6.1-x64-SP0
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-22]
CHR Extension: (Google Docs) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-22]
CHR Extension: (Google Drive) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-22]
CHR Extension: (YouTube) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-22]
CHR Extension: (Adblock Plus) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-09-22]
CHR Extension: (Add to Amazon Wish List) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2014-09-22]
CHR Extension: (Google Search) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-22]
CHR Extension: (Google Sheets) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-22]
CHR Extension: (AdBlock) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-09-22]
CHR Extension: (Keep My Opt-Outs) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe [2014-09-22]
CHR Extension: (Video Download Helper) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldcccbolclahdbkahlppenfodnheapah [2014-10-04]
CHR Extension: (Google Wallet) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-22]
CHR Extension: (Gmail) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-22]
CHR HKLM-x32\...\Chrome\Extension: [aaaaidcfcofkdlnflloenblifgibdejh] - C:\ProgramData\AskPartnerNetwork\Toolbar\MTVV7\CRX\ToolbarCR.crx []
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [226944 2012-12-28] (Qualcomm Atheros Commnucations)
S4 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-06-19] (Dell Products, LP.) [File not signed]
S3 GalaxyService; C:\Program Files (x86)\GalaxyClient\GalaxyService.exe [2191648 2014-09-18] (GOG.com)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-06-05] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-05-09] (Microsoft Corporation)
S4 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481816 2014-04-23] (Sony Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-08-31] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-09-13] (SoftThinks SAS)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
S4 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
S2 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-20] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-09-20] (Synaptics Incorporated)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S3 avchv; \SystemRoot\system32\DRIVERS\avchv.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-21 08:01 - 2014-10-21 08:01 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-21 08:01 - 2014-10-21 08:01 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-21 08:01 - 2014-10-21 08:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-21 08:01 - 2014-10-21 08:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-21 08:01 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-10-21 08:01 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-10-21 08:01 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-10-21 07:58 - 2014-10-21 07:59 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Chris\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-21 07:54 - 2014-10-21 07:54 - 00000000 ____D () C:\Users\Chris\Downloads\FRST-OlderVersion
2014-10-20 17:44 - 2014-10-20 17:44 - 00002093 _____ () C:\Users\Public\Desktop\Aliens vs Predator Classic 2000.lnk
2014-10-20 17:44 - 2014-10-20 17:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AvP Classic [GOG.com]
2014-10-20 17:41 - 2014-10-20 17:41 - 00000000 ____D () C:\ProgramData\GalaxyClient
2014-10-20 17:41 - 2014-10-20 17:41 - 00000000 ____D () C:\Program Files (x86)\GalaxyClient
2014-10-20 17:36 - 2014-10-20 17:39 - 486168928 _____ (GOG.com ) C:\Users\Chris\Downloads\setup_avp_classic_2.0.0.21.exe
2014-10-19 18:03 - 2014-10-19 18:05 - 00041799 _____ () C:\Users\Chris\Downloads\Addition.txt
2014-10-19 18:00 - 2014-10-21 10:29 - 00018992 _____ () C:\Users\Chris\Downloads\FRST.txt
2014-10-19 17:59 - 2014-10-21 10:30 - 00000000 ____D () C:\FRST
2014-10-19 17:57 - 2014-10-21 07:54 - 02110976 _____ (Farbar) C:\Users\Chris\Downloads\FRST64.exe
2014-10-16 18:05 - 2014-10-16 18:05 - 00000000 ___RD () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-10-15 20:19 - 2014-09-03 19:10 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-10-15 20:19 - 2014-09-03 18:57 - 00921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-10-15 20:19 - 2014-09-03 18:49 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-10-15 20:18 - 2014-10-09 17:16 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-10-15 20:18 - 2014-10-08 17:09 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-10-15 20:18 - 2014-09-18 20:24 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-10-15 20:18 - 2014-09-13 01:02 - 02779648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-10-15 20:18 - 2014-09-13 00:30 - 03117568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-10-15 20:18 - 2014-08-28 20:58 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-10-15 20:18 - 2014-08-28 18:56 - 02646016 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-10-15 20:18 - 2014-08-28 