Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Potential malware due to admin rights loss


  • This topic is locked This topic is locked
26 replies to this topic

#1 Stannaz

Stannaz

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 23 December 2014 - 02:09 PM

I was instructed by Aura to post a thread here in my thread at http://www.bleepingcomputer.com/forums/t/560670/most-program-installations-are-failing-with-access-is-denied/

Info about my problem can also be found in that thread.

 

So here it is.

 

DDS Log:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer:
Run by Aaron at 18:41:29 on 2014-12-23
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.44.1033.18.16339.12292 [GMT 0:00]
.
AV: Kaspersky PURE 3.0 *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky PURE 3.0 *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 3.0 *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
F:\Programs\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
F:\Programs\NVIDIA\nTune\nTuneService.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
F:\Programs\VMWare Player\vmware-authd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\ASRock Utility\AXTU\Bin\AsrXTU.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\TeamViewer\tv_w32.exe
C:\Program Files (x86)\TeamViewer\tv_x64.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Users\Aaron\Desktop\SkypePortable\App\Skype\Phone\Skype.exe
C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Users\Aaron\Desktop\Teamspeak 3\Data\ts3client_win64.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\mstsc.exe
F:\Games\Steam\Steam.exe
F:\Games\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
F:\Games\Steam\bin\steamwebhelper.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
F:\Programs\NVIDIA\nTune\nTuneCmd.exe
F:\Programs\Pidgin\pidgin.exe
C:\Windows\system32\svchost.exe -k imgsvc
F:\Programs\Firefox\firefox.exe
F:\Programs\Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
F:\Games\Steam\bin\steamwebhelper.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
mWinlogon: Userinit = userinit.exe
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
uRun: [Skype] "C:\Users\Aaron\Desktop\SkypePortable\App\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe"
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENVP~1.LNK - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\START_~1.LNK - C:\Users\Aaron\Desktop\Teamspeak 3\start_teamspeak.bat
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - F:\Programs\Office\Office15\EXCEL.EXE/3000
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
LSP: %windir%\system32\vsocklib.dll
TCP: NameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{CDFEB8B7-A094-483F-8ADF-A949C134E539} : NameServer = 208.67.222.222,8.8.8.8
TCP: Interfaces\{CDFEB8B7-A094-483F-8ADF-A949C134E539} : DHCPNameServer = 192.168.1.254 192.168.1.254
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - F:\Programs\Office\Office15\OCHelper.dll
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\Programs\Office\Office15\URLREDIR.DLL
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - F:\Programs\Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - F:\Programs\Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - F:\Programs\Office\Office15\MSOSB.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.94.0.1    client.openvpn.net
Hosts: 127.94.0.2    openvpn-client.stn.so
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\hdxr4so1.default\
FF - prefs.js: browser.startup.homepage - hxxps://google.co.uk
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll
.
============= SERVICES / DRIVERS ===============
.
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\System32\drivers\CSCrySec.sys [2014-7-30 84536]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-4-4 56208]
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2014-7-18 73296]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\System32\drivers\CSVirtualDiskDrv.sys [2014-7-30 66616]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 29792]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2013-11-11 54368]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2013-11-11 178448]
R1 TsVp;TsVp;C:\Windows\System32\drivers\tsvp.sys [2014-5-29 32040]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [2013-11-11 356128]
R2 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2013-9-25 818888]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-9-19 1148744]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-13 1795912]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-11-28 19439944]
R2 OpenVPNAccessClient;OpenVPN Access Client;C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [2014-4-9 24064]
R2 TeamViewer;TeamViewer 10;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2014-12-12 5426448]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2014-2-27 906432]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-3-4 126952]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-3-4 390632]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2013-11-11 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2013-11-11 29280]
R3 LADF_CaptureOnly;LADF Capture Filter Driver;C:\Windows\System32\drivers\ladfGSCamd64.sys [2013-4-15 410008]
R3 LADF_RenderOnly;LADF Render Filter Driver;C:\Windows\System32\drivers\ladfGSRamd64.sys [2013-4-15 102808]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-24 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-24 16008]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2013-3-18 32344]
R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\System32\drivers\nvoclk64.sys [2009-9-15 42088]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-5-29 19272]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-9-19 38048]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-3-18 471144]
R3 SbieDrv;SbieDrv;F:\Programs\Sandboxie\SbieDrv.sys [2013-10-16 200552]
R3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2013-7-15 31232]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-3-18 39480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S3 CV2K1;CommView Network Monitor;C:\Windows\System32\drivers\cv2k1.sys [2014-5-29 21544]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-11 114688]
S3 Origin Client Service;Origin Client Service;F:\Programs\Origin\OriginClientService.exe [2013-7-9 1900400]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-1-23 178760]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-4-10 20992]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-17 59392]
S3 TsVlb;TsVlb;C:\Windows\System32\drivers\tsvlb.sys [2014-5-29 22312]
S3 VBoxUSB;VirtualBox USB;C:\Windows\System32\drivers\VBoxUSB.sys [2013-9-6 106256]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-4-12 1255736]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\notepad++.exe="F:\Programs\Notepad++\notepad++.exe" "%1" [UserChoice]
FileExt: .js: jsfile="F:\Programs\Adobe\CS6 Master Collection\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="F:\Programs\Adobe\CS6 Master Collection\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-12-23 09:12:18    --------    d-----w-    C:\Users\Aaron\AppData\Roaming\upScreen
2014-12-23 08:26:31    --------    d-----w-    C:\Windows\SysWow64\xlive
2014-12-23 08:26:24    --------    d-----w-    C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-12-22 10:00:48    --------    d-----w-    C:\Users\Aaron\AppData\Local\Introversion
2014-12-19 12:35:16    --------    d-----w-    C:\Users\Aaron\AppData\Roaming\Tox
2014-12-19 01:23:22    --------    d-----w-    C:\Users\Aaron\AppData\Local\Robot Entertainment
2014-12-18 23:51:26    12800    ----a-w-    C:\Windows\System32\rsatclient.dll
2014-12-18 13:19:56    144384    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-12-18 13:19:56    115712    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-12-16 17:54:37    --------    d-----w-    C:\Users\Aaron\AppData\Local\TeamViewer
2014-12-12 17:44:39    --------    d-----w-    C:\Users\Aaron\AppData\Roaming\.purple
2014-12-05 23:23:59    --------    d-----w-    C:\Program Files (x86)\GUM33E2.tmp
2014-12-03 17:57:37    --------    d-----w-    C:\Users\Aaron\AppData\Local\ftblauncher
2014-12-02 17:02:32    --------    d-----w-    C:\Program Files (x86)\OpenVPN Technologies
2014-11-25 15:23:58    81234104    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSORES.DLL
2014-11-25 15:23:58    26373816    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2014-11-25 15:20:52    3643584    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\OFFICE15\1033\MSOINTL.DLL
2014-11-25 15:20:36    81234104    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSORES.DLL
2014-11-25 15:20:36    654512    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOSQM.EXE
2014-11-25 15:20:36    36827832    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
.
==================== Find3M  ====================
.
2014-12-10 18:03:11    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-10 18:03:11    701104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-29 01:08:26    215416    ----a-w-    C:\Windows\SysWow64\PnkBstrB.exe
2014-11-29 00:40:04    215416    ----a-w-    C:\Windows\SysWow64\PnkBstrB.ex0
2014-11-28 19:22:01    76152    ----a-w-    C:\Windows\System32\PnkBstrA.exe
2014-11-22 03:06:23    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39    66560    ----a-w-    C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10    580096    ----a-w-    C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20    88064    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:29    114688    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51    814080    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07    6039552    ----a-w-    C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31    968704    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16    77824    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43    501248    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17    62464    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32    47616    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02    64000    ----a-w-    C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30    620032    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10    1359360    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58    2125312    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04    60416    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26    4299264    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21    2358272    ----a-w-    C:\Windows\System32\wininet.dll
2014-11-22 01:22:49    2052096    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57    1155072    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20    1888256    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-11-18 20:47:50    1691816    ----a-w-    C:\Windows\System32\FM20.DLL
2014-11-11 03:09:06    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52    241152    ----a-w-    C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48    728064    ----a-w-    C:\Windows\System32\kerberos.dll
2014-11-11 02:44:45    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32    186880    ----a-w-    C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25    550912    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2014-11-05 13:16:32    27136    ----a-w-    C:\Windows\System32\drivers\tap0901.sys
2014-10-25 01:57:59    77824    ----a-w-    C:\Windows\System32\packager.dll
2014-10-25 01:32:37    67584    ----a-w-    C:\Windows\SysWow64\packager.dll
2014-10-18 02:05:23    861696    ----a-w-    C:\Windows\System32\oleaut32.dll
2014-10-18 01:33:18    571904    ----a-w-    C:\Windows\SysWow64\oleaut32.dll
2014-10-14 02:16:37    155064    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06    683520    ----a-w-    C:\Windows\System32\termsrv.dll
2014-10-14 02:12:57    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31    146432    ----a-w-    C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31    681984    ----a-w-    C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-10-14 01:49:38    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30    146432    ----a-w-    C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02    681984    ----a-w-    C:\Windows\SysWow64\adtschema.dll
2014-10-10 00:57:42    3198976    ----a-w-    C:\Windows\System32\win32k.sys
2014-10-03 02:12:00    500224    ----a-w-    C:\Windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54    284672    ----a-w-    C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51    680960    ----a-w-    C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51    440832    ----a-w-    C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51    296448    ----a-w-    C:\Windows\System32\AudioSes.dll
2014-10-03 01:44:42    442880    ----a-w-    C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26    374784    ----a-w-    C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26    195584    ----a-w-    C:\Windows\SysWow64\AudioSes.dll
2014-09-26 21:13:35    281152    ----a-w-    C:\Windows\SysWow64\PnkBstrB.xtr
.
============= FINISH: 18:41:53.50 ===============
 

Attached Files


Edited by Stannaz, 23 December 2014 - 02:13 PM.


BC AdBot (Login to Remove)

 


m

#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,901 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:06 PM

Posted 24 December 2014 - 01:35 PM

Hello and Welcome on board ,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
 
 

Info about my problem can also be found in that thread.

Repost your issues here.

Please download FRST (by Farbar) from the link below and save it to your Desktop.
 

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 Stannaz

Stannaz
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 26 December 2014 - 02:06 PM

First off, thank you for giving up your time to help me.

 

Second off, here are the logs you requested:

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-12-2014
Ran by Aaron (administrator) on AARON-PC on 26-12-2014 19:02:29
Running from F:\Downloads\RANDOM
Loaded Profile: Aaron (Available profiles: Aaron & Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) F:\Programs\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(NVIDIA) F:\Programs\NVIDIA\nTune\nTuneService.exe
() C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
() C:\Windows\System32\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(VMware, Inc.) F:\Programs\VMWare Player\vmware-authd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
() C:\Program Files (x86)\ASRock Utility\AXTU\Bin\AsrXTU.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
(Skype Technologies S.A.) C:\Users\Aaron\Desktop\SkypePortable\App\Skype\Phone\Skype.exe
() C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(NVIDIA) F:\Programs\NVIDIA\nTune\nTuneCmd.exe
(TeamSpeak Systems GmbH) C:\Users\Aaron\Desktop\Teamspeak 3\data\ts3client_win64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) F:\Games\Steam\Steam.exe
(Valve Corporation) F:\Games\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) F:\Games\Steam\bin\steamwebhelper.exe
() F:\Downloads\RANDOM\namebench-1.3.1-Windows.exe
() F:\Temp\Temp\namebench.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe
(Microsoft Corporation) C:\Windows\System32\mstsc.exe
(Mozilla Corporation) F:\Programs\Firefox\firefox.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\wmi64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11855976 2011-05-18] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [2345848 2009-11-05] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-790890260-3676742486-3618971976-1000\...\Run: [Skype] => C:\Users\Aaron\Desktop\SkypePortable\App\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-790890260-3676742486-3618971976-1000\...\MountPoints2: O - O:\SETUP.EXE
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-18] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OpenVPN Connect.lnk
ShortcutTarget: OpenVPN Connect.lnk -> C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\start_teamspeak.bat.lnk
ShortcutTarget: start_teamspeak.bat.lnk -> C:\Users\Aaron\Desktop\Teamspeak 3\start_teamspeak.bat ()
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll (Kaspersky Lab ZAO)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-790890260-3676742486-3618971976-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> F:\Programs\Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> F:\Programs\Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKU\S-1-5-21-790890260-3676742486-3618971976-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - F:\Programs\Office\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{CDFEB8B7-A094-483F-8ADF-A949C134E539}: [NameServer] 208.67.222.222,8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\hdxr4so1.default
FF Homepage: https://google.co.uk
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> F:\Programs\Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-790890260-3676742486-3618971976-1000: @nsroblox.roblox.com/launcher -> C:\Users\Aaron\AppData\Local\Roblox\Versions\version-98e339da883f4bc2\\NPRobloxProxy.dll No File
FF Plugin HKU\S-1-5-21-790890260-3676742486-3618971976-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\hdxr4so1.default\searchplugins\ixquick-ssl.xml
FF Extension: FT DeepDark - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\hdxr4so1.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2014-11-28]
FF Extension: Auto Refresh - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\hdxr4so1.default\Extensions\autorefresh@plugin.xpi [2014-07-30]
FF Extension: Reddit Enhancement Suite - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\hdxr4so1.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2014-05-29]
FF Extension: leethax.net extension - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\hdxr4so1.default\Extensions\leethax@leethax.net.xpi [2013-06-22]
FF Extension: Nimbus Screen Capture - editable screenshots. - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\hdxr4so1.default\Extensions\nimbusscreencaptureff@everhelper.me.xpi [2014-06-11]
FF Extension: YouTube High Definition - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\hdxr4so1.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-10-07]
FF Extension: Adblock Plus - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\hdxr4so1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-09]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2014-07-30]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2014-07-30]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Gevaarlijke websiteblokkering - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2014-07-30]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2014-07-30]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2014-07-30]
FF StartMenuInternet: FIREFOX.EXE - F:\Programs\Firefox\firefox.exe

