Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake Google Chrome processes virus


  • This topic is locked This topic is locked
6 replies to this topic

#1 JCastro25

JCastro25

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 25 October 2014 - 01:00 PM

Hello. I have an infection where there is a .exe called "Fzpjrgr.exe" posing as Google Chrome that runs itself on startup and opens usually a dozen different processes (Chrome tabs) and keeps reopening them if I try to end the processes. I have also booted in Safe Mode, found the location of the .exe and deleted it, only to have the .exe recreate itself later in a new location and continue opening itself. My anti-virus software doesn't detect this infection. Can someone please help me in removing this?



BC AdBot (Login to Remove)

 


#2 JCastro25

JCastro25
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 25 October 2014 - 05:19 PM

bump. Still looking for help.
 
Included in this post are my FRST.txt and Addition.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-10-2014
Ran by Joe (administrator) on JOE-PC on 25-10-2014 18:44:24
Running from C:\Users\Joe\Downloads
Loaded Profile: Joe (Available profiles: Joe)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Blue Coat Systems, Inc.) C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\puush\puush.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Comfort Software Group) C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
(Flux Software LLC) C:\Users\Joe\AppData\Local\FluxSoftware\Flux\flux.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google) C:\Users\Joe\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Users\Joe\AppData\LocalLow\Microsoft\rprybzkc\Nbxmoxhpy\Fzpjrgr.exe
(Google Inc.) C:\Users\Joe\AppData\LocalLow\Microsoft\rprybzkc\Nbxmoxhpy\Fzpjrgr.exe
(Google Inc.) C:\Users\Joe\AppData\LocalLow\Microsoft\rprybzkc\Nbxmoxhpy\Fzpjrgr.exe
(Google Inc.) C:\Users\Joe\AppData\LocalLow\Microsoft\rprybzkc\Nbxmoxhpy\Fzpjrgr.exe
(Google Inc.) C:\Users\Joe\AppData\LocalLow\Microsoft\rprybzkc\Nbxmoxhpy\Fzpjrgr.exe
(Google Inc.) C:\Users\Joe\AppData\LocalLow\Microsoft\rprybzkc\Nbxmoxhpy\Fzpjrgr.exe
(Google Inc.) C:\Users\Joe\AppData\LocalLow\Microsoft\rprybzkc\Nbxmoxhpy\Fzpjrgr.exe
(Google Inc.) C:\Users\Joe\AppData\LocalLow\Microsoft\rprybzkc\Nbxmoxhpy\Fzpjrgr.exe
(Google Inc.) C:\Users\Joe\AppData\LocalLow\Microsoft\rprybzkc\Nbxmoxhpy\36.0.1985.143\nacl64.exe
(Google Inc.) C:\Users\Joe\AppData\LocalLow\Microsoft\rprybzkc\Nbxmoxhpy\36.0.1985.143\nacl64.exe
(Google Inc.) C:\Users\Joe\AppData\LocalLow\Microsoft\rprybzkc\Nbxmoxhpy\Fzpjrgr.exe
(Google Inc.) C:\Users\Joe\AppData\LocalLow\Microsoft\rprybzkc\Nbxmoxhpy\Fzpjrgr.exe
(Google Inc.) C:\Users\Joe\AppData\LocalLow\Microsoft\rprybzkc\Nbxmoxhpy\Fzpjrgr.exe
(Google Inc.) C:\Users\Joe\AppData\LocalLow\Microsoft\rprybzkc\Nbxmoxhpy\Fzpjrgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2463552 2014-10-04] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKU\S-1-5-21-3902702374-1857963143-1876004248-1000\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2014-05-28] ()
HKU\S-1-5-21-3902702374-1857963143-1876004248-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7767832 2014-10-11] (SUPERAntiSpyware)
HKU\S-1-5-21-3902702374-1857963143-1876004248-1000\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [1553688 2014-02-20] (Comfort Software Group)
HKU\S-1-5-21-3902702374-1857963143-1876004248-1000\...\Run: [MP3 Skype recorder] => C:\Users\Joe\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe [1544704 2014-08-08] ()
HKU\S-1-5-21-3902702374-1857963143-1876004248-1000\...\Run: [f.lux] => C:\Users\Joe\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-3902702374-1857963143-1876004248-1000\...\Run: [lbwnkygm] => regsvr32.exe /s "C:\Users\Joe\AppData\Local\NVIDIA\lbwnkygm.dll" <===== ATTENTION
HKU\S-1-5-21-3902702374-1857963143-1876004248-1000\...\MountPoints2: {26716627-0ce4-11e4-83fb-94de805360f2} - D:\TL_Bootstrap.exe
HKU\S-1-5-21-3902702374-1857963143-1876004248-1000\...\MountPoints2: {3ca6d47a-1fb7-11e4-a285-94de805360f2} - D:\TL_Bootstrap.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-05-30] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x17B2DE329C7ACF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKCU - handycafe_search URL = http://search.handycafe.com/results?s=hsc&q={searchTerms}
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Diagnostic AddOn -> {05f90868-52fc-4c12-b44b-c70d542132eb} -> C:\Users\Joe\AppData\Roaming\Diagnostics\Diagnostics64.dll (Intel)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name -> {8664889D-ED18-4713-918F-E2BB69D8452B} -> No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Diagnostic AddOn -> {05f90868-52fc-4c12-b44b-c70d542132eb} -> C:\Users\Joe\AppData\Roaming\Diagnostics\Diagnostics.dll (Intel)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: IVONA Reader -> {8664889D-ED18-4713-918F-E2BB69D8452B} -> C:\Program Files (x86)\IVONA\IVONA Reader\integr\IR_iexplorer2.dll (IVONA Software Sp. z o.o.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {8664889D-ED18-4713-918F-E2BB69D8452B} - No File
Toolbar: HKLM-x32 - IVONA Reader - {8664889D-ED18-4713-918F-E2BB69D8452B} - C:\Program Files (x86)\IVONA\IVONA Reader\integr\IR_iexplorer2.dll (IVONA Software Sp. z o.o.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\8km9tjyi.default
FF Homepage: google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Joe\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Joe\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Joe\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Joe\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\8km9tjyi.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Users\Joe\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Joe\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: FireShot - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\8km9tjyi.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-07-27]
FF Extension: DownloadHelper - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\8km9tjyi.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06]
FF Extension: MEGA EXTENSION - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\8km9tjyi.default\Extensions\firefox@mega.co.nz.xpi [2014-10-25]
FF Extension: Procon Latte Content Filter - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\8km9tjyi.default\Extensions\{9D6218B8-03C7-4b91-AA43-680B305DD35C}.xpi [2014-10-23]
FF Extension: LeechBlock - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\8km9tjyi.default\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi [2014-08-15]
FF Extension: Adblock Plus - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\8km9tjyi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-07]
FF Extension: Greasemonkey - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\8km9tjyi.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-11-20]