18:47 - 02321920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-10-15 18:03 - 2014-09-27 17:25 - 04183040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-10-15 18:03 - 2014-09-13 01:29 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-10-15 18:03 - 2014-09-13 00:49 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-10-15 18:02 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-10-15 18:02 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-10-15 18:02 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-10-15 18:01 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-10-15 18:01 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-10-15 18:01 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-10-15 18:01 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-10-15 18:01 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-10-15 18:01 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-10-15 18:01 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-10-15 18:01 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-10-15 18:01 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-10-15 18:01 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-10-15 18:01 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-10-15 18:01 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-10-15 18:01 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-10-15 18:01 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-10-15 18:01 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-10-15 18:01 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-10-15 18:01 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-10-15 18:01 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-10-15 18:01 - 2014-09-18 19:42 - 00363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-10-15 18:01 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-10-15 18:01 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-10-15 18:01 - 2014-09-18 19:20 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-10-15 18:01 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-10-15 18:01 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-10-15 18:01 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-10-15 18:01 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-10-15 18:01 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-10-15 18:00 - 2014-09-07 22:15 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-10-15 18:00 - 2014-09-07 20:46 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-10-15 18:00 - 2014-09-07 20:46 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-10-15 18:00 - 2014-09-07 19:08 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-10-15 18:00 - 2014-09-07 19:07 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-10-15 18:00 - 2014-09-07 19:05 - 03448320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-10-15 18:00 - 2014-09-07 19:04 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-10-15 18:00 - 2014-09-07 19:04 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-10-15 18:00 - 2014-09-07 19:03 - 01702400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-10-15 18:00 - 2014-09-07 19:03 - 00839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-10-15 18:00 - 2014-09-07 18:59 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-10-15 18:00 - 2014-09-07 18:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-10-15 18:00 - 2014-09-07 18:56 - 00672256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-10-15 18:00 - 2014-09-07 18:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-10-15 18:00 - 2014-09-03 19:12 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-10-15 18:00 - 2014-09-03 19:01 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-10-15 17:59 - 2014-08-15 23:08 - 21195616 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-10-15 17:59 - 2014-08-15 22:16 - 18722600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-10-15 17:59 - 2014-08-15 19:17 - 08757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-10-15 17:59 - 2014-08-15 19:13 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-10-15 17:59 - 2014-08-15 19:13 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-10-15 17:58 - 2014-08-15 23:08 - 01507648 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-10-15 17:58 - 2014-08-15 23:01 - 01710184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-10-15 17:58 - 2014-08-15 22:58 - 01112512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-10-15 17:58 - 2014-08-15 22:57 - 02498880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-10-15 17:58 - 2014-08-15 22:57 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-10-15 17:58 - 2014-08-15 22:16 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-10-15 17:58 - 2014-08-15 22:03 - 01467384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-10-15 17:58 - 2014-08-15 20:31 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-10-15 17:58 - 2014-08-15 20:04 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2014-10-15 17:58 - 2014-08-15 19:58 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-10-15 17:58 - 2014-08-15 19:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2014-10-15 17:58 - 2014-08-15 19:46 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2014-10-15 17:58 - 2014-08-15 19:45 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-10-15 17:58 - 2014-08-15 19:43 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2014-10-15 17:58 - 2014-08-15 19:43 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2014-10-15 17:58 - 2014-08-15 19:31 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2014-10-15 17:58 - 2014-08-15 19:31 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