Chrome:
=======
CHR Profile: C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2014-04-16]
CHR Extension: (Google Docs) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-08]
CHR Extension: (Google Drive) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-08]
CHR Extension: (YouTube) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-08]
CHR Extension: (Nimbus Screenshot) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2014-04-18]
CHR Extension: (Adblock Plus) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-16]
CHR Extension: (Google Search) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-08]
CHR Extension: (White Theme) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\eidfmlhkekofhlcimbdfmnbnlmoejdjj [2014-04-16]
CHR Extension: (Drive Notepad) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpgjomejfimnbmobcocilppikhncegaj [2014-04-16]
CHR Extension: (Chrome Audio EQ) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfafdlnjaliaghpjdajmlcnnblkgcefh [2014-04-16]
CHR Extension: (Google Wallet) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Gmail) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-08]
CHR Extension: (Change HTTP Request Header) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmibgfeefcglejjlpeihfdimbkfbbnm [2014-04-16]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 nTuneService; F:\Programs\NVIDIA\nTune\nTuneService.exe [278336 2011-09-19] (NVIDIA)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
R2 OpenVPNAccessClient; C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [24064 2014-04-09] () [File not signed]
S3 Origin Client Service; F:\Programs\Origin\OriginClientService.exe [1900400 2014-11-28] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-11-28] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-08-05] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 SbieSvc; F:\Programs\Sandboxie\SbieSvc.exe [186056 2013-10-16] (Sandboxie Holdings, LLC)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
R2 VMAuthdService; F:\Programs\VMWare Player\vmware-authd.exe [86744 2014-06-12] (VMware, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
S3 CV2K1; C:\Windows\System32\DRIVERS\cv2k1.sys [21544 2009-06-17] (TamoSoft)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-07-30] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-07-30] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628288 2014-07-30] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-07-30] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-11-11] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-11-11] (Kaspersky Lab ZAO)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 SbieDrv; F:\Programs\Sandboxie\SbieDrv.sys [200552 2013-10-16] (Sandboxie Holdings, LLC)
R3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [31232 2013-07-15] (The OpenVPN Project)
S3 TsVlb; C:\Windows\System32\DRIVERS\tsvlb.sys [22312 2006-12-11] (TamoSoft)
R1 TsVp; C:\Windows\System32\DRIVERS\tsvp.sys [32040 2007-01-19] (TamoSoft)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [106256 2013-09-06] (Oracle Corporation)
R3 vmkbd2; C:\Windows\system32\drivers\VMkbd.sys [33496 2014-06-12] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
R3 AxtuDrv; \??\C:\Windows\SysWOW64\Drivers\AxtuDrv.sys [X]
S3 cpuz135; \??\C:\Users\Aaron\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X]
S3 GPU-Z; \??\F:\Temp\Temp\GPU-ZPortableTemp\GPU-Z.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 PlantronicsGC; system32\drivers\PLTGC.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-26 19:01 - 2014-12-26 19:02 - 00000000 ____D () C:\FRST
2014-12-26 18:39 - 2014-12-26 18:39 - 00000000 ____D () C:\Windows\LastGood
2014-12-26 18:39 - 2014-11-22 10:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-12-26 18:39 - 2014-11-22 10:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-12-23 18:42 - 2014-12-23 18:42 - 00012608 _____ () C:\Users\Aaron\Desktop\attach.txt
2014-12-23 18:42 - 2014-12-23 18:41 - 00024434 _____ () C:\Users\Aaron\Desktop\dds.txt
2014-12-23 09:12 - 2014-12-24 19:37 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\upScreen
2014-12-23 09:11 - 2014-12-23 09:11 - 00002563 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\upScreen.lnk
2014-12-23 09:11 - 2014-12-23 09:11 - 00002557 _____ () C:\Users\Public\Desktop\upScreen.lnk
2014-12-23 09:11 - 2014-12-23 09:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\upScreen
2014-12-23 08:26 - 2014-12-23 08:26 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2014-12-23 08:26 - 2014-12-23 08:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
2014-12-23 08:26 - 2014-12-23 08:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-12-22 16:20 - 2014-12-26 18:40 - 00001863 _____ () C:\Windows\setupact.log
2014-12-22 16:20 - 2014-12-22 16:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-22 12:07 - 2014-12-22 12:07 - 00000000 ____D () C:\Users\Administrator\Documents\Games for Windows - LIVE Demos
2014-12-22 12:01 - 2014-12-22 12:01 - 00000000 ____D () C:\Users\Aaron\Documents\Games for Windows - LIVE Demos
2014-12-22 12:00 - 2014-12-22 12:08 - 00004960 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Aaron-PC-Administrator Aaron-PC
2014-12-22 11:47 - 2013-10-30 13:52 - 00900456 _____ (Foolish IT LLC) C:\Users\Aaron\Desktop\CryptoPrevent.exe
2014-12-19 12:35 - 2014-12-19 13:05 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\Tox
2014-12-19 01:23 - 2014-12-19 01:27 - 00000000 ____D () C:\Users\Aaron\Documents\Shiner
2014-12-19 01:23 - 2014-12-19 01:23 - 00000000 ____D () C:\Users\Aaron\Documents\Robot Entertainment
2014-12-18 23:51 - 2009-07-14 01:41 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\rsatclient.dll
2014-12-18 17:15 - 2014-12-18 17:15 - 00000000 ____D () C:\Users\Aaron\Desktop\MumblePortable
2014-12-18 13:19 - 2014-12-13 05:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 13:19 - 2014-12-13 03:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-16 17:53 - 2014-12-14 15:41 - 00014848 _____ () C:\Users\Aaron\Desktop\NV_RGBFullRangeToggle.exe
2014-12-12 18:04 - 2014-12-12 18:04 - 00000000 ____D () C:\Users\Aaron\Desktop\Tox.im
2014-12-12 17:44 - 2014-12-24 22:31 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\.purple
2014-12-12 17:44 - 2014-12-12 17:44 - 00000642 _____ () C:\Users\Public\Desktop\Pidgin.lnk
2014-12-12 17:44 - 2014-12-12 17:44 - 00000642 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pidgin.lnk
2014-12-12 17:44 - 2014-12-12 17:44 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\pidgin-otr
2014-12-12 17:44 - 2014-12-12 17:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pidgin-otr
2014-12-12 17:02 - 2014-12-22 08:24 - 00000971 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2014-12-12 17:02 - 2014-12-22 08:24 - 00000959 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2014-12-11 17:37 - 2014-11-27 01:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-11 17:37 - 2014-11-27 01:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-11 17:37 - 2014-11-22 03:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 17:37 - 2014-11-22 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-11 17:37 - 2014-11-22 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-11 17:37 - 2014-11-22 02:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 17:37 - 2014-11-22 02:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-11 17:37 - 2014-11-22 02:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 17:37 - 2014-11-22 02:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-11 17:37 - 2014-11-22 02:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-11 17:37 - 2014-11-22 02:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-11 17:37 - 2014-11-22 02:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-11 17:37 - 2014-11-22 02:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 17:37 - 2014-11-22 02:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-11 17:37 - 2014-11-22 02:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 17:37 - 2014-11-22 02:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-11 17:37 - 2014-11-22 02:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-11 17:37 - 2014-11-22 02:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-11 17:37 - 2014-11-22 02:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-11 17:37 - 2014-11-22 02:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-11 17:37 - 2014-11-22 02:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-11 17:37 - 2014-11-22 02:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-11 17:37 - 2014-11-22 02:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-11 17:37 - 2014-11-22 02:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-11 17:37 - 2014-11-22 02:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-11 17:37 - 2014-11-22 02:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-11 17:37 - 2014-11-22 02:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 17:37 - 2014-11-22 02:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-11 17:37 - 2014-11-22 02:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-11 17:37 - 2014-11-22 01:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-11 17:37 - 2014-11-22 01:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-11 17:37 - 2014-11-22 01:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-11 17:37 - 2014-11-22 01:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-11 17:37 - 2014-11-22 01:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 17:37 - 2014-11-22 01:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-11 17:37 - 2014-11-22 01:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-11 17:37 - 2014-11-22 01:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 17:37 - 2014-11-22 01:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-11 17:37 - 2014-11-22 01:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 17:37 - 2014-11-22 01:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-11 17:37 - 2014-11-22 01:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-11 17:37 - 2014-11-22 01:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-11 17:37 - 2014-11-22 01:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-11 17:37 - 2014-11-22 01:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-11 17:37 - 2014-11-22 01:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 17:37 - 2014-11-22 01:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-11 17:37 - 2014-11-22 01:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-11 17:37 - 2014-11-22 01:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-11 17:37 - 2014-11-22 01:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 17:37 - 2014-11-22 01:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-11 17:37 - 2014-11-22 01:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-11 17:37 - 2014-11-22 01:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-11 17:37 - 2014-11-22 00:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-11 17:37 - 2014-11-22 00:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-11 17:37 - 2014-11-11 03:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 17:37 - 2014-11-11 02:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-06 02:32 - 2014-12-06 02:32 - 00000000 ____D () C:\Users\Aaron\Desktop\VLCPortable
2014-12-05 23:23 - 2014-12-05 23:24 - 00000000 ____D () C:\Program Files (x86)\GUM33E2.tmp
2014-12-05 23:22 - 2014-12-25 11:27 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790890260-3676742486-3618971976-500UA.job
2014-12-05 23:22 - 2014-12-24 23:27 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790890260-3676742486-3618971976-500Core.job
2014-12-05 23:22 - 2014-12-05 23:22 - 00003930 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-790890260-3676742486-3618971976-500UA
2014-12-05 23:22 - 2014-12-05 23:22 - 00003534 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-790890260-3676742486-3618971976-500Core
2014-12-05 18:17 - 2014-12-05 18:18 - 00000000 ____D () C:\Users\Aaron\Desktop\Tor Browser
2014-12-03 17:08 - 2014-12-03 17:08 - 00000282 _____ () C:\Users\Administrator\openvpn-connect.json
2014-12-03 17:07 - 2014-12-03 17:07 - 00001371 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN Connect.lnk
2014-12-03 17:06 - 2014-12-03 17:07 - 05255388 _____ () C:\Users\Administrator\Downloads\openvpn-connect-2.0.7.100(1).msi
2014-12-02 17:33 - 2014-12-17 16:56 - 00000378 _____ () C:\Users\Aaron\openvpn-connect.json
2014-12-02 17:32 - 2014-12-23 09:11 - 00002608 _____ () C:\Users\Administrator\ovpntray.log
2014-12-02 17:31 - 2014-12-02 17:31 - 05251206 _____ () C:\Users\Administrator\Downloads\openvpn-connect-2.0.7.100.msi
2014-12-02 17:03 - 2014-12-26 18:30 - 00012639 _____ () C:\Users\Aaron\ovpntray.log
2014-12-02 17:02 - 2014-12-03 17:07 - 00001359 _____ () C:\Users\Public\Desktop\OpenVPN Connect.lnk
2014-12-02 17:02 - 2014-12-02 17:02 - 00000000 ____D () C:\Program Files (x86)\OpenVPN Technologies
2014-12-02 17:01 - 2014-12-05 23:23 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Mozilla
2014-12-02 16:53 - 2014-12-04 16:49 - 00000000 ____D () C:\Users\Aaron\Desktop\PuTTY
2014-11-29 01:37 - 2014-11-29 01:37 - 00002916 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Aaron

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-26 18:52 - 2014-10-07 16:15 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\Skype
2014-12-26 18:47 - 2013-04-12 08:27 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-12-26 18:36 - 2009-07-14 05:13 - 00786022 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-26 18:36 - 2009-07-14 04:45 - 00033664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-26 18:36 - 2009-07-14 04:45 - 00033664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-26 18:34 - 2014-01-29 16:49 - 01563725 _____ () C:\Windows\WindowsUpdate.log
2014-12-26 18:31 - 2014-08-01 06:53 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-12-26 18:30 - 2014-10-02 16:08 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-12-26 18:30 - 2013-12-20 16:56 - 00000000 ____D () C:\ProgramData\VMware
2014-12-26 18:30 - 2013-03-18 04:41 - 00002960 _____ () C:\Windows\System32\Tasks\AsrXTU
2014-12-26 18:30 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-25 11:03 - 2014-07-30 10:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-25 10:40 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\tracing
2014-12-25 01:49 - 2014-05-28 11:57 - 00002036 ____H () C:\Users\Aaron\Documents\Default.rdp
2014-12-24 22:21 - 2013-03-20 17:44 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\FileZilla
2014-12-24 13:27 - 2014-10-25 12:09 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-12-23 20:24 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
2014-12-23 16:05 - 2013-04-20 09:37 - 00000000 ____D () C:\Users\Aaron\.VirtualBox
2014-12-23 15:39 - 2013-12-20 17:07 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\VMware
2014-12-23 14:43 - 2009-07-14 05:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-12-23 08:34 - 2013-05-17 15:58 - 00000000 ____D () C:\Users\Aaron\Documents\My Games
2014-12-23 08:26 - 2009-07-14 05:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-22 12:32 - 2014-01-20 19:09 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\IObit
2014-12-22 12:06 - 2013-03-18 04:32 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-12-22 11:56 - 2013-03-23 08:56 - 00507680 _____ () C:\Windows\DirectX.log
2014-12-22 11:52 - 2014-09-30 17:13 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-12-19 12:21 - 2014-10-28 08:18 - 00000000 ____D () C:\Users\Aaron\Desktop\Teamspeak 3
2014-12-19 00:48 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-12-18 23:55 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-12-18 23:55 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\ar-SA
2014-12-18 22:19 - 2013-12-28 12:15 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\Bioshock
2014-12-13 13:33 - 2013-03-17 21:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-13 10:42 - 2009-07-14 04:45 - 05054648 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-13 00:12 - 2014-07-18 15:55 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-12-13 00:12 - 2014-07-18 15:55 - 01291464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-12-13 00:12 - 2013-11-28 18:25 - 02824504 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-12-13 00:12 - 2013-11-28 18:25 - 02210040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-12-12 17:43 - 2013-03-18 04:13 - 00000000 ____D () C:\Users\Aaron
2014-12-12 16:54 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-12 16:53 - 2013-05-17 22:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-11 18:36 - 2013-03-17 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-12-11 18:35 - 2013-08-14 17:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 18:32 - 2013-04-10 08:54 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 18:03 - 2014-07-30 10:41 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 18:03 - 2014-07-30 10:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 18:03 - 2014-07-30 10:41 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-03 17:08 - 2014-08-19 08:16 - 00000000 ____D () C:\Users\Administrator
2014-12-03 16:41 - 2013-03-17 21:37 - 00075376 _____ () C:\Windows\PFRO.log
2014-12-03 16:41 - 2009-07-14 05:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-29 03:17 - 2013-07-09 15:44 - 00000000 ____D () C:\ProgramData\Origin
2014-11-29 03:17 - 2009-07-14 07:46 - 00000000 ____D () C:\Windows\ShellNew
2014-11-29 03:17 - 2009-07-14 05:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-11-29 03:17 - 2009-07-14 03:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-29 01:38 - 2013-03-28 17:21 - 00000000 ____D () C:\Program Files\Plantronics
2014-11-29 01:38 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system
2014-11-29 01:08 - 2013-11-30 11:10 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-11-29 00:40 - 2013-04-20 10:23 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-11-28 19:22 - 2013-12-13 22:16 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-11-28 19:07 - 2014-05-28 21:18 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-11-28 17:48 - 2013-07-09 15:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-25 11:09

==================== End Of Log ============================

 

 

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-12-2014
Ran by Aaron at 2014-12-26 19:02:58
Running from F:\Downloads\RANDOM
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky PURE 3.0 (Disabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky PURE 3.0 (Disabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 3.0 (Disabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
aioscnnr (x32 Version: 5.7.5.30 - Your Company Name) Hidden
aioscnnr (x32 Version: 7.6.11.10 - Your Company Name) Hidden
Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version:  - Frictional Games)
Arma 2 (HKLM-x32\...\Steam App 33910) (Version:  - Bohemia Interactive)
Arma 2: DayZ Mod (HKLM-x32\...\Steam App 224580) (Version:  - )
Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead Beta (HKLM-x32\...\Steam App 219540) (Version:  - )
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.1.0 - Asmedia Technology)
ASRock eXtreme Tuner v0.1.91 (HKLM-x32\...\ASRock eXtreme Tuner_is1) (Version:  - )
ATI Catalyst Install Manager (HKLM\...\{2770B8D8-701A-1D22-635F-8711DFC06B92}) (Version: 3.0.762.0 - ATI Technologies, Inc.)
Axife Mouse Recorder DEMO 5.01 (HKLM-x32\...\Axife Mouse Recorder DEMO_is1) (Version:  - Axife Software)
Bad Rats (HKLM-x32\...\Steam App 34900) (Version:  - Invent4 Entertainment)
Battlefield 2 (HKLM-x32\...\Steam App 24860) (Version:  - DICE)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23028 - Electronic Arts)
Battlefield 4™ Beta (HKLM-x32\...\{CFAB3721-549D-4827-A4E8-7F90192114AB}) (Version: 1.0.0.0 - Electronic Arts)
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.1.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BioShock (HKLM-x32\...\Steam App 7670) (Version:  - 2K Boston)
BioShock 2 (HKLM-x32\...\Steam App 8850) (Version:  - 2K Marin)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
BIT.TRIP RUNNER (HKLM-x32\...\Steam App 63710) (Version:  - Gaijin Games)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Blacklight: Retribution (HKLM-x32\...\Steam App 209870) (Version:  - Zombie, Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Botanicula (HKLM-x32\...\Steam App 207690) (Version:  - Amanita Design)
Bulletstorm (HKLM-x32\...\Steam App 99810) (Version:  - People Can Fly)
Call of Duty Advanced Warfare (HKLM-x32\...\Call of Duty Advanced Warfare_is1) (Version:  - )
Call of Duty® 4 - Modern Warfare™ (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.7 - Activision)
Call of Duty® 4 - Modern Warfare™ (x32 Version: 1.00.0000 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ 1.6 Patch (x32 Version:  - ) Hidden
Call of Duty® 4 - Modern Warfare™ 1.6 Patch (x32 Version: 1.6 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ 1.7 Patch (x32 Version:  - ) Hidden
Call of Duty® 4 - Modern Warfare™ 1.7 Patch (x32 Version: 1.7 - Activision) Hidden
Call of Duty: Black Ops - Multiplayer (HKLM-x32\...\Steam App 42710) (Version:  - Treyarch)
Call of Duty: Black Ops (HKLM-x32\...\Steam App 42700) (Version:  - Treyarch)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - )
Call of Duty: Black Ops II - Zombies (HKLM-x32\...\Steam App 212910) (Version:  - )
Call of Duty: Black Ops II (HKLM-x32\...\Steam App 202970) (Version:  - )
Call of Duty: Ghosts - Multiplayer (HKLM-x32\...\Steam App 209170) (Version:  - )
Call of Duty: Ghosts (HKLM-x32\...\Steam App 209160) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 3 - Dedicated Server (HKLM-x32\...\Steam App 42750) (Version:  - Infinity Ward - Sledgehammer Games)
Call of Duty: Modern Warfare 3 (HKLM-x32\...\Steam App 42680) (Version:  - Infinity Ward - Sledgehammer Games)
Castle Crashers (HKLM-x32\...\Steam App 204360) (Version:  - The Behemoth)
center (x32 Version: 6.2.5.0 - Eastman Kodak Company) Hidden
CommView (HKLM-x32\...\CommView) (Version: 6.1 - TamoSoft)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Counter-Strike: Condition Zero (HKLM-x32\...\Steam App 80) (Version:  - Valve)
Counter-Strike: Condition Zero Deleted Scenes (HKLM-x32\...\Steam App 100) (Version:  - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dead Bits (HKLM-x32\...\Steam App 303390) (Version:  - Microblast Games)
Deus Ex: Human Revolution (HKLM-x32\...\Steam App 28050) (Version:  - Eidos Montreal)
DLC Quest (HKLM-x32\...\Steam App 230050) (Version:  - Going Loud Studios)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve )
Dota 2 Test (HKLM-x32\...\Steam App 205790) (Version:  - )
Dungeonland (HKLM-x32\...\Steam App 218130) (Version:  - Critical Studio)
E.Y.E: Divine Cybermancy (HKLM-x32\...\Steam App 91700) (Version:  - Streum On Studio)
Europa Universalis III (HKLM-x32\...\Steam App 25800) (Version:  - Paradox Development Studio)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Far Cry 4 (HKLM-x32\...\Far Cry 4_is1) (Version: 1.0 - Релиз от R.G. Steamgames)
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version:  - Ubisoft)
FileZilla Client 3.7.3 (HKU\S-1-5-21-790890260-3676742486-3618971976-1000\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
Foxit Reader 5.0 (HKLM-x32\...\Foxit Reader_is1) (Version: 5.0.2.718 - Foxit Corporation)
Fraps (HKLM-x32\...\Fraps3.4) (Version: 3.4 - Fraps)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - Subset Games)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Team Garry)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Guns of Icarus Online (HKLM-x32\...\Steam App 209080) (Version:  - Muse Games)
Half-Life 2: Deathmatch (HKLM-x32\...\Steam App 320) (Version:  - Valve)
HAWKEN (HKLM-x32\...\Steam App 271290) (Version:  - Adhesive Games)
HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{FB555BCF-9202-4886-9203-88C9A210D727}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.0.4.922 - IObit)
Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
Kaspersky PURE 3.0 (HKLM-x32\...\InstallWIX_{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}) (Version: 13.0.2.558 - Kaspersky Lab)
Kaspersky PURE 3.0 (x32 Version: 13.0.2.558 - Kaspersky Lab) Hidden
Killing Floor (HKLM-x32\...\Steam App 1250) (Version:  - Tripwire Interactive)
Kodak AIO Printer (Version: 7.0.3.0 - Eastman Kodak Company) Hidden
KSP - Kerbal Space Program 0.20.2 (HKLM-x32\...\KSP - Kerbal Space Program 0.20.20.20.2) (Version: 0.20.2 - Friends in War)
Left 4 Dead (HKLM-x32\...\Steam App 500) (Version:  - Valve)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Left 4 Dead 2 Beta (HKLM-x32\...\Steam App 223530) (Version:  - )
Leviathan: Warships (HKLM-x32\...\Steam App 202270) (Version:  - Pieces Interactive)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Mass Effect (HKLM-x32\...\{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}) (Version: 1.00 - Electronic Arts, Inc.)
Mass Effect 2 (HKLM-x32\...\Steam App 24980) (Version:  - BioWare)
Max Payne 3 (HKLM-x32\...\Steam App 204100) (Version:  - Rockstar Studios)
McPixel (HKLM-x32\...\Steam App 220860) (Version:  - Sos)
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version:  - 4A Games)
Metro: Last Light (HKLM-x32\...\Steam App 43160) (Version:  - 4A Games)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft IntelliType Pro 7.1 (HKLM\...\{E6B7BD80-A921-4C72-A68B-44A9EB438BE4}) (Version: 7.10.344.0 - Microsoft)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version:  - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mirror's Edge (HKLM-x32\...\Steam App 17410) (Version:  - DICE)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 21.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Natural Selection 2 (HKLM-x32\...\Steam App 4920) (Version:  - Unknown Worlds Entertainment)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.3.1 - )
NVIDIA 3D Vision Controller Driver 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 334.89 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA Performance (HKLM-x32\...\InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenVPN Connect (HKLM-x32\...\{D7C1D61E-B2A2-4C4C-896E-3F6CB09001B1}) (Version: 2.0.7.100 - OpenVPN Technologies)
Oracle VM VirtualBox 4.3.6 (HKLM\...\{DC65DFD8-E175-4A85-948A-42965853B2E8}) (Version: 4.3.6 - Oracle Corporation)
Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version:  - Robot Entertainment)
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
ORION: Prelude (HKLM-x32\...\Steam App 104900) (Version:  - Spiral Game Studios)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.11 - )
pidgin-otr 4.0.1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.1 - Cypherpunks CA)
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version:  - Sony Online Entertainment)
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
Prison Architect (HKLM-x32\...\Steam App 233450) (Version:  - Introversion Software)
Project Reality: BF2 (HKLM\...\Project Reality: BF2 (pr)_is1) (Version: v1.2 - Project Reality)
PROTOTYPE 2 (HKLM-x32\...\Steam App 115320) (Version:  - Radical Entertainment)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
Python 2.7.7 (HKLM-x32\...\{049CA433-77A0-4e48-AC76-180A282C4E10}) (Version: 2.7.7150 - Python Software Foundation)
RAGE (HKLM-x32\...\Steam App 9200) (Version:  - id Software)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6378 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
Saints Row IV (HKLM-x32\...\U2FpbnRzUm93SVY=_is1) (Version: 1 - )
Sanctum 2 (HKLM-x32\...\Steam App 210770) (Version:  - Coffee Stain Studios)
Sandboxie 4.06 (64-bit) (HKLM\...\Sandboxie) (Version: 4.06 - Sandboxie Holdings, LLC)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version:  - United Front Games)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
Sniper Elite: Nazi Zombie Army 2 (HKLM-x32\...\Steam App 247910) (Version:  - )
Sniper Ghost Warrior 2 (HKLM-x32\...\Steam App 34870) (Version:  - City Interactive)
Soldier of Fortune - Community Edition 5.1 (HKLM-x32\...\Soldier of Fortune - Community Edition 5.1) (Version:  - )
Soldier of Fortune II - Double Helix GOLD (HKLM-x32\...\Soldier of Fortune II - Double Helix GOLD) (Version: 1.02 - Activsion, Inc.)
Sonic Visualiser (HKLM-x32\...\{49ECD2A3-7B85-4DCB-A900-44D64F5C5687}) (Version: 2.3.0 - Queen Mary, University of London)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Stronghold 3 (HKLM-x32\...\Steam App 47400) (Version:  - Firefly Studios)
Super Crate Box (HKLM-x32\...\Steam App 212800) (Version:  - Vlambeer)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Team Fortress 2 Beta (HKLM-x32\...\Steam App 520) (Version:  - Valve)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
The Plan (HKLM-x32\...\Steam App 250600) (Version:  - Krillbite Studio)
The Showdown Effect (HKLM-x32\...\Steam App 204080) (Version:  - Arrowhead Game Studios)
The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version:  - Galactic Cafe)
Thief (HKLM-x32\...\Steam App 239160) (Version:  - Eidos-Montréal)
Thinking with Time Machine (HKLM-x32\...\Steam App 286080) (Version:  - Stridemann)
This War of Mine (HKLM-x32\...\{5FD7B6B3-08C7-4FEE-9C37-A2134C699885}}_is1) (Version: 1 - 11 bit studios)
Thomas Was Alone (HKLM-x32\...\Steam App 220780) (Version:  - Mike Bithell)
Tropico 4 (HKLM-x32\...\Steam App 57690) (Version:  - Haemimont Games)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
upScreen (HKLM-x32\...\{37AF4802-076A-451A-B965-251E2B1106BE}) (Version: 1.5.1 - ioannisg.me)
Vegas Pro 13.0 (64-bit) (HKLM\...\{D0360940-CCC6-11E3-B9C6-F04DA23A5C58}) (Version: 13.0.310 - Sony)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 6.0.3 - VMware, Inc)
VMware Player (Version: 6.0.3 - VMware, Inc.) Hidden
War of the Roses (HKLM-x32\...\Steam App 42160) (Version:  - Fatshark)
War of the Roses Balance Beta (HKLM-x32\...\Steam App 206980) (Version:  - )
Warface (HKLM-x32\...\Steam App 291480) (Version:  - Crytek GmbH)
Warlock - Master of the Arcane (HKLM-x32\...\Steam App 203630) (Version:  - Ino-Co Plus)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-790890260-3676742486-3618971976-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Aaron\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2014-12-03 17:07 - 00000979 ____A C:\Windows\system32\Drivers\etc\hosts
127.94.0.1    client.openvpn.net
127.94.0.2    openvpn-client.stn.so