FF HKLM-x32\...\Firefox\Extensions: [patch@mozilla.org] - C:\Users\Joe\AppData\Roaming\Mozilla\Extensions\mozillahotfix
FF Extension: Mozilla hotfix - C:\Users\Joe\AppData\Roaming\Mozilla\Extensions\mozillahotfix [2014-07-28]
FF HKCU\...\Firefox\Extensions: [patch@mozilla.org] - C:\Users\Joe\AppData\Roaming\Mozilla\Extensions\mozillahotfix
FF Extension: No Name - patch@mozilla.org [Not Found]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-12] (SUPERAntiSpyware.com)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 bckwfs; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2647256 2014-01-24] (Blue Coat Systems, Inc.)
S4 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2014-06-26] (BioWare)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-10-04] (NVIDIA Corporation)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-07-18] (Hi-Rez Studios) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3191392 2014-05-15] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-10-04] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-10-04] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-08-21] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ampa; C:\Windows\system32\ampa.sys [17008 2013-11-29] ()
S3 ampa; C:\Windows\SysWOW64\ampa.sys [17008 2013-11-29] ()
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
S4 bckd; C:\Windows\System32\drivers\bckd.sys [126168 2014-01-24] (Blue Coat Systems, Inc.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [27456 2012-08-16] (Intel Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-08-18] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-10-04] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [748648 2010-08-12] (Realtek Semiconductor Corporation )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-25 18:44 - 2014-10-25 18:45 - 00018528 _____ () C:\Users\Joe\Downloads\FRST.txt
2014-10-25 13:48 - 2014-10-25 13:48 - 00000919 _____ () C:\Users\Joe\Downloads\fixlist.txt
2014-10-25 13:45 - 2014-10-25 18:44 - 00000000 ____D () C:\FRST
2014-10-25 13:45 - 2014-10-25 13:45 - 02112512 _____ (Farbar) C:\Users\Joe\Downloads\FRST64.exe
2014-10-25 13:33 - 2014-10-25 13:33 - 00000080 _____ () C:\folders.txt
2014-10-25 13:33 - 2014-10-25 13:23 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-10-25 13:32 - 2014-10-25 13:32 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-10-25 13:31 - 2014-10-16 10:11 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-10-25 13:31 - 2014-10-16 08:27 - 00614544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-10-25 13:29 - 2014-10-16 12:54 - 31890064 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-10-25 13:29 - 2014-10-16 12:54 - 24555840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-10-25 13:29 - 2014-10-16 12:54 - 20922696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-10-25 13:29 - 2014-10-16 12:54 - 19966856 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-10-25 13:29 - 2014-10-16 12:54 - 17260864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-10-25 13:29 - 2014-10-16 12:54 - 14029400 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-10-25 13:29 - 2014-10-16 12:54 - 13942368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-10-25 13:29 - 2014-10-16 12:54 - 13190288 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-10-25 13:29 - 2014-10-16 12:54 - 11395672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-10-25 13:29 - 2014-10-16 12:54 - 11333848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-10-25 13:29 - 2014-10-16 12:54 - 04289856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-10-25 13:29 - 2014-10-16 12:54 - 04009672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-10-25 13:29 - 2014-10-16 12:54 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434448.dll
2014-10-25 13:29 - 2014-10-16 12:54 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434448.dll
2014-10-25 13:29 - 2014-10-16 12:54 - 00962376 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-10-25 13:29 - 2014-10-16 12:54 - 00931984 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-10-25 13:29 - 2014-10-16 12:54 - 00921928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-10-25 13:29 - 2014-10-16 12:54 - 00895176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-10-25 13:29 - 2014-10-16 12:54 - 00870112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-10-25 13:29 - 2014-10-16 12:54 - 00500880 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-10-25 13:29 - 2014-10-16 12:54 - 00418112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-10-25 13:29 - 2014-10-16 12:54 - 00392008 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-10-25 13:29 - 2014-10-16 12:54 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-10-25 13:29 - 2014-10-16 12:54 - 00348488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-10-25 13:29 - 2014-10-16 12:54 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-10-25 13:29 - 2014-10-16 12:54 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-10-25 13:29 - 2014-10-16 12:54 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-10-25 13:29 - 2014-10-16 12:54 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-10-25 13:29 - 2014-10-16 12:54 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-10-25 13:24 - 2014-10-25 13:22 - 00095037 _____ () C:\zoek-results2014-10-25-172258.log
2014-10-25 13:11 - 2014-10-25 13:34 - 00006997 _____ () C:\zoek-results.log
2014-10-25 13:04 - 2014-10-25 13:18 - 00000000 ____D () C:\zoek_backup
2014-10-25 13:04 - 2014-10-25 13:04 - 01290752 _____ () C:\Users\Joe\Downloads\zoek.exe
2014-10-25 12:56 - 2014-10-25 12:56 - 00001417 _____ () C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-25 00:49 - 2014-10-25 00:49 - 19221504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 15407616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 14317568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-25 00:49 - 2014-10-25 00:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-25 00:49 - 2014-10-25 00:49 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 02046464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 01766912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-25 00:49 - 2014-10-25 00:49 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-25 00:49 - 2014-10-25 00:49 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-10-25 00:49 - 2014-10-25 00:49 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-10-25 00:49 - 2014-10-25 00:49 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 01129984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-25 00:49 - 2014-10-25 00:49 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00526848 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-10-25 00:49 - 2014-10-25 00:49 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-10-25 00:49 - 2014-10-25 00:49 