2014-10-15 17:58 - 2014-08-15 19:29 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-15 17:58 - 2014-08-15 19:23 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-10-15 17:58 - 2014-08-15 19:22 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-10-15 17:58 - 2014-08-15 19:22 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-10-15 17:58 - 2014-08-15 19:19 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-15 17:58 - 2014-08-15 19:18 - 04758528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-10-15 17:58 - 2014-08-15 19:14 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-10-15 17:58 - 2014-08-15 19:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-10-15 17:58 - 2014-08-15 19:11 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-10-15 17:58 - 2014-08-15 19:10 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-10-15 17:58 - 2014-08-15 19:08 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-10-15 17:58 - 2014-08-15 19:07 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-10-15 17:58 - 2014-07-31 18:22 - 00388729 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-10-13 07:43 - 2014-10-13 07:43 - 00388608 _____ (Trend Micro Inc.) C:\Users\Chris\Downloads\HijackThis.exe
2014-10-12 15:34 - 2014-10-12 15:34 - 00000000 ____D () C:\Users\Chris\My Games
2014-10-10 16:35 - 2014-10-10 16:35 - 00000000 ____D () C:\Users\Chris\Documents\Shiner
2014-10-08 21:09 - 2014-10-08 21:09 - 00000679 _____ () C:\WINDOWS\setupact.log
2014-10-08 21:09 - 2014-10-08 21:09 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-10-08 19:09 - 2014-10-20 17:46 - 00122795 _____ () C:\WINDOWS\DirectX.log
2014-10-06 16:54 - 2014-10-06 16:54 - 00001409 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-10-06 16:54 - 2014-10-06 16:54 - 00001397 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-10-06 16:54 - 2014-10-06 16:54 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-10-06 16:54 - 2014-10-06 16:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-10-06 16:53 - 2014-10-06 18:51 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-06 16:53 - 2014-10-06 17:01 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-10-06 16:53 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2014-10-06 16:36 - 2014-10-06 16:36 - 00000000 ____D () C:\Users\Chris\AppData\Local\Max Secure Software
2014-10-06 16:35 - 2014-10-06 16:36 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\GetRightToGo
2014-10-06 16:34 - 2014-10-06 16:35 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Chris\Downloads\spybot-2.4.exe
2014-10-06 16:33 - 2014-10-06 16:33 - 00368256 _____ (RegNow.com) C:\Users\Chris\Downloads\Download_MaxSDDMnew.exe
2014-09-23 08:05 - 2014-09-23 08:05 - 00000000 ____D () C:\NPE
2014-09-23 07:30 - 2014-09-23 08:20 - 00000000 ____D () C:\Users\Chris\AppData\Local\NPE
2014-09-23 07:30 - 2014-09-23 07:30 - 00000000 ____D () C:\ProgramData\Norton
2014-09-23 07:29 - 2014-09-23 07:29 - 03060320 ____N (Symantec Corporation) C:\Users\Chris\Downloads\NPE.exe
2014-09-22 21:25 - 2014-09-22 21:26 - 87520056 _____ (AVG Technologies) C:\Users\Chris\Downloads\avg_tuh_stf_all_2015_105_24c4 (1).exe
2014-09-22 21:21 - 2014-09-22 21:21 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\AVG
2014-09-22 21:21 - 2014-09-22 21:21 - 00000000 ____D () C:\Users\Chris\AppData\Local\Avg
2014-09-22 21:19 - 2014-09-22 21:22 - 00000000 ____D () C:\ProgramData\AVG
2014-09-22 21:18 - 2014-09-22 21:19 - 87520056 _____ (AVG Technologies) C:\Users\Chris\Downloads\avg_tuh_stf_all_2015_105_24c4.exe
2014-09-22 20:59 - 2014-09-22 20:59 - 00002442 _____ () C:\WINDOWS\System32\Tasks\0914avUpdateInfo
2014-09-22 20:59 - 2014-09-22 20:59 - 00000000 ____D () C:\ProgramData\Avg_Update_0914av
2014-09-22 20:54 - 2014-09-22 20:54 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\TuneUp Software
2014-09-22 20:53 - 2014-09-23 08:04 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-09-22 20:49 - 2014-09-23 08:04 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-22 20:49 - 2014-09-22 20:49 - 00000000 ____D () C:\Users\Chris\AppData\Local\MFAData
2014-09-22 20:42 - 2014-09-22 20:42 - 04579176 _____ (AVG Technologies) C:\Users\Chris\Downloads\avg_free_stb_all_2015_5315_cnet.exe
2014-09-22 20:29 - 2014-09-22 20:29 - 00011626 _____ () C:\WINDOWS\system32\.crusader
2014-09-22 20:16 - 2014-09-22 20:17 - 01373475 _____ () C:\Users\Chris\Downloads\adwcleaner_3.310 (1).exe
