Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dll host with COM surrogate virus


  • This topic is locked This topic is locked
40 replies to this topic

#1 sawmilldon

sawmilldon

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 02 November 2014 - 10:04 AM

I have an infection on this computer, just had you guys fix my other one.
Same thing, com surrogates that eat resources.
 



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:41 PM

Posted 06 November 2014 - 04:28 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

If the system has been used after topic creation time we need to take a look at fresh logs.
Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 sawmilldon

sawmilldon
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 06 November 2014 - 09:59 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by Ray (administrator) on GUARDIAN-PC on 06-11-2014 18:54:03
Running from C:\Users\Ray\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ABTDS7GC
Loaded Profile: Ray (Available profiles: Ray)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\Files32\Spamfilter\LittleHook.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\BullGuard Ltd\BullGuard\BgWsc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
() C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
(Valve Corporation) C:\Program Files (x86)\Steam\GameOverlayUI.exe
(Awesomium Technologies) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\bin\awesomium_process.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Awesomium Technologies) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\bin\awesomium_process.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [MouseDriver] => TiltWheelMouse.exe
HKLM\...\Run: [BullGuard] => C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe [1337680 2014-10-29] (BullGuard Ltd.)
HKLM\...\Run: [BullGuardUpdate2] => c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe [2933072 2014-10-29] (BullGuard Ltd.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
Winlogon\Notify\ivijios-x32: C:\Users\Ray\AppData\Local\ivijios.dll [X]
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-1286021325-494678185-1062438247-1000\...\Run: [UiluZvulz] => regsvr32.exe "C:\ProgramData\UiluZvulz\UiluZvulz.dat"
HKU\S-1-5-21-1286021325-494678185-1062438247-1000\...\Run: [AowgaFakfo] => regsvr32.exe "C:\ProgramData\AowgaFakfo\AowgaFakfo.dat"
HKU\S-1-5-21-1286021325-494678185-1062438247-1000\...\Run: [ivijios] => rundll32 "C:\Users\Ray\AppData\Local\ivijios.dll",ivijios <===== ATTENTION
HKU\S-1-5-21-1286021325-494678185-1062438247-1000\...\Run: [Svc2dll] => C:\Users\Ray\AppData\Local\svcxdcl32.exe
HKU\S-1-5-21-1286021325-494678185-1062438247-1000\...\Run: [AaneBudv] => regsvr32.exe "C:\ProgramData\AaneBudv\AaneBudv.dat"
HKU\S-1-5-21-1286021325-494678185-1062438247-1000\...\Run: [RedotGoran] => regsvr32.exe "C:\ProgramData\RedotGoran\RedotGoran.dat"
HKU\S-1-5-21-1286021325-494678185-1062438247-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-1286021325-494678185-1062438247-1000\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-1286021325-494678185-1062438247-1000\...\Policies\Explorer: [Run] "C:\Users\Ray\AppData\Roaming\Microsoft\Windows\IEUpdate\bthudtask.exe"
HKU\S-1-5-21-1286021325-494678185-1062438247-1000\...\MountPoints2: {171c5eca-6d96-11e3-9bac-806e6f6e6963} - D:\SETUP.EXE /AUTORUN
HKU\S-1-5-21-1286021325-494678185-1062438247-1000\...\MountPoints2: {7a2c3523-6e16-11e3-b014-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-21-1286021325-494678185-1062438247-1000\...\Command Processor: "C:\Users\Ray\AppData\Roaming\Microsoft\Windows\IEUpdate\bthudtask.exe" <===== ATTENTION!
HKU\S-1-5-21-1286021325-494678185-1062438247-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
HKU\S-1-5-18\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 0
Startup: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bthudtask.lnk
ShortcutTarget: bthudtask.lnk -> C:\Users\Ray\AppData\Roaming\Microsoft\Windows\IEUpdate\bthudtask.exe (No File)
Startup: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\waitfor.lnk
ShortcutTarget: waitfor.lnk -> C:\Users\Ray\AppData\Roaming\Microsoft\Windows\IEUpdate\waitfor.exe (No File)
ShellIconOverlayIdentifiers: [BackupOverlayErr] -> {8749448C-D907-45BF-A842-4D3898894AC8} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlayInProgress] -> {3FFBF330-7839-476B-BE14-2C8597CE11B6} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlaySynced] -> {C62CF4DB-48CB-4B03-BFD0-30A29125FA49} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll (BullGuard Ltd.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x55CA7523A301CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {744F0168-32EC-40ED-AB88-4DA72664A9CE} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=242154&p={searchTerms}
SearchScopes: HKCU - {744F0168-32EC-40ED-AB88-4DA72664A9CE} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=242154&p={searchTerms}
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchandfly.info/?l=1&q={searchTerms}&pid=2825&r=2014/09/23&hid=15965513917053180542&lg=EN&cc=US&unqvl=62
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{B22DE897-BC1F-4427-9406-74D830FEBE98}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{DFF91873-5F5A-4F44-8CE6-8D4312BBE5B7}: [NameServer] 8.8.8.8,8.8.8.8
FireFox:
========
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ray\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [ext@browsesafely.com] - C:\Program Files (x86)\AmiExt\BrowseSafely\ff
FF HKLM-x32\...\Firefox\Extensions: [antiphishing@bullguard] - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard
FF Extension: BullGuard Safe Browsing - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard [2014-10-25]
FF Extension: No Name - C:\Program Files (x86)\AmiExt\BrowseSafely\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\AmiExt\BrowseSafely\ff [Not Found]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-25]
CHR Extension: (Google Drive) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (YouTube) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-25]
CHR Extension: (Google Search) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-25]
CHR Extension: (GoSavee) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\dinoeigdopipmmdfefpemlhihdbpgcpd [2014-09-23]
CHR Extension: (NexatCoup) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhmggibegkeifnlhgfhfbnpjphcadnj [2014-09-23]
CHR Extension: (Webbbiing) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijpgphjjpkgcdbgbgidpdmjjgdflhcjf [2014-09-28]
CHR Extension: (Google Wallet) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-25]
CHR Extension: (Gmail) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-25]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-04-24] () [File not signed]
R2 BsBackup; C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll [751952 2014-10-29] (BullGuard Ltd.)
R2 BsBhvScan; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [591184 2014-10-29] (BullGuard Ltd.)
R2 BsCache; C:\Program Files\BullGuard Ltd\BullGuard\BsCache.dll [156496 2014-10-29] (BullGuard Ltd.)
R2 BsFileScan; c:\program files\bullguard ltd\bullguard\BsFileScan.dll [421200 2014-10-29] (BullGuard Ltd.)
R2 BsFire; c:\program files\bullguard ltd\bullguard\BsFire.dll [758608 2014-10-29] (BullGuard Ltd.)
R2 BsMailProxy; c:\program files\bullguard ltd\bullguard\BsMailProxy\BsMailProxy.dll [757584 2014-10-29] (BullGuard Ltd.)
R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [538960 2014-10-29] (BullGuard Ltd.)
R2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [280912 2014-10-29] (BullGuard Ltd.)
R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [384848 2014-10-29] (BullGuard Ltd.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-04] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-08-02] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-11-04] ()
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-02] (VIA Technologies, Inc.)
S3 WinHttpAutoProxySvc; winhttp.dll [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 AFW; C:\Windows\System32\DRIVERS\afw.sys [41680 2014-09-04] (Agnitum Ltd.)
R3 afwcore; C:\Windows\System32\DRIVERS\afwcore.sys [469712 2014-09-04] (Agnitum Ltd.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
R1 BdAgent; C:\Windows\System32\DRIVERS\BdAgent.sys [117184 2014-05-15] (BullGuard Ltd.)
R3 BdNet; C:\Windows\System32\DRIVERS\BdNet.sys [34896 2014-03-19] (BullGuard Ltd.)
R1 BdSpy; C:\Windows\System32\drivers\BdSpy.sys [67680 2014-02-26] (BullGuard Ltd.)
R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 kinonivd; C:\Windows\System32\DRIVERS\kinonivd.sys [2782848 2013-02-26] (Windows ® Win 7 DDK provider)
S3 KINONI_Wave; C:\Windows\System32\drivers\kinonivad.sys [23040 2013-02-26] (Windows ® Win 7 DDK provider)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-25] (Malwarebytes Corporation)
R1 NovaShieldFilterDriver; C:\Windows\System32\DRIVERS\NSKernel.sys [321112 2014-10-29] (BullGuard Ltd.)
R1 NovaShieldTDIDriver; C:\Windows\System32\DRIVERS\NSNetmon.sys [27544 2014-10-29] (BullGuard Ltd.)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [350160 2014-02-26] (BitDefender S.R.L.)
R3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [231112 2013-01-02] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [301256 2013-01-02] (VIA Technologies, Inc.)
S3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
S3 cpuz136; \??\C:\Users\Ray\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Corsair\Corsair Link\CorsairLink.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-06 18:53 - 2014-11-06 18:54 - 00000000 ____D () C:\FRST
2014-11-06 18:53 - 2014-11-06 18:53 - 02114560 _____ (Farbar) C:\Users\Ray\Desktop\FRST64.exe
2014-11-06 17:21 - 2014-11-06 17:21 - 00000512 _____ () C:\Windows\system32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
2014-11-05 06:37 - 2014-11-05 06:37 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-11-05 06:37 - 2014-11-05 06:37 - 00000054 _____ () C:\Windows\SysWOW64\
2014-11-05 06:36 - 2014-11-05 15:21 - 00000714 _____ () C:\Windows\PFRO.log
2014-11-04 20:23 - 2014-11-04 20:23 - 00000000 ____D () C:\ProgramData\RedotGoran
2014-11-04 20:23 - 2014-11-04 20:23 - 00000000 ____D () C:\ProgramData\AaneBudv
2014-11-04 20:14 - 2014-11-04 20:18 - 230543978 _____ () C:\Users\Ray\Desktop\itswaw.mp4
2014-11-04 19:49 - 2014-11-04 19:49 - 00281872 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-11-04 19:49 - 2014-11-04 19:49 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-11-04 19:43 - 2014-11-04 20:03 - 00022135 _____ () C:\Windows\DirectX.log
2014-10-31 08:45 - 2014-11-06 17:19 - 00001176 _____ () C:\Windows\setupact.log
2014-10-31 08:45 - 2014-10-31 08:45 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-29 06:48 - 2014-10-29 06:48 - 00153712 _____ (BullGuard Ltd.) C:\Windows\system32\BgGamingMonitor.dll
2014-10-29 06:48 - 2014-10-29 06:48 - 00140280 _____ (BullGuard Ltd.) C:\Windows\SysWOW64\BgGamingMonitor.dll
2014-10-29 06:48 - 2014-10-29 06:48 - 00076624 _____ (BullGuard Ltd.) C:\Windows\system32\BGLsp.dll
2014-10-29 06:48 - 2014-10-29 06:48 - 00064336 _____ (BullGuard Ltd.) C:\Windows\SysWOW64\BGLsp.dll
2014-10-27 07:57 - 2014-10-27 07:57 - 00000000 __SHD () C:\found.002
2014-10-26 15:49 - 2014-10-27 08:04 - 00000000 ____D () C:\ProgramData\UiluZvulz
2014-10-26 15:48 - 2014-10-27 05:31 - 00000000 ____D () C:\ProgramData\AowgaFakfo
2014-10-25 20:13 - 2014-11-06 17:20 - 00000312 _____ () C:\Windows\system32\config\afw_hm.conf
2014-10-25 20:13 - 2014-11-06 17:20 - 00000004 _____ () C:\Windows\system32\config\afw_db.conf
2014-10-25 15:17 - 2014-10-25 15:17 - 00000164 _____ () C:\Users\Ray\Desktop\BullGuard Online Drive.lnk
2014-10-25 15:12 - 2014-10-25 15:12 - 00000990 _____ () C:\Users\Public\Desktop\BullGuard.lnk
2014-10-25 15:12 - 2014-10-25 15:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BullGuard
2014-10-25 15:09 - 2014-10-25 15:09 - 00000000 ____D () C:\Program Files\BullGuard Ltd
2014-10-25 15:03 - 2014-10-25 15:03 - 00327512 _____ () C:\Users\Ray\Downloads\BullGuardDownloader.exe
2014-10-25 14:58 - 2014-10-25 20:14 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\BullGuard
2014-10-25 14:51 - 2014-11-06 18:54 - 00000000 ____D () C:\ProgramData\BullGuard
2014-10-25 14:51 - 2014-10-25 14:51 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\QuickScan
2014-10-25 14:51 - 2014-10-25 14:51 - 00000000 ____D () C:\Program Files\Common Files\BullGuard Ltd
2014-10-25 08:10 - 2014-10-25 08:10 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-10-25 08:10 - 2014-10-25 08:10 - 00000000 _____ () C:\autoexec.bat
2014-10-25 08:09 - 2014-10-25 13:59 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-10-25 07:47 - 2014-10-25 08:07 - 00001420 _____ () C:\Users\Ray\Desktop\Rkill.txt
2014-10-20 14:47 - 2014-11-06 17:19 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-10-19 07:43 - 2014-10-19 07:43 - 00000935 _____ () C:\Users\Ray\Desktop\Open Broadcaster Software.lnk
2014-10-19 07:43 - 2014-10-19 07:43 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2014-10-19 07:42 - 2014-10-19 07:42 - 07463237 _____ () C:\Users\Ray\Downloads\OBS_0_637b_Installer.exe
2014-10-19 06:57 - 2014-10-19 06:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LoiLo Game Recorder
2014-10-19 06:57 - 2014-10-19 06:57 - 00000000 ____D () C:\Program Files\LoiLo
2014-10-18 21:19 - 2014-10-24 18:28 - 00120812 _____ () C:\Users\Ray\AppData\Local\ars.cache
2014-10-18 21:19 - 2014-10-24 18:28 - 00100776 _____ () C:\Users\Ray\AppData\Local\census.cache
2014-10-18 20:56 - 2014-10-24 18:27 - 00000010 _____ () C:\Users\Ray\AppData\Local\sponge.last.runtime.cache
2014-10-18 20:37 - 2013-09-01 23:58 - 00175528 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-10-18 20:35 - 2014-10-18 20:35 - 00000036 _____ () C:\Users\Ray\AppData\Local\housecall.guid.cache
2014-10-18 20:16 - 2014-10-31 08:34 - 00007598 _____ () C:\Users\Ray\AppData\Local\Resmon.ResmonCfg
2014-10-17 20:09 - 2014-10-17 20:09 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\MMFApplications
2014-10-15 21:58 - 2014-10-15 21:58 - 00000000 ____D () C:\Users\Ray\Documents\BioWare
2014-10-15 06:06 - 2014-10-15 06:06 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\Goofball
2014-10-14 22:04 - 2014-09-28 16:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-14 22:04 - 2014-08-18 19:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-14 22:04 - 2014-08-18 19:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-14 22:04 - 2014-08-18 19:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-14 22:04 - 2014-08-18 19:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-14 22:04 - 2014-08-18 19:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-14 22:04 - 2014-08-18 19:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-14 22:04 - 2014-08-18 19:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-14 22:04 - 2014-08-18 19:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-14 22:04 - 2014-08-18 19:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-14 22:04 - 2014-08-18 19:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-14 22:04 - 2014-08-18 18:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-14 22:04 - 2014-08-18 18:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-14 22:04 - 2014-08-18 18:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-14 22:04 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-14 22:04 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-14 22:04 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-14 22:04 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-14 22:04 - 2014-07-08 18:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-14 22:04 - 2014-07-08 17:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-14 22:04 - 2014-07-08 17:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-14 22:04 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-14 22:04 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-14 22:04 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-14 22:04 - 2014-07-08 14:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-14 22:04 - 2014-07-08 14:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-14 22:04 - 2014-07-06 18:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-14 22:04 - 2014-07-06 18:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-14 22:04 - 2014-07-06 18:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-14 22:04 - 2014-07-06 18:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-14 22:04 - 2014-07-06 18:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-14 22:04 - 2014-07-06 18:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-14 22:04 - 2014-07-06 18:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-14 22:04 - 2014-07-06 18:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-14 22:04 - 2014-07-06 18:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-14 22:04 - 2014-07-06 18:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-14 22:04 - 2014-07-06 18:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-14 22:04 - 2014-07-06 18:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-14 22:04 - 2014-07-06 18:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-14 22:04 - 2014-07-06 18:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-14 22:04 - 2014-07-06 18:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-14 22:04 - 2014-07-06 18:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-14 22:04 - 2014-07-06 18:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-14 22:04 - 2014-07-06 18:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-14 22:04 - 2014-07-06 18:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-14 22:04 - 2014-07-06 18:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-14 22:04 - 2014-07-06 18:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-14 22:04 - 2014-07-06 18:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-14 22:04 - 2014-07-06 18:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-14 22:04 - 2014-07-06 18:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-14 22:04 - 2014-07-06 18:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-14 22:04 - 2014-07-06 18:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-14 22:04 - 2014-07-06 18:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-14 22:04 - 2014-07-06 18:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-14 22:04 - 2014-07-06 18:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-14 22:04 - 2014-07-06 18:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-14 22:04 - 2014-07-06 18:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-14 22:04 - 2014-07-06 18:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-14 22:04 - 2014-07-06 17:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-14 22:04 - 2014-07-06 17:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-14 22:04 - 2014-07-06 17:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-14 22:04 - 2014-07-06 17:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-14 22:04 - 2014-07-06 17:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-14 22:04 - 2014-07-06 17:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-14 22:04 - 2014-07-06 17:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-14 22:04 - 2014-07-06 17:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-14 22:04 - 2014-07-06 17:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-14 22:04 - 2014-07-06 17:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-14 22:04 - 2014-07-06 17:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-14 22:04 - 2014-07-06 17:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-14 22:04 - 2014-07-06 17:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-14 22:04 - 2014-07-06 17:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-14 22:04 - 2014-07-06 17:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-14 22:04 - 2014-07-06 17:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-14 22:04 - 2014-07-06 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-14 22:04 - 2014-07-06 17:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-14 22:04 - 2014-07-06 17:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-14 22:04 - 2014-07-06 17:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-14 22:04 - 2014-07-06 17:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-14 22:04 - 2014-07-06 17:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-14 22:04 - 2014-07-06 17:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-14 22:04 - 2014-07-06 17:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-14 22:04 - 2014-07-06 17:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-14 22:04 - 2014-07-06 17:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-14 22:04 - 2014-07-06 17:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-14 22:04 - 2014-07-06 17:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-14 22:04 - 2014-07-06 17:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-14 22:04 - 2014-07-06 17:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-14 22:04 - 2014-06-27 16:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-14 22:04 - 2014-06-27 16:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-14 22:04 - 2014-06-27 16:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-14 22:04 - 2014-06-18 14:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-14 22:04 - 2014-06-18 14:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-14 22:04 - 2014-06-18 14:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-14 22:04 - 2014-06-18 14:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-14 22:04 - 2014-06-18 14:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-14 22:04 - 2014-06-18 14:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-14 22:03 - 2014-10-09 18:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-14 22:03 - 2014-10-09 18:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-14 22:03 - 2014-10-09 18:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-14 22:03 - 2014-10-06 18:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-14 22:03 - 2014-10-06 18:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-14 22:03 - 2014-09-25 14:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-14 22:03 - 2014-09-25 14:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-14 22:03 - 2014-09-25 14:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-14 22:03 - 2014-09-25 14:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-14 22:03 - 2014-09-25 14:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-14 22:03 - 2014-09-25 14:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-14 22:03 - 2014-09-25 14:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-14 22:03 - 2014-09-18 18:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-14 22:03 - 2014-09-18 17:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-14 22:03 - 2014-09-18 17:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-14 22:03 - 2014-09-18 17:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-14 22:03 - 2014-09-18 17:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-14 22:03 - 2014-09-18 17:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-14 22:03 - 2014-09-18 17:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-14 22:03 - 2014-09-18 17:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-14 22:03 - 2014-09-18 17:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-14 22:03 - 2014-09-18 17:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-14 22:03 - 2014-09-18 17:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-14 22:03 - 2014-09-18 17:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-14 22:03 - 2014-09-18 17:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-14 22:03 - 2014-09-18 17:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-14 22:03 - 2014-09-18 17:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-14 22:03 - 2014-09-18 17:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-14 22:03 - 2014-09-18 17:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-14 22:03 - 2014-09-18 17:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-14 22:03 - 2014-09-18 17:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-14 22:03 - 2014-09-18 17:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-14 22:03 - 2014-09-18 17:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-14 22:03 - 2014-09-18 17:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-14 22:03 - 2014-09-18 17:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-14 22:03 - 2014-09-18 17:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-14 22:03 - 2014-09-18 17:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-14 22:03 - 2014-09-18 17:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-14 22:03 - 2014-09-18 16:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-14 22:03 - 2014-09-18 16:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-14 22:03 - 2014-09-18 16:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-14 22:03 - 2014-09-18 16:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-14 22:03 - 2014-09-18 16:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-14 22:03 - 2014-09-18 16:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-14 22:03 - 2014-09-18 16:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-14 22:03 - 2014-09-18 16:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-14 22:03 - 2014-09-18 16:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-14 22:03 - 2014-09-18 16:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-14 22:03 - 2014-09-18 16:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-14 22:03 - 2014-09-18 16:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-14 22:03 - 2014-09-18 16:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-14 22:03 - 2014-09-18 16:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-14 22:03 - 2014-09-18 16:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-14 22:03 - 2014-09-18 16:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-14 22:03 - 2014-09-18 16:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-14 22:03 - 2014-09-18 15:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-14 22:03 - 2014-09-18 15:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-14 22:03 - 2014-09-18 15:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-14 22:03 - 2014-09-18 15:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-14 22:02 - 2014-09-17 18:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-14 22:02 - 2014-09-17 17:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-14 22:02 - 2014-08-28 18:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-14 22:01 - 2014-09-12 17:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-14 22:01 - 2014-09-12 17:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-14 22:01 - 2014-09-04 18:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-14 22:01 - 2014-09-04 17:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-14 22:01 - 2014-09-03 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-14 22:01 - 2014-09-03 21:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-14 22:01 - 2014-07-16 18:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-14 22:01 - 2014-07-16 18:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-14 22:01 - 2014-07-16 18:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-14 22:01 - 2014-07-16 18:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-14 22:01 - 2014-07-16 18:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-14 22:01 - 2014-07-16 18:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-14 22:01 - 2014-07-16 17:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-14 22:01 - 2014-07-16 17:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-14 22:01 - 2014-07-16 17:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-14 22:01 - 2014-07-16 17:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-14 22:01 - 2014-07-16 17:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-14 19:39 - 2014-10-14 19:39 - 00002673 _____ () C:\Users\Ray\Documents\GhostVid.wlmp
2014-10-14 18:10 - 2014-10-15 06:11 - 00000000 ____D () C:\Program Files (x86)\Goofball
2014-10-14 18:09 - 2014-10-14 18:09 - 08834748 _____ () C:\Users\Ray\Downloads\Goofball_Setup.exe
2014-10-14 15:01 - 2014-10-14 15:01 - 00002066 _____ () C:\Users\Ray\AppData\Local\recently-used.xbel
2014-10-12 11:34 - 2014-10-12 11:34 - 00000404 _____ () C:\Users\Ray\Desktop\Account
2014-10-10 19:43 - 2014-10-10 19:43 - 00000000 ____D () C:\Users\Ray\AppData\Local\PopCap Games
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-06 18:20 - 2014-06-28 13:20 - 00000284 _____ () C:\Windows\Tasks\Rocket Updater.job
2014-11-06 18:11 - 2013-12-26 09:35 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-06 18:08 - 2013-12-25 13:28 - 00000000 ____D () C:\ProgramData\Origin
2014-11-06 18:07 - 2013-12-25 13:28 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-11-06 17:28 - 2009-07-13 20:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-06 17:28 - 2009-07-13 20:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-06 17:25 - 2013-12-26 02:17 - 01315333 _____ () C:\Windows\WindowsUpdate.log
2014-11-06 17:25 - 2009-07-13 21:13 - 00006214 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-06 17:21 - 2013-12-26 08:19 - 00000000 ____D () C:\Users\Ray\AppData\Local\CrashDumps
2014-11-06 17:19 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-04 20:14 - 2014-08-15 19:33 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\HandBrake
2014-11-04 20:07 - 2014-07-07 13:35 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\OBS
2014-11-04 19:49 - 2013-12-30 19:35 - 00281872 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-11-04 18:18 - 2013-12-25 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-11-02 19:15 - 2014-08-19 16:30 - 00000487 _____ () C:\Users\Ray\Desktop\Xmas List.txt
2014-11-01 19:50 - 2014-05-08 20:08 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\2K Sports
2014-11-01 12:13 - 2014-08-15 19:33 - 00000000 ____D () C:\Program Files\Handbrake
2014-11-01 11:42 - 2014-04-23 08:06 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\Audacity
2014-11-01 10:38 - 2013-12-26 16:48 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\.minecraft
2014-10-31 08:37 - 2014-02-16 01:02 - 00000000 ____D () C:\Windows\Minidump
2014-10-31 08:37 - 2013-12-26 02:11 - 00000000 ____D () C:\Windows\Panther
2014-10-31 05:50 - 2013-12-26 12:47 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-29 17:22 - 2014-06-20 11:01 - 00000000 ___RD () C:\Users\Ray\Desktop\Stuff
2014-10-29 06:48 - 2014-09-24 00:01 - 00321112 _____ (BullGuard Ltd.) C:\Windows\system32\Drivers\NSKernel.sys
2014-10-29 06:48 - 2014-09-24 00:01 - 00027544 _____ (BullGuard Ltd.) C:\Windows\system32\Drivers\NSNetmon.sys
2014-10-27 05:30 - 2014-06-27 17:04 - 00000000 ____D () C:\Program Files (x86)\WarThunder
2014-10-26 12:34 - 2014-09-13 08:32 - 00000000 ____D () C:\Users\Ray\Documents\TotallyUnnamedProject
2014-10-26 12:33 - 2014-08-20 13:04 - 00000000 ____D () C:\ProgramData\Unity
2014-10-25 20:15 - 2014-07-21 14:35 - 00000000 ____D () C:\Users\Ray\AppData\Local\Ihwsoft
2014-10-25 15:03 - 2014-09-23 11:20 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-10-25 15:03 - 2014-09-23 11:20 - 00000000 ____D () C:\Users\Guest
2014-10-25 15:03 - 2014-09-23 11:20 - 00000000 ____D () C:\Users\Administrator
2014-10-25 14:10 - 2014-03-27 08:41 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-25 14:06 - 2014-03-27 08:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-25 14:06 - 2014-03-27 08:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-24 17:51 - 2013-12-25 13:35 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-10-24 17:51 - 2009-07-13 21:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-24 17:41 - 2014-08-10 20:35 - 00000000 ____D () C:\Program Files (x86)\RivaTuner Statistics Server
2014-10-24 17:38 - 2014-08-09 12:18 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\Dev-Cpp
2014-10-24 17:38 - 2014-08-09 12:18 - 00000000 ____D () C:\Dev-Cpp
2014-10-24 17:37 - 2014-08-31 12:46 - 00000000 ____D () C:\Program Files\Blender Foundation
2014-10-24 17:31 - 2014-04-09 17:23 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\Dropbox
2014-10-19 10:34 - 2014-09-28 15:45 - 00000000 ____D () C:\ProgramData\Webbbiing
2014-10-19 07:43 - 2014-07-07 13:35 - 00000000 ____D () C:\Program Files\OBS
2014-10-19 07:43 - 2014-07-07 13:35 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-10-18 20:31 - 2014-04-02 07:05 - 00000000 ____D () C:\Users\Ray\AppData\Local\LogMeIn Hamachi
2014-10-18 20:27 - 2014-09-28 15:45 - 00000000 ____D () C:\Program Files (x86)\Webbbiing
2014-10-18 20:27 - 2014-09-23 11:20 - 00000000 ____D () C:\ProgramData\ecd25969a87f71dd
2014-10-18 20:26 - 2014-09-27 12:39 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\swiffout
2014-10-15 15:48 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-10-15 06:12 - 2009-07-13 20:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-15 04:39 - 2009-07-13 20:45 - 00268392 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 04:37 - 2014-05-07 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-15 04:37 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-15 04:37 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-15 02:03 - 2013-12-25 11:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 02:00 - 2013-12-25 11:23 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-14 19:32 - 2014-04-18 05:52 - 00000000 ____D () C:\Users\Ray\AppData\Local\Windows Live
2014-10-14 15:38 - 2014-09-23 11:20 - 00000000 ____D () C:\ProgramData\Trusted Publisher
2014-10-14 15:38 - 2014-08-29 19:50 - 00000000 ____D () C:\Windows\PCHEALTH
2014-10-14 15:07 - 2014-09-01 12:33 - 00000000 ____D () C:\Users\Ray\.gimp-2.8
2014-10-14 15:01 - 2014-09-23 15:41 - 00000000 ____D () C:\Users\Ray\AppData\Local\gtk-2.0
2014-10-12 11:31 - 2014-02-16 06:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Horizon
2014-10-11 10:38 - 2014-07-18 08:14 - 00000000 ____D () C:\Users\Ray\Documents\FIFA World
2014-10-10 19:04 - 2014-09-21 17:03 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\Skype
Some content of TEMP:
====================
C:\Users\Ray\AppData\Local\Temp\stuprt.exe
C:\Users\Ray\AppData\Local\Temp\UpdateFlashPlayer_a8194381.exe