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {08CA9D10-0A1A-49D1-8482-D86D63184AB7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe
Task: {0A3C45B8-4D6D-44F8-A134-CAAC3A5FF09B} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Aaron-PC-Administrator Aaron-PC => F:\Programs\Office\Office15\MsoSync.exe [2014-11-12] (Microsoft Corporation)
Task: {184B58E9-D176-455D-98EF-2B3D0691BF03} - System32\Tasks\Uninstaller_SkipUac_Aaron => G:\\PortableApps\\IObitUninstallerPortable\\App\\uninstaller\\IObitUninstaler.exe
Task: {206DF9D8-91AA-4EEE-B397-C92FA6E68D95} - System32\Tasks\{192A75B6-8FD2-48B7-BD30-775545A71846} => pcalua.exe -a F:\Downloads\RANDOM\VirtualBox-4.2.18-88781-Win.exe -d F:\Downloads\RANDOM
Task: {4748DCF1-404B-45CF-91C6-EEB13D03240F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-790890260-3676742486-3618971976-500UA => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2014-12-05] (Google Inc.)
Task: {477E130A-AD68-4DA8-BEB2-E438E0A07AB1} - System32\Tasks\{7D167782-555B-4F27-AFD6-38E2704C8A13} => Firefox.exe http://ui.skype.com/ui/0/6.22.81.104/en/go/help.faq.installer?source=lightinstaller&amp;LastError=1603
Task: {4C2A5AC0-9A30-485A-B340-09787404B804} - System32\Tasks\AsrXTU => C:\Program Files (x86)\ASRock Utility\AXTU\Bin\AsrXTU.exe [2011-05-27] ()
Task: {51EA2446-9B51-4326-ACAB-44285F6395D9} - System32\Tasks\{98470B2D-AC62-402A-9CDE-22A7668A9FF8} => Firefox.exe http://ui.skype.com/ui/0/6.20.0.104/en/go/help.faq.installer?source=lightinstaller&amp;LastError=1603
Task: {57F09F8C-9764-4C6F-B65D-95FECAE5E836} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2014-02-07] ()
Task: {77F697BE-8179-4E5C-973D-88449C90CACB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {7D56DC3A-AE14-4895-9196-8417CB26A631} - System32\Tasks\{80D673C4-A87A-4E68-8A54-5CDE1271619F} => Firefox.exe http://ui.skype.com/ui/0/6.21.0.104/en/go/help.faq.installer?LastError=1603
Task: {7F095399-FBB4-4A70-A81A-EFEDC814EA43} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe
Task: {823CB9D5-9FAE-401D-97DC-631B7E93A316} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {886FFFEB-0AB1-4C48-B095-1007D0C53F9D} - System32\Tasks\{7817D6ED-D16E-4257-89FD-EC87F3AD8F69} => Firefox.exe http://ui.skype.com/ui/0/6.20.0.104/en/go/help.faq.installer?source=lightinstaller&amp;LastError=1603
Task: {8D795D0E-DEC1-4E73-A9CA-D6C4003AACD5} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {9171CE07-EAF8-4755-9C2E-E7BAE5A6A2CA} - System32\Tasks\{9F92CA80-4987-4CED-BE7A-F97B53486665} => Firefox.exe http://ui.skype.com/ui/0/6.20.0.104/en/go/help.faq.installer?source=lightinstaller&amp;LastError=1603
Task: {9C7906F6-1441-4083-85AD-8F57D5AC1B04} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2009-11-05] (Microsoft Corporation)
Task: {B9D2A5C5-9D52-43B8-8A15-15401B455A73} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2013-12-05] ()
Task: {BD0B322F-85F3-4C75-A2E7-68EF29A853A0} - System32\Tasks\{73E1FDA9-3475-433A-B435-EB46F87B34A1} => Firefox.exe http://ui.skype.com/ui/0/6.20.0.104/en/go/help.faq.installer?source=lightinstaller&amp;LastError=1603
Task: {D7695DA1-6CB0-496E-98E0-CDCCECFB8012} - System32\Tasks\{20187729-23A9-4FDE-AB2C-E40854AEFF3A} => Firefox.exe http://ui.skype.com/ui/0/6.20.0.104/en/go/help.faq.installer?source=lightinstaller&amp;LastError=1603
Task: {D942E5AB-3ABE-46FD-AA38-1FA0B7BE28C9} - System32\Tasks\{C7EE5EDE-2C7F-4AAC-82D1-72B2AEE39CB0} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.3.0.105&amp;LastError=404
Task: {E9870254-DD7D-412A-8079-AF3D8C5E06AB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-790890260-3676742486-3618971976-500Core => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2014-12-05] (Google Inc.)
Task: {F302BE6C-A054-44C4-8E07-3D88B181B66F} - System32\Tasks\{00FE7C4C-93DC-44D4-AE06-CF8A2E903CE9} => Firefox.exe http://ui.skype.com/ui/0/6.20.0.104/en/abandoninstall?source=lightinstaller&amp;page=tsPlugin
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790890260-3676742486-3618971976-500Core.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790890260-3676742486-3618971976-500UA.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-03-18 04:32 - 2014-09-13 21:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-04-09 10:45 - 2014-04-09 10:45 - 00024064 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
2013-12-13 22:16 - 2014-11-28 19:22 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2011-06-08 21:57 - 2011-06-08 21:57 - 02812776 _____ () C:\Windows\system32\HPScanTRDrv_DJ3050A_J611.dll
2010-01-02 14:42 - 2010-01-02 14:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-06-18 15:24 - 2012-06-18 15:24 - 00222720 _____ () F:\Programs\Notepad++\NppShell_05.dll
2013-03-18 04:38 - 2011-05-27 16:25 - 07336232 _____ () C:\Program Files (x86)\ASRock Utility\AXTU\Bin\AsrXTU.exe
2014-09-18 07:23 - 2014-09-18 07:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-10-14 18:51 - 2014-10-14 18:51 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 07:23 - 2014-09-18 07:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-10-14 18:51 - 2014-10-14 18:51 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-04-09 10:45 - 2014-04-09 10:45 - 00055296 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe
2014-10-28 08:19 - 2014-02-28 09:14 - 00173568 _____ () C:\Users\Aaron\Desktop\Teamspeak 3\Data\quazip.dll
2014-10-28 08:19 - 2014-02-27 14:51 - 01080832 _____ () C:\Users\Aaron\Desktop\Teamspeak 3\Data\platforms\qwindows.dll
2014-10-28 08:20 - 2014-02-27 14:51 - 00833024 _____ () C:\Users\Aaron\Desktop\Teamspeak 3\Data\sqldrivers\qsqlite.dll
2014-10-28 08:20 - 2014-02-28 13:07 - 00102344 _____ () C:\Users\Aaron\Desktop\Teamspeak 3\Data\soundbackends\directsound_win64.dll
2014-10-28 08:20 - 2014-02-28 13:07 - 00108488 _____ () C:\Users\Aaron\Desktop\Teamspeak 3\Data\soundbackends\windowsaudiosession_win64.dll
2014-10-28 08:19 - 2014-02-27 14:51 - 00030208 _____ () C:\Users\Aaron\Desktop\Teamspeak 3\Data\imageformats\qgif.dll
2014-10-28 08:19 - 2014-02-27 14:51 - 00233984 _____ () C:\Users\Aaron\Desktop\Teamspeak 3\Data\imageformats\qjpeg.dll
2014-10-28 08:19 - 2014-02-28 13:10 - 00563656 _____ () C:\Users\Aaron\Desktop\Teamspeak 3\Data\plugins\clientquery_plugin.dll
2014-10-28 08:20 - 2014-02-28 13:10 - 00577480 _____ () C:\Users\Aaron\Desktop\Teamspeak 3\Data\plugins\teamspeak_control_plugin.dll
2014-10-28 08:19 - 2014-02-27 14:51 - 00159232 _____ () C:\Users\Aaron\Desktop\Teamspeak 3\Data\accessible\qtaccessiblewidgets.dll
2014-12-26 18:38 - 2014-12-26 18:38 - 05227019 _____ () F:\Downloads\RANDOM\namebench-1.3.1-Windows.exe
2014-12-26 18:39 - 2010-06-06 09:22 - 00020480 _____ () F:\Temp\Temp\namebench.exe
2012-12-20 17:19 - 2012-12-20 17:19 - 00479752 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll
2012-12-20 17:19 - 2012-12-20 17:19 - 01310728 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\kpcengine.2.2.dll
2011-02-26 11:33 - 2011-02-26 11:33 - 00027648 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\servicemanager.pyd
2011-02-27 10:12 - 2011-02-27 10:12 - 00110080 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pywintypes26.dll
2011-02-26 11:32 - 2011-02-26 11:32 - 00040960 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32service.pyd
2011-02-26 11:33 - 2011-02-26 11:33 - 00096768 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32api.pyd
2011-02-26 11:32 - 2011-02-26 11:32 - 00017408 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32profile.pyd
2010-08-24 18:48 - 2010-08-24 18:48 - 00153088 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pyexpat.pyd
2010-08-24 18:47 - 2010-08-24 18:47 - 00040448 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_socket.pyd
2010-08-24 18:48 - 2010-08-24 18:48 - 00720896 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_ssl.pyd
2011-02-26 11:32 - 2011-02-26 11:32 - 00110080 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32security.pyd
2011-02-26 11:34 - 2011-02-26 11:34 - 00354304 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pythoncom26.dll
2011-02-26 11:38 - 2011-02-26 11:38 - 00265728 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32com.shell.shell.pyd
2014-04-09 10:45 - 2014-04-09 10:45 - 00019968 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\zope.interface._zope_interface_coptimizations.pyd
2010-08-24 18:48 - 2010-08-24 18:48 - 00286208 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_hashlib.pyd
2010-08-24 18:48 - 2010-08-24 18:48 - 00073728 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_ctypes.pyd
2010-08-24 18:48 - 2010-08-24 18:48 - 00011776 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\select.pyd
2014-04-09 10:45 - 2014-04-09 10:45 - 00010240 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.rand.pyd
2014-04-09 10:45 - 2014-04-09 10:45 - 00061440 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.crypto.pyd
2014-04-09 10:45 - 2014-04-09 10:45 - 00039424 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.SSL.pyd
2011-02-26 11:32 - 2011-02-26 11:32 - 00035840 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32process.pyd
2014-04-09 10:45 - 2014-04-09 10:45 - 00007680 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\twisted.protocols._c_urlarg.pyd
2014-04-09 10:45 - 2014-04-09 10:45 - 00007168 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pyovpnc.pyd
2011-02-26 11:31 - 2011-02-26 11:31 - 00112128 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32file.pyd
2011-02-26 11:31 - 2011-02-26 11:31 - 00017408 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32event.pyd
2011-02-26 11:32 - 2011-02-26 11:32 - 00023552 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32pipe.pyd
2010-08-24 18:48 - 2010-08-24 18:48 - 00585728 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\unicodedata.pyd
2011-02-26 11:33 - 2011-02-26 11:33 - 00022528 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32ts.pyd
2014-06-12 17:22 - 2014-06-12 17:22 - 01261272 _____ () F:\Programs\VMWare Player\libxml2.dll
2013-03-18 04:38 - 2010-09-20 18:52 - 00094208 _____ () C:\Program Files (x86)\ASRock Utility\AXTU\Bin\IccLibDll.DLL
2014-10-14 23:28 - 2014-10-14 23:28 - 08897696 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2011-02-26 11:33 - 2011-02-26 11:33 - 00167424 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32gui.pyd
2014-04-09 01:04 - 2014-04-09 01:04 - 00005632 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\ovpntray.dll
2014-09-01 20:09 - 2014-11-11 18:48 - 01171456 _____ () F:\Games\Steam\libavcodec-56.dll
2014-09-01 20:09 - 2014-11-11 18:48 - 00442368 _____ () F:\Games\Steam\libavutil-54.dll
2014-09-01 20:09 - 2014-11-11 18:48 - 00332800 _____ () F:\Games\Steam\libavresample-2.dll
2013-03-12 17:10 - 2014-11-11 18:47 - 00774656 _____ () F:\Games\Steam\SDL2.dll
2014-05-22 15:45 - 2014-11-18 20:23 - 02227904 _____ () F:\Games\Steam\video.dll
2014-09-01 20:09 - 2014-11-11 18:48 - 00403968 _____ () F:\Games\Steam\libavformat-56.dll
2014-09-01 20:09 - 2014-11-11 18:48 - 00485888 _____ () F:\Games\Steam\libswscale-3.dll
2013-02-25 07:39 - 2014-11-18 20:23 - 00690880 _____ () F:\Games\Steam\bin\chromehtml.DLL
2013-02-19 11:48 - 2014-11-11 18:48 - 34589888 _____ () F:\Games\Steam\bin\libcef.dll
2014-08-19 07:38 - 2014-11-11 18:48 - 00837824 _____ () F:\Games\Steam\bin\ffmpegsumo.dll
2014-12-26 18:39 - 2010-05-09 11:34 - 00040960 _____ () F:\Temp\Temp\_socket.pyd
2014-12-26 18:39 - 2010-05-09 11:35 - 00721408 _____ () F:\Temp\Temp\_ssl.pyd
2014-12-26 18:39 - 2010-05-09 11:35 - 00287232 _____ () F:\Temp\Temp\_hashlib.pyd
2014-12-26 18:39 - 2010-05-09 11:35 - 00688128 _____ () F:\Temp\Temp\unicodedata.pyd
2014-12-26 18:39 - 2010-05-09 11:35 - 00011776 _____ () F:\Temp\Temp\select.pyd
2014-12-26 18:39 - 2010-05-09 11:35 - 00073216 _____ () F:\Temp\Temp\_ctypes.pyd
2014-12-26 18:39 - 2010-05-09 11:34 - 00030208 _____ () F:\Temp\Temp\_tkinter.pyd
2014-10-17 16:15 - 2014-10-17 16:15 - 00994304 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Compba577418#\4e82ad8b86a02fed7dd4c83c37d45885\System.ComponentModel.Composition.ni.dll
2014-10-17 16:16 - 2014-10-17 16:16 - 00152576 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Comp7dda8007#\12415a9dadf0f310823eaa1f4ec069ea\System.ComponentModel.Composition.Registration.ni.dll
2014-10-17 16:15 - 2014-10-17 16:15 - 00195584 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Reflc3377498#\26b7f6ec317821805e98d71e33609643\System.Reflection.Context.ni.dll
2014-10-17 16:15 - 2014-10-17 16:15 - 00779264 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ReactiveUI\8b50497c83ee7beee9f92ad9563d16a9\ReactiveUI.ni.dll
2014-10-17 16:16 - 2014-10-17 16:16 - 00315392 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ReactiveUI.Xaml\731a36ff5ce874623805ca7bb5813217\ReactiveUI.Xaml.ni.dll
2014-12-10 17:23 - 2014-12-10 17:23 - 03758192 _____ () F:\Programs\Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}
AlternateDataStreams: C:\Windows\System32:{DA6227CB-326B-4B4D-9A81-04B61F1538DD}

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\72407314.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\72407314.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: SbieSvc => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SolidWorks 2013 Fast Start.lnk => C:\Windows\pss\SolidWorks 2013 Fast Start.lnk.CommonStartup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "F:\Programs\Adobe\CS6 Master Collection\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "F:\Programs\Adobe\CS6 Master Collection\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Conime => %windir%\system32\conime.exe
MSCONFIG\startupreg: CyberGhost VPN => "C:\Program Files\CyberGhost VPN\Cyberghost.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: SandboxieControl => "F:\Programs\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: THXCfg64 => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64

========================= Accounts: ==========================

Aaron (S-1-5-21-790890260-3676742486-3618971976-1000 - Administrator - Enabled) => C:\Users\Aaron
Administrator (S-1-5-21-790890260-3676742486-3618971976-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-790890260-3676742486-3618971976-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-790890260-3676742486-3618971976-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/23/2014 09:10:50 AM) (Source: MsiInstaller) (EventID: 10005) (User: Aaron-PC)
Description: Product: upScreen -- Access is denied.