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-25 00:49 - 2014-10-25 00:49 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-10-25 00:49 - 2014-10-25 00:49 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-10-25 00:49 - 2014-10-25 00:49 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-10-25 00:49 - 2014-10-25 00:49 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-10-25 00:49 - 2014-10-25 00:49 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-25 00:49 - 2014-10-25 00:49 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-10-25 00:49 - 2014-10-25 00:49 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-10-25 00:49 - 2014-10-25 00:49 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-10-25 00:49 - 2014-10-25 00:49 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-10-25 00:49 - 2014-10-25 00:49 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-10-25 00:49 - 2014-10-25 00:49 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-10-25 00:49 - 2014-10-25 00:49 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-25 00:49 - 2014-10-25 00:49 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-10-25 00:49 - 2014-10-25 00:49 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-25 00:49 - 2014-10-25 00:49 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-10-25 00:49 - 2014-10-25 00:49 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-25 00:49 - 2014-10-25 00:49 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-10-25 00:48 - 2014-10-25 00:50 - 00007001 _____ () C:\Windows\IE10_main.log
2014-10-24 22:06 - 2014-09-04 15:14 - 00038048 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-10-24 22:06 - 2014-09-04 15:14 - 00032416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-10-24 13:56 - 2014-10-24 13:56 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\DarkSoulsII
2014-10-23 13:32 - 2014-10-24 22:12 - 00000000 ____D () C:\Program Files (x86)\Handy Filter
2014-10-23 13:32 - 2014-10-24 22:03 - 00000000 ____D () C:\ProgramData\Filtre Programi
2014-10-23 13:32 - 2014-10-23 13:32 - 00000000 ____D () C:\Users\Joe\Documents\Turbo Internet
2014-10-23 13:32 - 2014-10-23 13:32 - 00000000 ____D () C:\ProgramData\handyCafe
2014-10-23 13:31 - 2014-10-23 13:31 - 04205472 _____ (Ates Yazilim, Bilgisayar & Internet Teknolojileri Tic Ltd Sti) C:\Users\Joe\Downloads\handy_filter_setup.exe
2014-10-22 22:52 - 2014-10-22 22:52 - 62156800 _____ () C:\Users\Joe\Downloads\calibre-2.6.0.msi
2014-10-22 13:43 - 2014-10-22 13:43 - 00000222 _____ () C:\Users\Joe\Desktop\Path of Exile.url
2014-10-21 12:46 - 2014-10-21 12:46 - 00000000 ____D () C:\Users\Joe\Downloads\The Beatles - Let It Be [smb]
2014-10-21 11:55 - 2014-10-21 11:55 - 00000000 ____D () C:\ProgramData\Last.fm
2014-10-21 11:54 - 2014-10-24 12:51 - 00000000 ____D () C:\Users\Joe\AppData\Local\Last.fm
2014-10-21 11:54 - 2014-10-21 11:54 - 14916216 _____ (Last.fm ) C:\Users\Joe\Downloads\Last.fm-2.1.36.exe
2014-10-21 11:54 - 2014-10-21 11:54 - 00000985 _____ () C:\Users\Public\Desktop\Last.fm Scrobbler.lnk
2014-10-21 11:54 - 2014-10-21 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Last.fm
2014-10-21 11:54 - 2014-10-21 11:54 - 00000000 ____D () C:\Program Files (x86)\Last.fm
2014-10-20 22:37 - 2014-10-20 22:37 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-20 22:37 - 2014-10-20 22:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-20 22:37 - 2014-10-20 22:37 - 00000000 ____D () C:\Program Files\iPod
2014-10-20 22:36 - 2014-10-21 11:55 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-20 22:36 - 2014-10-20 22:37 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-20 22:36 - 2014-10-20 22:37 - 00000000 ____D () C:\Program Files\iTunes
2014-10-19 20:53 - 2012-02-13 14:49 - 00119825 ____N () C:\Users\Joe\Documents\Adaptation.2002.720p.BluRay.DTS.x264-decibeL.eng.srt
2014-10-19 20:48 - 2014-07-03 18:33 - 00115551 ____N () C:\Users\Joe\Desktop\Adaptation.2002.720p.HDTV.x264.YIFY.srt
2014-10-18 02:54 - 2014-10-18 02:54 - 00000000 ____D () C:\Program Files\WinPcap
2014-10-17 02:12 - 2014-10-17 02:12 - 00000222 _____ () C:\Users\Joe\Desktop\Quake Live.url
2014-10-15 21:19 - 2014-10-15 21:28 - 00000000 ____D () C:\Users\Joe\Downloads\Gene Wolfe Audiobook collection @ Fenopy.com
2014-10-15 15:02 - 2014-10-15 15:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2014-10-15 14:34 - 2014-10-15 14:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-15 13:55 - 2014-09-28 20:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 13:55 - 2014-08-18 23:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 13:55 - 2014-08-18 23:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 13:55 - 2014-07-06 22:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 13:55 - 2014-07-06 22:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 13:55 - 2014-07-06 22:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 13:55 - 2014-07-06 22:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 13:55 - 2014-07-06 22:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 13:55 - 2014-07-06 22:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 13:55 - 2014-07-06 22:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 13:55 - 2014-07-06 22:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 13:55 - 2014-07-06 22:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 13:55 - 2014-07-06 22:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 13:55 - 2014-07-06 22:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 13:55 - 2014-07-06 22:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 13:55 - 2014-07-06 22:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 13:55 - 2014-07-06 21:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 13:55 - 2014-07-06 21:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 13:55 - 2014-07-06 21:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 13:55 - 2014-07-06 21:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 13:55 - 2014-07-06 21:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 13:55 - 2014-07-06 21:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 13:55 - 2014-07-06 21:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 13:55 - 2014-07-06 21:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 13:55 - 2014-07-06 21:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 13:55 - 2014-07-06 21:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 13:55 - 2014-06-27 20:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 13:55 - 2014-06-27 20:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 13:55 - 2014-06-27 20:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 13:55 - 2014-06-18 18:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 13:55 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 13:55 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 13:55 - 2014-06-18 18:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 13:55 