==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-06 18:00
==================== End Of Log ============================

Here is the Addition file

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2014
Ran by Ray at 2014-11-06 18:54:58
Running from C:\Users\Ray\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ABTDS7GC
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Disabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Disabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3TB+Unlock B12.1102.1 (HKLM-x32\...\{17630FD1-B14A-4CA5-A627-B6B5F7DD41CF}) (Version: 1.00.0001 - GIGABYTE)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Ace of Spades (HKLM-x32\...\Steam App 224540) (Version:  - Jagex Limited)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Alien Swarm - SDK (HKLM-x32\...\Steam App 640) (Version:  - Valve)
Alien Swarm (HKLM-x32\...\Steam App 630) (Version:  - Valve)
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
APB Reloaded (HKLM-x32\...\APB Reloaded) (Version: 1.4.0.570667 - )
APB Reloaded (HKLM-x32\...\Steam App 113400) (Version:  - Reloaded Productions)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Arma 2 (HKLM-x32\...\Steam App 33910) (Version:  - Bohemia Interactive)
Arma 2: DayZ Mod (HKLM-x32\...\Steam App 224580) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead - Dedicated Server (HKLM-x32\...\Steam App 33935) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version:  - Bohemia Interactive)
Arma: Cold War Assault (HKLM-x32\...\Steam App 65790) (Version:  - Bohemia Interactive)
Assassin's Creed IV Black Flag (HKLM-x32\...\Steam App 242050) (Version:  - Ubisoft Montreal)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Bandizip (HKLM\...\Bandizip) (Version: 5.0 - Bandisoft.com)
Battlefield 1942™ (HKLM-x32\...\{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}) (Version: 1.6.20.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.3.2.15221 - Electronic Arts)
Battlefield: Bad Company 2 (HKLM-x32\...\Steam App 24960) (Version:  - DICE)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
BullGuard Internet Security (HKLM\...\BullGuard) (Version: 14.1 - BullGuard Ltd.)
Call of Duty: Ghosts - Multiplayer (HKLM-x32\...\Steam App 209170) (Version:  - Infinity Ward)
Call of Duty: Ghosts (HKLM-x32\...\Steam App 209160) (Version:  - Infinity Ward)
Call of Duty: World at War (HKLM-x32\...\Steam App 10090) (Version:  - Treyarch)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.2014 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Dead Space™ (HKLM-x32\...\{9789E33B-317A-44B2-AF9A-FF8708AD93E0}) (Version: 1.0.0.222 - Electronic Arts)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05.0.0 - Electronic Arts)
EA Sports™ FIFA World (HKLM-x32\...\{8F9AC744-EEF6-43DB-A4B6-FA1A18F1C640}) (Version: 7.1.0.50515 - Electronic Arts, Inc.)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Fallout 3 - Game of the Year Edition (HKLM-x32\...\Steam App 22370) (Version:  - Bethesda Game Studios)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Far Cry 2 (HKLM-x32\...\Steam App 19900) (Version:  - Ubisoft Montreal)
Far Cry 3 Blood Dragon (HKLM-x32\...\{A071F478-73E0-4143-AE55-4DD6BABD74F5}) (Version: 1.02 - Ubisoft)
Five Nights at Freddy's (HKLM-x32\...\Steam App 319510) (Version:  - Scott Cawthon)
GamersFirst LIVE! (HKCU\...\GamersFirst LIVE!) (Version:  - GamersFirst)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version:  - Coffee Stain Studios)
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)
Half-Life (HKLM-x32\...\Steam App 70) (Version:  - Valve)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Deathmatch (HKLM-x32\...\Steam App 320) (Version:  - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version:  - Valve)
Half-Life Deathmatch: Source (HKLM-x32\...\Steam App 360) (Version:  - Valve)
Half-Life SDK (HKLM-x32\...\Steam App 254430) (Version:  - )
Half-Life: Blue Shift (HKLM-x32\...\Steam App 130) (Version:  - Gearbox Software)
Half-Life: Opposing Force (HKLM-x32\...\Steam App 50) (Version:  - Gearbox Software)
Half-Life: Source (HKLM-x32\...\Steam App 280) (Version:  - Valve)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
Horizon v2.8.1.1 (HKLM-x32\...\d4cfeebc-b821-40b7-9f81-d366b1466f03_is1) (Version: 2.8.1.1 - Daring Development Inc.)
Infestation: Survivor Stories (HKLM-x32\...\Steam App 226700) (Version:  - Hammerpoint Interactive)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.650 - Oracle)
Java™ 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417000F0}) (Version: 7.0.0 - Oracle)
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche)
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version:  - JC2-MP Team)
Killing Floor (HKLM-x32\...\Steam App 1250) (Version:  - Tripwire Interactive)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Left 4 Dead 2 Authoring Tools (HKLM-x32\...\Steam App 563) (Version:  - Valve)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
LoiLo Game Recorder (HKLM\...\{89E4163C-BD19-45A9-BCEB-980741786799}_is1) (Version: 1.1.0.0 - LoiLo inc.)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft VM for Java (HKLM-x32\...\MsJavaVM) (Version:  - )
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
ModifyRegistry version 0.1 (HKLM-x32\...\{1D5BE6B5-7FD4-4A78-90F2-AF6B53BC8C1C}_is1) (Version: 0.1 - VIA Technologies, Inc.)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NBA 2K14 (HKLM-x32\...\Steam App 255480) (Version:  - Visual Concepts)
No More Room in Hell (HKLM-x32\...\Steam App 224260) (Version:  - No More Room in Hell Team)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
ON_OFF Charge B12.1025.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)
ORION: Dino Horde (HKLM-x32\...\Steam App 104900) (Version:  - Spiral Game Studios)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)
Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
RPG MAKER VX Ace Lite (HKLM-x32\...\RPGVXAceLite_E_is1) (Version: 1.01b - Enterbrain)
Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version:  - Volition)
Sanctum (HKLM-x32\...\Steam App 91600) (Version:  - Coffee Stain Studios)
Sanctum 2 (HKLM-x32\...\Steam App 210770) (Version:  - Coffee Stain Studios)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
Sniper Elite: Nazi Zombie Army (HKLM-x32\...\Steam App 227100) (Version:  - Rebellion)
Sniper Elite: Nazi Zombie Army 2 (HKLM-x32\...\Steam App 247910) (Version:  - )
Space Engineers (HKLM-x32\...\Steam App 244850) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Super Crate Box (HKLM-x32\...\Steam App 212800) (Version:  - Vlambeer)
Supreme Commander (HKLM-x32\...\Steam App 9350) (Version:  - Gas Powered Games)
Supreme Commander: Forged Alliance (HKLM-x32\...\Steam App 9420) (Version:  - Gas Powered Games)
Takedown: Red Sabre (HKLM-x32\...\Steam App 236510) (Version:  - Serellan LLC)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Sims™ 3 (HKLM-x32\...\Steam App 47890) (Version:  - The Sims Studio)
Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.8.10 - Electronic Arts)
Tom Clancy's Ghost Recon Phantoms - NA (HKLM-x32\...\Steam App 243870) (Version:  - Ubisoft Singapore)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
Unity (HKLM-x32\...\Unity) (Version: 4.5.3f3 - Unity Technologies ApS)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Xfire (HKLM-x32\...\Xfire) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1286021325-494678185-1062438247-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ray\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-1286021325-494678185-1062438247-1000_Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32 -> C:\Program Files\Bandizip\bdzshl64.dll (Bandisoft.com)
CustomCLSID: HKU\S-1-5-21-1286021325-494678185-1062438247-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?