Error: (12/22/2014 04:20:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: wiaservc.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ca0f
Exception code: 0x40000015
Fault offset: 0x0000000000047a6b
Faulting process id: 0x930
Faulting application start time: 0xsvchost.exe_stisvc0
Faulting application path: svchost.exe_stisvc1
Faulting module path: svchost.exe_stisvc2
Report Id: svchost.exe_stisvc3

Error: (12/22/2014 00:32:25 PM) (Source: MsiInstaller) (EventID: 10005) (User: Aaron-PC)
Description: Product: Microsoft Games for Windows Marketplace -- Access is denied.

Error: (12/22/2014 00:04:00 PM) (Source: MsiInstaller) (EventID: 10005) (User: Aaron-PC)
Description: Product: NVIDIA PhysX -- Access is denied.

Error: (12/22/2014 11:58:14 AM) (Source: MsiInstaller) (EventID: 10005) (User: Aaron-PC)
Description: Product: Microsoft Games for Windows - LIVE Redistributable -- Access is denied.

Error: (12/22/2014 11:57:11 AM) (Source: MsiInstaller) (EventID: 10005) (User: Aaron-PC)
Description: Product: Microsoft Games for Windows - LIVE Redistributable -- Access is denied.

Error: (12/22/2014 11:57:00 AM) (Source: MsiInstaller) (EventID: 10005) (User: Aaron-PC)
Description: Product: NVIDIA PhysX -- Access is denied.

Error: (12/22/2014 11:55:21 AM) (Source: MsiInstaller) (EventID: 10005) (User: Aaron-PC)
Description: Product: Microsoft Games for Windows Marketplace -- Access is denied.

Error: (12/22/2014 11:54:48 AM) (Source: MsiInstaller) (EventID: 10005) (User: Aaron-PC)
Description: Product: Microsoft Games for Windows Marketplace -- Access is denied.

Error: (12/22/2014 11:52:38 AM) (Source: MsiInstaller) (EventID: 10005) (User: Aaron-PC)
Description: Product: Microsoft Games for Windows Marketplace -- Access is denied.


System errors:
=============
Error: (12/26/2014 06:30:13 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:31:39 on ‎25/‎12/‎2014 was unexpected.

Error: (12/25/2014 11:18:01 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer SID-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CDFEB8B7-A094-483F-8ADF-A949C134E539}.
The master browser is stopping or an election is being forced.

Error: (12/24/2014 05:33:22 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer SID-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CDFEB8B7-A094-483F-8ADF-A949C134E539}.
The master browser is stopping or an election is being forced.

Error: (12/24/2014 02:30:19 PM) (Source: nvlddmkm) (EventID: 13) (User: )
Description: \Device\Video7Graphics Exception: ESR 0x408030=0x80000003

Error: (12/24/2014 02:30:19 PM) (Source: nvlddmkm) (EventID: 13) (User: )
Description: \Device\Video7Graphics Exception: Const out of Bound

Error: (12/24/2014 01:03:45 PM) (Source: nvlddmkm) (EventID: 13) (User: )
Description: \Device\Video7Graphics Exception: ESR 0x408030=0x80000003

Error: (12/24/2014 01:03:45 PM) (Source: nvlddmkm) (EventID: 13) (User: )
Description: \Device\Video7Graphics Exception: Const out of Bound

Error: (12/24/2014 10:50:19 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer SID-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CDFEB8B7-A094-483F-8ADF-A949C134E539}.
The master browser is stopping or an election is being forced.

Error: (12/24/2014 08:22:52 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 04:10:33 on ‎24/‎12/‎2014 was unexpected.

Error: (12/24/2014 01:00:25 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.


Microsoft Office Sessions:
=========================
Error: (12/23/2014 09:10:50 AM) (Source: MsiInstaller) (EventID: 10005) (User: Aaron-PC)
Description: Product: upScreen -- Access is denied.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (12/22/2014 04:20:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_stisvc6.1.7600.163854a5bc3c1wiaservc.dll6.1.7601.175144ce7ca0f400000150000000000047a6b93001d01e033a2c19b1C:\Windows\system32\svchost.exec:\windows\system32\wiaservc.dll79554233-89f6-11e4-b5f5-005056c00008

Error: (12/22/2014 00:32:25 PM) (Source: MsiInstaller) (EventID: 10005) (User: Aaron-PC)
Description: Product: Microsoft Games for Windows Marketplace -- Access is denied.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (12/22/2014 00:04:00 PM) (Source: MsiInstaller) (EventID: 10005) (User: Aaron-PC)
Description: Product: NVIDIA PhysX -- Access is denied.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (12/22/2014 11:58:14 AM) (Source: MsiInstaller) (EventID: 10005) (User: Aaron-PC)
Description: Product: Microsoft Games for Windows - LIVE Redistributable -- Access is denied.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (12/22/2014 11:57:11 AM) (Source: MsiInstaller) (EventID: 10005) (User: Aaron-PC)
Description: Product: Microsoft Games for Windows - LIVE Redistributable -- Access is denied.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (12/22/2014 11:57:00 AM) (Source: MsiInstaller) (EventID: 10005) (User: Aaron-PC)
Description: Product: NVIDIA PhysX -- Access is denied.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (12/22/2014 11:55:21 AM) (Source: MsiInstaller) (EventID: 10005) (User: Aaron-PC)
Description: Product: Microsoft Games for Windows Marketplace -- Access is denied.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (12/22/2014 11:54:48 AM) (Source: MsiInstaller) (EventID: 10005) (User: Aaron-PC)
Description: Product: Microsoft Games for Windows Marketplace -- Access is denied.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (12/22/2014 11:52:38 AM) (Source: MsiInstaller) (EventID: 10005) (User: Aaron-PC)
Description: Product: Microsoft Games for Windows Marketplace -- Access is denied.
(NULL)(NULL)(NULL)(NULL)(NULL)


CodeIntegrity Errors:
===================================
  Date: 2014-12-25 11:11:40.252
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-25 11:11:40.252
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-25 11:11:40.252
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-25 11:11:40.252
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-25 11:11:40.237
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-25 11:11:40.237
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-23 20:18:59.976
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-23 20:18:59.976
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-23 20:18:59.976
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-23 20:18:59.966
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD FX™-8120 Eight-Core Processor
Percentage of memory in use: 21%
Total physical RAM: 16339 MB
Available physical RAM: 12864.13 MB
Total Pagefile: 25329.18 MB
Available Pagefile: 21519.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:55.9 GB) (Free:2.22 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (Media) (Fixed) (Total:1782.92 GB) (Free:699.28 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: E82A5D50)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1782.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=80 GB) - (Type=05)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 55.9 GB) (Disk ID: E82A5D48)
Partition 1: (Active) - (Size=55.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,901 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:06 PM

Posted 26 December 2014 - 03:52 PM

Running from F:\Downloads\RANDOM

Would you please follow my instructions?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 Stannaz

Stannaz
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 26 December 2014 - 06:33 PM

I do apologise, didn't realise it'd make quite that much of a difference, anyhow, here are the logs after running FRST from the desktop.

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-12-2014
Ran by Aaron (administrator) on AARON-PC on 26-12-2014 23:31:19
Running from C:\Users\Aaron\Desktop
Loaded Profile: Aaron (Available profiles: Aaron & Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) F:\Programs\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(NVIDIA) F:\Programs\NVIDIA\nTune\nTuneService.exe
() C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
() C:\Windows\System32\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(VMware, Inc.) F:\Programs\VMWare Player\vmware-authd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
() C:\Program Files (x86)\ASRock Utility\AXTU\Bin\AsrXTU.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
(Skype Technologies S.A.) C:\Users\Aaron\Desktop\SkypePortable\App\Skype\Phone\Skype.exe
() C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(NVIDIA) F:\Programs\NVIDIA\nTune\nTuneCmd.exe
(TeamSpeak Systems GmbH) C:\Users\Aaron\Desktop\Teamspeak 3\data\ts3client_win64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) F:\Games\Steam\Steam.exe
(Valve Corporation) F:\Games\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) F:\Games\Steam\bin\steamwebhelper.exe
() F:\Downloads\RANDOM\namebench-1.3.1-Windows.exe
() F:\Temp\Temp\namebench.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\mstsc.exe
(Mozilla Corporation) F:\Programs\Firefox\firefox.exe
(Mozilla Corporation) F:\Programs\Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11855976 2011-05-18] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [2345848 2009-11-05] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-790890260-3676742486-3618971976-1000\...\Run: [Skype] => C:\Users\Aaron\Desktop\SkypePortable\App\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-790890260-3676742486-3618971976-1000\...\MountPoints2: O - O:\SETUP.EXE
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-18] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OpenVPN Connect.lnk
ShortcutTarget: OpenVPN Connect.lnk -> C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\start_teamspeak.bat.lnk
ShortcutTarget: start_teamspeak.bat.lnk -> C:\Users\Aaron\Desktop\Teamspeak 3\start_teamspeak.bat ()
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll (Kaspersky Lab ZAO)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-790890260-3676742486-3618971976-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> F:\Programs\Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> F:\Programs\Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKU\S-1-5-21-790890260-3676742486-3618971976-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - F:\Programs\Office\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{CDFEB8B7-A094-483F-8ADF-A949C134E539}: [NameServer] 192.168.1.254,208.67.222.222

FireFox:
========
FF ProfilePath: C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\hdxr4so1.default
FF Homepage: https://google.co.uk
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> F:\Programs\Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-790890260-3676742486-3618971976-1000: @nsroblox.roblox.com/launcher -> C:\Users\Aaron\AppData\Local\Roblox\Versions\version-98e339da883f4bc2\\NPRobloxProxy.dll No File
FF Plugin HKU\S-1-5-21-790890260-3676742486-3618971976-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\hdxr4so1.default\searchplugins\ixquick-ssl.xml
FF Extension: FT DeepDark - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\hdxr4so1.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2014-11-28]
FF Extension: Auto Refresh - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\hdxr4so1.default\Extensions\autorefresh@plugin.xpi [2014-07-30]
FF Extension: Reddit Enhancement Suite - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\hdxr4so1.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2014-05-29]
FF Extension: leethax.net extension - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\hdxr4so1.default\Extensions\leethax@leethax.net.xpi [2013-06-22]
FF Extension: Nimbus Screen Capture - editable screenshots. - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\hdxr4so1.default\Extensions\nimbusscreencaptureff@everhelper.me.xpi [2014-06-11]
FF Extension: YouTube High Definition - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\hdxr4so1.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-10-07]
FF Extension: Adblock Plus - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\hdxr4so1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-09]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2014-07-30]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2014-07-30]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Gevaarlijke websiteblokkering - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2014-07-30]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2014-07-30]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2014-07-30]
FF StartMenuInternet: FIREFOX.EXE - F:\Programs\Firefox\firefox.exe

Chrome:
=======
CHR Profile: C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2014-04-16]
CHR Extension: (Google Docs) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-08]
CHR Extension: (Google Drive) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-08]
CHR Extension: (YouTube) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-08]
CHR Extension: (Nimbus Screenshot) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2014-04-18]
CHR Extension: (Adblock Plus) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-16]
CHR Extension: (Google Search) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-08]
CHR Extension: (White Theme) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\eidfmlhkekofhlcimbdfmnbnlmoejdjj [2014-04-16]
CHR Extension: (Drive Notepad) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpgjomejfimnbmobcocilppikhncegaj [2014-04-16]
CHR Extension: (Chrome Audio EQ) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfafdlnjaliaghpjdajmlcnnblkgcefh [2014-04-16]
CHR Extension: (Google Wallet) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Gmail) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-08]
CHR Extension: (Change HTTP Request Header) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmibgfeefcglejjlpeihfdimbkfbbnm [2014-04-16]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 nTuneService; F:\Programs\NVIDIA\nTune\nTuneService.exe [278336 2011-09-19] (NVIDIA)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
R2 OpenVPNAccessClient; C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [24064 2014-04-09] () [File not signed]
S3 Origin Client Service; F:\Programs\Origin\OriginClientService.exe [1900400 2014-11-28] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-11-28] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-08-05] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 SbieSvc; F:\Programs\Sandboxie\SbieSvc.exe [186056 2013-10-16] (Sandboxie Holdings, LLC)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
R2 VMAuthdService; F:\Programs\VMWare Player\vmware-authd.exe [86744 2014-06-12] (VMware, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
S3 CV2K1; C:\Windows\System32\DRIVERS\cv2k1.sys [21544 2009-06-17] (TamoSoft)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-07-30] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-07-30] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628288 2014-07-30] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-07-30] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-11-11] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-11-11] (Kaspersky Lab ZAO)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 SbieDrv; F:\Programs\Sandboxie\SbieDrv.sys [200552 2013-10-16] (Sandboxie Holdings, LLC)
R3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [31232 2013-07-15] (The OpenVPN Project)
S3 TsVlb; C:\Windows\System32\DRIVERS\tsvlb.sys [22312 2006-12-11] (TamoSoft)
R1 TsVp; C:\Windows\System32\DRIVERS\tsvp.sys [32040 2007-01-19] (TamoSoft)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [106256 2013-09-06] (Oracle Corporation)
R3 vmkbd2; C:\Windows\system32\drivers\VMkbd.sys [33496 2014-06-12] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
R3 AxtuDrv; \??\C:\Windows\SysWOW64\Drivers\AxtuDrv.sys [X]
S3 cpuz135; \??\C:\Users\Aaron\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X]
S3 GPU-Z; \??\F:\Temp\Temp\GPU-ZPortableTemp\GPU-Z.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 PlantronicsGC; system32\drivers\PLTGC.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-26 23:31 - 2014-12-26 23:31 - 00024170 _____ () C:\Users\Aaron\Desktop\FRST.txt
2014-12-26 23:31 - 2014-12-26 19:01 - 02122752 _____ (Farbar) C:\Users\Aaron\Desktop\FRST64.exe
2014-12-26 19:01 - 2014-12-26 23:31 - 00000000 ____D () C:\FRST
2014-12-26 18:39 - 2014-12-26 18:39 - 00000000 ____D () C:\Windows\LastGood
2014-12-26 18:39 - 2014-11-22 10:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-12-26 18:39 - 2014-11-22 10:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-12-23 18:42 - 2014-12-23 18:42 - 00012608 _____ () C:\Users\Aaron\Desktop\attach.txt
2014-12-23 18:42 - 2014-12-23 18:41 - 00024434 _____ () C:\Users\Aaron\Desktop\dds.txt
2014-12-23 09:12 - 2014-12-24 19:37 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\upScreen
2014-12-23 09:11 - 2014-12-23 09:11 - 00002563 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\upScreen.lnk
2014-12-23 09:11 - 2014-12-23 09:11 - 00002557 _____ () C:\Users\Public\Desktop\upScreen.lnk
2014-12-23 09:11 - 2014-12-23 09:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\upScreen
2014-12-23 08:26 - 2014-12-23 08:26 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2014-12-23 08:26 - 2014-12-23 08:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
2014-12-23 08:26 - 2014-12-23 08:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-12-22 16:20 - 2014-12-26 18:40 - 00001863 _____ () C:\Windows\setupact.log
2014-12-22 16:20 - 2014-12-22 16:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-22 12:07 - 2014-12-22 12:07 - 00000000 ____D () C:\Users\Administrator\Documents\Games for Windows - LIVE Demos
2014-12-22 12:01 - 2014-12-22 12:01 - 00000000 ____D () C:\Users\Aaron\Documents\Games for Windows - LIVE Demos
2014-12-22 12:00 - 2014-12-22 12:08 - 00004960 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Aaron-PC-Administrator Aaron-PC
2014-12-22 11:47 - 2013-10-30 13:52 - 00900456 _____ (Foolish IT LLC) C:\Users\Aaron\Desktop\CryptoPrevent.exe
2014-12-19 12:35 - 2014-12-19 13:05 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\Tox
2014-12-19 01:23 - 2014-12-19 01:27 - 00000000 ____D () C:\Users\Aaron\Documents\Shiner
2014-12-19 01:23 - 2014-12-19 01:23 - 00000000 ____D () C:\Users\Aaron\Documents\Robot Entertainment
2014-12-18 23:51 - 2009-07-14 01:41 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\rsatclient.dll
2014-12-18 17:15 - 2014-12-18 17:15 - 00000000 ____D () C:\Users\Aaron\Desktop\MumblePortable
2014-12-18 13:19 - 2014-12-13 05:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 13:19 - 2014-12-13 03:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-16 17:53 - 2014-12-14 15:41 - 00014848 _____ () C:\Users\Aaron\Desktop\NV_RGBFullRangeToggle.exe
2014-12-12 18:04 - 2014-12-12 18:04 - 00000000 ____D () C:\Users\Aaron\Desktop\Tox.im
2014-12-12 17:44 - 2014-12-24 22:31 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\.purple
2014-12-12 17:44 - 2014-12-12 17:44 - 00000642 _____ () C:\Users\Public\Desktop\Pidgin.lnk
2014-12-12 17:44 - 2014-12-12 17:44 - 00000642 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pidgin.lnk
2014-12-12 17:44 - 2014-12-12 17:44 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\pidgin-otr
2014-12-12 17:44 - 2014-12-12 17:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pidgin-otr
2014-12-12 17:02 - 2014-12-22 08:24 - 00000971 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2014-12-12 17:02 - 2014-12-22 08:24 - 00000959 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2014-12-11 17:37 - 2014-11-27 01:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-11 17:37 - 2014-11-27 01:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-11 17:37 - 2014-11-22 03:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 17:37 - 2014-11-22 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-11 17:37 - 2014-11-22 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-11 17:37 - 2014-11-22 02:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 17:37 - 2014-11-22 02:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-11 17:37 - 2014-11-22 02:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 17:37 - 2014-11-22 02:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-11 17:37 - 2014-11-22 02:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-11 17:37 - 2014-11-22 02:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-11 17:37 - 2014-11-22 02:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-11 17:37 - 2014-11-22 02:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 17:37 - 2014-11-22 02:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-11 17:37 - 2014-11-22 02:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 17:37 - 2014-11-22 02:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-11 17:37 - 2014-11-22 02:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-11 17:37 - 2014-11-22 02:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-11 17:37 - 2014-11-22 02:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-11 17:37 - 2014-11-22 02:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-11 17:37 - 2014-11-22 02:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-11 17:37 - 2014-11-22 02:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-11 17:37 - 2014-11-22 02:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-11 17:37 - 2014-11-22 02:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-11 17:37 - 2014-11-22 02:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-11 17:37 - 2014-11-22 02:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-11 17:37 - 2014-11-22 02:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 17:37 - 2014-11-22 02:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-11 17:37 - 2014-11-22 02:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-11 17:37 - 2014-11-22 01:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-11 17:37 - 2014-11-22 01:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-11 17:37 - 2014-11-22 01:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-11 17:37 - 2014-11-22 01:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-11 17:37 - 2014-11-22 01:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 17:37 - 2014-11-22 01:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-11 17:37 - 2014-11-22 01:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-11 17:37 - 2014-11-22 01:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 17:37 - 2014-11-22 01:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-11 17:37 - 2014-11-22 01:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 17:37 - 2014-11-22 01:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-11 17:37 - 2014-11-22 01:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-11 17:37 - 2014-11-22 01:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-11 17:37 - 2014-11-22 01:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-11 17:37 - 2014-11-22 01:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-11 17:37 - 2014-11-22 01:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 17:37 - 2014-11-22 01:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-11 17:37 - 2014-11-22 01:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-11 17:37 - 2014-11-22 01:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-11 17:37 - 2014-11-22 01:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 17:37 - 2014-11-22 01:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-11 17:37 - 2014-11-22 01:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-11 17:37 - 2014-11-22 01:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-11 17:37 - 2014-11-22 00:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-11 17:37 - 2014-11-22 00:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-11 17:37 - 2014-11-11 03:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 17:37 - 2014-11-11 02:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-06 02:32 - 2014-12-06 02:32 - 00000000 ____D () C:\Users\Aaron\Desktop\VLCPortable
2014-12-05 23:23 - 2014-12-05 23:24 - 00000000 ____D () C:\Program Files (x86)\GUM33E2.tmp
2014-12-05 23:22 - 2014-12-26 23:27 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790890260-3676742486-3618971976-500UA.job
2014-12-05 23:22 - 2014-12-26 23:27 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790890260-3676742486-3618971976-500Core.job
2014-12-05 23:22 - 2014-12-05 23:22 - 00003930 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-790890260-3676742486-3618971976-500UA
2014-12-05 23:22 - 2014-12-05 23:22 - 00003534 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-790890260-3676742486-3618971976-500Core
2014-12-05 18:17 - 2014-12-05 18:18 - 00000000 ____D () C:\Users\Aaron\Desktop\Tor Browser
2014-12-03 17:08 - 2014-12-03 17:08 - 00000282 _____ () C:\Users\Administrator\openvpn-connect.json
2014-12-03 17:07 - 2014-12-03 17:07 - 00001371 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN Connect.lnk
2014-12-03 17:06 - 2014-12-03 17:07 - 05255388 _____ () C:\Users\Administrator\Downloads\openvpn-connect-2.0.7.100(1).msi
2014-12-02 17:33 - 2014-12-17 16:56 - 00000378 _____ () C:\Users\Aaron\openvpn-connect.json
2014-12-02 17:32 - 2014-12-23 09:11 - 00002608 _____ () C:\Users\Administrator\ovpntray.log
2014-12-02 17:31 - 2014-12-02 17:31 - 05251206 _____ () C:\Users\Administrator\Downloads\openvpn-connect-2.0.7.100.msi
2014-12-02 17:03 - 2014-12-26 18:30 - 00012748 _____ () C:\Users\Aaron\ovpntray.log
2014-12-02 17:02 - 2014-12-03 17:07 - 00001359 _____ () C:\Users\Public\Desktop\OpenVPN Connect.lnk
2014-12-02 17:02 - 2014-12-02 17:02 - 00000000 ____D () C:\Program Files (x86)\OpenVPN Technologies
2014-12-02 17:01 - 2014-12-05 23:23 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Mozilla
2014-12-02 16:53 - 2014-12-04 16:49 - 00000000 ____D () C:\Users\Aaron\Desktop\PuTTY
2014-11-29 01:37 - 2014-11-29 01:37 - 00002916 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Aaron