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 13:55 - 2014-06-18 18:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 13:54 - 2014-10-09 22:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 13:54 - 2014-10-09 22:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 13:54 - 2014-10-09 22:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 13:54 - 2014-09-17 22:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 13:54 - 2014-09-17 21:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 13:54 - 2014-09-04 01:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 13:54 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 13:54 - 2014-08-28 22:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 13:54 - 2014-08-18 23:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 13:54 - 2014-08-18 23:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 13:54 - 2014-08-18 23:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 13:54 - 2014-08-18 23:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 13:54 - 2014-08-18 23:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 13:54 - 2014-08-18 23:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 13:54 - 2014-08-18 23:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 13:54 - 2014-08-18 23:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 13:54 - 2014-08-18 22:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 13:54 - 2014-08-18 22:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 13:54 - 2014-08-18 22:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 13:54 - 2014-07-16 22:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 13:54 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 13:54 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 13:54 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 13:54 - 2014-07-16 22:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 13:54 - 2014-07-16 22:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 13:54 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 13:54 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 13:54 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 13:54 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 13:54 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 13:54 - 2014-07-06 22:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 13:54 - 2014-07-06 22:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 13:54 - 2014-07-06 22:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 13:54 - 2014-07-06 22:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 13:54 - 2014-07-06 22:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 13:54 - 2014-07-06 22:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 13:54 - 2014-07-06 22:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 13:54 - 2014-07-06 22:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 13:54 - 2014-07-06 22:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 13:54 - 2014-07-06 22:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 13:54 - 2014-07-06 22:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 13:54 - 2014-07-06 22:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 13:54 - 2014-07-06 22:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 13:54 - 2014-07-06 22:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 13:54 - 2014-07-06 22:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 13:54 - 2014-07-06 22:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 13:54 - 2014-07-06 22:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 13:54 - 2014-07-06 22:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 13:54 - 2014-07-06 22:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 13:54 - 2014-07-06 21:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 13:54 - 2014-07-06 21:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 13:54 - 2014-07-06 21:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 13:54 - 2014-07-06 21:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 13:54 - 2014-07-06 21:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 13:54 - 2014-07-06 21:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 13:54 - 2014-07-06 21:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 13:54 - 2014-07-06 21:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 13:54 - 2014-07-06 21:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 13:54 - 2014-07-06 21:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 13:54 - 2014-07-06 21:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 13:54 - 2014-07-06 21:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 13:54 - 2014-07-06 21:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 13:54 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 13:54 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 13:54 - 2014-07-06 21:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 13:54 - 2014-07-06 21:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 13:54 - 2014-07-06 21:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 13:54 - 2014-07-06 21:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 13:54 - 2014-07-06 21:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 13:53 - 2014-09-12 21:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 13:53 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 13:53 - 2014-09-04 22:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 13:53 - 2014-09-04 21:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-14 21:21 - 2014-10-14 21:21 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-14 21:21 - 2014-10-14 21:21 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-14 21:21 - 2014-10-14 21:21 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-14 21:21 - 2014-10-14 21:21 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-14 21:21 - 2014-10-14 21:21 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-14 21:14 - 2014-10-14 21:14 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\Porn Terminator
2014-10-14 21:13 - 2014-10-14 21:17 - 00000000 ____D () C:\Program Files (x86)\Porn Terminator
2014-10-14 21:12 - 2014-10-14 21:12 - 00699016 _____ (CNET Download.com) C:\Users\Joe\Downloads\cbsidlm-cbsi213-Porn_Terminator-SEO-10876438.exe
2014-10-14 11:03 - 2014-10-14 11:03 - 00001624 _____ () C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blackboard Collaborate Launcher.lnk
2014-10-14 11:03 - 2014-10-14 11:03 - 00000000 ____D () C:\Users\Joe\AppData\Local\Blackboard
2014-10-14 11:02 - 2014-10-14 11:02 - 42807296 _____ () C:\Users\Joe\Downloads\BlackboardCollaborateLauncher-Win.msi
2014-10-13 00:39 - 2014-10-13 00:42 - 00000000 ____D () C:\Users\Joe\Downloads\Stephen King eBooks Collection Epub+Mobi
2014-10-11 23:17 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-11 23:17 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-26 10:22 - 2014-09-26 10:22 - 61997056 _____ () C:\Users\Joe\Downloads\calibre-2.4.0.msi