==================== Restore Points  =========================

05-11-2014 03:42:38 Installed DirectX
05-11-2014 04:02:23 Installed DirectX

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2014-11-05 06:37 - 00001512 _RASH C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
158.58.173.194 www.google-analytics.com.
158.58.173.194 google-analytics.com.
158.58.173.194 connect.facebook.net.
198.100.156.140 www.google-analytics.com.
198.100.156.140 google-analytics.com.
198.100.156.140 connect.facebook.net.
85.25.79.123 www.google-analytics.com.
85.25.79.123 google-analytics.com.
85.25.79.123 connect.facebook.net.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {42AF72B7-603E-418C-8FC1-F20EFDBE1823} - System32\Tasks\Rocket Updater => C:\Users\Ray\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {54A130F9-3AA1-4C4A-96A1-A8223BEEDAC0} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1286021325-494678185-1062438247-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {6D405C27-3212-4F40-96CF-93C9E0D74766} - System32\Tasks\Start Corsair Link => C:\Program Files (x86)\Corsair\Corsair Link\CorsairLink.exe
Task: {7718F730-DBF9-414F-A884-89A692B2CF3D} - \bench-Updater removing No Task File <==== ATTENTION
Task: {82142B6F-7DE2-4A2C-A43D-7E8312DC2624} - \bench-sys No Task File <==== ATTENTION
Task: {9AC3C158-320A-4896-AC9E-7028C35CC621} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1286021325-494678185-1062438247-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {A3BB62EE-B18A-40A8-A9F3-84C6C9C41275} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe
Task: {C767D179-028B-43A7-B779-850EA64005FE} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1286021325-494678185-1062438247-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {E3163C33-301D-4730-A266-5518C5ED3967} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => BthUdTask.exe
Task: {F54D8F5F-C7C3-4570-98C3-26BF2C7EA422} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1286021325-494678185-1062438247-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {F90484CB-38D0-420C-8804-3A43BF7A8A14} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1286021325-494678185-1062438247-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {FEA3B8EC-5AEF-4E80-BF45-A859A266A224} - System32\Tasks\{450B490E-209C-EAB7-940E-DFBCE525FE21} => C:\Windows\system32\hmpfs.dll [2014-07-25] ()
Task: C:\Windows\Tasks\Rocket Updater.job => C:\Users\Ray\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-10-29 06:48 - 2014-10-29 06:48 - 00613200 _____ () c:\program files\bullguard ltd\bullguard\SQLite.dll
2014-10-29 06:48 - 2014-10-29 06:48 - 00084304 _____ () c:\program files\bullguard ltd\bullguard\zlib1.dll
2014-10-29 06:48 - 2014-10-29 06:48 - 00653136 _____ () c:\program files\bullguard ltd\bullguard\LibXml2.dll
2014-10-29 06:48 - 2014-10-29 06:48 - 00653136 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LibXml2.dll
2014-10-29 06:48 - 2014-10-29 06:48 - 00613200 _____ () C:\Program Files\BullGuard Ltd\BullGuard\SQLite.dll
2014-10-29 06:48 - 2014-10-29 06:48 - 00084304 _____ () C:\Program Files\BullGuard Ltd\BullGuard\zlib1.dll
2014-10-29 06:48 - 2014-10-29 06:48 - 00275784 _____ () C:\Program Files\BullGuard Ltd\BullGuard\res\en\BpBackupRes.dll
2014-10-29 06:48 - 2014-10-29 06:48 - 00013128 _____ () C:\Program Files\BullGuard Ltd\BullGuard\res\en\BpInspectorRes.dll
2014-10-29 06:48 - 2014-10-29 06:48 - 00033096 _____ () C:\Program Files\BullGuard Ltd\BullGuard\res\en\BpMainRes.dll
2013-12-25 10:43 - 2012-08-09 02:55 - 00078480 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2013-12-25 10:43 - 2012-08-09 02:55 - 00386192 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2014-04-17 21:29 - 2014-04-17 21:29 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2014-10-29 06:48 - 2014-10-29 06:48 - 00021832 _____ () C:\Program Files\BullGuard Ltd\BullGuard\res\en\BullGuardBhvScannerRes.dll
2014-10-29 06:48 - 2014-10-29 06:48 - 00064848 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LIBBZ2.dll
2014-11-04 19:49 - 2014-11-04 19:49 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-09-30 23:35 - 2014-09-30 23:35 - 00033712 _____ () c:\program files\bullguard ltd\bullguard\BgWsc.exe
2014-04-04 12:56 - 2014-07-08 11:00 - 00084480 _____ () C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
2012-09-12 23:38 - 2012-09-12 23:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2014-07-03 12:20 - 2014-07-03 12:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 12:19 - 2014-07-03 12:19 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-09-12 23:39 - 2012-09-12 23:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2014-08-28 22:17 - 2014-08-21 10:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-28 22:17 - 2014-08-21 10:15 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-28 22:17 - 2014-08-21 10:15 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2013-12-26 09:39 - 2014-10-01 15:16 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-21 14:50 - 2014-10-21 11:22 - 02226880 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-28 22:17 - 2014-08-21 10:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-28 22:17 - 2014-08-21 10:15 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-12-26 09:39 - 2014-10-21 11:22 - 00682176 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-12-26 09:39 - 2014-09-04 15:29 - 34589376 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-08-14 11:38 - 2014-09-04 15:29 - 00837824 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
2014-04-04 12:56 - 2014-07-11 07:07 - 00157696 _____ () C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\bin\launcher.dll
2014-04-04 12:56 - 2014-07-08 11:00 - 00246272 _____ () C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\bin\tier0.dll
2014-04-04 12:56 - 2014-07-11 07:07 - 00164352 _____ () C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\bin\vstdlib.dll
2014-04-04 12:25 - 2014-07-11 07:07 - 00936448 _____ () C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\bin\filesystem_stdio.dll
2014-04-19 04:51 - 2014-07-11 07:07 - 04221440 _____ () c:\program files (x86)\steam\steamapps\common\garrysmod\bin\engine.dll
2014-04-04 12:56 - 2014-07-11 07:07 - 00103936 _____ () c:\program files (x86)\steam\steamapps\common\garrysmod\bin\inputsystem.dll
2014-04-04 12:25 - 2014-07-11 07:07 - 01139200 _____ () c:\program files (x86)\steam\steamapps\common\garrysmod\bin\materialsystem.dll
2014-04-04 12:25 - 2014-07-11 07:07 - 00232960 _____ () c:\program files (x86)\steam\steamapps\common\garrysmod\bin\datacache.dll
2014-04-04 12:25 - 2014-07-11 07:07 - 00516608 _____ () c:\program files (x86)\steam\steamapps\common\garrysmod\bin\studiorender.dll
2013-12-26 14:30 - 2013-12-27 06:34 - 00914344 _____ () c:\program files (x86)\steam\steamapps\common\garrysmod\bin\vphysics.dll
2014-04-04 12:25 - 2014-07-11 07:08 - 01345536 _____ () c:\program files (x86)\steam\steamapps\common\garrysmod\bin\vguimatsurface.dll
2014-04-04 12:25 - 2014-07-11 07:07 - 00353792 _____ () c:\program files (x86)\steam\steamapps\common\garrysmod\bin\vgui2.dll
2014-04-04 12:25 - 2014-07-11 07:07 - 00937472 _____ () C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\bin\shaderapidx9.dll
2013-12-26 09:39 - 2014-10-21 11:22 - 00350400 _____ () C:\Program Files (x86)\Steam\steam.dll
2014-04-04 12:56 - 2014-07-11 07:07 - 00147968 _____ () c:\program files (x86)\steam\steamapps\common\garrysmod\bin\stdshader_dbg.dll
2014-04-04 12:56 - 2014-07-11 07:07 - 00229376 _____ () c:\program files (x86)\steam\steamapps\common\garrysmod\bin\stdshader_dx6.dll
2014-04-04 12:56 - 2014-07-11 07:07 - 00160768 _____ () c:\program files (x86)\steam\steamapps\common\garrysmod\bin\stdshader_dx7.dll
2014-04-04 12:25 - 2014-07-11 07:07 - 00346112 _____ () c:\program files (x86)\steam\steamapps\common\garrysmod\bin\stdshader_dx8.dll
2014-04-04 12:25 - 2014-07-11 07:07 - 00559104 _____ () c:\program files (x86)\steam\steamapps\common\garrysmod\bin\stdshader_dx9.dll
2014-04-04 12:56 - 2014-07-11 07:08 - 00156160 _____ () c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\bin\game_shader_generic_garrysmod.dll
2013-12-27 06:33 - 2013-12-27 06:33 - 00070056 _____ () C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\bin\unicode.dll
2014-04-04 12:25 - 2014-07-11 07:08 - 06794752 _____ () c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\bin\client.dll
2014-04-04 12:25 - 2014-07-11 07:08 - 10141696 _____ () c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\bin\server.dll
2014-04-04 12:56 - 2014-07-11 07:07 - 00119808 _____ () C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\bin\soundemittersystem.dll
2014-04-04 12:56 - 2014-07-11 07:07 - 00071680 _____ () C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\bin\scenefilecache.dll
2014-04-19 04:51 - 2014-07-13 07:10 - 00456704 _____ () c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\bin\lua_shared.dll
2014-04-04 12:25 - 2014-07-11 07:08 - 02075648 _____ () c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\bin\menusystem.dll
2014-04-04 12:25 - 2014-07-11 07:08 - 00885248 _____ () c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\bin\resources.dll
2014-04-04 12:56 - 2014-07-11 07:07 - 00083968 _____ () c:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\bin\gmhtml.dll
2014-04-04 12:56 - 2014-07-11 07:07 - 00084480 _____ () C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\bin\gmod_audio.dll
2014-04-04 12:25 - 2014-07-11 07:07 - 02051584 _____ () c:\program files (x86)\steam\steamapps\common\garrysmod\bin\GameUI.dll
2014-04-04 12:25 - 2014-07-11 07:07 - 00897536 _____ () c:\program files (x86)\steam\steamapps\common\garrysmod\bin\serverbrowser.dll
2013-12-26 14:30 - 2013-12-27 06:33 - 01099704 _____ () C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\bin\avcodec-53.dll
2013-12-27 06:33 - 2013-12-27 06:33 - 00123320 _____ () C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\bin\avutil-51.dll
2013-12-27 06:33 - 2013-12-27 06:33 - 00190904 _____ () C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\bin\avformat-53.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsUpdate => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: LMIGuardianSvc => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupfolder: C:^Users^Ray^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk => C:\Windows\pss\GamersFirst LIVE!.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CLMLServer_For_P2G8 => "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
MSCONFIG\startupreg: CLVirtualDrive => "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: Power2GoExpress8 => "C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

========================= Accounts: ==========================

Administrator (S-1-5-21-1286021325-494678185-1062438247-500 - Administrator - Disabled)
Guest (S-1-5-21-1286021325-494678185-1062438247-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1286021325-494678185-1062438247-1003 - Limited - Enabled)
Ray (S-1-5-21-1286021325-494678185-1062438247-1000 - Administrator - Enabled) => C:\Users\Ray

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/06/2014 05:25:06 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (11/06/2014 05:25:06 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (11/06/2014 05:21:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/06/2014 05:19:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: runonce.exe, version: 6.1.7601.17514, time stamp: 0x4ce797ce
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x02907744
Faulting process id: 0x6fc
Faulting application start time: 0xrunonce.exe0
Faulting application path: runonce.exe1
Faulting module path: runonce.exe2
Report Id: runonce.exe3

Error: (11/05/2014 08:33:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/05/2014 03:28:00 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (11/05/2014 03:28:00 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (11/05/2014 03:24:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/05/2014 06:43:36 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (11/05/2014 06:43:36 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

System errors:
=============
Error: (11/06/2014 05:21:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (11/06/2014 05:21:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (11/06/2014 05:21:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (11/06/2014 05:21:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (11/06/2014 05:21:51 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (11/06/2014 05:21:51 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (11/06/2014 05:21:45 PM) (Source: HTTP) (EventID: 15005) (User: )
Description: \Device\Http\ReqQueue[::]:10243

Error: (11/06/2014 05:21:45 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x80070005

Error: (11/06/2014 05:21:45 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
Description: 00x80070005http://+:10243/WMPNSSv4/818010938/

Error: (11/06/2014 05:21:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Microsoft Office Sessions:
=========================
Error: (11/06/2014 05:25:06 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (11/06/2014 05:25:06 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (11/06/2014 05:21:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/06/2014 05:19:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: runonce.exe6.1.7601.175144ce797ceunknown0.0.0.000000000c0000005029077446fc01cffa28e9b554d2C:\Windows\SysWOW64\runonce.exeunknown2fe0dd7e-661c-11e4-a17b-74d435048721

Error: (11/05/2014 08:33:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/05/2014 03:28:00 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (11/05/2014 03:28:00 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (11/05/2014 03:24:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/05/2014 06:43:36 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (11/05/2014 06:43:36 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

==================== Memory info ===========================

Processor: AMD FX™-8350 Eight-Core Processor
Percentage of memory in use: 31%
Total physical RAM: 16348.63 MB
Available physical RAM: 11143.65 MB
Total Pagefile: 32695.43 MB
Available Pagefile: 26082.42 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:136.32 GB) NTFS
Drive d: (VSE600ENU1) (CDROM) (Total:0.6 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 269EA559)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:41 PM

Posted 07 November 2014 - 04:34 AM

Hi,

 

 

STEP 1

 

 

Please download the following file => [attachment=157481:fixlist.txt] and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

 

STEP 2

 

 

Make sure you export your passwords and bookmarks first so you still know how to login to sites.

 

Please download and install Revo Uninstaller 1.95.
Then please run Revo Uninstaller and select Google Chrome
Please click Uninstall icon to uninstall the selected program.
Please choose Advanced.
Then click Next and follow the prompts.
Please click Select All and Delete to delete all registry items, folders and files listed by Revo.
If asked to restart the computer, please do so.

Install the latest stable version from the link below:

Google Chrome 38.0.2125.111 and let me know if the program installed successfully.
 

 

 

STEP 3

 

 

  • Please download RKill by Grinler from the link below and save it to your desktop.
    Rkill
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log.
  • Please post the log in your next reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#5 sawmilldon

sawmilldon
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 07 November 2014 - 09:18 AM

OK. Here is the fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-11-2014
Ran by Ray at 2014-11-07 05:41:44 Run:1
Running from C:\Users\Ray\Desktop
Loaded Profile: Ray (Available profiles: Ray)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
Winlogon\Notify\ivijios-x32: C:\Users\Ray\AppData\Local\ivijios.dll [X]
HKU\S-1-5-21-1286021325-494678185-1062438247-1000\...\Run: [UiluZvulz] => regsvr32.exe "C:\ProgramData\UiluZvulz\UiluZvulz.dat"
C:\ProgramData\UiluZvulz
HKU\S-1-5-21-1286021325-494678185-1062438247-1000\...\Run: [AowgaFakfo] => regsvr32.exe "C:\ProgramData\AowgaFakfo\AowgaFakfo.dat"
C:\ProgramData\AowgaFakfo
HKU\S-1-5-21-1286021325-494678185-1062438247-1000\...\Run: [ivijios] => rundll32 "C:\Users\Ray\AppData\Local\ivijios.dll",ivijios <===== ATTENTION
C:\Users\Ray\AppData\Local\ivijios.dll
HKU\S-1-5-21-1286021325-494678185-1062438247-1000\...\Run: [Svc2dll] => C:\Users\Ray\AppData\Local\svcxdcl32.exe
C:\Users\Ray\AppData\Local\svcxdcl32.exe
HKU\S-1-5-21-1286021325-494678185-1062438247-1000\...\Run: [AaneBudv] => regsvr32.exe "C:\ProgramData\AaneBudv\AaneBudv.dat"
C:\ProgramData\AaneBudv
HKU\S-1-5-21-1286021325-494678185-1062438247-1000\...\Run: [RedotGoran] => regsvr32.exe "C:\ProgramData\RedotGoran\RedotGoran.dat"
C:\ProgramData\RedotGoran
HKU\S-1-5-21-1286021325-494678185-1062438247-1000\...\Policies\Explorer: [Run] "C:\Users\Ray\AppData\Roaming\Microsoft\Windows\IEUpdate\bthudtask.exe"
C:\Users\Ray\AppData\Roaming\Microsoft\Windows\IEUpdate
HKU\S-1-5-21-1286021325-494678185-1062438247-1000\...\MountPoints2: {171c5eca-6d96-11e3-9bac-806e6f6e6963} - D:\SETUP.EXE /AUTORUN
HKU\S-1-5-21-1286021325-494678185-1062438247-1000\...\MountPoints2: {7a2c3523-6e16-11e3-b014-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-21-1286021325-494678185-1062438247-1000\...\Command Processor: "C:\Users\Ray\AppData\Roaming\Microsoft\Windows\IEUpdate\bthudtask.exe" <===== ATTENTION!
HKU\S-1-5-21-1286021325-494678185-1062438247-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bthudtask.lnk
C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\waitfor.lnk
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchandfly.info/?l=1&q={searchTerms}&pid=2825&r=2014/09/23&hid=15965513917053180542&lg=EN&cc=US&unqvl=62
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF HKLM-x32\...\Firefox\Extensions: [ext@browsesafely.com] - C:\Program Files (x86)\AmiExt\BrowseSafely\ff
C:\Program Files (x86)\AmiExt
FF Extension: No Name - C:\Program Files (x86)\AmiExt\BrowseSafely\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\AmiExt\BrowseSafely\ff [Not Found]
CHR Extension: (GoSavee) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\dinoeigdopipmmdfefpemlhihdbpgcpd [2014-09-23]
CHR Extension: (NexatCoup) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhmggibegkeifnlhgfhfbnpjphcadnj [2014-09-23]
Reg: reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\WinHttpAutoProxySvc" /s
File: C:\Windows\System32\mscoree.dll
File: C:\Windows\System32\winhttp.dll
2014-10-27 07:57 - 2014-10-27 07:57 - 00000000 __SHD () C:\found.002
2014-10-20 14:47 - 2014-11-06 17:19 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-10-18 20:27 - 2014-09-28 15:45 - 00000000 ____D () C:\Program Files (x86)\Webbbiing
2014-10-18 20:27 - 2014-09-23 11:20 - 00000000 ____D () C:\ProgramData\ecd25969a87f71dd
Task: {42AF72B7-603E-418C-8FC1-F20EFDBE1823} - System32\Tasks\Rocket Updater => C:\Users\Ray\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {7718F730-DBF9-414F-A884-89A692B2CF3D} - \bench-Updater removing No Task File <==== ATTENTION
Task: {82142B6F-7DE2-4A2C-A43D-7E8312DC2624} - \bench-sys No Task File <==== ATTENTION
Task: {FEA3B8EC-5AEF-4E80-BF45-A859A266A224} - System32\Tasks\{450B490E-209C-EAB7-940E-DFBCE525FE21} => C:\Windows\system32\hmpfs.dll [2014-07-25] ()
Task: C:\Windows\Tasks\Rocket Updater.job => C:\Users\Ray\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Users\Ray\AppData\Roaming\ROCKET~1
C:\Windows\system32\hmpfs.dll
emptytemp:
end
*****************