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-26 23:30 - 2014-10-07 16:15 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\Skype
2014-12-26 23:10 - 2013-04-12 08:27 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-12-26 23:03 - 2014-07-30 10:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-26 18:36 - 2009-07-14 05:13 - 00786022 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-26 18:36 - 2009-07-14 04:45 - 00033664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-26 18:36 - 2009-07-14 04:45 - 00033664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-26 18:34 - 2014-01-29 16:49 - 01563725 _____ () C:\Windows\WindowsUpdate.log
2014-12-26 18:31 - 2014-08-01 06:53 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-12-26 18:30 - 2014-10-02 16:08 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-12-26 18:30 - 2013-12-20 16:56 - 00000000 ____D () C:\ProgramData\VMware
2014-12-26 18:30 - 2013-03-18 04:41 - 00002960 _____ () C:\Windows\System32\Tasks\AsrXTU
2014-12-26 18:30 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-25 10:40 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\tracing
2014-12-25 01:49 - 2014-05-28 11:57 - 00002036 ____H () C:\Users\Aaron\Documents\Default.rdp
2014-12-24 22:21 - 2013-03-20 17:44 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\FileZilla
2014-12-24 13:27 - 2014-10-25 12:09 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-12-23 20:24 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
2014-12-23 16:05 - 2013-04-20 09:37 - 00000000 ____D () C:\Users\Aaron\.VirtualBox
2014-12-23 15:39 - 2013-12-20 17:07 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\VMware
2014-12-23 14:43 - 2009-07-14 05:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-12-23 08:34 - 2013-05-17 15:58 - 00000000 ____D () C:\Users\Aaron\Documents\My Games
2014-12-23 08:26 - 2009-07-14 05:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-22 12:32 - 2014-01-20 19:09 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\IObit
2014-12-22 12:06 - 2013-03-18 04:32 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-12-22 11:56 - 2013-03-23 08:56 - 00507680 _____ () C:\Windows\DirectX.log
2014-12-22 11:52 - 2014-09-30 17:13 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-12-19 12:21 - 2014-10-28 08:18 - 00000000 ____D () C:\Users\Aaron\Desktop\Teamspeak 3
2014-12-19 00:48 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-12-18 23:55 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-12-18 23:55 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\ar-SA
2014-12-18 22:19 - 2013-12-28 12:15 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\Bioshock
2014-12-13 13:33 - 2013-03-17 21:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-13 10:42 - 2009-07-14 04:45 - 05054648 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-13 00:12 - 2014-07-18 15:55 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-12-13 00:12 - 2014-07-18 15:55 - 01291464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-12-13 00:12 - 2013-11-28 18:25 - 02824504 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-12-13 00:12 - 2013-11-28 18:25 - 02210040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-12-12 17:43 - 2013-03-18 04:13 - 00000000 ____D () C:\Users\Aaron
2014-12-12 16:54 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-12 16:53 - 2013-05-17 22:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-11 18:36 - 2013-03-17 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-12-11 18:35 - 2013-08-14 17:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 18:32 - 2013-04-10 08:54 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 18:03 - 2014-07-30 10:41 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 18:03 - 2014-07-30 10:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 18:03 - 2014-07-30 10:41 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-03 17:08 - 2014-08-19 08:16 - 00000000 ____D () C:\Users\Administrator
2014-12-03 16:41 - 2013-03-17 21:37 - 00075376 _____ () C:\Windows\PFRO.log
2014-12-03 16:41 - 2009-07-14 05:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-29 03:17 - 2013-07-09 15:44 - 00000000 ____D () C:\ProgramData\Origin
2014-11-29 03:17 - 2009-07-14 07:46 - 00000000 ____D () C:\Windows\ShellNew
2014-11-29 03:17 - 2009-07-14 05:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-11-29 03:17 - 2009-07-14 03:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-29 01:38 - 2013-03-28 17:21 - 00000000 ____D () C:\Program Files\Plantronics
2014-11-29 01:38 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system
2014-11-29 01:08 - 2013-11-30 11:10 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-11-29 00:40 - 2013-04-20 10:23 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-11-28 19:22 - 2013-12-13 22:16 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-11-28 19:07 - 2014-05-28 21:18 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-11-28 17:48 - 2013-07-09 15:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-25 11:09

==================== End Of Log ============================

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-12-2014
Ran by Aaron at 2014-12-26 23:31:51
Running from C:\Users\Aaron\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky PURE 3.0 (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky PURE 3.0 (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 3.0 (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
aioscnnr (x32 Version: 5.7.5.30 - Your Company Name) Hidden
aioscnnr (x32 Version: 7.6.11.10 - Your Company Name) Hidden
Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version:  - Frictional Games)
Arma 2 (HKLM-x32\...\Steam App 33910) (Version:  - Bohemia Interactive)
Arma 2: DayZ Mod (HKLM-x32\...\Steam App 224580) (Version:  - )
Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead Beta (HKLM-x32\...\Steam App 219540) (Version:  - )
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.1.0 - Asmedia Technology)
ASRock eXtreme Tuner v0.1.91 (HKLM-x32\...\ASRock eXtreme Tuner_is1) (Version:  - )
ATI Catalyst Install Manager (HKLM\...\{2770B8D8-701A-1D22-635F-8711DFC06B92}) (Version: 3.0.762.0 - ATI Technologies, Inc.)
Axife Mouse Recorder DEMO 5.01 (HKLM-x32\...\Axife Mouse Recorder DEMO_is1) (Version:  - Axife Software)
Bad Rats (HKLM-x32\...\Steam App 34900) (Version:  - Invent4 Entertainment)
Battlefield 2 (HKLM-x32\...\Steam App 24860) (Version:  - DICE)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23028 - Electronic Arts)
Battlefield 4™ Beta (HKLM-x32\...\{CFAB3721-549D-4827-A4E8-7F90192114AB}) (Version: 1.0.0.0 - Electronic Arts)
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.1.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BioShock (HKLM-x32\...\Steam App 7670) (Version:  - 2K Boston)
BioShock 2 (HKLM-x32\...\Steam App 8850) (Version:  - 2K Marin)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
BIT.TRIP RUNNER (HKLM-x32\...\Steam App 63710) (Version:  - Gaijin Games)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Blacklight: Retribution (HKLM-x32\...\Steam App 209870) (Version:  - Zombie, Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Botanicula (HKLM-x32\...\Steam App 207690) (Version:  - Amanita Design)
Bulletstorm (HKLM-x32\...\Steam App 99810) (Version:  - People Can Fly)
Call of Duty Advanced Warfare (HKLM-x32\...\Call of Duty Advanced Warfare_is1) (Version:  - )
Call of Duty® 4 - Modern Warfare™ (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.7 - Activision)
Call of Duty® 4 - Modern Warfare™ (x32 Version: 1.00.0000 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ 1.6 Patch (x32 Version:  - ) Hidden
Call of Duty® 4 - Modern Warfare™ 1.6 Patch (x32 Version: 1.6 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ 1.7 Patch (x32 Version:  - ) Hidden
Call of Duty® 4 - Modern Warfare™ 1.7 Patch (x32 Version: 1.7 - Activision) Hidden
Call of Duty: Black Ops - Multiplayer (HKLM-x32\...\Steam App 42710) (Version:  - Treyarch)
Call of Duty: Black Ops (HKLM-x32\...\Steam App 42700) (Version:  - Treyarch)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - )
Call of Duty: Black Ops II - Zombies (HKLM-x32\...\Steam App 212910) (Version:  - )
Call of Duty: Black Ops II (HKLM-x32\...\Steam App 202970) (Version:  - )
Call of Duty: Ghosts - Multiplayer (HKLM-x32\...\Steam App 209170) (Version:  - )
Call of Duty: Ghosts (HKLM-x32\...\Steam App 209160) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 3 - Dedicated Server (HKLM-x32\...\Steam App 42750) (Version:  - Infinity Ward - Sledgehammer Games)
Call of Duty: Modern Warfare 3 (HKLM-x32\...\Steam App 42680) (Version:  - Infinity Ward - Sledgehammer Games)
Castle Crashers (HKLM-x32\...\Steam App 204360) (Version:  - The Behemoth)
center (x32 Version: 6.2.5.0 - Eastman Kodak Company) Hidden
CommView (HKLM-x32\...\CommView) (Version: 6.1 - TamoSoft)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Counter-Strike: Condition Zero (HKLM-x32\...\Steam App 80) (Version:  - Valve)
Counter-Strike: Condition Zero Deleted Scenes (HKLM-x32\...\Steam App 100) (Version:  - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dead Bits (HKLM-x32\...\Steam App 303390) (Version:  - Microblast Games)
Deus Ex: Human Revolution (HKLM-x32\...\Steam App 28050) (Version:  - Eidos Montreal)
DLC Quest (HKLM-x32\...\Steam App 230050) (Version:  - Going Loud Studios)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve )
Dota 2 Test (HKLM-x32\...\Steam App 205790) (Version:  - )
Dungeonland (HKLM-x32\...\Steam App 218130) (Version:  - Critical Studio)
E.Y.E: Divine Cybermancy (HKLM-x32\...\Steam App 91700) (Version:  - Streum On Studio)
Europa Universalis III (HKLM-x32\...\Steam App 25800) (Version:  - Paradox Development Studio)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Far Cry 4 (HKLM-x32\...\Far Cry 4_is1) (Version: 1.0 - Релиз от R.G. Steamgames)
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version:  - Ubisoft)
FileZilla Client 3.7.3 (HKU\S-1-5-21-790890260-3676742486-3618971976-1000\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
Foxit Reader 5.0 (HKLM-x32\...\Foxit Reader_is1) (Version: 5.0.2.718 - Foxit Corporation)
Fraps (HKLM-x32\...\Fraps3.4) (Version: 3.4 - Fraps)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - Subset Games)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Team Garry)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Guns of Icarus Online (HKLM-x32\...\Steam App 209080) (Version:  - Muse Games)
Half-Life 2: Deathmatch (HKLM-x32\...\Steam App 320) (Version:  - Valve)
HAWKEN (HKLM-x32\...\Steam App 271290) (Version:  - Adhesive Games)
HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{FB555BCF-9202-4886-9203-88C9A210D727}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.0.4.922 - IObit)
Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
Kaspersky PURE 3.0 (HKLM-x32\...\InstallWIX_{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}) (Version: 13.0.2.558 - Kaspersky Lab)
Kaspersky PURE 3.0 (x32 Version: 13.0.2.558 - Kaspersky Lab) Hidden
Killing Floor (HKLM-x32\...\Steam App 1250) (Version:  - Tripwire Interactive)
Kodak AIO Printer (Version: 7.0.3.0 - Eastman Kodak Company) Hidden
KSP - Kerbal Space Program 0.20.2 (HKLM-x32\...\KSP - Kerbal Space Program 0.20.20.20.2) (Version: 0.20.2 - Friends in War)
Left 4 Dead (HKLM-x32\...\Steam App 500) (Version:  - Valve)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Left 4 Dead 2 Beta (HKLM-x32\...\Steam App 223530) (Version:  - )
Leviathan: Warships (HKLM-x32\...\Steam App 202270) (Version:  - Pieces Interactive)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Mass Effect (HKLM-x32\...\{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}) (Version: 1.00 - Electronic Arts, Inc.)
Mass Effect 2 (HKLM-x32\...\Steam App 24980) (Version:  - BioWare)
Max Payne 3 (HKLM-x32\...\Steam App 204100) (Version:  - Rockstar Studios)
McPixel (HKLM-x32\...\Steam App 220860) (Version:  - Sos)
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version:  - 4A Games)
Metro: Last Light (HKLM-x32\...\Steam App 43160) (Version:  - 4A Games)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft IntelliType Pro 7.1 (HKLM\...\{E6B7BD80-A921-4C72-A68B-44A9EB438BE4}) (Version: 7.10.344.0 - Microsoft)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version:  - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mirror's Edge (HKLM-x32\...\Steam App 17410) (Version:  - DICE)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 21.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Natural Selection 2 (HKLM-x32\...\Steam App 4920) (Version:  - Unknown Worlds Entertainment)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.3.1 - )
NVIDIA 3D Vision Controller Driver 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 334.89 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA Performance (HKLM-x32\...\InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenVPN Connect (HKLM-x32\...\{D7C1D61E-B2A2-4C4C-896E-3F6CB09001B1}) (Version: 2.0.7.100 - OpenVPN Technologies)
Oracle VM VirtualBox 4.3.6 (HKLM\...\{DC65DFD8-E175-4A85-948A-42965853B2E8}) (Version: 4.3.6 - Oracle Corporation)
Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version:  - Robot Entertainment)
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
ORION: Prelude (HKLM-x32\...\Steam App 104900) (Version:  - Spiral Game Studios)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.11 - )
pidgin-otr 4.0.1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.1 - Cypherpunks CA)
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version:  - Sony Online Entertainment)
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
Prison Architect (HKLM-x32\...\Steam App 233450) (Version:  - Introversion Software)
Project Reality: BF2 (HKLM\...\Project Reality: BF2 (pr)_is1) (Version: v1.2 - Project Reality)
PROTOTYPE 2 (HKLM-x32\...\Steam App 115320) (Version:  - Radical Entertainment)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
Python 2.7.7 (HKLM-x32\...\{049CA433-77A0-4e48-AC76-180A282C4E10}) (Version: 2.7.7150 - Python Software Foundation)
RAGE (HKLM-x32\...\Steam App 9200) (Version:  - id Software)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6378 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
Saints Row IV (HKLM-x32\...\U2FpbnRzUm93SVY=_is1) (Version: 1 - )
Sanctum 2 (HKLM-x32\...\Steam App 210770) (Version:  - Coffee Stain Studios)
Sandboxie 4.06 (64-bit) (HKLM\...\Sandboxie) (Version: 4.06 - Sandboxie Holdings, LLC)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version:  - United Front Games)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
Sniper Elite: Nazi Zombie Army 2 (HKLM-x32\...\Steam App 247910) (Version:  - )
Sniper Ghost Warrior 2 (HKLM-x32\...\Steam App 34870) (Version:  - City Interactive)
Soldier of Fortune - Community Edition 5.1 (HKLM-x32\...\Soldier of Fortune - Community Edition 5.1) (Version:  - )
Soldier of Fortune II - Double Helix GOLD (HKLM-x32\...\Soldier of Fortune II - Double Helix GOLD) (Version: 1.02 - Activsion, Inc.)
Sonic Visualiser (HKLM-x32\...\{49ECD2A3-7B85-4DCB-A900-44D64F5C5687}) (Version: 2.3.0 - Queen Mary, University of London)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Stronghold 3 (HKLM-x32\...\Steam App 47400) (Version:  - Firefly Studios)
Super Crate Box (HKLM-x32\...\Steam App 212800) (Version:  - Vlambeer)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Team Fortress 2 Beta (HKLM-x32\...\Steam App 520) (Version:  - Valve)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
The Plan (HKLM-x32\...\Steam App 250600) (Version:  - Krillbite Studio)
The Showdown Effect (HKLM-x32\...\Steam App 204080) (Version:  - Arrowhead Game Studios)
The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version:  - Galactic Cafe)
Thief (HKLM-x32\...\Steam App 239160) (Version:  - Eidos-Montréal)
Thinking with Time Machine (HKLM-x32\...\Steam App 286080) (Version:  - Stridemann)
This War of Mine (HKLM-x32\...\{5FD7B6B3-08C7-4FEE-9C37-A2134C699885}}_is1) (Version: 1 - 11 bit studios)
Thomas Was Alone (HKLM-x32\...\Steam App 220780) (Version:  - Mike Bithell)
Tropico 4 (HKLM-x32\...\Steam App 57690) (Version:  - Haemimont Games)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
upScreen (HKLM-x32\...\{37AF4802-076A-451A-B965-251E2B1106BE}) (Version: 1.5.1 - ioannisg.me)
Vegas Pro 13.0 (64-bit) (HKLM\...\{D0360940-CCC6-11E3-B9C6-F04DA23A5C58}) (Version: 13.0.310 - Sony)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 6.0.3 - VMware, Inc)
VMware Player (Version: 6.0.3 - VMware, Inc.) Hidden
War of the Roses (HKLM-x32\...\Steam App 42160) (Version:  - Fatshark)
War of the Roses Balance Beta (HKLM-x32\...\Steam App 206980) (Version:  - )
Warface (HKLM-x32\...\Steam App 291480) (Version:  - Crytek GmbH)
Warlock - Master of the Arcane (HKLM-x32\...\Steam App 203630) (Version:  - Ino-Co Plus)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-790890260-3676742486-3618971976-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Aaron\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2014-12-03 17:07 - 00000979 ____A C:\Windows\system32\Drivers\etc\hosts
127.94.0.1    client.openvpn.net
127.94.0.2    openvpn-client.stn.so