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-25 18:42 - 2014-07-22 05:33 - 00000000 ____D () C:\Windows\pss
2014-10-25 18:35 - 2014-05-28 16:51 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\Skype
2014-10-25 18:07 - 2013-11-07 19:39 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-25 18:04 - 2014-05-28 13:04 - 02017446 _____ () C:\Windows\WindowsUpdate.log
2014-10-25 17:57 - 2014-06-05 21:38 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3902702374-1857963143-1876004248-1000UA.job
2014-10-25 14:57 - 2014-06-05 21:38 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3902702374-1857963143-1876004248-1000Core.job
2014-10-25 13:41 - 2009-07-14 00:45 - 00026176 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-25 13:41 - 2009-07-14 00:45 - 00026176 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-25 13:35 - 2014-05-29 12:02 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-10-25 13:34 - 2014-09-05 08:30 - 00005560 _____ () C:\Windows\setupact.log
2014-10-25 13:34 - 2014-06-26 01:38 - 00000433 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-10-25 13:34 - 2014-05-28 13:49 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-25 13:34 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-25 13:33 - 2014-09-05 08:30 - 00010446 _____ () C:\Windows\PFRO.log
2014-10-25 13:32 - 2014-05-28 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-10-25 13:31 - 2014-05-28 13:44 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-10-25 12:55 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-25 00:11 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-10-24 22:08 - 2014-05-28 13:43 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-10-24 22:00 - 2014-05-28 16:58 - 00000000 ____D () C:\Windows\Panther
2014-10-24 21:58 - 2013-12-08 00:11 - 00000000 ____D () C:\Users\Joe\Documents\Logs and archives
2014-10-24 20:44 - 2014-05-28 15:07 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\vlc
2014-10-24 12:13 - 2014-06-10 22:51 - 00000000 ____D () C:\Users\Joe\AppData\Local\Skyrim
2014-10-24 12:11 - 2014-06-07 19:33 - 00000890 _____ () C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2014-10-24 12:11 - 2014-06-07 19:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2014-10-24 12:11 - 2014-06-07 19:33 - 00000000 ____D () C:\Program Files\Nexus Mod Manager
2014-10-23 17:29 - 2014-05-28 14:24 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\BitTorrent
2014-10-23 13:08 - 2014-07-18 13:39 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-23 13:08 - 2014-05-28 14:24 - 00000000 ____D () C:\Users\Joe\AppData\Local\Google
2014-10-22 23:43 - 2014-08-01 21:00 - 00000000 ____D () C:\Users\Joe\Documents\Calibre Library
2014-10-22 22:59 - 2009-07-14 01:13 - 00784286 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-22 22:54 - 2014-09-08 09:41 - 00000960 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk
2014-10-22 22:54 - 2014-09-08 09:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2014-10-22 22:54 - 2014-09-08 09:41 - 00000000 ____D () C:\Program Files (x86)\Calibre2
2014-10-21 13:32 - 2014-08-08 15:55 - 00000000 ____D () C:\Program Files\Blue Coat K9 Web Protection
2014-10-20 23:07 - 2014-06-03 10:07 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\Apple Computer
2014-10-20 22:36 - 2014-09-22 22:34 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-20 22:36 - 2014-06-02 22:33 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-20 09:55 - 2014-05-28 13:44 - 00000000 ____D () C:\Users\Joe\AppData\Local\NVIDIA
2014-10-19 14:52 - 2014-06-05 21:38 - 00003866 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3902702374-1857963143-1876004248-1000UA
2014-10-19 14:52 - 2014-06-05 21:38 - 00003470 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3902702374-1857963143-1876004248-1000Core
2014-10-18 13:34 - 2014-06-11 09:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-17 19:43 - 2014-01-14 18:24 - 00000000 ____D () C:\Users\Joe\Documents\Books
2014-10-16 14:50 - 2009-07-14 00:45 - 00369120 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 14:48 - 2014-06-01 11:35 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 14:48 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-16 14:48 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-16 12:54 - 2014-05-28 13:49 - 00072904 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-10-16 12:54 - 2014-05-28 13:49 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-10-16 12:54 - 2014-05-28 13:48 - 20968040 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-10-16 12:54 - 2014-05-28 13:48 - 18499648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-10-16 12:54 - 2014-05-28 13:48 - 16886168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-10-16 12:54 - 2014-05-28 13:48 - 03237528 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-10-16 12:54 - 2014-05-28 13:48 - 02849224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-10-16 12:54 - 2014-05-28 13:48 - 01538880 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-10-16 12:54 - 2014-05-28 13:48 - 00987008 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-10-16 12:54 - 2014-05-28 13:48 - 00027024 _____ () C:\Windows\system32\nvinfo.pb
2014-10-16 10:11 - 2014-05-28 13:49 - 06883136 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-10-16 10:11 - 2014-05-28 13:49 - 03533632 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-10-16 10:11 - 2014-05-28 13:49 - 00933064 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-10-16 10:11 - 2014-05-28 13:49 - 00384200 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-10-16 10:11 - 2014-05-28 13:49 - 00061640 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-10-15 15:06 - 2014-06-02 10:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-15 15:01 - 2014-05-30 11:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 14:55 - 2014-05-30 11:37 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-14 22:57 - 2014-05-28 16:51 - 00000000 ____D () C:\ProgramData\Skype
2014-10-14 20:48 - 2014-05-28 13:49 - 04047877 _____ () C:\Windows\system32\nvcoproc.bin
2014-10-04 02:42 - 2014-06-02 10:54 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-10-04 02:42 - 2014-05-28 13:44 - 02197680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-10-04 02:41 - 2014-06-02 10:54 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-10-04 02:41 - 2014-05-28 13:44 - 02800296 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-10-02 15:53 - 2014-05-30 11:15 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Files to move or delete:
====================
C:\Users\Joe\jagex_cl_runescape_LIVE.dat
C:\Users\Joe\random.dat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-16 15:21