Processes closed successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ivijios" => Key deleted successfully.
HKU\S-1-5-21-1286021325-494678185-1062438247-1000\Software\Microsoft\Windows\CurrentVersion\Run\\UiluZvulz => value deleted successfully.
C:\ProgramData\UiluZvulz => Moved successfully.
HKU\S-1-5-21-1286021325-494678185-1062438247-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AowgaFakfo => value deleted successfully.
C:\ProgramData\AowgaFakfo => Moved successfully.
HKU\S-1-5-21-1286021325-494678185-1062438247-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ivijios => value deleted successfully.
"C:\Users\Ray\AppData\Local\ivijios.dll" => File/Directory not found.
HKU\S-1-5-21-1286021325-494678185-1062438247-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Svc2dll => value deleted successfully.
"C:\Users\Ray\AppData\Local\svcxdcl32.exe" => File/Directory not found.
HKU\S-1-5-21-1286021325-494678185-1062438247-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AaneBudv => value deleted successfully.
C:\ProgramData\AaneBudv => Moved successfully.
HKU\S-1-5-21-1286021325-494678185-1062438247-1000\Software\Microsoft\Windows\CurrentVersion\Run\\RedotGoran => value deleted successfully.
C:\ProgramData\RedotGoran => Moved successfully.
HKU\S-1-5-21-1286021325-494678185-1062438247-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\Run => value deleted successfully.
C:\Users\Ray\AppData\Roaming\Microsoft\Windows\IEUpdate => Moved successfully.
"HKU\S-1-5-21-1286021325-494678185-1062438247-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{171c5eca-6d96-11e3-9bac-806e6f6e6963}" => Key deleted successfully.
"HKCR\CLSID\{171c5eca-6d96-11e3-9bac-806e6f6e6963}" => Key not found.
"HKU\S-1-5-21-1286021325-494678185-1062438247-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a2c3523-6e16-11e3-b014-806e6f6e6963}" => Key deleted successfully.
"HKCR\CLSID\{7a2c3523-6e16-11e3-b014-806e6f6e6963}" => Key not found.
HKU\S-1-5-21-1286021325-494678185-1062438247-1000\Software\Microsoft\Command Processor\\AutoRun => value deleted successfully.
"HKU\S-1-5-21-1286021325-494678185-1062438247-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-1286021325-494678185-1062438247-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bthudtask.lnk => Moved successfully.
C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\waitfor.lnk => Moved successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key deleted successfully.
"HKCR\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\ext@browsesafely.com => value deleted successfully.
C:\Program Files (x86)\AmiExt => Moved successfully.
C:\Program Files (x86)\AmiExt\BrowseSafely\ff not found.
C:\Program Files (x86)\AmiExt\BrowseSafely\ff not found.
C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\dinoeigdopipmmdfefpemlhihdbpgcpd => Moved successfully.
C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhmggibegkeifnlhgfhfbnpjphcadnj => Moved successfully.

========= reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\WinHttpAutoProxySvc" /s =========

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\WinHttpAutoProxySvc
    EventMessageFile    REG_EXPAND_SZ    winhttp.dll
    ProviderGuid    REG_SZ    {7D44233D-3055-4B9C-BA64-0D47CA40A232}
    TypesSupported    REG_DWORD    0x7

 

========= End of Reg: =========

========================= File: C:\Windows\System32\mscoree.dll ========================

MD5: A08C010D859F8EB42BDD7E1D55B8CA27
Creation and modification date: 2010-11-20 19:23 - 2010-11-20 19:23
Size: 0444752
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: mscoree.dll
Original Name: mscoree.dll
Product Name: Microsoft® .NET Framework
Description: Microsoft .NET Runtime Execution Engine
File Version: 4.0.40305.0 (Main.040305-0000)
Product Version: 4.0.40305.0
Copyright: © Microsoft Corporation.  All rights reserved.

====== End Of File: ======

========================= File: C:\Windows\System32\winhttp.dll ========================

MD5: 58F4493BF748A3A89689997B7BD00E95
Creation and modification date: 2010-11-20 19:23 - 2010-11-20 19:23
Size: 0444416
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: winhttp.dll
Original Name: winhttp.dll.mui
Product Name: Microsoft® Windows® Operating System
Description: Windows HTTP Services
File Version: 6.1.7600.16385 (win7_rtm.090713-1255)
Product Version: 6.1.7600.16385
Copyright: © Microsoft Corporation. All rights reserved.

====== End Of File: ======

C:\found.002 => Moved successfully.

"C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}" directory move:

Could not move "C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\8afc49b02429a" => Scheduled to move on reboot.
Could not move "C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\dbghelp.dll" => Scheduled to move on reboot.
C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\gcsuiseg.tmp => Moved successfully.
C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\meagui.tmp => Moved successfully.
C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\mi.tmp => Moved successfully.
C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\om.tmp => Moved successfully.
Could not move "C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\yceqey.tmp" => Scheduled to move on reboot.
Could not move "C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}" directory. => Scheduled to move on reboot.

C:\Program Files (x86)\Webbbiing => Moved successfully.
C:\ProgramData\ecd25969a87f71dd => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{42AF72B7-603E-418C-8FC1-F20EFDBE1823}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42AF72B7-603E-418C-8FC1-F20EFDBE1823}" => Key deleted successfully.
C:\Windows\System32\Tasks\Rocket Updater => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Rocket Updater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7718F730-DBF9-414F-A884-89A692B2CF3D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7718F730-DBF9-414F-A884-89A692B2CF3D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bench-Updater removing" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{82142B6F-7DE2-4A2C-A43D-7E8312DC2624}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82142B6F-7DE2-4A2C-A43D-7E8312DC2624}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bench-sys" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FEA3B8EC-5AEF-4E80-BF45-A859A266A224}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FEA3B8EC-5AEF-4E80-BF45-A859A266A224}" => Key deleted successfully.
C:\Windows\System32\Tasks\{450B490E-209C-EAB7-940E-DFBCE525FE21} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{450B490E-209C-EAB7-940E-DFBCE525FE21}" => Key deleted successfully.
C:\Windows\Tasks\Rocket Updater.job => Moved successfully.
C:\Users\Ray\AppData\Roaming\ROCKET~1 => Moved successfully.
C:\Windows\system32\hmpfs.dll => Moved successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-11-07 06:13:18)<=

==> ATTENTION: System is not rebooted.
"C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\8afc49b02429a" => File could not move.
"C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\dbghelp.dll" => File could not move.
"C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\yceqey.tmp" => File could not move.
"C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}" => Directory could not move.

==== End of Fixlog ====

 

Google Chrome is not installed at this time on this machine, so I stopped at this point.



#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:41 PM

Posted 07 November 2014 - 12:43 PM

That;s odd. You probably didn't remove the profile when you uninstalled Google Chrome? (also delete your browsing data)

 

av1yGzh.jpg

 

since I noticed that Google Chrome profile is still on your computer regarding the FRST log file:

 

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-25]
CHR Extension: (Google Drive) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (YouTube) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-25]
CHR Extension: (Google Search) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-25]
CHR Extension: (GoSavee) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\dinoeigdopipmmdfefpemlhihdbpgcpd [2014-09-23]
CHR Extension: (NexatCoup) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhmggibegkeifnlhgfhfbnpjphcadnj [2014-09-23]
CHR Extension: (Webbbiing) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijpgphjjpkgcdbgbgidpdmjjgdflhcjf [2014-09-28]
CHR Extension: (Google Wallet) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-25]
CHR Extension: (Gmail) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-25]

 

Anyway we will delete it at a later stage. Please post the log from Rkill in your next reply.

Thanks!

 

 

Regards,

Georgi


cXfZ4wS.png


#7 sawmilldon

sawmilldon
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 08 November 2014 - 01:53 PM

OK. Here is the Rkill text file

 

Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/08/2014 10:52:05 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001



#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:41 PM

Posted 08 November 2014 - 02:16 PM

Hi,

 

 

The log is incomplete. Can you please post the full log please? if needed rerun Rkill and then post the new log.

 

Thanks!

 

 

Regards,

Georgi


cXfZ4wS.png


#9 sawmilldon

sawmilldon
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 08 November 2014 - 04:18 PM

RKill does not complete the scan. Left it over night even.  

Shall I start over by scanning with Farbar tool?

 

None of the steps seemed to have gone well except the first one.



#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:41 PM

Posted 08 November 2014 - 04:30 PM

Hi,

 

Yes, please rerun FRST (make sure that Addition.txt is checked before you press the Scan button) and then post the logs in your next reply.

 

Also please run the following tool instead of Rkill:

 

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure that all options are checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

Regards,

Georgi


cXfZ4wS.png


#11 sawmilldon

sawmilldon
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 08 November 2014 - 08:54 PM

OK, here goes. Farbar scan and Farbar Service scanner with everything checked.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-11-2014 01
Ran by Ray (administrator) on GUARDIAN-PC on 08-11-2014 17:46:43
Running from C:\Users\Ray\Desktop
Loaded Profile: Ray (Available profiles: Ray)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
() C:\Program Files\BullGuard Ltd\BullGuard\BgWsc.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\Files32\Spamfilter\LittleHook.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Farbar) C:\Users\Ray\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NP1PKP1X\FSS.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [MouseDriver] => TiltWheelMouse.exe
HKLM\...\Run: [BullGuard] => C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe [1337680 2014-10-29] (BullGuard Ltd.)
HKLM\...\Run: [BullGuardUpdate2] => c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe [2933072 2014-10-29] (BullGuard Ltd.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-1286021325-494678185-1062438247-1000\...\Run: [AaneBudv] => regsvr32.exe "C:\ProgramData\AaneBudv\AaneBudv.dat"
HKU\S-1-5-21-1286021325-494678185-1062438247-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-1286021325-494678185-1062438247-1000\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-18\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 0
ShellIconOverlayIdentifiers: [BackupOverlayErr] -> {8749448C-D907-45BF-A842-4D3898894AC8} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlayInProgress] -> {3FFBF330-7839-476B-BE14-2C8597CE11B6} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlaySynced] -> {C62CF4DB-48CB-4B03-BFD0-30A29125FA49} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll (BullGuard Ltd.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x55CA7523A301CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKCU - DefaultScope {744F0168-32EC-40ED-AB88-4DA72664A9CE} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=242154&p={searchTerms}
SearchScopes: HKCU - {744F0168-32EC-40ED-AB88-4DA72664A9CE} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=242154&p={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{B22DE897-BC1F-4427-9406-74D830FEBE98}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{DFF91873-5F5A-4F44-8CE6-8D4312BBE5B7}: [NameServer] 8.8.8.8,8.8.8.8

FireFox:
========
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ray\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [antiphishing@bullguard] - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard
FF Extension: BullGuard Safe Browsing - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard [2014-10-25]
FF Extension: No Name - C:\Program Files (x86)\AmiExt\BrowseSafely\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\AmiExt\BrowseSafely\ff [Not Found]

Chrome:
=======
CHR Profile: C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-07]
CHR Extension: (Google Drive) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-07]
CHR Extension: (Google Search) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-07]
CHR Extension: (Gmail) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-07]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-04-24] () [File not signed]
R2 BsBackup; C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll [751952 2014-10-29] (BullGuard Ltd.)
R2 BsBhvScan; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [591184 2014-10-29] (BullGuard Ltd.)
R2 BsCache; C:\Program Files\BullGuard Ltd\BullGuard\BsCache.dll [156496 2014-10-29] (BullGuard Ltd.)
R2 BsFileScan; c:\program files\bullguard ltd\bullguard\BsFileScan.dll [421200 2014-10-29] (BullGuard Ltd.)
R2 BsFire; c:\program files\bullguard ltd\bullguard\BsFire.dll [758608 2014-10-29] (BullGuard Ltd.)
R2 BsMailProxy; c:\program files\bullguard ltd\bullguard\BsMailProxy\BsMailProxy.dll [757584 2014-10-29] (BullGuard Ltd.)
R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [538960 2014-10-29] (BullGuard Ltd.)
R2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [280912 2014-10-29] (BullGuard Ltd.)
R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [384848 2014-10-29] (BullGuard Ltd.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-04] (Electronic Arts)
S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-08-02] ()
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-11-04] ()
S2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-02] (VIA Technologies, Inc.)
S3 WinHttpAutoProxySvc; winhttp.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AFW; C:\Windows\System32\DRIVERS\afw.sys [41680 2014-09-04] (Agnitum Ltd.)
R3 afwcore; C:\Windows\System32\DRIVERS\afwcore.sys [469712 2014-09-04] (Agnitum Ltd.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
R1 BdAgent; C:\Windows\System32\DRIVERS\BdAgent.sys [117184 2014-05-15] (BullGuard Ltd.)
R3 BdNet; C:\Windows\System32\DRIVERS\BdNet.sys [34896 2014-03-19] (BullGuard Ltd.)
R1 BdSpy; C:\Windows\System32\drivers\BdSpy.sys [67680 2014-02-26] (BullGuard Ltd.)
R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 kinonivd; C:\Windows\System32\DRIVERS\kinonivd.sys [2782848 2013-02-26] (Windows ® Win 7 DDK provider)
S3 KINONI_Wave; C:\Windows\System32\drivers\kinonivad.sys [23040 2013-02-26] (Windows ® Win 7 DDK provider)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-25] (Malwarebytes Corporation)
R1 NovaShieldFilterDriver; C:\Windows\System32\DRIVERS\NSKernel.sys [321112 2014-10-29] (BullGuard Ltd.)
R1 NovaShieldTDIDriver; C:\Windows\System32\DRIVERS\NSNetmon.sys [27544 2014-10-29] (BullGuard Ltd.)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [350160 2014-02-26] (BitDefender S.R.L.)
R3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [231112 2013-01-02] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [301256 2013-01-02] (VIA Technologies, Inc.)
S3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
S3 cpuz136; \??\C:\Users\Ray\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Corsair\Corsair Link\CorsairLink.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\System32\DRIVERS\afw.sys E82F6B4E8CDB1927824A4BFBC039E2E4
C:\Windows\System32\DRIVERS\afwcore.sys E850EA699AA1D976BAD3EA54D020B98C
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys FBB35875FEFE53D4280259842069ED72
C:\Windows\System32\DRIVERS\atikmpag.sys A32BCAD9377E3B75D034CAFBA463A0AE
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\DRIVERS\amd_sata.sys EE4797DFEBBE8ACDB548DD8E80BE0A88
C:\Windows\System32\DRIVERS\amd_xata.sys D56EAD71A86FD2ACAE2DB47D0A6A3A41
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys C3D487827E48CC5EC17994FEC5BDFF87
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys C3D487827E48CC5EC17994FEC5BDFF87
C:\Windows\system32\drivers\appid.sys 80B9412C4DE09147581FC935FB4C97AB
C:\Windows\System32\DRIVERS\AppleCharger.sys CC19A6452BA688EA32D14D8DBEC190F4
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\AtihdW76.sys 770A3B0D78232B0C1054495392A1FBA3
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BdAgent.sys 8227E7E1F24A92C81501E4B4E1C933E4
C:\Windows\System32\DRIVERS\BdNet.sys 1126E76963E61BC5958E17D0549C67A6
C:\Windows\System32\drivers\BdSpy.sys 6D9CF97F3E088AFB29490EB96136235D
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CLVirtualDrive.sys 075CCE75090786F124573A788C8656E6
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\System32\DRIVERS\hamachi.sys 1E6438D4EA6E1174A3B3B1EDC4DE660B
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kinonivd.sys EE78E9D7A71AA3F54619B34120EBEEDE
C:\Windows\System32\drivers\kinonivad.sys F40C32737D8BD3B2EBF3E27325520B16
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5AB
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lvrs64.sys A401CFF74982D8DF851F20307C806073
C:\Windows\System32\DRIVERS\lvuvc64.sys 13384CB5F5813E65F31078D6ABFAAF38
C:\Windows\system32\drivers\MBAMSwissArmy.sys 26C43960C99EE861A5D0EDC4DCF3B1C3
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NSKernel.sys D6E8A06A0ABB3612EAA766B7BEBC5AC8
C:\Windows\System32\DRIVERS\NSNetmon.sys E3C1998D8AE1EA5DC1AC3160B77F70CE
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys 946010CDFA91469351B22E2620CEBCD8
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys 9140DB0911DE035FED0A9A77A2D156EA
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Trufos.sys B66EE1D68197DFB9AA24F961E68ACDCC
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\t_mouse.sys A070ABB9D85582B2BECADBE6FCD12350
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbfilter.sys 5AE9C87A1ED4B243942B3FDDD902134B
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\viahduaa.sys 3CCC0D9607419AC28B4216C18F6FA5E9
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\VirtDiskBus64.sys FF7C6E015AA32FC6BE0AEF582B802332
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ViaHub3.sys A138BA7B5EB4FDA2346FD688C1332A32
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\xhcdrv.sys E541EE779B0861BFA36B4EFCE1A30486
C:\Windows\System32\drivers\xspltspk.sys 377F3E3467A8BFA3CDC921AD6425D513
C:\Windows\System32\DRIVERS\xusb21.sys 2C6BC21B2D5B58D8B1D638C1704CB494