2014-09-22 20:07 - 2014-09-22 20:30 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-22 20:02 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-09-22 16:35 - 2014-09-22 20:14 - 00000000 ____D () C:\AdwCleaner
2014-09-22 16:31 - 2014-09-22 16:31 - 11194928 _____ (SurfRight B.V.) C:\Users\Chris\Downloads\HitmanPro_x64.exe
2014-09-22 16:31 - 2014-09-22 16:31 - 01373475 _____ () C:\Users\Chris\Downloads\adwcleaner_3.310.exe
2014-09-22 15:35 - 2014-09-22 15:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2014-09-22 15:35 - 2014-09-22 15:35 - 00000000 ____D () C:\Program Files\Classic Shell
2014-09-22 15:34 - 2014-09-22 15:35 - 06791360 _____ (IvoSoft) C:\Users\Chris\Downloads\ClassicShellSetup_4_1_0 (3).exe
2014-09-22 15:33 - 2014-09-22 15:33 - 06791360 _____ (IvoSoft) C:\Users\Chris\Downloads\ClassicShellSetup_4_1_0 (2).exe
2014-09-22 15:30 - 2014-09-22 15:30 - 06791360 _____ (IvoSoft) C:\Users\Chris\Downloads\ClassicShellSetup_4_1_0 (1).exe
2014-09-22 15:30 - 2014-09-22 15:30 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Chris\Downloads\SpyHunter-Installer (1).exe
2014-09-22 15:25 - 2014-09-22 15:25 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-09-22 15:25 - 2014-09-22 15:25 - 00000000 _____ () C:\autoexec.bat
2014-09-22 15:24 - 2014-09-22 15:24 - 01024790 _____ (Thisisu) C:\Users\Chris\Downloads\JRT.exe
2014-09-22 15:24 - 2014-09-22 15:24 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-22 15:24 - 2012-06-22 11:01 - 00022704 _____ () C:\WINDOWS\system32\Drivers\EsgScanner.sys
2014-09-22 15:21 - 2014-09-22 15:21 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Chris\Downloads\SpyHunter-Installer.exe
2014-09-22 14:59 - 2014-09-22 14:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-22 14:58 - 2014-10-21 10:09 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-22 14:58 - 2014-10-21 09:09 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-22 14:58 - 2014-10-19 09:04 - 00003894 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-22 14:58 - 2014-10-19 09:04 - 00003658 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-22 14:26 - 2014-09-22 14:26 - 00000299 _____ () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk
2014-09-22 14:08 - 2014-09-22 14:08 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\subinacl.exe
2014-09-22 14:08 - 2014-09-22 14:08 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-09-22 14:07 - 2014-09-22 14:08 - 00753184 _____ () C:\Users\Chris\Downloads\Adware-Removal-Tool-v3.9.1.exe
2014-09-22 13:56 - 2014-09-29 18:48 - 00029920 _____ () C:\WINDOWS\PFRO.log
2014-09-22 13:14 - 2014-09-22 13:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-22 13:12 - 2014-09-22 13:13 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Chris\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-22 13:11 - 2014-10-21 10:23 - 01211371 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-22 12:34 - 2014-09-22 12:34 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\LavasoftStatistics
2014-09-22 12:33 - 2014-09-22 12:33 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-09-22 12:30 - 2014-09-22 12:31 - 02806920 _____ () C:\Users\Chris\Downloads\Adaware_Installer.exe
2014-09-22 11:58 - 2014-09-22 11:59 - 00000000 ____D () C:\Program Files (x86)\grassmow
2014-09-22 11:53 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-09-22 11:53 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-09-22 11:53 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-09-22 11:51 - 2014-09-22 12:23 - 00000000 ___HD () C:\Users\Public\Temp
2014-09-22 11:49 - 2014-09-22 12:01 - 00000258 __RSH () C:\ProgramData\ntuser.pol
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-25 13:58 - 2014-05-28 06:30 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6E47AB0E-44E6-47AB-8197-B858503CBCFB}
2014-10-21 10:29 - 2013-12-16 15:25 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\ClassicShell
2014-10-21 10:03 - 2013-05-22 00:37 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3652495273-4159136407-3845384349-1001
2014-10-21 10:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-10-21 09:58 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-10-21 09:50 - 2014-07-21 21:50 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-10-20 17:48 - 2014-01-01 22:34 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-20 17:41 - 2013-09-29 21:37 - 00000000 ____D () C:\GOG Games
2014-10-18 15:39 - 2013-07-12 18:33 - 00000000 ____D () C:\Users\Chris\Documents\My Games