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-10-2014
Ran by Joe at 2014-10-25 18:45:31
Running from C:\Users\Joe\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.28 - GIGABYTE)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.0.1.240 - Amazon)
AOMEI Partition Assistant Standard Edition 5.5 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version: - AOMEI Technology Co., Ltd.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Baldurs Gate - Enhanced Edition (HKLM-x32\...\Baldurs Gate - Enhanced Edition_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter)
Bandicam (HKLM-x32\...\Bandicam) (Version: 1.9.1.419 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
Batman: Arkham Asylum GOTY Edition (HKLM-x32\...\Steam App 35140) (Version: - Rocksteady Studios)
Batman: Arkham City GOTY (HKLM-x32\...\Steam App 200260) (Version: - Rocksteady Studios)
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version: - The Behemoth)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version: - Irrational Games)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.2.34312 - BitTorrent Inc.)
Blackboard Collaborate Launcher (HKLM-x32\...\{7D82D616-8BD8-4BE3-B19C-C4BC772E8426}) (Version: 1.2.0.0 - Blackboard)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM-x32\...\{16001F0B-844B-4FEF-80F6-A82D94256530}) (Version: 2.6.0 - Kovid Goyal)
Castle Crashers (HKLM-x32\...\Steam App 204360) (Version: - The Behemoth)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defy Gravity (HKLM-x32\...\Steam App 96100) (Version: - Fish Factory Games)
Divinity - Original Sin (HKLM-x32\...\1207664853_is1) (Version: 2.3.0.6 - GOG.com)
Dolphin (HKLM-x32\...\Dolphin) (Version: 4.0.2 - Dolphin Development Team)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Dragon Age: Origins - Ultimate Edition (HKLM-x32\...\Steam App 47810) (Version: - BioWare)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
E.Y.E: Divine Cybermancy (HKLM-x32\...\Steam App 91700) (Version: - Streum On Studio)
f.lux (HKCU\...\Flux) (Version: - )
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)
Free Alarm Clock 3.1.0 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 3.1 - Comfort Software Group)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Half-Life (HKLM-x32\...\Steam App 70) (Version: - Valve)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve)
Halo: Spartan Assault (HKLM-x32\...\Steam App 277430) (Version: - Vanguard Games)
HD Tune Pro 5.50 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
IVONA 2 (HKLM-x32\...\IVONA 2) (Version: 1.6.63 - IVONA Software Sp. z o.o.)
IVONA ControlCenter (HKLM-x32\...\IVONA ControlCenter) (Version: 1.1.5 - IVONA Software Sp. z o.o.)
IVONA MiniReader (HKLM-x32\...\IVONA MiniReader) (Version: - IVONA Software Sp. z o.o.)
IVONA Reader (HKLM-x32\...\IVONA Reader) (Version: - IVONA Software Sp. z o.o.)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java Auto Updater (x32 Version: 2.1.71.14 - Oracle, Inc.) Hidden
Killing Floor (HKLM-x32\...\Steam App 1250) (Version: - Tripwire Interactive)
K-Lite Codec Pack 10.5.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.5.5 - )
Last.fm Scrobbler 2.1.36 (HKLM-x32\...\LastFM_is1) (Version: - Last.fm)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mobipocket Creator 4.2 (HKLM-x32\...\{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}) (Version: 4.2.41 - Mobipocket.com)
Monaco (HKLM-x32\...\Steam App 113020) (Version: - Pocketwatch Games)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 33.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 en-US)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MP3 Skype recorder (HKLM-x32\...\{78A8FADA-B8DF-4AA4-AED7-C91EE58EB7E9}) (Version: 4.6.1.0 - Alexander Nikiforov)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.3 - Black Tree Gaming)
NVIDIA 3D Vision Controller Driver 344.46 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.46 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 344.48 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.48 - NVIDIA Corporation)
NVIDIA Control Panel 344.48 (Version: 344.48 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.1.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.3 - NVIDIA Corporation)
NVIDIA GeForce Experience Service (Version: 16.13.56 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 344.48 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.48 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.162.1284 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 2.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Legacy) (HKLM-x32\...\{6F9D5A0B-202C-4161-BC7F-0664EA39E7E7}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA PhysX (x32 Version: 9.14.0702 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA ShadowPlay 16.13.56 (Version: 16.13.56 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Update 16.13.56 (Version: 16.13.56 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 16.13.56 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.25 (Version: 1.2.25 - NVIDIA Corporation) Hidden
ON_OFF Charge B12.1025.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
One Way Heroics (HKLM-x32\...\Steam App 266210) (Version: - Smoking WOLF)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.10.297 - Electronic Arts, Inc.)
ORION: Prelude (HKLM-x32\...\Steam App 104900) (Version: - Spiral Game Studios)
Papers, Please (HKLM-x32\...\Steam App 239030) (Version: - 3909)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version: - Grinding Gear Games)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version: - )
Peggle Deluxe (HKLM-x32\...\Steam App 3480) (Version: - PopCap Games, Inc.)
Peggle Nights (HKLM-x32\...\Steam App 3540) (Version: - PopCap Games, Inc.)
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
PlanetSide 2 (HKCU\...\SOE-PlanetSide 2) (Version: - Sony Online Entertainment)
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version: - Sony Online Entertainment)
Plants vs. Zombies: Game of the Year (HKLM-x32\...\Steam App 3590) (Version: - PopCap Games, Inc.)
Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
Quake Live (HKLM-x32\...\Steam App 282440) (Version: - id Software)
Ralink RT7x Wireless LAN Card (HKLM-x32\...\{E91E8912-769D-42F0-8408-0E329443BABC}) (Version: 1.5.4.0 - Ralink)
Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version: - Wild Shadow Studios)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Receiver (HKLM-x32\...\Steam App 234190) (Version: - Wolfire Games)
Red Faction: Guerrilla (HKLM-x32\...\Steam App 20500) (Version: - Volition)
Red Orchestra 2: Heroes of Stalingrad - Single Player (HKLM-x32\...\Steam App 236830) (Version: - )
Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version: - Volition)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
SHIELD Streaming (Version: 3.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.56 - NVIDIA Corporation) Hidden
Shovel Knight (HKLM-x32\...\1207664823_is1) (Version: 2.0.0.5 - GOG.com)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
Skype Voice Changer (HKCU\...\d8f4b4d52e33052f) (Version: 1.3.2.3 - Mark Heath)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version: - United Front Games)
Soldier Front 2 (HKLM-x32\...\Steam App 239660) (Version: - Dragonfly)
Sp5 (x32 Version: 5.1.4324.0 - Microsoft) Hidden
Sp5Intl (x32 Version: 5.1.4324.0 - Microsoft) Hidden
Sp5TTInt (x32 Version: 5.1.4324.0 - Microsoft) Hidden
SpCommon (x32 Version: 5.1.4324.0 - Microsoft) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
SpPhones (x32 Version: 6.0.3122.0 - Microsoft) Hidden
State of Decay (HKLM-x32\...\Steam App 241540) (Version: - Undead Labs)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Stronghold Crusader HD (HKLM-x32\...\Steam App 40970) (Version: - FireFly Studios)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version: - CD Projekt RED)
Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version: - The Creative Assembly)
Tribes: Ascend (HKLM-x32\...\Steam App 17080) (Version: - Hi-Rez Studios)
Two Worlds II (HKLM-x32\...\Steam App 7520) (Version: - Reality Pump Studios)
Unholy Heights (HKLM-x32\...\Steam App 249330) (Version: - Petit Depotto)
Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VLC Setup Helper (HKLM-x32\...\VLC Setup Helper_is1) (Version: - )
War Thunder (HKLM-x32\...\Steam App 236390) (Version: - Gaijin Entertainment)
Warframe (HKLM-x32\...\Steam App 230410) (Version: - Digital Extremes)
What's my computer doing 1.xx (HKLM-x32\...\{3F702F22-A623-4B6A-41BD-420700558223}_is1) (Version: - ITSTH)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Ys Origin (HKLM-x32\...\Steam App 207350) (Version: - Nihon Falcom)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3902702374-1857963143-1876004248-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Joe\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3902702374-1857963143-1876004248-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Joe\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3902702374-1857963143-1876004248-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Joe\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3902702374-1857963143-1876004248-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Joe\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