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-08 17:46 - 2014-11-08 17:47 - 00032616 _____ () C:\Users\Ray\Desktop\FRST.txt
2014-11-08 10:51 - 2014-11-08 10:52 - 00001666 _____ () C:\Users\Ray\Desktop\Rkill.txt
2014-11-08 10:42 - 2014-11-08 10:42 - 00000000 ____D () C:\Users\Ray\Desktop\FRST-OlderVersion
2014-11-08 10:42 - 2014-11-08 10:42 - 00000000 ____D () C:\ProgramData\AaneBudv
2014-11-08 07:34 - 2014-11-08 07:34 - 00000512 _____ () C:\Windows\system32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
2014-11-07 22:30 - 2014-11-08 07:32 - 00000112 _____ () C:\Windows\setupact.log
2014-11-07 22:30 - 2014-11-07 22:30 - 00001148 _____ () C:\Windows\PFRO.log
2014-11-07 22:30 - 2014-11-07 22:30 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-07 22:28 - 2014-11-07 22:28 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Ray\Desktop\rkill64-4123.exe
2014-11-07 22:27 - 2014-11-07 22:27 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Ray\Desktop\rkill.exe
2014-11-07 22:27 - 2014-11-07 22:27 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Ray\Desktop\rkill64.exe
2014-11-07 22:21 - 2014-11-07 22:21 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-07 22:21 - 2014-11-07 22:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-07 22:20 - 2014-11-08 17:31 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-07 22:20 - 2014-11-08 07:32 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-07 22:20 - 2014-11-07 22:26 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-07 22:20 - 2014-11-07 22:26 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-07 06:14 - 2014-11-07 22:15 - 00001264 _____ () C:\Users\Ray\Desktop\Revo Uninstaller.lnk
2014-11-07 06:14 - 2014-11-07 22:15 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-11-07 05:41 - 2014-11-07 05:41 - 00008990 _____ () C:\Users\Ray\Desktop\fixlist.txt
2014-11-06 18:53 - 2014-11-08 17:46 - 00000000 ____D () C:\FRST
2014-11-06 18:53 - 2014-11-08 10:42 - 02115584 _____ (Farbar) C:\Users\Ray\Desktop\FRST64.exe
2014-11-05 06:37 - 2014-11-05 06:37 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-11-05 06:37 - 2014-11-05 06:37 - 00000054 _____ () C:\Windows\SysWOW64\
2014-11-04 20:14 - 2014-11-04 20:18 - 230543978 _____ () C:\Users\Ray\Desktop\itswaw.mp4
2014-11-04 19:49 - 2014-11-04 19:49 - 00281872 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-11-04 19:49 - 2014-11-04 19:49 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-10-29 06:48 - 2014-10-29 06:48 - 00153712 _____ (BullGuard Ltd.) C:\Windows\system32\BgGamingMonitor.dll
2014-10-29 06:48 - 2014-10-29 06:48 - 00140280 _____ (BullGuard Ltd.) C:\Windows\SysWOW64\BgGamingMonitor.dll
2014-10-29 06:48 - 2014-10-29 06:48 - 00076624 _____ (BullGuard Ltd.) C:\Windows\system32\BGLsp.dll
2014-10-29 06:48 - 2014-10-29 06:48 - 00064336 _____ (BullGuard Ltd.) C:\Windows\SysWOW64\BGLsp.dll
2014-10-25 20:13 - 2014-11-08 07:33 - 00000312 _____ () C:\Windows\system32\config\afw_hm.conf
2014-10-25 20:13 - 2014-11-08 07:33 - 00000004 _____ () C:\Windows\system32\config\afw_db.conf
2014-10-25 15:17 - 2014-10-25 15:17 - 00000164 _____ () C:\Users\Ray\Desktop\BullGuard Online Drive.lnk
2014-10-25 15:12 - 2014-10-25 15:12 - 00000990 _____ () C:\Users\Public\Desktop\BullGuard.lnk
2014-10-25 15:12 - 2014-10-25 15:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BullGuard
2014-10-25 15:09 - 2014-10-25 15:09 - 00000000 ____D () C:\Program Files\BullGuard Ltd
2014-10-25 15:03 - 2014-10-25 15:03 - 00327512 _____ () C:\Users\Ray\Downloads\BullGuardDownloader.exe
2014-10-25 14:58 - 2014-10-25 20:14 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\BullGuard
2014-10-25 14:51 - 2014-11-08 17:47 - 00000000 ____D () C:\ProgramData\BullGuard
2014-10-25 14:51 - 2014-10-25 14:51 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\QuickScan
2014-10-25 14:51 - 2014-10-25 14:51 - 00000000 ____D () C:\Program Files\Common Files\BullGuard Ltd
2014-10-25 08:10 - 2014-10-25 08:10 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-10-25 08:10 - 2014-10-25 08:10 - 00000000 _____ () C:\autoexec.bat
2014-10-25 08:09 - 2014-10-25 13:59 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-10-19 07:43 - 2014-10-19 07:43 - 00000935 _____ () C:\Users\Ray\Desktop\Open Broadcaster Software.lnk
2014-10-19 07:43 - 2014-10-19 07:43 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2014-10-19 07:42 - 2014-10-19 07:42 - 07463237 _____ () C:\Users\Ray\Downloads\OBS_0_637b_Installer.exe
2014-10-19 06:57 - 2014-10-19 06:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LoiLo Game Recorder
2014-10-19 06:57 - 2014-10-19 06:57 - 00000000 ____D () C:\Program Files\LoiLo
2014-10-18 21:19 - 2014-10-24 18:28 - 00120812 _____ () C:\Users\Ray\AppData\Local\ars.cache
2014-10-18 21:19 - 2014-10-24 18:28 - 00100776 _____ () C:\Users\Ray\AppData\Local\census.cache
2014-10-18 20:56 - 2014-10-24 18:27 - 00000010 _____ () C:\Users\Ray\AppData\Local\sponge.last.runtime.cache
2014-10-18 20:37 - 2013-09-01 23:58 - 00175528 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-10-18 20:35 - 2014-10-18 20:35 - 00000036 _____ () C:\Users\Ray\AppData\Local\housecall.guid.cache
2014-10-18 20:16 - 2014-11-08 10:49 - 00007598 _____ () C:\Users\Ray\AppData\Local\Resmon.ResmonCfg
2014-10-17 20:09 - 2014-10-17 20:09 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\MMFApplications
2014-10-15 21:58 - 2014-10-15 21:58 - 00000000 ____D () C:\Users\Ray\Documents\BioWare
2014-10-15 06:06 - 2014-10-15 06:06 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\Goofball
2014-10-14 22:04 - 2014-09-28 16:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-14 22:04 - 2014-08-18 19:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-14 22:04 - 2014-08-18 19:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-14 22:04 - 2014-08-18 19:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-14 22:04 - 2014-08-18 19:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-14 22:04 - 2014-08-18 19:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-14 22:04 - 2014-08-18 19:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-14 22:04 - 2014-08-18 19:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-14 22:04 - 2014-08-18 19:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-14 22:04 - 2014-08-18 19:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-14 22:04 - 2014-08-18 19:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-14 22:04 - 2014-08-18 18:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-14 22:04 - 2014-08-18 18:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-14 22:04 - 2014-08-18 18:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-14 22:04 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-14 22:04 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-14 22:04 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-14 22:04 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-14 22:04 - 2014-07-08 18:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-14 22:04 - 2014-07-08 17:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-14 22:04 - 2014-07-08 17:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-14 22:04 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-14 22:04 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-14 22:04 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-14 22:04 - 2014-07-08 14:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-14 22:04 - 2014-07-08 14:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-14 22:04 - 2014-07-06 18:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-14 22:04 - 2014-07-06 18:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-14 22:04 - 2014-07-06 18:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-14 22:04 - 2014-07-06 18:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-14 22:04 - 2014-07-06 18:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-14 22:04 - 2014-07-06 18:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-14 22:04 - 2014-07-06 18:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-14 22:04 - 2014-07-06 18:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-14 22:04 - 2014-07-06 18:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-14 22:04 - 2014-07-06 18:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-14 22:04 - 2014-07-06 18:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-14 22:04 - 2014-07-06 18:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-14 22:04 - 2014-07-06 18:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-14 22:04 - 2014-07-06 18:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-14 22:04 - 2014-07-06 18:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-14 22:04 - 2014-07-06 18:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-14 22:04 - 2014-07-06 18:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-14 22:04 - 2014-07-06 18:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-14 22:04 - 2014-07-06 18:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-14 22:04 - 2014-07-06 18:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-14 22:04 - 2014-07-06 18:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-14 22:04 - 2014-07-06 18:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-14 22:04 - 2014-07-06 18:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-14 22:04 - 2014-07-06 18:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-14 22:04 - 2014-07-06 18:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-14 22:04 - 2014-07-06 18:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-14 22:04 - 2014-07-06 18:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-14 22:04 - 2014-07-06 18:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-14 22:04 - 2014-07-06 18:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-14 22:04 - 2014-07-06 18:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-14 22:04 - 2014-07-06 18:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-14 22:04 - 2014-07-06 18:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-14 22:04 - 2014-07-06 17:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-14 22:04 - 2014-07-06 17:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-14 22:04 - 2014-07-06 17:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-14 22:04 - 2014-07-06 17:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-14 22:04 - 2014-07-06 17:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-14 22:04 - 2014-07-06 17:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-14 22:04 - 2014-07-06 17:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-14 22:04 - 2014-07-06 17:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-14 22:04 - 2014-07-06 17:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-14 22:04 - 2014-07-06 17:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-14 22:04 - 2014-07-06 17:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-14 22:04 - 2014-07-06 17:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-14 22:04 - 2014-07-06 17:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-14 22:04 - 2014-07-06 17:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-14 22:04 - 2014-07-06 17:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-14 22:04 - 2014-07-06 17:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-14 22:04 - 2014-07-06 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-14 22:04 - 2014-07-06 17:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-14 22:04 - 2014-07-06 17:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-14 22:04 - 2014-07-06 17:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-14 22:04 - 2014-07-06 17:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-14 22:04 - 2014-07-06 17:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-14 22:04 - 2014-07-06 17:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-14 22:04 - 2014-07-06 17:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-14 22:04 - 2014-07-06 17:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-14 22:04 - 2014-07-06 17:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-14 22:04 - 2014-07-06 17:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-14 22:04 - 2014-07-06 17:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-14 22:04 - 2014-07-06 17:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-14 22:04 - 2014-07-06 17:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-14 22:04 - 2014-06-27 16:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-14 22:04 - 2014-06-27 16:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-14 22:04 - 2014-06-27 16:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-14 22:04 - 2014-06-18 14:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-14 22:04 - 2014-06-18 14:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-14 22:04 - 2014-06-18 14:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-14 22:04 - 2014-06-18 14:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-14 22:04 - 2014-06-18 14:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-14 22:04 - 2014-06-18 14:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-14 22:03 - 2014-10-09 18:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-14 22:03 - 2014-10-09 18:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-14 22:03 - 2014-10-09 18:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-14 22:03 - 2014-10-06 18:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-14 22:03 - 2014-10-06 18:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-14 22:03 - 2014-09-25 14:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-14 22:03 - 2014-09-25 14:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-14 22:03 - 2014-09-25 14:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-14 22:03 - 2014-09-25 14:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-14 22:03 - 2014-09-25 14:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-14 22:03 - 2014-09-25 14:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-14 22:03 - 2014-09-25 14:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-14 22:03 - 2014-09-18 18:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-14 22:03 - 2014-09-18 17:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-14 22:03 - 2014-09-18 17:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-14 22:03 - 2014-09-18 17:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-14 22:03 - 2014-09-18 17:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-14 22:03 - 2014-09-18 17:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-14 22:03 - 2014-09-18 17:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-14 22:03 - 2014-09-18 17:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-14 22:03 - 2014-09-18 17:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-14 22:03 - 2014-09-18 17:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-14 22:03 - 2014-09-18 17:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-14 22:03 - 2014-09-18 17:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-14 22:03 - 2014-09-18 17:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-14 22:03 - 2014-09-18 17:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-14 22:03 - 2014-09-18 17:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-14 22:03 - 2014-09-18 17:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-14 22:03 - 2014-09-18 17:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-14 22:03 - 2014-09-18 17:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-14 22:03 - 2014-09-18 17:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-14 22:03 - 2014-09-18 17:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-14 22:03 - 2014-09-18 17:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-14 22:03 - 2014-09-18 17:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-14 22:03 - 2014-09-18 17:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-14 22:03 - 2014-09-18 17:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-14 22:03 - 2014-09-18 17:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-14 22:03 - 2014-09-18 17:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-14 22:03 - 2014-09-18 16:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-14 22:03 - 2014-09-18 16:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-14 22:03 - 2014-09-18 16:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-14 22:03 - 2014-09-18 16:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-14 22:03 - 2014-09-18 16:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-14 22:03 - 2014-09-18 16:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-14 22:03 - 2014-09-18 16:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-14 22:03 - 2014-09-18 16:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-14 22:03 - 2014-09-18 16:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-14 22:03 - 2014-09-18 16:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-14 22:03 - 2014-09-18 16:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-14 22:03 - 2014-09-18 16:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-14 22:03 - 2014-09-18 16:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-14 22:03 - 2014-09-18 16:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-14 22:03 - 2014-09-18 16:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-14 22:03 - 2014-09-18 16:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-14 22:03 - 2014-09-18 16:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-14 22:03 - 2014-09-18 15:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-14 22:03 - 2014-09-18 15:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-14 22:03 - 2014-09-18 15:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-14 22:03 - 2014-09-18 15:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-14 22:02 - 2014-09-17 18:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-14 22:02 - 2014-09-17 17:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-14 22:02 - 2014-08-28 18:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-14 22:01 - 2014-09-12 17:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-14 22:01 - 2014-09-12 17:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-14 22:01 - 2014-09-04 18:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-14 22:01 - 2014-09-04 17:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-14 22:01 - 2014-09-03 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-14 22:01 - 2014-09-03 21:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-14 22:01 - 2014-07-16 18:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-14 22:01 - 2014-07-16 18:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-14 22:01 - 2014-07-16 18:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-14 22:01 - 2014-07-16 18:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-14 22:01 - 2014-07-16 18:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-14 22:01 - 2014-07-16 18:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-14 22:01 - 2014-07-16 17:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-14 22:01 - 2014-07-16 17:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-14 22:01 - 2014-07-16 17:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-14 22:01 - 2014-07-16 17:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-14 22:01 - 2014-07-16 17:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-14 19:39 - 2014-10-14 19:39 - 00002673 _____ () C:\Users\Ray\Documents\GhostVid.wlmp
2014-10-14 18:10 - 2014-10-15 06:11 - 00000000 ____D () C:\Program Files (x86)\Goofball
2014-10-14 18:09 - 2014-10-14 18:09 - 08834748 _____ () C:\Users\Ray\Downloads\Goofball_Setup.exe
2014-10-14 15:01 - 2014-10-14 15:01 - 00002066 _____ () C:\Users\Ray\AppData\Local\recently-used.xbel
2014-10-12 11:34 - 2014-10-12 11:34 - 00000404 _____ () C:\Users\Ray\Desktop\Account
2014-10-10 19:43 - 2014-10-10 19:43 - 00000000 ____D () C:\Users\Ray\AppData\Local\PopCap Games