2014-10-18 15:39 - 2013-05-22 22:02 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-16 18:03 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-16 18:03 - 2013-08-22 09:44 - 00492656 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-10-16 18:01 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-10-16 18:00 - 2014-07-10 21:20 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-10-16 18:00 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-10-16 18:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-10-16 18:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-10-16 18:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-10-16 18:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-10-15 21:28 - 2013-06-22 22:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-15 21:27 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-10-15 21:21 - 2013-08-13 12:54 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-15 21:01 - 2013-05-23 20:12 - 103265616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-10-14 19:05 - 2013-06-03 00:02 - 00000157 _____ () C:\WINDOWS\SysWOW64\SystemPreferences.xml
2014-10-13 07:46 - 2013-05-22 00:29 - 00000000 ____D () C:\Users\Chris\AppData\Local\VirtualStore
2014-10-12 15:34 - 2014-05-09 19:34 - 00000000 ____D () C:\Users\Chris
2014-10-11 18:00 - 2013-05-23 19:58 - 00000000 ____D () C:\Users\Chris\AppData\Local\CrashDumps
2014-10-10 20:53 - 2014-01-08 20:45 - 00000000 ____D () C:\Users\Chris\Documents\Proteus
2014-10-10 09:15 - 2014-01-23 20:10 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-10-10 09:14 - 2014-01-23 20:11 - 00000000 ____D () C:\Users\Chris\AppData\Local\Battle.net
2014-10-08 19:05 - 2014-07-23 19:49 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-10-08 19:04 - 2014-07-23 19:41 - 00000000 ____D () C:\ProgramData\Origin
2014-10-08 19:01 - 2014-07-23 19:41 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-29 17:45 - 2013-08-22 10:38 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-09-29 17:45 - 2013-08-22 10:38 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-27 18:51 - 2014-03-18 05:03 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-09-27 18:43 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-09-23 07:59 - 2012-07-26 03:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-09-22 21:36 - 2014-05-09 22:23 - 00000000 ___DC () C:\WINDOWS\Panther
2014-09-22 21:36 - 2013-06-22 22:42 - 00000000 ____D () C:\Users\Chris\AppData\Local\Microsoft Help
2014-09-22 20:59 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-09-22 20:13 - 2014-05-09 20:39 - 00001190 _____ () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-22 14:59 - 2013-05-22 01:11 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-22 14:58 - 2014-06-10 20:10 - 00000000 ____D () C:\Users\Chris\AppData\Local\Deployment
2014-09-22 14:04 - 2013-01-24 12:02 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-09-22 13:56 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\PLA
2014-09-22 12:45 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Common Files\System
2014-09-22 12:16 - 2013-08-31 16:53 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-22 12:11 - 2013-07-03 00:11 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-22 11:53 - 2013-10-22 09:27 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-22 11:49 - 2013-08-22 10:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-09-22 11:49 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2014-09-22 01:42 - 2013-05-23 20:47 - 00278152 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-09-21 13:29 - 2014-05-19 21:43 - 00000000 ____D () C:\Users\Chris\Documents\Dolphin Emulator
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-16 20:19
 
==================== End Of Log ============================


#9 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:08:56 AM

Posted 23 October 2014 - 09:04 AM

Hello flickering,
 
Just a couple entries to take care of from your last FRST log. Once running this Fix you will be all-clean!

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) asfixlist.txt

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION 
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

===================================================

All Clean!

Congratulations on your clean PC!   :thumbup2:
 
For keeping your PC clean, there are a few main things to keep tabs on: 
 
1) Make sure to keep your antivirus software up to date.
 
2) Keep Java, Adobe Flash Player, and Adobe Reader up to date.
 
3) Run periodic scans using your antivirus software and Malwarebyte's Antimalware
 
4) Most importantly, practice safe browsing. You are the ultimate protection tool.
 
=======================================================================
 
Download 51a5ce45263de-delfix.pngDelfix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.
 
Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

  • Activate UAC
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't need to copy and paste it into your next reply.
 
=======================================================================
 
Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:

In addition, here are some more links you might find of interest:

This thread will remain open for 48 hours after the posting of this "all-clean" for any questions you may have.


Edited by TheShooter93, 23 October 2014 - 09:05 AM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:56 PM

Posted 27 October 2014 - 01:55 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users