23-10-2014 02:53:02 Installed calibre
23-10-2014 17:11:11 Windows Modules Installer
25-10-2014 02:07:27 Installed DirectX
25-10-2014 04:48:32 Windows Update
25-10-2014 17:11:46 zoek.exe restore point
25-10-2014 17:24:10 zoek.exe restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2014-10-24 21:55 - 00000826 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {4527C958-53DD-431E-883C-C4F74F693AF5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3902702374-1857963143-1876004248-1000Core => C:\Users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-05] (Google Inc.)
Task: {7A908C03-C414-4D7F-91C5-1E774257438C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {AC1D8FDA-F904-48E0-A480-FDB872CE06D0} - System32\Tasks\{D3AA4500-15D1-4F3D-8EE3-1C65A3BF8F12} => C:\Program Files (x86)\Steam\SteamApps\common\Two Worlds II\TwoWorlds2.exe [2014-07-27] (Reality Pump)
Task: {C14A2A2C-D0CD-4F97-B9CA-2CFE8A83BA25} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E4673D40-14A9-4489-BFFE-F8D0223C2624} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3902702374-1857963143-1876004248-1000UA => C:\Users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-05] (Google Inc.)
Task: {FE561014-F03C-4412-A479-C3D9E84066B6} - System32\Tasks\{1FA24638-ECC4-463C-AB1E-270C32DC46FF} => C:\Program Files (x86)\Steam\SteamApps\common\Two Worlds II\TwoWorlds2.exe [2014-07-27] (Reality Pump)
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3902702374-1857963143-1876004248-1000Core.job => C:\Users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3902702374-1857963143-1876004248-1000UA.job => C:\Users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-05-28 13:49 - 2014-10-16 10:11 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-08-21 20:33 - 2014-08-21 21:10 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-01-10 14:41 - 2014-05-28 19:33 - 00567880 _____ () C:\Program Files (x86)\puush\puush.exe
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-05-28 13:33 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-10-15 14:34 - 2014-10-15 14:34 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-07-23 19:01 - 2014-07-23 19:01 - 17029808 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
2014-08-21 19:44 - 2014-08-21 14:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-21 19:44 - 2014-08-21 14:15 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-21 19:44 - 2014-08-21 14:15 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2013-10-24 10:45 - 2014-10-01 19:16 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-22 09:31 - 2014-10-21 15:22 - 02226880 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-21 19:44 - 2014-08-21 14:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-21 19:44 - 2014-08-21 14:15 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-10-30 12:25 - 2014-10-21 15:22 - 00682176 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-10-23 13:07 - 2014-09-04 19:29 - 34589376 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-08-14 15:29 - 2014-09-04 19:29 - 00837824 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
2014-10-25 12:56 - 2014-10-25 12:56 - 00718152 _____ () C:\Users\Joe\AppData\LocalLow\Microsoft\rprybzkc\Nbxmoxhpy\36.0.1985.143\libglesv2.dll
2014-10-25 12:56 - 2014-10-25 12:56 - 00126280 _____ () C:\Users\Joe\AppData\LocalLow\Microsoft\rprybzkc\Nbxmoxhpy\36.0.1985.143\libegl.dll
2014-10-25 12:56 - 2014-10-25 12:56 - 08537928 _____ () C:\Users\Joe\AppData\LocalLow\Microsoft\rprybzkc\Nbxmoxhpy\36.0.1985.143\pdf.dll
2014-10-25 12:56 - 2014-10-25 12:56 - 00353096 _____ () C:\Users\Joe\AppData\LocalLow\Microsoft\rprybzkc\Nbxmoxhpy\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-10-25 12:56 - 2014-10-25 12:56 - 01732936 _____ () C:\Users\Joe\AppData\LocalLow\Microsoft\rprybzkc\Nbxmoxhpy\36.0.1985.143\ffmpegsumo.dll
2014-10-25 12:56 - 2014-10-25 12:56 - 14669128 _____ () C:\Users\Joe\AppData\LocalLow\Microsoft\rprybzkc\Nbxmoxhpy\36.0.1985.143\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: DAUpdaterSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: RalinkRegistryWriter => 2
MSCONFIG\Services: RalinkRegistryWriter64 => 2
MSCONFIG\Services: SkypeUpdate => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk => C:\Windows\pss\Ralink Wireless Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^What's my computer doing.lnk => C:\Windows\pss\What's my computer doing.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Google Update => "C:\Users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: IVONA ControlCenter => "C:\Program Files (x86)\IVONA\IVONA ControlCenter\IVONA ControlCenter.exe" --action=run-silent
MSCONFIG\startupreg: IVONA Reader => "C:\Program Files (x86)\IVONA\IVONA Reader\IVONA Reader.exe" -t -nosplash
MSCONFIG\startupreg: MP3 Skype recorder => C:\Users\Joe\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe
MSCONFIG\startupreg: NCUpdateHelper => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-3902702374-1857963143-1876004248-500 - Administrator - Disabled)
Guest (S-1-5-21-3902702374-1857963143-1876004248-501 - Limited - Disabled)
Joe (S-1-5-21-3902702374-1857963143-1876004248-1000 - Administrator - Enabled) => C:\Users\Joe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/25/2014 01:31:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 33.0.0.5397, time stamp: 0x543924b1
Faulting module name: mozalloc.dll, version: 33.0.0.5397, time stamp: 0x5438ffbb
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0x1a3c
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (10/25/2014 01:17:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 33.0.0.5397, time stamp: 0x543924b1
Faulting module name: mozalloc.dll, version: 33.0.0.5397, time stamp: 0x5438ffbb
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0x11a8
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (10/24/2014 10:06:54 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNetworkStreamService did not shut down when asked, terminating. [0]