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-08 17:24 - 2013-12-26 02:17 - 01363559 _____ () C:\Windows\WindowsUpdate.log
2014-11-08 16:32 - 2014-08-19 16:30 - 00000511 _____ () C:\Users\Ray\Desktop\Xmas List.txt
2014-11-08 12:14 - 2013-12-26 09:35 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-08 08:45 - 2013-12-25 13:28 - 00000000 ____D () C:\ProgramData\Origin
2014-11-08 08:44 - 2013-12-25 13:28 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-11-08 07:42 - 2009-07-13 20:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-08 07:42 - 2009-07-13 20:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-08 07:37 - 2013-12-26 16:48 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\.minecraft
2014-11-08 07:37 - 2009-07-13 21:13 - 00006214 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-08 07:35 - 2013-12-26 08:19 - 00000000 ____D () C:\Users\Ray\AppData\Local\CrashDumps
2014-11-08 07:32 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-07 22:31 - 2014-09-23 11:20 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-11-07 22:26 - 2014-05-25 21:33 - 00000000 ____D () C:\Users\Ray\AppData\Local\Google
2014-11-07 22:21 - 2014-05-25 21:33 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-07 05:42 - 2009-07-13 19:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-11-04 20:14 - 2014-08-15 19:33 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\HandBrake
2014-11-04 20:07 - 2014-07-07 13:35 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\OBS
2014-11-04 19:49 - 2013-12-30 19:35 - 00281872 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-11-04 18:18 - 2013-12-25 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-11-01 19:50 - 2014-05-08 20:08 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\2K Sports
2014-11-01 12:13 - 2014-08-15 19:33 - 00000000 ____D () C:\Program Files\Handbrake
2014-11-01 11:42 - 2014-04-23 08:06 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\Audacity
2014-10-31 08:37 - 2014-02-16 01:02 - 00000000 ____D () C:\Windows\Minidump
2014-10-31 08:37 - 2013-12-26 02:11 - 00000000 ____D () C:\Windows\Panther
2014-10-31 05:50 - 2013-12-26 12:47 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-29 17:22 - 2014-06-20 11:01 - 00000000 ___RD () C:\Users\Ray\Desktop\Stuff
2014-10-29 06:48 - 2014-09-24 00:01 - 00321112 _____ (BullGuard Ltd.) C:\Windows\system32\Drivers\NSKernel.sys
2014-10-29 06:48 - 2014-09-24 00:01 - 00027544 _____ (BullGuard Ltd.) C:\Windows\system32\Drivers\NSNetmon.sys
2014-10-27 05:30 - 2014-06-27 17:04 - 00000000 ____D () C:\Program Files (x86)\WarThunder
2014-10-26 12:34 - 2014-09-13 08:32 - 00000000 ____D () C:\Users\Ray\Documents\TotallyUnnamedProject
2014-10-26 12:33 - 2014-08-20 13:04 - 00000000 ____D () C:\ProgramData\Unity
2014-10-25 20:15 - 2014-07-21 14:35 - 00000000 ____D () C:\Users\Ray\AppData\Local\Ihwsoft
2014-10-25 15:03 - 2014-09-23 11:20 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-10-25 15:03 - 2014-09-23 11:20 - 00000000 ____D () C:\Users\Guest
2014-10-25 15:03 - 2014-09-23 11:20 - 00000000 ____D () C:\Users\Administrator
2014-10-25 14:10 - 2014-03-27 08:41 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-25 14:06 - 2014-03-27 08:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-25 14:06 - 2014-03-27 08:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-24 17:51 - 2013-12-25 13:35 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-10-24 17:51 - 2009-07-13 21:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-24 17:41 - 2014-08-10 20:35 - 00000000 ____D () C:\Program Files (x86)\RivaTuner Statistics Server
2014-10-24 17:38 - 2014-08-09 12:18 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\Dev-Cpp
2014-10-24 17:38 - 2014-08-09 12:18 - 00000000 ____D () C:\Dev-Cpp
2014-10-24 17:37 - 2014-08-31 12:46 - 00000000 ____D () C:\Program Files\Blender Foundation
2014-10-24 17:31 - 2014-04-09 17:23 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\Dropbox
2014-10-19 10:34 - 2014-09-28 15:45 - 00000000 ____D () C:\ProgramData\Webbbiing
2014-10-19 07:43 - 2014-07-07 13:35 - 00000000 ____D () C:\Program Files\OBS
2014-10-19 07:43 - 2014-07-07 13:35 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-10-18 20:31 - 2014-04-02 07:05 - 00000000 ____D () C:\Users\Ray\AppData\Local\LogMeIn Hamachi
2014-10-18 20:26 - 2014-09-27 12:39 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\swiffout
2014-10-15 15:48 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-10-15 06:12 - 2009-07-13 20:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-15 04:39 - 2009-07-13 20:45 - 00268392 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 04:37 - 2014-05-07 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-15 04:37 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-15 04:37 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-15 02:03 - 2013-12-25 11:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 02:00 - 2013-12-25 11:23 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-14 19:32 - 2014-04-18 05:52 - 00000000 ____D () C:\Users\Ray\AppData\Local\Windows Live
2014-10-14 15:38 - 2014-09-23 11:20 - 00000000 ____D () C:\ProgramData\Trusted Publisher
2014-10-14 15:38 - 2014-08-29 19:50 - 00000000 ____D () C:\Windows\PCHEALTH
2014-10-14 15:07 - 2014-09-01 12:33 - 00000000 ____D () C:\Users\Ray\.gimp-2.8
2014-10-14 15:01 - 2014-09-23 15:41 - 00000000 ____D () C:\Users\Ray\AppData\Local\gtk-2.0
2014-10-12 11:31 - 2014-02-16 06:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Horizon
2014-10-11 10:38 - 2014-07-18 08:14 - 00000000 ____D () C:\Users\Ray\Documents\FIFA World
2014-10-10 19:04 - 2014-09-21 17:03 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\Skype

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {9a0dc1e6-6e14-11e3-8ea6-c1df8dfe9e8f}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {9a0dc1e8-6e14-11e3-8ea6-c1df8dfe9e8f}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {9a0dc1e6-6e14-11e3-8ea6-c1df8dfe9e8f}
nx                      OptIn
bootlog                 No

Windows Boot Loader
-------------------
identifier              {9a0dc1e8-6e14-11e3-8ea6-c1df8dfe9e8f}
device                  ramdisk=[C:]\Recovery\9a0dc1e8-6e14-11e3-8ea6-c1df8dfe9e8f\Winre.wim,{9a0dc1e9-6e14-11e3-8ea6-c1df8dfe9e8f}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\9a0dc1e8-6e14-11e3-8ea6-c1df8dfe9e8f\Winre.wim,{9a0dc1e9-6e14-11e3-8ea6-c1df8dfe9e8f}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {9a0dc1e6-6e14-11e3-8ea6-c1df8dfe9e8f}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {9a0dc1e9-6e14-11e3-8ea6-c1df8dfe9e8f}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\9a0dc1e8-6e14-11e3-8ea6-c1df8dfe9e8f\boot.sdi

 

LastRegBack: 2014-11-06 18:00

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-11-2014 01
Ran by Ray at 2014-11-08 17:47:19
Running from C:\Users\Ray\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Disabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Disabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3TB+Unlock B12.1102.1 (HKLM-x32\...\{17630FD1-B14A-4CA5-A627-B6B5F7DD41CF}) (Version: 1.00.0001 - GIGABYTE)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Ace of Spades (HKLM-x32\...\Steam App 224540) (Version:  - Jagex Limited)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Alien Swarm - SDK (HKLM-x32\...\Steam App 640) (Version:  - Valve)
Alien Swarm (HKLM-x32\...\Steam App 630) (Version:  - Valve)
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
APB Reloaded (HKLM-x32\...\APB Reloaded) (Version: 1.4.0.570667 - )
APB Reloaded (HKLM-x32\...\Steam App 113400) (Version:  - Reloaded Productions)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Arma 2 (HKLM-x32\...\Steam App 33910) (Version:  - Bohemia Interactive)
Arma 2: DayZ Mod (HKLM-x32\...\Steam App 224580) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead - Dedicated Server (HKLM-x32\...\Steam App 33935) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version:  - Bohemia Interactive)
Arma: Cold War Assault (HKLM-x32\...\Steam App 65790) (Version:  - Bohemia Interactive)
Assassin's Creed IV Black Flag (HKLM-x32\...\Steam App 242050) (Version:  - Ubisoft Montreal)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Bandizip (HKLM\...\Bandizip) (Version: 5.0 - Bandisoft.com)
Battlefield 1942™ (HKLM-x32\...\{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}) (Version: 1.6.20.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.3.2.15221 - Electronic Arts)
Battlefield: Bad Company 2 (HKLM-x32\...\Steam App 24960) (Version:  - DICE)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
BullGuard Internet Security (HKLM\...\BullGuard) (Version: 14.1 - BullGuard Ltd.)
Call of Duty: Ghosts - Multiplayer (HKLM-x32\...\Steam App 209170) (Version:  - Infinity Ward)
Call of Duty: Ghosts (HKLM-x32\...\Steam App 209160) (Version:  - Infinity Ward)
Call of Duty: World at War (HKLM-x32\...\Steam App 10090) (Version:  - Treyarch)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.2014 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Dead Space™ (HKLM-x32\...\{9789E33B-317A-44B2-AF9A-FF8708AD93E0}) (Version: 1.0.0.222 - Electronic Arts)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05.0.0 - Electronic Arts)
EA Sports™ FIFA World (HKLM-x32\...\{8F9AC744-EEF6-43DB-A4B6-FA1A18F1C640}) (Version: 7.1.0.50515 - Electronic Arts, Inc.)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Fallout 3 - Game of the Year Edition (HKLM-x32\...\Steam App 22370) (Version:  - Bethesda Game Studios)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Far Cry 2 (HKLM-x32\...\Steam App 19900) (Version:  - Ubisoft Montreal)
Far Cry 3 Blood Dragon (HKLM-x32\...\{A071F478-73E0-4143-AE55-4DD6BABD74F5}) (Version: 1.02 - Ubisoft)
Five Nights at Freddy's (HKLM-x32\...\Steam App 319510) (Version:  - Scott Cawthon)
GamersFirst LIVE! (HKCU\...\GamersFirst LIVE!) (Version:  - GamersFirst)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version:  - Coffee Stain Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)
Half-Life (HKLM-x32\...\Steam App 70) (Version:  - Valve)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Deathmatch (HKLM-x32\...\Steam App 320) (Version:  - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version:  - Valve)
Half-Life Deathmatch: Source (HKLM-x32\...\Steam App 360) (Version:  - Valve)
Half-Life SDK (HKLM-x32\...\Steam App 254430) (Version:  - )
Half-Life: Blue Shift (HKLM-x32\...\Steam App 130) (Version:  - Gearbox Software)
Half-Life: Opposing Force (HKLM-x32\...\Steam App 50) (Version:  - Gearbox Software)
Half-Life: Source (HKLM-x32\...\Steam App 280) (Version:  - Valve)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
Horizon v2.8.1.1 (HKLM-x32\...\d4cfeebc-b821-40b7-9f81-d366b1466f03_is1) (Version: 2.8.1.1 - Daring Development Inc.)
Infestation: Survivor Stories (HKLM-x32\...\Steam App 226700) (Version:  - Hammerpoint Interactive)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.650 - Oracle)
Java™ 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417000F0}) (Version: 7.0.0 - Oracle)
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche)
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version:  - JC2-MP Team)
Killing Floor (HKLM-x32\...\Steam App 1250) (Version:  - Tripwire Interactive)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Left 4 Dead 2 Authoring Tools (HKLM-x32\...\Steam App 563) (Version:  - Valve)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
LoiLo Game Recorder (HKLM\...\{89E4163C-BD19-45A9-BCEB-980741786799}_is1) (Version: 1.1.0.0 - LoiLo inc.)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft VM for Java (HKLM-x32\...\MsJavaVM) (Version:  - )
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
ModifyRegistry version 0.1 (HKLM-x32\...\{1D5BE6B5-7FD4-4A78-90F2-AF6B53BC8C1C}_is1) (Version: 0.1 - VIA Technologies, Inc.)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NBA 2K14 (HKLM-x32\...\Steam App 255480) (Version:  - Visual Concepts)
No More Room in Hell (HKLM-x32\...\Steam App 224260) (Version:  - No More Room in Hell Team)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
ON_OFF Charge B12.1025.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)
ORION: Dino Horde (HKLM-x32\...\Steam App 104900) (Version:  - Spiral Game Studios)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)
Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RPG MAKER VX Ace Lite (HKLM-x32\...\RPGVXAceLite_E_is1) (Version: 1.01b - Enterbrain)
Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version:  - Volition)
Sanctum (HKLM-x32\...\Steam App 91600) (Version:  - Coffee Stain Studios)
Sanctum 2 (HKLM-x32\...\Steam App 210770) (Version:  - Coffee Stain Studios)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
Sniper Elite: Nazi Zombie Army (HKLM-x32\...\Steam App 227100) (Version:  - Rebellion)
Sniper Elite: Nazi Zombie Army 2 (HKLM-x32\...\Steam App 247910) (Version:  - )
Space Engineers (HKLM-x32\...\Steam App 244850) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Super Crate Box (HKLM-x32\...\Steam App 212800) (Version:  - Vlambeer)
Supreme Commander (HKLM-x32\...\Steam App 9350) (Version:  - Gas Powered Games)
Supreme Commander: Forged Alliance (HKLM-x32\...\Steam App 9420) (Version:  - Gas Powered Games)
Takedown: Red Sabre (HKLM-x32\...\Steam App 236510) (Version:  - Serellan LLC)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Sims™ 3 (HKLM-x32\...\Steam App 47890) (Version:  - The Sims Studio)
Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.8.10 - Electronic Arts)
Tom Clancy's Ghost Recon Phantoms - NA (HKLM-x32\...\Steam App 243870) (Version:  - Ubisoft Singapore)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
Unity (HKLM-x32\...\Unity) (Version: 4.5.3f3 - Unity Technologies ApS)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Xfire (HKLM-x32\...\Xfire) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1286021325-494678185-1062438247-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ray\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-1286021325-494678185-1062438247-1000_Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32 -> C:\Program Files\Bandizip\bdzshl64.dll (Bandisoft.com)
CustomCLSID: HKU\S-1-5-21-1286021325-494678185-1062438247-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\dbghelp.dll No File

==================== Restore Points  =========================

05-11-2014 03:42:38 Installed DirectX
05-11-2014 04:02:23 Installed DirectX
08-11-2014 06:16:34 Revo Uninstaller's restore point - Google Chrome

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2014-11-05 06:37 - 00001512 _RASH C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
158.58.173.194 www.google-analytics.com.
158.58.173.194 google-analytics.com.
158.58.173.194 connect.facebook.net.
198.100.156.140 www.google-analytics.com.
198.100.156.140 google-analytics.com.
198.100.156.140 connect.facebook.net.
85.25.79.123 www.google-analytics.com.
85.25.79.123 google-analytics.com.
85.25.79.123 connect.facebook.net.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {54A130F9-3AA1-4C4A-96A1-A8223BEEDAC0} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1286021325-494678185-1062438247-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {6D405C27-3212-4F40-96CF-93C9E0D74766} - System32\Tasks\Start Corsair Link => C:\Program Files (x86)\Corsair\Corsair Link\CorsairLink.exe
Task: {7E8C327D-37F5-4D40-BB2A-51C8079EF301} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-07] (Google Inc.)
Task: {9AC3C158-320A-4896-AC9E-7028C35CC621} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1286021325-494678185-1062438247-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {A3BB62EE-B18A-40A8-A9F3-84C6C9C41275} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe
Task: {B3B5957F-F950-4C72-AC2C-BAADDF75F582} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-07] (Google Inc.)
Task: {C767D179-028B-43A7-B779-850EA64005FE} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1286021325-494678185-1062438247-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {E3163C33-301D-4730-A266-5518C5ED3967} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => BthUdTask.exe
Task: {F54D8F5F-C7C3-4570-98C3-26BF2C7EA422} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1286021325-494678185-1062438247-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {F90484CB-38D0-420C-8804-3A43BF7A8A14} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1286021325-494678185-1062438247-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-10-29 06:48 - 2014-10-29 06:48 - 00613200 _____ () c:\program files\bullguard ltd\bullguard\SQLite.dll
2014-10-29 06:48 - 2014-10-29 06:48 - 00084304 _____ () c:\program files\bullguard ltd\bullguard\zlib1.dll
2014-10-29 06:48 - 2014-10-29 06:48 - 00653136 _____ () c:\program files\bullguard ltd\bullguard\LibXml2.dll
2014-10-29 06:48 - 2014-10-29 06:48 - 00653136 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LibXml2.dll
2014-10-29 06:48 - 2014-10-29 06:48 - 00021832 _____ () C:\Program Files\BullGuard Ltd\BullGuard\res\en\BullGuardBhvScannerRes.dll
2014-10-29 06:48 - 2014-10-29 06:48 - 00064848 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LIBBZ2.dll
2014-10-29 06:48 - 2014-10-29 06:48 - 00084304 _____ () C:\Program Files\BullGuard Ltd\BullGuard\zlib1.dll
2014-09-30 23:35 - 2014-09-30 23:35 - 00033712 _____ () c:\program files\bullguard ltd\bullguard\BgWsc.exe
2014-10-29 06:48 - 2014-10-29 06:48 - 00613200 _____ () C:\Program Files\BullGuard Ltd\BullGuard\SQLite.dll
2014-10-29 06:48 - 2014-10-29 06:48 - 00275784 _____ () C:\Program Files\BullGuard Ltd\BullGuard\res\en\BpBackupRes.dll
2014-10-29 06:48 - 2014-10-29 06:48 - 00013128 _____ () C:\Program Files\BullGuard Ltd\BullGuard\res\en\BpInspectorRes.dll
2014-10-29 06:48 - 2014-10-29 06:48 - 00033096 _____ () C:\Program Files\BullGuard Ltd\BullGuard\res\en\BpMainRes.dll
2013-12-25 10:43 - 2012-08-09 02:55 - 00078480 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2013-12-25 10:43 - 2012-08-09 02:55 - 00386192 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2014-07-03 12:20 - 2014-07-03 12:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 12:19 - 2014-07-03 12:19 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-28 22:17 - 2014-08-21 10:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-28 22:17 - 2014-08-21 10:15 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-28 22:17 - 2014-08-21 10:15 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2013-12-26 09:39 - 2014-10-01 15:16 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-21 14:50 - 2014-10-21 11:22 - 02226880 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-28 22:17 - 2014-08-21 10:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-28 22:17 - 2014-08-21 10:15 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-12-26 09:39 - 2014-10-21 11:22 - 00682176 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-12-26 09:39 - 2014-09-04 15:29 - 34589376 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-08-14 11:38 - 2014-09-04 15:29 - 00837824 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsUpdate => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: LMIGuardianSvc => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupfolder: C:^Users^Ray^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk => C:\Windows\pss\GamersFirst LIVE!.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CLMLServer_For_P2G8 => "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
MSCONFIG\startupreg: CLVirtualDrive => "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: Power2GoExpress8 => "C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

========================= Accounts: ==========================

Administrator (S-1-5-21-1286021325-494678185-1062438247-500 - Administrator - Disabled)
Guest (S-1-5-21-1286021325-494678185-1062438247-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1286021325-494678185-1062438247-1003 - Limited - Enabled)
Ray (S-1-5-21-1286021325-494678185-1062438247-1000 - Administrator - Enabled) => C:\Users\Ray

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/08/2014 07:37:39 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (11/08/2014 07:37:39 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (11/08/2014 07:34:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Minecraft.exe, version: 0.0.0.0, time stamp: 0x51dfe918
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x02257744
Faulting process id: 0x13f4
Faulting application start time: 0xMinecraft.exe0
Faulting application path: Minecraft.exe1
Faulting module path: Minecraft.exe2
Report Id: Minecraft.exe3