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {08CA9D10-0A1A-49D1-8482-D86D63184AB7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe
Task: {0A3C45B8-4D6D-44F8-A134-CAAC3A5FF09B} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Aaron-PC-Administrator Aaron-PC => F:\Programs\Office\Office15\MsoSync.exe [2014-11-12] (Microsoft Corporation)
Task: {184B58E9-D176-455D-98EF-2B3D0691BF03} - System32\Tasks\Uninstaller_SkipUac_Aaron => G:\\PortableApps\\IObitUninstallerPortable\\App\\uninstaller\\IObitUninstaler.exe
Task: {206DF9D8-91AA-4EEE-B397-C92FA6E68D95} - System32\Tasks\{192A75B6-8FD2-48B7-BD30-775545A71846} => pcalua.exe -a F:\Downloads\RANDOM\VirtualBox-4.2.18-88781-Win.exe -d F:\Downloads\RANDOM
Task: {4748DCF1-404B-45CF-91C6-EEB13D03240F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-790890260-3676742486-3618971976-500UA => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2014-12-05] (Google Inc.)
Task: {477E130A-AD68-4DA8-BEB2-E438E0A07AB1} - System32\Tasks\{7D167782-555B-4F27-AFD6-38E2704C8A13} => Firefox.exe http://ui.skype.com/ui/0/6.22.81.104/en/go/help.faq.installer?source=lightinstaller&amp;LastError=1603
Task: {4C2A5AC0-9A30-485A-B340-09787404B804} - System32\Tasks\AsrXTU => C:\Program Files (x86)\ASRock Utility\AXTU\Bin\AsrXTU.exe [2011-05-27] ()
Task: {51EA2446-9B51-4326-ACAB-44285F6395D9} - System32\Tasks\{98470B2D-AC62-402A-9CDE-22A7668A9FF8} => Firefox.exe http://ui.skype.com/ui/0/6.20.0.104/en/go/help.faq.installer?source=lightinstaller&amp;LastError=1603
Task: {57F09F8C-9764-4C6F-B65D-95FECAE5E836} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2014-02-07] ()
Task: {77F697BE-8179-4E5C-973D-88449C90CACB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {7D56DC3A-AE14-4895-9196-8417CB26A631} - System32\Tasks\{80D673C4-A87A-4E68-8A54-5CDE1271619F} => Firefox.exe http://ui.skype.com/ui/0/6.21.0.104/en/go/help.faq.installer?LastError=1603
Task: {7F095399-FBB4-4A70-A81A-EFEDC814EA43} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe
Task: {823CB9D5-9FAE-401D-97DC-631B7E93A316} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {886FFFEB-0AB1-4C48-B095-1007D0C53F9D} - System32\Tasks\{7817D6ED-D16E-4257-89FD-EC87F3AD8F69} => Firefox.exe http://ui.skype.com/ui/0/6.20.0.104/en/go/help.faq.installer?source=lightinstaller&amp;LastError=1603
Task: {8D795D0E-DEC1-4E73-A9CA-D6C4003AACD5} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {9171CE07-EAF8-4755-9C2E-E7BAE5A6A2CA} - System32\Tasks\{9F92CA80-4987-4CED-BE7A-F97B53486665} => Firefox.exe http://ui.skype.com/ui/0/6.20.0.104/en/go/help.faq.installer?source=lightinstaller&amp;LastError=1603
Task: {9C7906F6-1441-4083-85AD-8F57D5AC1B04} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2009-11-05] (Microsoft Corporation)
Task: {B9D2A5C5-9D52-43B8-8A15-15401B455A73} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2013-12-05] ()
Task: {BD0B322F-85F3-4C75-A2E7-68EF29A853A0} - System32\Tasks\{73E1FDA9-3475-433A-B435-EB46F87B34A1} => Firefox.exe http://ui.skype.com/ui/0/6.20.0.104/en/go/help.faq.installer?source=lightinstaller&amp;LastError=1603
Task: {D7695DA1-6CB0-496E-98E0-CDCCECFB8012} - System32\Tasks\{20187729-23A9-4FDE-AB2C-E40854AEFF3A} => Firefox.exe http://ui.skype.com/ui/0/6.20.0.104/en/go/help.faq.installer?source=lightinstaller&amp;LastError=1603
Task: {D942E5AB-3ABE-46FD-AA38-1FA0B7BE28C9} - System32\Tasks\{C7EE5EDE-2C7F-4AAC-82D1-72B2AEE39CB0} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.3.0.105&amp;LastError=404
Task: {E9870254-DD7D-412A-8079-AF3D8C5E06AB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-790890260-3676742486-3618971976-500Core => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2014-12-05] (Google Inc.)
Task: {F302BE6C-A054-44C4-8E07-3D88B181B66F} - System32\Tasks\{00FE7C4C-93DC-44D4-AE06-CF8A2E903CE9} => Firefox.exe http://ui.skype.com/ui/0/6.20.0.104/en/abandoninstall?source=lightinstaller&amp;page=tsPlugin
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790890260-3676742486-3618971976-500Core.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790890260-3676742486-3618971976-500UA.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-03-18 04:32 - 2014-09-13 21:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-04-09 10:45 - 2014-04-09 10:45 - 00024064 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
2013-12-13 22:16 - 2014-11-28 19:22 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2011-06-08 21:57 - 2011-06-08 21:57 - 02812776 _____ () C:\Windows\system32\HPScanTRDrv_DJ3050A_J611.dll
2010-01-02 14:42 - 2010-01-02 14:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-03-18 04:38 - 2011-05-27 16:25 - 07336232 _____ () C:\Program Files (x86)\ASRock Utility\AXTU\Bin\AsrXTU.exe
2014-09-18 07:23 - 2014-09-18 07:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-10-14 18:51 - 2014-10-14 18:51 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 07:23 - 2014-09-18 07:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-10-14 18:51 - 2014-10-14 18:51 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-04-09 10:45 - 2014-04-09 10:45 - 00055296 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe
2014-10-28 08:19 - 2014-02-28 09:14 - 00173568 _____ () C:\Users\Aaron\Desktop\Teamspeak 3\Data\quazip.dll
2014-10-28 08:19 - 2014-02-27 14:51 - 01080832 _____ () C:\Users\Aaron\Desktop\Teamspeak 3\Data\platforms\qwindows.dll
2014-10-28 08:20 - 2014-02-27 14:51 - 00833024 _____ () C:\Users\Aaron\Desktop\Teamspeak 3\Data\sqldrivers\qsqlite.dll
2014-10-28 08:20 - 2014-02-28 13:07 - 00102344 _____ () C:\Users\Aaron\Desktop\Teamspeak 3\Data\soundbackends\directsound_win64.dll
2014-10-28 08:20 - 2014-02-28 13:07 - 00108488 _____ () C:\Users\Aaron\Desktop\Teamspeak 3\Data\soundbackends\windowsaudiosession_win64.dll
2014-10-28 08:19 - 2014-02-27 14:51 - 00030208 _____ () C:\Users\Aaron\Desktop\Teamspeak 3\Data\imageformats\qgif.dll
2014-10-28 08:19 - 2014-02-27 14:51 - 00233984 _____ () C:\Users\Aaron\Desktop\Teamspeak 3\Data\imageformats\qjpeg.dll
2014-10-28 08:19 - 2014-02-28 13:10 - 00563656 _____ () C:\Users\Aaron\Desktop\Teamspeak 3\Data\plugins\clientquery_plugin.dll
2014-10-28 08:20 - 2014-02-28 13:10 - 00577480 _____ () C:\Users\Aaron\Desktop\Teamspeak 3\Data\plugins\teamspeak_control_plugin.dll
2014-10-28 08:19 - 2014-02-27 14:51 - 00159232 _____ () C:\Users\Aaron\Desktop\Teamspeak 3\Data\accessible\qtaccessiblewidgets.dll
2014-12-26 18:38 - 2014-12-26 18:38 - 05227019 _____ () F:\Downloads\RANDOM\namebench-1.3.1-Windows.exe
2014-12-26 18:39 - 2010-06-06 09:22 - 00020480 _____ () F:\Temp\Temp\namebench.exe
2012-12-20 17:19 - 2012-12-20 17:19 - 00479752 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll
2012-12-20 17:19 - 2012-12-20 17:19 - 01310728 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\kpcengine.2.2.dll
2011-02-26 11:33 - 2011-02-26 11:33 - 00027648 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\servicemanager.pyd
2011-02-27 10:12 - 2011-02-27 10:12 - 00110080 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pywintypes26.dll
2011-02-26 11:32 - 2011-02-26 11:32 - 00040960 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32service.pyd
2011-02-26 11:33 - 2011-02-26 11:33 - 00096768 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32api.pyd
2011-02-26 11:32 - 2011-02-26 11:32 - 00017408 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32profile.pyd
2010-08-24 18:48 - 2010-08-24 18:48 - 00153088 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pyexpat.pyd
2010-08-24 18:47 - 2010-08-24 18:47 - 00040448 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_socket.pyd
2010-08-24 18:48 - 2010-08-24 18:48 - 00720896 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_ssl.pyd
2011-02-26 11:32 - 2011-02-26 11:32 - 00110080 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32security.pyd
2011-02-26 11:34 - 2011-02-26 11:34 - 00354304 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pythoncom26.dll
2011-02-26 11:38 - 2011-02-26 11:38 - 00265728 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32com.shell.shell.pyd
2014-04-09 10:45 - 2014-04-09 10:45 - 00019968 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\zope.interface._zope_interface_coptimizations.pyd
2010-08-24 18:48 - 2010-08-24 18:48 - 00286208 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_hashlib.pyd
2010-08-24 18:48 - 2010-08-24 18:48 - 00073728 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_ctypes.pyd
2010-08-24 18:48 - 2010-08-24 18:48 - 00011776 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\select.pyd
2014-04-09 10:45 - 2014-04-09 10:45 - 00010240 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.rand.pyd
2014-04-09 10:45 - 2014-04-09 10:45 - 00061440 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.crypto.pyd
2014-04-09 10:45 - 2014-04-09 10:45 - 00039424 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.SSL.pyd
2011-02-26 11:32 - 2011-02-26 11:32 - 00035840 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32process.pyd
2014-04-09 10:45 - 2014-04-09 10:45 - 00007680 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\twisted.protocols._c_urlarg.pyd
2014-04-09 10:45 - 2014-04-09 10:45 - 00007168 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pyovpnc.pyd
2011-02-26 11:31 - 2011-02-26 11:31 - 00112128 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32file.pyd
2011-02-26 11:31 - 2011-02-26 11:31 - 00017408 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32event.pyd
2011-02-26 11:32 - 2011-02-26 11:32 - 00023552 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32pipe.pyd
2010-08-24 18:48 - 2010-08-24 18:48 - 00585728 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\unicodedata.pyd
2011-02-26 11:33 - 2011-02-26 11:33 - 00022528 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32ts.pyd
2014-06-12 17:22 - 2014-06-12 17:22 - 01261272 _____ () F:\Programs\VMWare Player\libxml2.dll
2013-03-18 04:38 - 2010-09-20 18:52 - 00094208 _____ () C:\Program Files (x86)\ASRock Utility\AXTU\Bin\IccLibDll.DLL
2014-10-14 23:28 - 2014-10-14 23:28 - 08897696 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2011-02-26 11:33 - 2011-02-26 11:33 - 00167424 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32gui.pyd
2014-04-09 01:04 - 2014-04-09 01:04 - 00005632 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\ovpntray.dll
2014-09-01 20:09 - 2014-11-11 18:48 - 01171456 _____ () F:\Games\Steam\libavcodec-56.dll
2014-09-01 20:09 - 2014-11-11 18:48 - 00442368 _____ () F:\Games\Steam\libavutil-54.dll
2014-09-01 20:09 - 2014-11-11 18:48 - 00332800 _____ () F:\Games\Steam\libavresample-2.dll
2013-03-12 17:10 - 2014-11-11 18:47 - 00774656 _____ () F:\Games\Steam\SDL2.dll
2014-05-22 15:45 - 2014-11-18 20:23 - 02227904 _____ () F:\Games\Steam\video.dll
2014-09-01 20:09 - 2014-11-11 18:48 - 00403968 _____ () F:\Games\Steam\libavformat-56.dll
2014-09-01 20:09 - 2014-11-11 18:48 - 00485888 _____ () F:\Games\Steam\libswscale-3.dll
2013-02-25 07:39 - 2014-11-18 20:23 - 00690880 _____ () F:\Games\Steam\bin\chromehtml.DLL
2013-02-19 11:48 - 2014-11-11 18:48 - 34589888 _____ () F:\Games\Steam\bin\libcef.dll
2014-08-19 07:38 - 2014-11-11 18:48 - 00837824 _____ () F:\Games\Steam\bin\ffmpegsumo.dll
2014-12-26 18:39 - 2010-05-09 11:34 - 00040960 _____ () F:\Temp\Temp\_socket.pyd
2014-12-26 18:39 - 2010-05-09 11:35 - 00721408 _____ () F:\Temp\Temp\_ssl.pyd
2014-12-26 18:39 - 2010-05-09 11:35 - 00287232 _____ () F:\Temp\Temp\_hashlib.pyd
2014-12-26 18:39 - 2010-05-09 11:35 - 00688128 _____ () F:\Temp\Temp\unicodedata.pyd
2014-12-26 18:39 - 2010-05-09 11:35 - 00011776 _____ () F:\Temp\Temp\select.pyd
2014-12-26 18:39 - 2010-05-09 11:35 - 00073216 _____ () F:\Temp\Temp\_ctypes.pyd
2014-12-26 18:39 - 2010-05-09 11:34 - 00030208 _____ () F:\Temp\Temp\_tkinter.pyd
2014-12-10 17:23 - 2014-12-10 17:23 - 03758192 _____ () F:\Programs\Firefox\mozjs.dll
2014-12-10 18:03 - 2014-12-10 18:03 - 16841392 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}
AlternateDataStreams: C:\Windows\System32:{DA6227CB-326B-4B4D-9A81-04B61F1538DD}

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\72407314.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\72407314.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: SbieSvc => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SolidWorks 2013 Fast Start.lnk => C:\Windows\pss\SolidWorks 2013 Fast Start.lnk.CommonStartup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "F:\Programs\Adobe\CS6 Master Collection\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "F:\Programs\Adobe\CS6 Master Collection\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Conime => %windir%\system32\conime.exe
MSCONFIG\startupreg: CyberGhost VPN => "C:\Program Files\CyberGhost VPN\Cyberghost.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: SandboxieControl => "F:\Programs\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: THXCfg64 => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64

========================= Accounts: ==========================

Aaron (S-1-5-21-790890260-3676742486-3618971976-1000 - Administrator - Enabled) => C:\Users\Aaron
Administrator (S-1-5-21-790890260-3676742486-3618971976-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-790890260-3676742486-3618971976-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-790890260-3676742486-3618971976-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/23/2014 09:10:50 AM) (Source: MsiInstaller) (EventID: 10005) (User: Aaron-PC)
Description: Product: upScreen -- Access is denied.

Error: (12/22/2014 04:20:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: wiaservc.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ca0f
Exception code: 0x40000015
Fault offset: 0x0000000000047a6b
Faulting process id: 0x930
Faulting application start time: 0xsvchost.exe_stisvc0
Faulting application path: svchost.exe_stisvc1
Faulting module path: svchost.exe_stisvc2
Report Id: svchost.exe_stisvc3

Error: (12/22/2014 00:32:25 PM) (Source: MsiInstaller) (EventID: 10005) (User: Aaron-PC)
Description: Product: Microsoft Games for Windows Marketplace -- Access is denied.

Error: (12/22/2014 00:04:00 PM) (Source: MsiInstaller) (EventID: 10005) (User: Aaron-PC)
Description: Product: NVIDIA PhysX -- Access is denied.

Error: (12/22/2014 11:58:14 AM) (Source: MsiInstaller) (EventID: 10005) (User: Aaron-PC)
Description: Product: Microsoft Games for Windows - LIVE Redistributable -- Access is denied.

Error: (12/22/2014 11:57:11 AM) (Source: MsiInstaller) (EventID: 10005) (User: Aaron-PC)
Description: Product: Microsoft Games for Windows - LIVE Redistributable -- Access is denied.

Error: (12/22/2014 11:57:00 AM) (Source: MsiInstaller) (EventID: 10005) (User: Aaron-PC)
Description: Product: NVIDIA PhysX -- Access is denied.

Error: (12/22/2014 11:55:21 AM) (Source: MsiInstaller) (EventID: 10005) (User: Aaron-PC)
Description: Product: Microsoft Games for Windows Marketplace -- Access is denied.

Error: (12/22/2014 11:54:48 AM) (Source: MsiInstaller) (EventID: 10005) (User: Aaron-PC)
Description: Product: Microsoft Games for Windows Marketplace -- Access is denied.

Error: (12/22/2014 11:52:38 AM) (Source: MsiInstaller) (EventID: 10005) (User: Aaron-PC)
Description: Product: Microsoft Games for Windows Marketplace -- Access is denied.


System errors:
=============
Error: (12/26/2014 11:00:40 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer SID-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CDFEB8B7-A094-483F-8ADF-A949C134E539}.
The master browser is stopping or an election is being forced.

Error: (12/26/2014 06:30:13 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:31:39 on ‎25/‎12/‎2014 was unexpected.