Error: (10/22/2014 10:23:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvBackend.exe, version: 15.3.33.0, time stamp: 0x53d2379b
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x0002e3be
Faulting process id: 0x854
Faulting application start time: 0xNvBackend.exe0
Faulting application path: NvBackend.exe1
Faulting module path: NvBackend.exe2
Report Id: NvBackend.exe3

Error: (10/20/2014 11:13:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8050

Error: (10/20/2014 11:13:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8050

Error: (10/20/2014 11:13:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/20/2014 11:13:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7051

Error: (10/20/2014 11:13:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7051

Error: (10/20/2014 11:13:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (10/25/2014 01:31:04 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/25/2014 01:31:03 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/25/2014 01:31:03 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/25/2014 01:31:02 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/25/2014 01:31:02 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/25/2014 01:18:09 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/25/2014 01:18:09 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/25/2014 01:18:08 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/25/2014 01:18:08 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/25/2014 01:18:08 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.


Microsoft Office Sessions:
=========================
Error: (10/25/2014 01:31:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe33.0.0.5397543924b1mozalloc.dll33.0.0.53975438ffbb80000003000014251a3c01cff077cf3c7c9aC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlld0e85c0d-5c6c-11e4-a8b8-94de805360f2

Error: (10/25/2014 01:17:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe33.0.0.5397543924b1mozalloc.dll33.0.0.53975438ffbb800000030000142511a801cff0758df1ddb8C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlld8a67caf-5c6a-11e4-a8b8-94de805360f2

Error: (10/24/2014 10:06:54 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNetworkStreamService did not shut down when asked, terminating. [0]

Error: (10/22/2014 10:23:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: NvBackend.exe15.3.33.053d2379bntdll.dll6.1.7601.18247521ea8e7c00000050002e3be85401cfecd0ddf1f7edC:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exeC:\Windows\SysWOW64\ntdll.dllf10e200a-59f6-11e4-a357-94de805360f2

Error: (10/20/2014 11:13:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8050

Error: (10/20/2014 11:13:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8050

Error: (10/20/2014 11:13:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/20/2014 11:13:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7051

Error: (10/20/2014 11:13:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7051

Error: (10/20/2014 11:13:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Memory info ===========================

Processor: Intel® Core™ i5-3570 CPU @ 3.40GHz
Percentage of memory in use: 57%
Total physical RAM: 8155.47 MB
Available physical RAM: 3444.63 MB
Total Pagefile: 16309.12 MB
Available Pagefile: 10533.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.29 GB) (Free:171 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C167B623)

Partition: GPT Partition Type.

==================== End Of Log ============================

Attached Files


Edited by Oh My!, 30 October 2014 - 08:28 AM.
Posted logs


#3 JCastro25

JCastro25
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 26 October 2014 - 07:20 PM

Hey, anyone want to help me? This is not going away.



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:31 PM

Posted 30 October 2014 - 08:30 AM

Greetings JCastro25 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. We really apologize for the delay. We are extremely busy these days. Please allow me just a bit of time to review your information and we will get right to it.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:31 PM

Posted 30 October 2014 - 08:50 AM

Greetings and thank you again for your patience. The first thing we need to do is cut and paste the FRST program from your Downloads folder to your Desktop.

Running from C:\Users\Joe\Downloads


Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have Bit Torrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Bit Torrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\S-1-5-21-3902702374-1857963143-1876004248-1000\...\Run: [lbwnkygm] => regsvr32.exe /s "C:\Users\Joe\AppData\Local\NVIDIA\lbwnkygm.dll" <===== ATTENTION
C:\Users\Joe\AppData\Local\NVIDIA\lbwnkygm.dll
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
C:\Users\Joe\jagex_cl_runescape_LIVE.dat
C:\Users\Joe\random.dat
CustomCLSID: HKU\S-1-5-21-3902702374-1857963143-1876004248-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Joe\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3902702374-1857963143-1876004248-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Joe\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
C:\Users\Joe\AppData\LocalLow\Microsoft\rprybzkc
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • AdwCleaner log
  • Junkware log
  • How is your computer running now?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:31 PM

Posted 04 November 2014 - 09:44 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:31 PM

Posted 06 November 2014 - 03:06 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users