Error: (11/08/2014 07:34:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/07/2014 10:37:36 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (11/07/2014 10:37:36 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (11/07/2014 10:32:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/07/2014 10:28:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rkill.exe, version: 2.6.8.0, time stamp: 0x53e3c8a8
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00c07744
Faulting process id: 0x1cfc
Faulting application start time: 0xrkill.exe0
Faulting application path: rkill.exe1
Faulting module path: rkill.exe2
Report Id: rkill.exe3

Error: (11/07/2014 10:27:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rkill.exe, version: 2.6.8.0, time stamp: 0x53e3c8a8
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x004f7744
Faulting process id: 0xc28
Faulting application start time: 0xrkill.exe0
Faulting application path: rkill.exe1
Faulting module path: rkill.exe2
Report Id: rkill.exe3

Error: (11/07/2014 10:21:00 PM) (Source: Google Update) (EventID: 1) (User: Guardian-PC)
Description: Google Update has encountered a fatal error.
ver=1.3.24.15;lang=en;guid=;is_machine=1;oop=0;upload=0;minidump=C:\Program Files (x86)\Google\CrashReports\f2d720e9-54c7-4fa4-bdec-c4f9476c29b4.dmp

System errors:
=============
Error: (11/08/2014 03:51:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (11/08/2014 03:51:57 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (11/08/2014 03:51:57 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (11/08/2014 03:51:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (11/08/2014 03:51:57 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (11/08/2014 03:51:57 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (11/08/2014 01:11:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (11/08/2014 01:11:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (11/08/2014 01:11:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (11/08/2014 01:11:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Microsoft Office Sessions:
=========================
Error: (11/08/2014 07:37:39 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (11/08/2014 07:37:39 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (11/08/2014 07:34:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Minecraft.exe0.0.0.051dfe918unknown0.0.0.000000000c00000050225774413f401cffb6989002095C:\Users\Ray\Desktop\Minecraft.exeunknowncb5ec25f-675c-11e4-9401-74d435048721

Error: (11/08/2014 07:34:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/07/2014 10:37:36 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (11/07/2014 10:37:36 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (11/07/2014 10:32:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/07/2014 10:28:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rkill.exe2.6.8.053e3c8a8unknown0.0.0.000000000c000000500c077441cfc01cffb1d36b417eeC:\Users\Ray\Desktop\rkill.exeunknown747d3352-6710-11e4-a756-74d435048721

Error: (11/07/2014 10:27:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rkill.exe2.6.8.053e3c8a8unknown0.0.0.000000000c0000005004f7744c2801cffb1d114f3f12C:\Users\Ray\Desktop\rkill.exeunknown4f2504a8-6710-11e4-a756-74d435048721

Error: (11/07/2014 10:21:00 PM) (Source: Google Update) (EventID: 1) (User: Guardian-PC)
Description: Google Update has encountered a fatal error.
ver=1.3.24.15;lang=en;guid=;is_machine=1;oop=0;upload=0;minidump=C:\Program Files (x86)\Google\CrashReports\f2d720e9-54c7-4fa4-bdec-c4f9476c29b4.dmp

==================== Memory info ===========================

Processor: AMD FX™-8350 Eight-Core Processor
Percentage of memory in use: 21%
Total physical RAM: 16348.63 MB
Available physical RAM: 12856.05 MB
Total Pagefile: 32695.43 MB
Available Pagefile: 29296.31 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:145.57 GB) NTFS
Drive d: (VSE600ENU1) (CDROM) (Total:0.6 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 269EA559)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Users shortcut scan result (x64) Version: 08-11-2014 01
Ran by Ray at 2014-11-08 17:49:11
Running from C:\Users\Ray\Desktop
Boot Mode: Normal
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)

 

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Toribash.lnk -> C:\Games\Toribash-4.7\toribash.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\Windows\Installer\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}\AppleSoftwareUpdateIco.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk -> C:\Program Files (x86)\Audacity\audacity.exe (The Audacity Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk -> C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZombieModding\Mods\nazi_zombie_fort.lnk -> C:\Program Files (x86)\Steam\steamapps\common\Call of Duty World at WarCoDWaW.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xfire\Xfire.lnk -> C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity\Report a Problem with Unity.lnk -> C:\Program Files (x86)\Unity\Editor\UnityBugReporter.exe (Unity Technologies ApS)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity\Uninstall Unity.lnk -> C:\Program Files (x86)\Unity\Editor\Uninstall.exe (Unity Technologies ApS)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity\Unity Documentation.lnk -> C:\Program Files (x86)\Unity\Editor\Data\Documentation\Documentation.html (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity\Unity.lnk -> C:\Program Files (x86)\Unity\Editor\Unity.exe (Unity Technologies ApS)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\swiffout\swiffout uninstall.lnk -> C:\Users\Ray\AppData\Roaming\swiffout\uninstall.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RPG MAKER VX Ace Lite\RPG MAKER VX Ace Help.lnk -> C:\Program Files (x86)\Enterbrain\RPGVXAceLite\RPGVXAce.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RPG MAKER VX Ace Lite\RPG MAKER VX Ace Lite.lnk -> C:\Program Files (x86)\Enterbrain\RPGVXAceLite\RPGVXAce.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Origin Error Reporter.lnk -> C:\Program Files (x86)\Origin\OriginER.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Origin.lnk -> C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Uninstall Origin.lnk -> C:\Program Files (x86)\Origin\OriginUninstall.exe (Electronic Arts, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories\Microsoft Xbox 360 Accessories Help.lnk -> C:\Program Files\Microsoft Xbox 360 Accessories\Xboxhelp.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories\Microsoft Xbox 360 Accessories Status.lnk -> C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace\Games for Windows Marketplace.lnk -> C:\Program Files (x86)\Microsoft Games for Windows - LIVE\Client\GFWLive.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LoiLo Game Recorder\LoiLo Game Recorder.lnk -> C:\Program Files\LoiLo\LoiLoGameRecorder\LoiLoGameRecorder.exe (LoiLo)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech\Logitech Webcam Software.lnk -> C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\HelpMain\launchershortcut.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\About iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.Resources\en.lproj\About iTunes.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Horizon\Horizon.lnk -> C:\Program Files (x86)\Daring Development\Horizon\v2\Horizon.exe (Daring Development Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake\Handbrake.lnk -> C:\Program Files\Handbrake\Handbrake.exe (HandBrake)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake\Uninstall.lnk -> C:\Program Files\Handbrake\uninst.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE\3TB+Unlock\3TB+Unlock.lnk -> C:\Program Files (x86)\GIGABYTE\3TB+Unlock\3TB+Unlock.exe (Gigabyte Technology CO., LTD.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamersFirst\APB Reloaded\Screenshot.lnk -> C:\Program Files (x86)\GamersFirst\APB Reloaded\Media\Screenshots ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamersFirst\APB Reloaded\Uninstall.lnk -> C:\Program Files (x86)\GamersFirst\APB Reloaded\Uninstall.exe (K2 Network, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamersFirst\APB Reloaded\Video.lnk -> C:\Program Files (x86)\GamersFirst\APB Reloaded\Media\Videos ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Power2Go 8\CyberLink Power2Go 8.lnk -> C:\Program Files (x86)\CyberLink\Power2Go8\Power2Go8.exe (CyberLink Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Power2Go 8\Desktop Burning Gadget.lnk -> C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe (CyberLink Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Power2Go 8\ISO Viewer.lnk -> C:\Program Files (x86)\CyberLink\Power2Go8\IsoViewer8.exe (CyberLink Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Power2Go 8\Virtual Drive.lnk -> C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.3\Cheat Engine 6.3 (32-bit).lnk -> C:\Program Files (x86)\Cheat Engine 6.3\cheatengine-i386.exe (Cheat Engine)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.3\Cheat Engine 6.3 (64-bit).lnk -> C:\Program Files (x86)\Cheat Engine 6.3\cheatengine-x86_64.exe (Cheat Engine)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.3\Cheat Engine 6.3.lnk -> C:\Program Files (x86)\Cheat Engine 6.3\Cheat Engine.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.3\Cheat Engine help.lnk -> C:\Program Files (x86)\Cheat Engine 6.3\CheatEngine.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.3\Cheat Engine tutorial.lnk -> C:\Program Files (x86)\Cheat Engine 6.3\Tutorial-i386.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.3\Reset settings.lnk -> C:\Program Files (x86)\Cheat Engine 6.3\ceregreset.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.3\Uninstall Cheat Engine.lnk -> C:\Program Files (x86)\Cheat Engine 6.3\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.3\Kernel stuff\Unload kernel module.lnk -> C:\Program Files (x86)\Cheat Engine 6.3\Kernelmoduleunloader.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BullGuard\BullGuard.lnk -> C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe (BullGuard Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive\ArmA 2\BattlEye\Uninstall BattlEye.lnk -> C:\Program Files (x86)\Steam\SteamApps\common\Arma 2\BattlEye\UnInstallBE.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 4\Battlefield 4 End User License Agreement.lnk -> C:\Program Files (x86)\Origin Games\Battlefield 4\Support\eula\en_US_eula.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 4\Battlefield 4(64 bit).lnk -> C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe (EA Digital Illusions CE AB)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 4\Battlefield 4.lnk -> C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe (EA Digital Illusions CE AB)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 4\Technical Support.lnk -> C:\Program Files (x86)\Origin Games\Battlefield 4\Support\EA Help\Technical Support.en_US.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center\AMD Catalyst Control Center.lnk -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk -> C:\Program Files (x86)\7-Zip\7zFM.exe (Igor Pavlov)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk -> C:\Program Files (x86)\7-Zip\7-zip.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{F9958E09-2221-4F68-8D99-6DE0D33AECA9}\PlayTasks\0\Launch.lnk -> C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe (Sony DADC Austria AG)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{82A01913-59D6-4FFE-BF11-6E54C93427F9}\PlayTasks\0\Launch.lnk -> C:\Program Files (x86)\Steam\SteamApps\common\Just Cause 2\JustCause2.exe (Avalanche Studios)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{6098FBB4-606B-466C-A505-EDCAB352E8C5}\PlayTasks\0\Launch.lnk -> C:\Program Files (x86)\Steam\SteamApps\common\Battlefield Bad Company 2\BFBC2Game.exe (EA Digital Illusions CE AB)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{348ABE55-0D5C-4EB6-9159-CCA86F5A969D}\PlayTasks\0\Launch.lnk -> C:\Program Files (x86)\Steam\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe (Bethesda Softworks, Obsidian Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{0E5A4BE9-A133-4C42-924D-0A0050C1D9CC}\PlayTasks\0\Launch.lnk -> C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe (Bethesda Softworks)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Audacity.lnk -> C:\Program Files (x86)\Audacity\audacity.exe (The Audacity Team)
Shortcut: C:\Users\Public\Desktop\Battlefield 1942.lnk -> C:\Program Files (x86)\Origin Games\Battlefield 1942\BF1942.exe ()
Shortcut: C:\Users\Public\Desktop\Battlefield 4.lnk -> C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe (EA Digital Illusions CE AB)
Shortcut: C:\Users\Public\Desktop\BullGuard.lnk -> C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe (BullGuard Ltd.)
Shortcut: C:\Users\Public\Desktop\CyberLink Power2Go 8.lnk -> C:\Program Files (x86)\CyberLink\Power2Go8\Power2Go8.exe (CyberLink Corp.)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\HD VDeck.lnk -> C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
Shortcut: C:\Users\Public\Desktop\iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\Users\Public\Desktop\League of Legends.lnk -> C:\Riot Games\League of Legends\lol.launcher.exe ()
Shortcut: C:\Users\Public\Desktop\Logitech Webcam Software  .lnk -> C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\HelpMain\launchershortcut.exe ()
Shortcut: C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
Shortcut: C:\Users\Public\Desktop\RPG MAKER VX Ace Lite.lnk -> C:\Program Files (x86)\Enterbrain\RPGVXAceLite\RPGVXAce.exe ()
Shortcut: C:\Users\Public\Desktop\Skype.lnk -> C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe ()
Shortcut: C:\Users\Public\Desktop\Titanfall.lnk -> C:\Program Files (x86)\Origin Games\Titanfall\Titanfall.exe ()
Shortcut: C:\Users\Public\Desktop\Unity.lnk -> C:\Program Files (x86)\Unity\Editor\Unity.exe (Unity Technologies ApS)
Shortcut: C:\Users\Public\Desktop\Xfire.lnk -> C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.)
Shortcut: C:\Users\Ray\Links\Desktop.lnk -> C:\Users\Ray\Desktop ()
Shortcut: C:\Users\Ray\Links\Downloads.lnk -> C:\Users\Ray\Downloads ()
Shortcut: C:\Users\Ray\Desktop\Corsair Link.lnk -> C:\Program Files (x86)\Corsair\Corsair Link\CorsairLink.exe (No File)
Shortcut: C:\Users\Ray\Desktop\GamersFirst LIVE!.lnk -> C:\Users\Ray\AppData\Local\GamersFirst\LIVE!\Live.exe (GamersFirst)
Shortcut: C:\Users\Ray\Desktop\GIMP 2.lnk -> C:\Program Files\GIMP 2\bin\gimp-2.8.exe (Spencer Kimball, Peter Mattis and the GIMP Development Team)
Shortcut: C:\Users\Ray\Desktop\Horizon.lnk -> C:\Program Files (x86)\Daring Development\Horizon\v2\Horizon.exe (Daring Development Inc.)
Shortcut: C:\Users\Ray\Desktop\Microsoft Expression Encoder 4 Screen Capture.lnk -> C:\Program Files (x86)\Microsoft Expression\Encoder 4\EEScreen.exe (No File)
Shortcut: C:\Users\Ray\Desktop\Microsoft Expression Encoder 4.lnk -> C:\Program Files (x86)\Microsoft Expression\Encoder 4\Encoder.exe (No File)
Shortcut: C:\Users\Ray\Desktop\Movie Maker.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe (Microsoft Corporation)
Shortcut: C:\Users\Ray\Desktop\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Ray\Desktop\Open Broadcaster Software.lnk -> C:\Program Files (x86)\OBS\OBS.exe ()
Shortcut: C:\Users\Ray\Desktop\Revo Uninstaller.lnk -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe (VS Revo Group)
Shortcut: C:\Users\Ray\Desktop\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\Users\Ray\Desktop\Toribash.lnk -> C:\Games\Toribash-4.7\toribash.exe ()
Shortcut: C:\Users\Ray\Desktop\Uplay.lnk -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe (Ubisoft)
Shortcut: C:\Users\Ray\Desktop\WarThunder.lnk -> C:\Program Files (x86)\WarThunder\launcher.exe (No File)
Shortcut: C:\Users\Ray\Desktop\Stuff\3TB+Unlock.lnk -> C:\Program Files (x86)\GIGABYTE\3TB+Unlock\3TB+Unlock.exe (Gigabyte Technology CO., LTD.)
Shortcut: C:\Users\Ray\Desktop\Stuff\Adobe Reader XI.lnk -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Ray\Desktop\Stuff\Dropbox.lnk -> C:\Users\Ray\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Shortcut: C:\Users\Ray\Desktop\Stuff\Norton Internet Security.lnk -> C:\Program Files (x86)\Norton Internet Security\Engine64\20.5.0.28\uistub.exe (No File)
Shortcut: C:\Users\Ray\Desktop\Stuff\Tekkit C Server.lnk -> C:\Users\Ray\Desktop\Tekkit C Server (No File)
Shortcut: C:\Users\Ray\Desktop\Stuff\Some Stuff\Easy Video Editor LoiLo.lnk -> C:\Program Files (x86)\LoiLo\LoiLoScope 2\LoiLoScopeLauncher.exe (No File)
Shortcut: C:\Users\Ray\Desktop\Stuff\Some Stuff\LoiLo Game Recorder.lnk -> C:\Program Files\LoiLo\LoiLoGameRecorder\LoiLoGameRecorder.exe (LoiLo)
Shortcut: C:\Users\Ray\Desktop\Stuff\Battlefield Stuff\64 Bit Battlefield 4.lnk -> C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe (EA Digital Illusions CE AB)
Shortcut: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft\Uplay\Uninstall.lnk -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe (Ubisoft)
Shortcut: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Revo Uninstaller.lnk -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe (VS Revo Group)
Shortcut: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Uninstall.lnk -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\uninst.exe (VS Revo Group Ltd.)
Shortcut: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Website.lnk -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revo Uninstaller.url ()
Shortcut: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software\Open Broadcaster Software (32bit).lnk -> C:\Program Files (x86)\OBS\OBS.exe ()
Shortcut: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software\Open Broadcaster Software (64bit).lnk -> C:\Program Files\OBS\OBS.exe ()
Shortcut: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software\Uninstall.lnk -> C:\Program Files (x86)\OBS\uninstall.exe ()
Shortcut: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GamersFirst\LIVE!\GamersFirst LIVE!.lnk -> C:\Users\Ray\AppData\Local\GamersFirst\LIVE!\Live.exe (GamersFirst)
Shortcut: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GamersFirst\LIVE!\Uninstall.lnk -> C:\Users\Ray\AppData\Local\GamersFirst\LIVE!\uninstall.exe (GamersFirst)
Shortcut: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive\Arma 2 Operation Arrowhead\BattlEye\Uninstall BattlEye.lnk -> C:\Program Files (x86)\Steam\SteamApps\common\Arma 2 Operation Arrowhead\Expansion\BattlEye\UnInstallBE.exe ()
Shortcut: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Ray\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Ray\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Ray\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Ray\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Handbrake.lnk -> C:\Program Files\Handbrake\Handbrake.exe (HandBrake)
Shortcut: C:\Users\Ray\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HD VDeck.lnk -> C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
Shortcut: C:\Users\Ray\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Horizon.lnk -> C:\Program Files (x86)\Daring Development\Horizon\v2\Horizon.exe (Daring Development Inc.)
Shortcut: C:\Users\Ray\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Ray\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\Users\Ray\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\LoiLo Game Recorder.lnk -> C:\Program Files\LoiLo\LoiLoGameRecorder\LoiLoGameRecorder.exe (LoiLo)
Shortcut: C:\Users\Ray\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Minecraft.lnk -> C:\Users\Ray\Desktop\Minecraft.exe ()
Shortcut: C:\Users\Ray\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Origin.lnk -> C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
Shortcut: C:\Users\Ray\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\Users\Ray\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Technic Launcher.lnk -> C:\Users\Ray\Desktop\Technic.exe ()
Shortcut: C:\Users\Ray\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Titanfall.lnk -> C:\Program Files (x86)\Origin Games\Titanfall\Titanfall.exe ()
Shortcut: C:\Users\Ray\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Toribash.lnk -> C:\Games\Toribash-4.7\toribash.exe ()
Shortcut: C:\Users\Ray\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Unity.lnk -> C:\Program Files (x86)\Unity\Editor\Unity.exe (Unity Technologies ApS)
Shortcut: C:\Users\Ray\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Ray\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\Users\Ray\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Ray\AppData\Local\Microsoft\Windows\GameExplorer\{B58E9513-268C-402C-AD3F-401E857EDD32}\PlayTasks\0\Play.lnk -> C:\Program Files (x86)\Steam\SteamApps\common\Synergy\hl2.exe (No File)
Shortcut: C:\Users\Ray\AppData\Local\Microsoft\Windows\GameExplorer\{A03C73C6-DEC4-4973-8476-BEB72D73117F}\PlayTasks\0\Play.lnk -> C:\Program Files (x86)\Origin Games\Battlefield 1942\BF1942.exe ()
Shortcut: C:\Users\Ray\AppData\Local\Microsoft\Windows\GameExplorer\{605F181B-5D55-4E02-9FF2-F1E6F71761BD}\PlayTasks\0\Play.lnk -> C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe (Valve)
Shortcut: C:\Users\Ray\AppData\Local\Microsoft\GFWLive\Logs\InstallLog.lnk -> C:\Users\Ray\AppData\Local\Microsoft\GFWLive\Install\Logs ()
Shortcut: C:\Users\Ray\AppData\Local\Microsoft\GFWLive\Install\Logs\ClientLog.lnk -> C:\Users\Ray\AppData\Local\Microsoft\GFWLive\Logs ()