Error: (12/25/2014 11:18:01 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer SID-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CDFEB8B7-A094-483F-8ADF-A949C134E539}.
The master browser is stopping or an election is being forced.

Error: (12/24/2014 05:33:22 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer SID-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CDFEB8B7-A094-483F-8ADF-A949C134E539}.
The master browser is stopping or an election is being forced.

Error: (12/24/2014 02:30:19 PM) (Source: nvlddmkm) (EventID: 13) (User: )
Description: \Device\Video7Graphics Exception: ESR 0x408030=0x80000003

Error: (12/24/2014 02:30:19 PM) (Source: nvlddmkm) (EventID: 13) (User: )
Description: \Device\Video7Graphics Exception: Const out of Bound

Error: (12/24/2014 01:03:45 PM) (Source: nvlddmkm) (EventID: 13) (User: )
Description: \Device\Video7Graphics Exception: ESR 0x408030=0x80000003

Error: (12/24/2014 01:03:45 PM) (Source: nvlddmkm) (EventID: 13) (User: )
Description: \Device\Video7Graphics Exception: Const out of Bound

Error: (12/24/2014 10:50:19 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer SID-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CDFEB8B7-A094-483F-8ADF-A949C134E539}.
The master browser is stopping or an election is being forced.

Error: (12/24/2014 08:22:52 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 04:10:33 on ‎24/‎12/‎2014 was unexpected.


Microsoft Office Sessions:
=========================
Error: (12/23/2014 09:10:50 AM) (Source: MsiInstaller) (EventID: 10005) (User: Aaron-PC)
Description: Product: upScreen -- Access is denied.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (12/22/2014 04:20:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_stisvc6.1.7600.163854a5bc3c1wiaservc.dll6.1.7601.175144ce7ca0f400000150000000000047a6b93001d01e033a2c19b1C:\Windows\system32\svchost.exec:\windows\system32\wiaservc.dll79554233-89f6-11e4-b5f5-005056c00008

Error: (12/22/2014 00:32:25 PM) (Source: MsiInstaller) (EventID: 10005) (User: Aaron-PC)
Description: Product: Microsoft Games for Windows Marketplace -- Access is denied.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (12/22/2014 00:04:00 PM) (Source: MsiInstaller) (EventID: 10005) (User: Aaron-PC)
Description: Product: NVIDIA PhysX -- Access is denied.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (12/22/2014 11:58:14 AM) (Source: MsiInstaller) (EventID: 10005) (User: Aaron-PC)
Description: Product: Microsoft Games for Windows - LIVE Redistributable -- Access is denied.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (12/22/2014 11:57:11 AM) (Source: MsiInstaller) (EventID: 10005) (User: Aaron-PC)
Description: Product: Microsoft Games for Windows - LIVE Redistributable -- Access is denied.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (12/22/2014 11:57:00 AM) (Source: MsiInstaller) (EventID: 10005) (User: Aaron-PC)
Description: Product: NVIDIA PhysX -- Access is denied.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (12/22/2014 11:55:21 AM) (Source: MsiInstaller) (EventID: 10005) (User: Aaron-PC)
Description: Product: Microsoft Games for Windows Marketplace -- Access is denied.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (12/22/2014 11:54:48 AM) (Source: MsiInstaller) (EventID: 10005) (User: Aaron-PC)
Description: Product: Microsoft Games for Windows Marketplace -- Access is denied.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (12/22/2014 11:52:38 AM) (Source: MsiInstaller) (EventID: 10005) (User: Aaron-PC)
Description: Product: Microsoft Games for Windows Marketplace -- Access is denied.
(NULL)(NULL)(NULL)(NULL)(NULL)


CodeIntegrity Errors:
===================================
  Date: 2014-12-25 11:11:40.252
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-25 11:11:40.252
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-25 11:11:40.252
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-25 11:11:40.252
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-25 11:11:40.237
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-25 11:11:40.237
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-23 20:18:59.976
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-23 20:18:59.976
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-23 20:18:59.976
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-23 20:18:59.966
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD FX™-8120 Eight-Core Processor
Percentage of memory in use: 23%
Total physical RAM: 16339 MB
Available physical RAM: 12449.11 MB
Total Pagefile: 25329.18 MB
Available Pagefile: 21124.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:55.9 GB) (Free:2.23 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (Media) (Fixed) (Total:1782.92 GB) (Free:699.24 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: E82A5D50)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1782.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=80 GB) - (Type=05)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 55.9 GB) (Disk ID: E82A5D48)
Partition 1: (Active) - (Size=55.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,901 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:06 PM

Posted 27 December 2014 - 04:53 AM

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 Stannaz

Stannaz
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 27 December 2014 - 10:52 AM

AdwCleaner[S0].txt

 

# AdwCleaner v4.106 - Report created 27/12/2014 at 13:38:34
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Aaron - AARON-PC
# Running from : C:\Users\Aaron\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v34.0.5 (x86 en-US)

[hdxr4so1.default\prefs.js] - Line Deleted : user_pref("extensions.disconnect.whitelist", "{\"latimes.com\":{\"Disconnect\":{\"whitelisted\":false,\"services\":{\"Google\":true}}},\"mediafire.com\":{\"Disconnect\":{\"whitelisted\":false,\"servic[...]

-\\ Google Chrome v


-\\ Chromium v


*************************

AdwCleaner[R0].txt - [1026 octets] - [27/12/2014 13:37:53]
AdwCleaner[S0].txt - [960 octets] - [27/12/2014 13:38:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1019 octets] ##########
 

 

Malwarebytes.txt

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 27/12/2014
Scan Time: 15:38:45
Logfile: Malwarebytes.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.27.04
Rootkit Database: v2014.12.23.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Aaron

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 418549
Time Elapsed: 9 min, 2 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

JRT.txt

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Ultimate x64
Ran by Aaron on 27/12/2014 at 15:31:05.45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Users\Aaron\appdata\local\google\chrome\user data\default\local storage\http_www.ask.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Aaron\appdata\local\google\chrome\user data\default\local storage\http_www.ask.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\ammyy"
Successfully deleted: [Folder] "C:\Users\Aaron\appdata\local\tempdir"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27/12/2014 at 15:34:49.60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-12-2014
Ran by Aaron (administrator) on AARON-PC on 27-12-2014 15:50:38
Running from C:\Users\Aaron\Desktop
Loaded Profile: Aaron (Available profiles: Aaron & Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) F:\Programs\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes Corporation) F:\Programs\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) F:\Programs\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA) F:\Programs\NVIDIA\nTune\nTuneService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
() C:\Windows\System32\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(VMware, Inc.) F:\Programs\VMWare Player\vmware-authd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(Malwarebytes Corporation) F:\Programs\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\ASRock Utility\AXTU\Bin\AsrXTU.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Skype Technologies S.A.) C:\Users\Aaron\Desktop\SkypePortable\App\Skype\Phone\Skype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA) F:\Programs\NVIDIA\nTune\nTuneCmd.exe
() C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11855976 2011-05-18] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [2345848 2009-11-05] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-790890260-3676742486-3618971976-1000\...\Run: [Skype] => C:\Users\Aaron\Desktop\SkypePortable\App\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-790890260-3676742486-3618971976-1000\...\MountPoints2: O - O:\SETUP.EXE
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-18] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OpenVPN Connect.lnk
ShortcutTarget: OpenVPN Connect.lnk -> C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\start_teamspeak.bat.lnk
ShortcutTarget: start_teamspeak.bat.lnk -> C:\Users\Aaron\Desktop\Teamspeak 3\start_teamspeak.bat ()
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll (Kaspersky Lab ZAO)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-790890260-3676742486-3618971976-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> F:\Programs\Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> F:\Programs\Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKU\S-1-5-21-790890260-3676742486-3618971976-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - F:\Programs\Office\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{CDFEB8B7-A094-483F-8ADF-A949C134E539}: [NameServer] 192.168.1.254,208.67.222.222

FireFox:
========
FF ProfilePath: C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\hdxr4so1.default
FF Homepage: https://google.co.uk
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> F:\Programs\Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-790890260-3676742486-3618971976-1000: @nsroblox.roblox.com/launcher -> C:\Users\Aaron\AppData\Local\Roblox\Versions\version-98e339da883f4bc2\\NPRobloxProxy.dll No File
FF Plugin HKU\S-1-5-21-790890260-3676742486-3618971976-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\hdxr4so1.default\searchplugins\ixquick-ssl.xml
FF Extension: FT DeepDark - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\hdxr4so1.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2014-11-28]
FF Extension: Auto Refresh - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\hdxr4so1.default\Extensions\autorefresh@plugin.xpi [2014-07-30]
FF Extension: Reddit Enhancement Suite - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\hdxr4so1.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2014-05-29]
FF Extension: leethax.net extension - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\hdxr4so1.default\Extensions\leethax@leethax.net.xpi [2013-06-22]
FF Extension: Nimbus Screen Capture - editable screenshots. - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\hdxr4so1.default\Extensions\nimbusscreencaptureff@everhelper.me.xpi [2014-06-11]
FF Extension: YouTube High Definition - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\hdxr4so1.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-10-07]
FF Extension: Adblock Plus - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\hdxr4so1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-09]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2014-07-30]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2014-07-30]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Gevaarlijke websiteblokkering - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2014-07-30]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2014-07-30]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2014-07-30]
FF StartMenuInternet: FIREFOX.EXE - F:\Programs\Firefox\firefox.exe

Chrome:
=======
CHR Profile: C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2014-04-16]
CHR Extension: (Google Docs) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-08]
CHR Extension: (Google Drive) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-08]
CHR Extension: (YouTube) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-08]
CHR Extension: (Nimbus Screenshot) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2014-04-18]
CHR Extension: (Adblock Plus) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-16]
CHR Extension: (Google Search) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-08]
CHR Extension: (White Theme) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\eidfmlhkekofhlcimbdfmnbnlmoejdjj [2014-04-16]
CHR Extension: (Drive Notepad) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpgjomejfimnbmobcocilppikhncegaj [2014-04-16]
CHR Extension: (Chrome Audio EQ) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfafdlnjaliaghpjdajmlcnnblkgcefh [2014-04-16]
CHR Extension: (Google Wallet) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Gmail) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-08]
CHR Extension: (Change HTTP Request Header) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmibgfeefcglejjlpeihfdimbkfbbnm [2014-04-16]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 MBAMScheduler; F:\Programs\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; F:\Programs\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 nTuneService; F:\Programs\NVIDIA\nTune\nTuneService.exe [278336 2011-09-19] (NVIDIA)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
R2 OpenVPNAccessClient; C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [24064 2014-04-09] () [File not signed]
S3 Origin Client Service; F:\Programs\Origin\OriginClientService.exe [1900400 2014-11-28] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-11-28] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-08-05] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 SbieSvc; F:\Programs\Sandboxie\SbieSvc.exe [186056 2013-10-16] (Sandboxie Holdings, LLC)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
R2 VMAuthdService; F:\Programs\VMWare Player\vmware-authd.exe [86744 2014-06-12] (VMware, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
S3 CV2K1; C:\Windows\System32\DRIVERS\cv2k1.sys [21544 2009-06-17] (TamoSoft)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-07-30] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-07-30] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628288 2014-07-30] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-07-30] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-11-11] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-11-11] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-27] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 SbieDrv; F:\Programs\Sandboxie\SbieDrv.sys [200552 2013-10-16] (Sandboxie Holdings, LLC)
R3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [31232 2013-07-15] (The OpenVPN Project)
S3 TsVlb; C:\Windows\System32\DRIVERS\tsvlb.sys [22312 2006-12-11] (TamoSoft)
R1 TsVp; C:\Windows\System32\DRIVERS\tsvp.sys [32040 2007-01-19] (TamoSoft)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [106256 2013-09-06] (Oracle Corporation)
R3 vmkbd2; C:\Windows\system32\drivers\VMkbd.sys [33496 2014-06-12] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
R3 AxtuDrv; \??\C:\Windows\SysWOW64\Drivers\AxtuDrv.sys [X]
S3 cpuz135; \??\C:\Users\Aaron\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X]
S3 GPU-Z; \??\F:\Temp\Temp\GPU-ZPortableTemp\GPU-Z.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 PlantronicsGC; system32\drivers\PLTGC.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-27 15:37 - 2014-12-27 15:48 - 00001060 _____ () C:\Users\Aaron\Desktop\Malwarebytes.txt
2014-12-27 15:34 - 2014-12-27 15:34 - 00001294 _____ () C:\Users\Aaron\Desktop\JRT.txt
2014-12-27 15:31 - 2014-12-27 15:31 - 00000000 ____D () C:\Windows\ERUNT
2014-12-27 15:30 - 2014-12-27 15:30 - 01707646 _____ (Thisisu) C:\Users\Aaron\Desktop\JRT.exe
2014-12-27 13:43 - 2014-12-27 15:38 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-27 13:43 - 2014-12-27 13:43 - 00000731 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-27 13:43 - 2014-12-27 13:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-27 13:43 - 2014-12-27 13:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-27 13:43 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-27 13:43 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-27 13:43 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-27 13:37 - 2014-12-27 13:38 - 00000000 ____D () C:\AdwCleaner
2014-12-27 13:37 - 2014-12-27 13:37 - 02173952 _____ () C:\Users\Aaron\Desktop\AdwCleaner.exe
2014-12-26 23:31 - 2014-12-27 15:50 - 00024403 _____ () C:\Users\Aaron\Desktop\FRST.txt
2014-12-26 23:31 - 2014-12-26 23:32 - 00049617 _____ () C:\Users\Aaron\Desktop\Addition.txt
2014-12-26 23:31 - 2014-12-26 19:01 - 02122752 _____ (Farbar) C:\Users\Aaron\Desktop\FRST64.exe
2014-12-26 19:01 - 2014-12-27 15:50 - 00000000 ____D () C:\FRST
2014-12-26 18:39 - 2014-11-22 10:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-12-26 18:39 - 2014-11-22 10:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-12-23 18:42 - 2014-12-23 18:42 - 00012608 _____ () C:\Users\Aaron\Desktop\attach.txt
2014-12-23 18:42 - 2014-12-23 18:41 - 00024434 _____ () C:\Users\Aaron\Desktop\dds.txt
2014-12-23 09:12 - 2014-12-24 19:37 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\upScreen
2014-12-23 09:11 - 2014-12-23 09:11 - 00002563 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\upScreen.lnk
2014-12-23 09:11 - 2014-12-23 09:11 - 00002557 _____ () C:\Users\Public\Desktop\upScreen.lnk
2014-12-23 09:11 - 2014-12-23 09:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\upScreen
2014-12-23 08:26 - 2014-12-23 08:26 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2014-12-23 08:26 - 2014-12-23 08:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
2014-12-23 08:26 - 2014-12-23 08:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-12-22 16:20 - 2014-12-27 15:25 - 00002367 _____ () C:\Windows\setupact.log
2014-12-22 16:20 - 2014-12-22 16:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-22 12:07 - 2014-12-22 12:07 - 00000000 ____D () C:\Users\Administrator\Documents\Games for Windows - LIVE Demos
2014-12-22 12:01 - 2014-12-22 12:01 - 00000000 ____D () C:\Users\Aaron\Documents\Games for Windows - LIVE Demos
2014-12-22 12:00 - 2014-12-22 12:08 - 00004960 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Aaron-PC-Administrator Aaron-PC
2014-12-22 11:47 - 2013-10-30 13:52 - 00900456 _____ (Foolish IT LLC) C:\Users\Aaron\Desktop\CryptoPrevent.exe
2014-12-19 12:35 - 2014-12-19 13:05 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\Tox
2014-12-19 01:23 - 2014-12-19 01:27 - 00000000 ____D () C:\Users\Aaron\Documents\Shiner
2014-12-19 01:23 - 2014-12-19 01:23 - 00000000 ____D () C:\Users\Aaron\Documents\Robot Entertainment
2014-12-18 23:51 - 2009-07-14 01:41 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\rsatclient.dll
2014-12-18 17:15 - 2014-12-18 17:15 - 00000000 ____D () C:\Users\Aaron\Desktop\MumblePortable
2014-12-18 13:19 - 2014-12-13 05:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 13:19 - 2014-12-13 03:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-16 17:53 - 2014-12-14 15:41 - 00014848 _____ () C:\Users\Aaron\Desktop\NV_RGBFullRangeToggle.exe
2014-12-12 18:04 - 2014-12-12 18:04 - 00000000 ____D () C:\Users\Aaron\Desktop\Tox.im
2014-12-12 17:44 - 2014-12-24 22:31 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\.purple
2014-12-12 17:44 - 2014-12-12 17:44 - 00000642 _____ () C:\Users\Public\Desktop\Pidgin.lnk
2014-12-12 17:44 - 2014-12-12 17:44 - 00000642 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pidgin.lnk
2014-12-12 17:44 - 2014-12-12 17:44 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\pidgin-otr
2014-12-12 17:44 - 2014-12-12 17:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pidgin-otr
2014-12-12 17:02 - 2014-12-22 08:24 - 00000971 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2014-12-12 17:02 - 2014-12-22 08:24 - 00000959 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2014-12-11 17:37 - 2014-11-27 01:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-11 17:37 - 2014-11-27 01:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-11 17:37 - 2014-11-22 03:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 17:37 - 2014-11-22 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-11 17:37 - 2014-11-22 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-11 17:37 - 2014-11-22 02:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 17:37 - 2014-11-22 02:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-11 17:37 - 2014-11-22 02:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 17:37 - 2014-11-22 02:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-11 17:37 - 2014-11-22 02:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-11 17:37 - 2014-11-22 02:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-11 17:37 - 2014-11-22 02:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-11 17:37 - 2014-11-22 02:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 17:37 - 2014-11-22 02:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-11 17:37 - 2014-11-22 02:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 17:37 - 2014-11-22 02:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-11 17:37 - 2014-11-22 02:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-11 17:37 - 2014-11-22 02:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-11 17:37 - 2014-11-22 02:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-11 17:37 - 2014-11-22 02:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-11 17:37 - 2014-11-22 02:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-11 17:37 - 2014-11-22 02:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-11 17:37 - 2014-11-22 02:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-11 17:37 - 2014-11-22 02:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-11 17:37 - 2014-11-22 02:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-11 17:37 - 2014-11-22 02:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-11 17:37 - 2014-11-22 02:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 17:37 - 2014-11-22 02:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-11 17:37 - 2014-11-22 02:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-11 17:37 - 2014-11-22 01:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-11 17:37 - 2014-11-22 01:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-11 17:37 - 2014-11-22 01:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-11 17:37 - 2014-11-22 01:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-11 17:37 - 2014-11-22 01:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 17:37 - 2014-11-22 01:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-11 17:37 - 2014-11-22 01:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-11 17:37 - 2014-11-22 01:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 17:37 - 2014-11-22 01:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-11 17:37 - 2014-11-22 01:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 17:37 - 2014-11-22 01:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-11 17:37 - 2014-11-22 01:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-11 17:37 - 2014-11-22 01:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-11 17:37 - 2014-11-22 01:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-11 17:37 - 2014-11-22 01:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-11 17:37 - 2014-11-22 01:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 17:37 - 2014-11-22 01:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-11 17:37 - 2014-11-22 01:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-11 17:37 - 2014-11-22 01:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-11 17:37 - 2014-11-22 01:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 17:37 - 2014-11-22 01:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-11 17:37 - 2014-11-22 01:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-11 17:37 - 2014-11-22 01:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-11 17:37 - 2014-11-22 00:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-11 17:37 - 2014-11-22 00:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-11 17:37 - 2014-11-11 03:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 17:37 - 2014-11-11 02:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-06 02:32 - 2014-12-06 02:32 - 00000000 ____D () C:\Users\Aaron\Desktop\VLCPortable
2014-12-05 23:23 - 2014-12-05 23:24 - 00000000 ____D () C:\Program Files (x86)\GUM33E2.tmp
2014-12-05 23:22 - 2014-12-27 15:27 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790890260-3676742486-3618971976-500UA.job
2014-12-05 23:22 - 2014-12-26 23:27 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790890260-3676742486-3618971976-500Core.job
2014-12-05 23:22 - 2014-12-05 23:22 - 00003930 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-790890260-3676742486-3618971976-500UA
2014-12-05 23:22 - 2014-12-05 23:22 - 00003534 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-790890260-3676742486-3618971976-500Core
2014-12-05 18:17 - 2014-12-05 18:18 - 00000000 ____D () C:\Users\Aaron\Desktop\Tor Browser
2014-12-03 17:08 - 2014-12-03 17:08 - 00000282 _____ () C:\Users\Administrator\openvpn-connect.json
2014-12-03 17:07 - 2014-12-03 17:07 - 00001371 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN Connect.lnk
2014-12-03 17:06 - 2014-12-03 17:07 - 05255388 _____ () C:\Users\Administrator\Downloads\openvpn-connect-2.0.7.100(1).msi
2014-12-02 17:33 - 2014-12-17 16:56 - 00000378 _____ () C:\Users\Aaron\openvpn-connect.json
2014-12-02 17:32 - 2014-12-23 09:11 - 00002608 _____ () C:\Users\Administrator\ovpntray.log
2014-12-02 17:31 - 2014-12-02 17:31 - 05251206 _____ () C:\Users\Administrator\Downloads\openvpn-connect-2.0.7.100.msi
2014-12-02 17:03 - 2014-12-27 15:26 - 00021599 _____ () C:\Users\Aaron\ovpntray.log
2014-12-02 17:02 - 2014-12-03 17:07 - 00001359 _____ () C:\Users\Public\Desktop\OpenVPN Connect.lnk
2014-12-02 17:02 - 2014-12-02 17:02 - 00000000 ____D () C:\Program Files (x86)\OpenVPN Technologies
2014-12-02 17:01 - 2014-12-05 23:23 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Mozilla
2014-12-02 16:53 - 2014-12-04 16:49 - 00000000 ____D () C:\Users\Aaron\Desktop\PuTTY
2014-11-29 01:37 - 2014-11-29 01:37 - 00002916 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Aaron