 

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories\Check For Updates.lnk -> C:\Program Files\Microsoft Xbox 360 Accessories\AUSetting.exe (Microsoft Corporation) -> -forcecheck
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.3\main.lua.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) -> C:\Program Files (x86)\Cheat Engine 6.3\main.lua
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center\Help.lnk -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe (ATI Technologies Inc.) -> Start Help -help
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Ray\Desktop\DayZ.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) -> steam://rungameid/221100
ShortcutWithArgument: C:\Users\Ray\Desktop\Garry's Mod.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) -> steam://rungameid/4000
ShortcutWithArgument: C:\Users\Ray\Desktop\Half-Life 2.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) -> steam://rungameid/220
ShortcutWithArgument: C:\Users\Ray\Desktop\Team Fortress 2.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) -> steam://rungameid/440
ShortcutWithArgument: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Run Hunter Mode.lnk -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe (VS Revo Group) -> -hunter
ShortcutWithArgument: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:

InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam Support Center.url -> hxxp://support.steampowered.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BullGuard\Visit BullGuard on the Web.url -> hxxp://www.bullguard.com
InternetURL: C:\Users\Ray\Favorites\Bing.url -> hxxp://www.bing.com/
InternetURL: C:\Users\Ray\Favorites\Chuck Norris approves  Best Funny Gifs and Animated Gifs Updated Daily - Gif Bin.url -> hxxp://www.gifbin.com/982578
InternetURL: C:\Users\Ray\Favorites\CSGO TeamFinder.url -> hxxp://csgoteamfinder.com/
InternetURL: C:\Users\Ray\Favorites\Google.url -> https://www.google.com/
InternetURL: C:\Users\Ray\Favorites\Krewella - Come & Get It - FREE DOWNLOAD IN DESCRIPTION - YouTube.url -> https://www.youtube.com/watch?v=A4QJkPg9Lc0
InternetURL: C:\Users\Ray\Favorites\Major League Gaming.url -> hxxp://www.majorleaguegaming.com/
InternetURL: C:\Users\Ray\Favorites\Minecraft ID List.url -> hxxp://minecraft-ids.grahamedgecombe.com/
InternetURL: C:\Users\Ray\Favorites\Minecraft.url -> https://minecraft.net/
InternetURL: C:\Users\Ray\Favorites\Newest Minecraft Servers added to the Server List 1.url -> hxxp://minecraft-server-list.com/new/
InternetURL: C:\Users\Ray\Favorites\Petit Computer Function Guide#FOR#FOR.url -> hxxp://snailfacia.net/PTCguide/#FOR
InternetURL: C:\Users\Ray\Favorites\Petit Computer Function Guide.url -> hxxp://www.snailfacia.net/PTCguide/index.html
InternetURL: C:\Users\Ray\Favorites\Slayer - YouTube.url -> https://www.youtube.com/user/TitanXZy
InternetURL: C:\Users\Ray\Favorites\Steam-Wallet.url -> hxxp://steam-wallet.com/
InternetURL: C:\Users\Ray\Favorites\The Backloggery.url -> hxxp://www.backloggery.com/
InternetURL: C:\Users\Ray\Favorites\The Modpack logo. Free logo maker..url -> hxxp://share.flamingtext.com/Share/22759147900531717
InternetURL: C:\Users\Ray\Favorites\Track 1 - Impossible Game Fire Aura Extension - YouTube.url -> https://www.youtube.com/watch?v=TotOweMJRD8
InternetURL: C:\Users\Ray\Favorites\Tremor Games - Play Games and Win Free Steam Games, Trading Cards, TF2 Items, Gift Cards.url -> hxxp://www.tremorgames.com/
InternetURL: C:\Users\Ray\Favorites\Twitch.url -> hxxp://www.twitch.tv/
InternetURL: C:\Users\Ray\Favorites\www.furyclancod.com - iClan Websites.url -> hxxp://furyclancod.clanwebsite.com/
InternetURL: C:\Users\Ray\Favorites\Xfire - The Ultimate Tournament Platform.url -> hxxp://www.xfire.com/
InternetURL: C:\Users\Ray\Favorites\YouTube to mp3 Converter.url -> hxxp://www.youtube-mp3.org/
InternetURL: C:\Users\Ray\Favorites\YouTube.url -> hxxp://www.youtube.com/
InternetURL: C:\Users\Ray\Favorites\▶ Adrenalize - Mystical Universe (HQ Preview) - YouTube.url -> https://www.youtube.com/watch?v=ft8ZjpwseY8
InternetURL: C:\Users\Ray\Favorites\▶ Avicii - Hey Brother - YouTube.url -> https://www.youtube.com/watch?v=C3mYhXl3OMQ
InternetURL: C:\Users\Ray\Favorites\▶ Billy Madison - Ultimate Insult (Academic Decathlon)[Forum Weapon][How To Troll][Ignorance Is Bliss] - YouTube.url -> https://www.youtube.com/watch?v=5hfYJsQAhl0
InternetURL: C:\Users\Ray\Favorites\▶ Boss - Solaris Phase 2 - Sonic the Hedgehog (2006) Music Extended - YouTube.url -> https://www.youtube.com/watch?v=jbs56Hu-bd0
InternetURL: C:\Users\Ray\Favorites\▶ Down In Ashes - Awake [HD] - YouTube.url -> https://www.youtube.com/watch?v=h8W38PCNFME
InternetURL: C:\Users\Ray\Favorites\▶ Downplay - Save Me - YouTube.url -> https://www.youtube.com/watch?v=4e8qwH4w1z8
InternetURL: C:\Users\Ray\Favorites\▶ Downplay - The One Who Laughs Last [HD] - YouTube.url -> https://www.youtube.com/watch?v=tChbvW-l5Ao
InternetURL: C:\Users\Ray\Favorites\▶ Green Day-Wake Me Up When September Ends lyrics - YouTube.url -> https://www.youtube.com/watch?v=jVO8sUrs-Pw
InternetURL: C:\Users\Ray\Favorites\▶ His World (E3 2006 Version) - Sonic the Hedgehog (2006) Music Looped for 30 Minutes - YouTube.url -> https://www.youtube.com/watch?v=sGJWTwKPmgU
InternetURL: C:\Users\Ray\Favorites\▶ Krewella - Come And Get It (Razihel Remix) - YouTube.url -> https://www.youtube.com/watch?v=wPt6k4GMJ3Q
InternetURL: C:\Users\Ray\Favorites\▶ Les Friction - Who Will Save You Now (2012) - YouTube.url -> https://www.youtube.com/watch?v=vI0FETSHAv4
InternetURL: C:\Users\Ray\Favorites\▶ LORDE - Everybody Wants To Rule The World - YouTube.url -> https://www.youtube.com/watch?v=DaVA6sgOpws
InternetURL: C:\Users\Ray\Favorites\▶ Main Theme of Sonic '06 (Unreleased) - Sonic the Hedgehog (2006) Music Extended - YouTube.url -> https://www.youtube.com/watch?v=xNdszYtCSwQ
InternetURL: C:\Users\Ray\Favorites\▶ Pursuit ~ Cornered - Phoenix Wright Ace Attorney Music Extended - YouTube.url -> https://www.youtube.com/watch?v=Y3R8tkvlAlk
InternetURL: C:\Users\Ray\Favorites\▶ Sonic The Hedgehog 2006 His World Instrumental FULL MIX REMASTERED (INTENSE HIGH QUALITY) - YouTube.url -> https://www.youtube.com/watch?v=wzxBZ4GwAwQ
InternetURL: C:\Users\Ray\Favorites\Windows Live\Get Windows Live.url -> hxxp://go.microsoft.com/fwlink/?LinkId=69172
InternetURL: C:\Users\Ray\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\Ray\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68925
InternetURL: C:\Users\Ray\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68927
InternetURL: C:\Users\Ray\Favorites\MSN Websites\MSN Autos.url -> hxxp://go.microsoft.com/fwlink/?LinkId=55143
InternetURL: C:\Users\Ray\Favorites\MSN Websites\MSN Entertainment.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68924
InternetURL: C:\Users\Ray\Favorites\MSN Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68923
InternetURL: C:\Users\Ray\Favorites\MSN Websites\MSN Sports.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68921
InternetURL: C:\Users\Ray\Favorites\MSN Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=54729
InternetURL: C:\Users\Ray\Favorites\MSN Websites\MSNBC News.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68922
InternetURL: C:\Users\Ray\Favorites\Microsoft Websites\IE Add-on site.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\Ray\Favorites\Microsoft Websites\IE site on Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?linkid=44661
InternetURL: C:\Users\Ray\Favorites\Microsoft Websites\Microsoft At Home.url -> hxxp://go.microsoft.com/fwlink/?linkid=55424
InternetURL: C:\Users\Ray\Favorites\Microsoft Websites\Microsoft At Work.url -> hxxp://go.microsoft.com/fwlink/?linkid=68920
InternetURL: C:\Users\Ray\Favorites\Microsoft Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\Ray\Favorites\Links for United States\GobiernoUSA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129792
InternetURL: C:\Users\Ray\Favorites\Links for United States\USA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129791
InternetURL: C:\Users\Ray\Favorites\Links\Google.url -> https://www.google.com/
InternetURL: C:\Users\Ray\Favorites\Links\iD Tech Camps – World’s #1 Summer Computer Camps for Kids & Teens.url -> hxxp://www.idtech.com/
InternetURL: C:\Users\Ray\Favorites\Links\Suggested Sites.url -> https://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\Ray\Favorites\Links\Web Slice Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\Ray\Desktop\Assassin's Creed IV Black Flag.url -> steam://rungameid/242050
InternetURL: C:\Users\Ray\Desktop\Counter-Strike Global Offensive.url -> steam://rungameid/730
InternetURL: C:\Users\Ray\Desktop\Grand Theft Auto IV.url -> steam://rungameid/12210
InternetURL: C:\Users\Ray\Desktop\Half-Life.url -> steam://rungameid/70
InternetURL: C:\Users\Ray\Desktop\NBA 2K14.url -> steam://rungameid/255480
InternetURL: C:\Users\Ray\Desktop\PAYDAY 2.url -> steam://rungameid/218620
InternetURL: C:\Users\Ray\Desktop\Saints Row The Third.url -> steam://rungameid/55230
InternetURL: C:\Users\Ray\Desktop\Skyrim.url -> steam://rungameid/72850
InternetURL: C:\Users\Ray\Desktop\The Sims 3.url -> steam://rungameid/47890
InternetURL: C:\Users\Ray\Desktop\Stuff\GECK - New Vegas Edition.url -> steam://rungameid/22480

==================== End of log =============================

 

Farbar Service Scanner Version: 21-07-2014
Ran by Ray (administrator) on 08-11-2014 at 17:53:18
Running from "C:\Users\Ray\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBGHHUWJ"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

 



#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:41 PM

Posted 09 November 2014 - 06:16 AM

Hi,

 

 

In your latest logs, I see that Google Chrome is currently installed?

Did you reinstall it? I'll unhide Google Update Helper just in case you decide to uninstall Google Chrome and Google Update Helper at a later stage.

 

 

Please download the following file => [attachment=157613:fixlist.txt] and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

 

 
Regards,
Georgi


cXfZ4wS.png


#13 sawmilldon

sawmilldon
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 09 November 2014 - 10:11 AM

Yes, Chrome was re-installed.

 

Here is the log.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-11-2014 01
Ran by Ray at 2014-11-09 07:09:27 Run:3
Running from C:\Users\Ray\Desktop
Loaded Profile: Ray (Available profiles: Ray)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKU\S-1-5-21-1286021325-494678185-1062438247-1000\...\Run: [AaneBudv] => regsvr32.exe "C:\ProgramData\AaneBudv\AaneBudv.dat"
C:\ProgramData\AaneBudv
FF Extension: No Name - C:\Program Files (x86)\AmiExt\BrowseSafely\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\AmiExt\BrowseSafely\ff [Not Found]
C:\Program Files (x86)\AmiExt
Reg: reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinHttpAutoProxySvc" /s
CustomCLSID: HKU\S-1-5-21-1286021325-494678185-1062438247-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\dbghelp.dll No File
Unlock: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc
cmd: sc config wscsvc start= auto
cmd: net start wscsvc
Reg: reg add "HKLM\SYSTEM\CurrentControlSet\services\wscsvc" /v Start /t REG_DWORD /d 2 /f
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
end
*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKU\S-1-5-21-1286021325-494678185-1062438247-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AaneBudv => value deleted successfully.
C:\ProgramData\AaneBudv => Moved successfully.
C:\Program Files (x86)\AmiExt\BrowseSafely\ff not found.
C:\Program Files (x86)\AmiExt\BrowseSafely\ff not found.
"C:\Program Files (x86)\AmiExt" => File/Directory not found.

========= reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinHttpAutoProxySvc" /s =========

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinHttpAutoProxySvc
    DisplayName    REG_SZ    @%SystemRoot%\system32\winhttp.dll,-100
    ImagePath    REG_EXPAND_SZ    %SystemRoot%\system32\svchost.exe -k LocalService
    Description    REG_SZ    @%SystemRoot%\system32\winhttp.dll,-101
    ObjectName    REG_SZ    NT AUTHORITY\LocalService
    ErrorControl    REG_DWORD    0x1
    Start    REG_DWORD    0x3
    Type    REG_DWORD    0x20
    DependOnService    REG_MULTI_SZ    Dhcp
    ServiceSidType    REG_DWORD    0x1
    RequiredPrivileges    REG_MULTI_SZ    SeChangeNotifyPrivilege\0SeCreateGlobalPrivilege\0SeImpersonatePrivilege
    FailureActions    REG_BINARY    005C260500000000000000000300000014000000010000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinHttpAutoProxySvc\Parameters
    ServiceDll    REG_EXPAND_SZ    winhttp.dll
    ServiceMain    REG_SZ    WinHttpAutoProxySvcMain
    ServiceDllUnloadOnStop    REG_DWORD    0x1
    ProxyDllFile    REG_EXPAND_SZ    %SystemRoot%\system32\jsproxy.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinHttpAutoProxySvc\Security
    Security    REG_BINARY    01001480A0000000AC000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020070000500000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001400140000000101000000000005040000000000140014000000010100000000000506000000010100000000000512000000010100000000000512000000

 

========= End of Reg: =========

"HKU\S-1-5-21-1286021325-494678185-1062438247-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}" => Key deleted successfully.
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc" => Key unlocked successfully.

=========  sc config wscsvc start= auto =========

[SC] ChangeServiceConfig SUCCESS

========= End of CMD: =========

=========  net start wscsvc =========

The Security Center service is starting.
The Security Center service was started successfully.

========= End of CMD: =========

========= reg add "HKLM\SYSTEM\CurrentControlSet\services\wscsvc" /v Start /t REG_DWORD /d 2 /f =========

The operation completed successfully.

 

========= End of Reg: =========

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}\\SystemComponent => value deleted successfully.

==== End of Fixlog ====



#14 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:41 PM

Posted 09 November 2014 - 10:34 AM

Hi,

 

 

STEP 1

 

 

Nice work. Can you please try to run RKill one more time for me and post the log please?

If it takes longer then 10 min to complete, kill the process.

 

 

STEP 2

 

 

Also please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

STEP 2

 

 

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

Regards,

Georgi


cXfZ4wS.png


#15 sawmilldon

sawmilldon
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 10 November 2014 - 12:25 AM

OK.You will se some incomplete data, RKill did not complete.
Here is the rkill log and the JRT log..  

Adw Cleaner did not find anything, nor produce a log.

 

 

 

Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/09/2014 06:58:23 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.7 (11.08.2014:1)
OS: Windows 7 Home Premium x64
Ran by Ray on Sun 11/09/2014 at 20:28:31.87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL

 

~~~ Registry Keys

 

~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"

 

~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 11/09/2014 at 20:35:37.18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users