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-27 15:47 - 2014-10-07 16:15 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\Skype
2014-12-27 15:31 - 2009-07-14 05:13 - 00786022 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-27 15:31 - 2009-07-14 04:45 - 00033664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-27 15:31 - 2009-07-14 04:45 - 00033664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-27 15:28 - 2014-01-29 16:49 - 01630428 _____ () C:\Windows\WindowsUpdate.log
2014-12-27 15:26 - 2014-08-01 06:53 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-12-27 15:26 - 2013-04-12 08:27 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-12-27 15:26 - 2013-03-18 04:41 - 00002960 _____ () C:\Windows\System32\Tasks\AsrXTU
2014-12-27 15:25 - 2014-10-02 16:08 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-12-27 15:25 - 2013-12-20 16:56 - 00000000 ____D () C:\ProgramData\VMware
2014-12-27 15:25 - 2013-03-17 21:37 - 00087590 _____ () C:\Windows\PFRO.log
2014-12-27 15:25 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-27 15:25 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\schemas
2014-12-27 15:03 - 2014-07-30 10:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-27 11:25 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\tracing
2014-12-27 03:00 - 2014-05-28 11:57 - 00002040 ____H () C:\Users\Aaron\Documents\Default.rdp
2014-12-24 22:21 - 2013-03-20 17:44 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\FileZilla
2014-12-24 13:27 - 2014-10-25 12:09 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-12-23 20:24 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
2014-12-23 16:05 - 2013-04-20 09:37 - 00000000 ____D () C:\Users\Aaron\.VirtualBox
2014-12-23 15:39 - 2013-12-20 17:07 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\VMware
2014-12-23 14:43 - 2009-07-14 05:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-12-23 08:34 - 2013-05-17 15:58 - 00000000 ____D () C:\Users\Aaron\Documents\My Games
2014-12-23 08:26 - 2009-07-14 05:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-22 12:32 - 2014-01-20 19:09 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\IObit
2014-12-22 12:06 - 2013-03-18 04:32 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-12-22 11:56 - 2013-03-23 08:56 - 00507680 _____ () C:\Windows\DirectX.log
2014-12-22 11:52 - 2014-09-30 17:13 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-12-19 12:21 - 2014-10-28 08:18 - 00000000 ____D () C:\Users\Aaron\Desktop\Teamspeak 3
2014-12-19 00:48 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-12-18 23:55 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-12-18 23:55 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\ar-SA
2014-12-18 22:19 - 2013-12-28 12:15 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\Bioshock
2014-12-13 13:33 - 2013-03-17 21:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-13 10:42 - 2009-07-14 04:45 - 05054648 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-13 00:12 - 2014-07-18 15:55 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-12-13 00:12 - 2014-07-18 15:55 - 01291464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-12-13 00:12 - 2013-11-28 18:25 - 02824504 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-12-13 00:12 - 2013-11-28 18:25 - 02210040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-12-12 17:43 - 2013-03-18 04:13 - 00000000 ____D () C:\Users\Aaron
2014-12-12 16:54 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-12 16:53 - 2013-05-17 22:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-11 18:36 - 2013-03-17 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-12-11 18:35 - 2013-08-14 17:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 18:32 - 2013-04-10 08:54 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 18:03 - 2014-07-30 10:41 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 18:03 - 2014-07-30 10:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 18:03 - 2014-07-30 10:41 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-03 17:08 - 2014-08-19 08:16 - 00000000 ____D () C:\Users\Administrator
2014-12-03 16:41 - 2009-07-14 05:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-29 03:17 - 2013-07-09 15:44 - 00000000 ____D () C:\ProgramData\Origin
2014-11-29 03:17 - 2009-07-14 07:46 - 00000000 ____D () C:\Windows\ShellNew
2014-11-29 03:17 - 2009-07-14 05:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-11-29 03:17 - 2009-07-14 03:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-29 01:38 - 2013-03-28 17:21 - 00000000 ____D () C:\Program Files\Plantronics
2014-11-29 01:38 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system
2014-11-29 01:08 - 2013-11-30 11:10 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-11-29 00:40 - 2013-04-20 10:23 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-11-28 19:22 - 2013-12-13 22:16 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-11-28 19:07 - 2014-05-28 21:18 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-11-28 17:48 - 2013-07-09 15:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-25 11:09

==================== End Of Log ============================



#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,901 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:06 PM

Posted 27 December 2014 - 12:07 PM

Step 1: FRST Fix
  • Please download the attached fixlist.txt file and save it to the same location as FRST

    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

Attached Files


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 Stannaz

Stannaz
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 27 December 2014 - 08:50 PM

Again, thanks for your time and effort.

 

Fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-12-2014
Ran by Aaron at 2014-12-28 01:20:26 Run:1
Running from C:\Users\Aaron\Desktop
Loaded Profile: Aaron (Available profiles: Aaron & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-790890260-3676742486-3618971976-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
FF NetworkProxy: "type", 0
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
EmptyTemp:
*****************

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-790890260-3676742486-3618971976-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
Firefox Proxy settings were reset.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.3.1" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.3.2" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
EmptyTemp: => Removed 565.2 MB temporary data.


The system needed a reboot.

==== End of Fixlog 01:20:36 ====

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-12-2014
Ran by Aaron (administrator) on AARON-PC on 28-12-2014 01:26:19
Running from C:\Users\Aaron\Desktop
Loaded Profile: Aaron (Available profiles: Aaron & Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) F:\Programs\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes Corporation) F:\Programs\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) F:\Programs\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA) F:\Programs\NVIDIA\nTune\nTuneService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
() C:\Windows\System32\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(VMware, Inc.) F:\Programs\VMWare Player\vmware-authd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Malwarebytes Corporation) F:\Programs\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Skype Technologies S.A.) C:\Users\Aaron\Desktop\SkypePortable\App\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
() C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
() C:\Program Files (x86)\ASRock Utility\AXTU\Bin\AsrXTU.exe
(NVIDIA) F:\Programs\NVIDIA\nTune\nTuneCmd.exe
(NVIDIA Corporation) C:\Users\Aaron\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11855976 2011-05-18] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [2345848 2009-11-05] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-790890260-3676742486-3618971976-1000\...\Run: [Skype] => C:\Users\Aaron\Desktop\SkypePortable\App\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-790890260-3676742486-3618971976-1000\...\MountPoints2: O - O:\SETUP.EXE
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-18] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OpenVPN Connect.lnk
ShortcutTarget: OpenVPN Connect.lnk -> C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\start_teamspeak.bat.lnk
ShortcutTarget: start_teamspeak.bat.lnk -> C:\Users\Aaron\Desktop\Teamspeak 3\start_teamspeak.bat ()
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll (Kaspersky Lab ZAO)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-790890260-3676742486-3618971976-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> F:\Programs\Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> F:\Programs\Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - F:\Programs\Office\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{CDFEB8B7-A094-483F-8ADF-A949C134E539}: [NameServer] 192.168.1.254,208.67.222.222

FireFox:
========
FF ProfilePath: C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\hdxr4so1.default
FF Homepage: https://google.co.uk
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> F:\Programs\Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-790890260-3676742486-3618971976-1000: @nsroblox.roblox.com/launcher -> C:\Users\Aaron\AppData\Local\Roblox\Versions\version-98e339da883f4bc2\\NPRobloxProxy.dll No File
FF Plugin HKU\S-1-5-21-790890260-3676742486-3618971976-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\hdxr4so1.default\searchplugins\ixquick-ssl.xml
FF Extension: FT DeepDark - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\hdxr4so1.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2014-11-28]
FF Extension: Auto Refresh - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\hdxr4so1.default\Extensions\autorefresh@plugin.xpi [2014-07-30]
FF Extension: Reddit Enhancement Suite - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\hdxr4so1.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2014-05-29]
FF Extension: leethax.net extension - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\hdxr4so1.default\Extensions\leethax@leethax.net.xpi [2013-06-22]
FF Extension: Nimbus Screen Capture - editable screenshots. - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\hdxr4so1.default\Extensions\nimbusscreencaptureff@everhelper.me.xpi [2014-06-11]
FF Extension: YouTube High Definition - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\hdxr4so1.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-10-07]
FF Extension: Adblock Plus - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\hdxr4so1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-09]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2014-07-30]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2014-07-30]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Gevaarlijke websiteblokkering - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2014-07-30]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2014-07-30]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2014-07-30]
FF StartMenuInternet: FIREFOX.EXE - F:\Programs\Firefox\firefox.exe

Chrome:
=======
CHR Profile: C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2014-04-16]
CHR Extension: (Google Docs) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-08]
CHR Extension: (Google Drive) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-08]
CHR Extension: (YouTube) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-08]
CHR Extension: (Nimbus Screenshot) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2014-04-18]
CHR Extension: (Adblock Plus) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-16]
CHR Extension: (Google Search) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-08]
CHR Extension: (White Theme) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\eidfmlhkekofhlcimbdfmnbnlmoejdjj [2014-04-16]
CHR Extension: (Drive Notepad) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpgjomejfimnbmobcocilppikhncegaj [2014-04-16]
CHR Extension: (Chrome Audio EQ) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfafdlnjaliaghpjdajmlcnnblkgcefh [2014-04-16]
CHR Extension: (Google Wallet) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Gmail) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-08]
CHR Extension: (Change HTTP Request Header) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmibgfeefcglejjlpeihfdimbkfbbnm [2014-04-16]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 MBAMScheduler; F:\Programs\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; F:\Programs\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 nTuneService; F:\Programs\NVIDIA\nTune\nTuneService.exe [278336 2011-09-19] (NVIDIA)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
R2 OpenVPNAccessClient; C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [24064 2014-04-09] () [File not signed]
S3 Origin Client Service; F:\Programs\Origin\OriginClientService.exe [1900400 2014-11-28] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-11-28] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-08-05] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 SbieSvc; F:\Programs\Sandboxie\SbieSvc.exe [186056 2013-10-16] (Sandboxie Holdings, LLC)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
R2 VMAuthdService; F:\Programs\VMWare Player\vmware-authd.exe [86744 2014-06-12] (VMware, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
S3 CV2K1; C:\Windows\System32\DRIVERS\cv2k1.sys [21544 2009-06-17] (TamoSoft)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-07-30] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-07-30] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628288 2014-07-30] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-07-30] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-11-11] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-11-11] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-28] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 SbieDrv; F:\Programs\Sandboxie\SbieDrv.sys [200552 2013-10-16] (Sandboxie Holdings, LLC)
R3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [31232 2013-07-15] (The OpenVPN Project)
S3 TsVlb; C:\Windows\System32\DRIVERS\tsvlb.sys [22312 2006-12-11] (TamoSoft)
R1 TsVp; C:\Windows\System32\DRIVERS\tsvp.sys [32040 2007-01-19] (TamoSoft)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [106256 2013-09-06] (Oracle Corporation)
R3 vmkbd2; C:\Windows\system32\drivers\VMkbd.sys [33496 2014-06-12] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
R3 AxtuDrv; \??\C:\Windows\SysWOW64\Drivers\AxtuDrv.sys [X]
S3 cpuz135; \??\C:\Users\Aaron\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X]
S3 GPU-Z; \??\F:\Temp\Temp\GPU-ZPortableTemp\GPU-Z.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 PlantronicsGC; system32\drivers\PLTGC.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-27 15:37 - 2014-12-27 15:48 - 00001060 _____ () C:\Users\Aaron\Desktop\Malwarebytes.txt
2014-12-27 15:34 - 2014-12-27 15:34 - 00001294 _____ () C:\Users\Aaron\Desktop\JRT.txt
2014-12-27 15:31 - 2014-12-27 15:31 - 00000000 ____D () C:\Windows\ERUNT
2014-12-27 15:30 - 2014-12-27 15:30 - 01707646 _____ (Thisisu) C:\Users\Aaron\Desktop\JRT.exe
2014-12-27 13:43 - 2014-12-28 01:22 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-27 13:43 - 2014-12-27 13:43 - 00000731 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-27 13:43 - 2014-12-27 13:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-27 13:43 - 2014-12-27 13:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-27 13:43 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-27 13:43 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-27 13:43 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-27 13:37 - 2014-12-27 13:38 - 00000000 ____D () C:\AdwCleaner
2014-12-27 13:37 - 2014-12-27 13:37 - 02173952 _____ () C:\Users\Aaron\Desktop\AdwCleaner.exe
2014-12-26 23:31 - 2014-12-28 01:26 - 00024076 _____ () C:\Users\Aaron\Desktop\FRST.txt
2014-12-26 23:31 - 2014-12-26 23:32 - 00049617 _____ () C:\Users\Aaron\Desktop\Addition.txt
2014-12-26 23:31 - 2014-12-26 19:01 - 02122752 _____ (Farbar) C:\Users\Aaron\Desktop\FRST64.exe
2014-12-26 19:01 - 2014-12-28 01:26 - 00000000 ____D () C:\FRST
2014-12-26 18:39 - 2014-11-22 10:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-12-26 18:39 - 2014-11-22 10:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-12-23 18:42 - 2014-12-23 18:42 - 00012608 _____ () C:\Users\Aaron\Desktop\attach.txt
2014-12-23 18:42 - 2014-12-23 18:41 - 00024434 _____ () C:\Users\Aaron\Desktop\dds.txt
2014-12-23 09:12 - 2014-12-24 19:37 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\upScreen
2014-12-23 09:11 - 2014-12-23 09:11 - 00002563 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\upScreen.lnk
2014-12-23 09:11 - 2014-12-23 09:11 - 00002557 _____ () C:\Users\Public\Desktop\upScreen.lnk
2014-12-23 09:11 - 2014-12-23 09:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\upScreen
2014-12-23 08:26 - 2014-12-23 08:26 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2014-12-23 08:26 - 2014-12-23 08:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
2014-12-23 08:26 - 2014-12-23 08:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-12-22 16:20 - 2014-12-28 01:21 - 00002535 _____ () C:\Windows\setupact.log
2014-12-22 16:20 - 2014-12-22 16:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-22 12:07 - 2014-12-22 12:07 - 00000000 ____D () C:\Users\Administrator\Documents\Games for Windows - LIVE Demos
2014-12-22 12:01 - 2014-12-22 12:01 - 00000000 ____D () C:\Users\Aaron\Documents\Games for Windows - LIVE Demos
2014-12-22 12:00 - 2014-12-22 12:08 - 00004960 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Aaron-PC-Administrator Aaron-PC
2014-12-22 11:47 - 2013-10-30 13:52 - 00900456 _____ (Foolish IT LLC) C:\Users\Aaron\Desktop\CryptoPrevent.exe
2014-12-19 12:35 - 2014-12-19 13:05 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\Tox
2014-12-19 01:23 - 2014-12-19 01:27 - 00000000 ____D () C:\Users\Aaron\Documents\Shiner
2014-12-19 01:23 - 2014-12-19 01:23 - 00000000 ____D () C:\Users\Aaron\Documents\Robot Entertainment
2014-12-18 23:51 - 2009-07-14 01:41 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\rsatclient.dll
2014-12-18 17:15 - 2014-12-18 17:15 - 00000000 ____D () C:\Users\Aaron\Desktop\MumblePortable
2014-12-18 13:19 - 2014-12-13 05:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 13:19 - 2014-12-13 03:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-16 17:53 - 2014-12-14 15:41 - 00014848 _____ () C:\Users\Aaron\Desktop\NV_RGBFullRangeToggle.exe
2014-12-12 18:04 - 2014-12-12 18:04 - 00000000 ____D () C:\Users\Aaron\Desktop\Tox.im
2014-12-12 17:44 - 2014-12-24 22:31 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\.purple
2014-12-12 17:44 - 2014-12-12 17:44 - 00000642 _____ () C:\Users\Public\Desktop\Pidgin.lnk
2014-12-12 17:44 - 2014-12-12 17:44 - 00000642 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pidgin.lnk
2014-12-12 17:44 - 2014-12-12 17:44 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\pidgin-otr
2014-12-12 17:44 - 2014-12-12 17:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pidgin-otr
2014-12-12 17:02 - 2014-12-22 08:24 - 00000971 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2014-12-12 17:02 - 2014-12-22 08:24 - 00000959 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2014-12-11 17:37 - 2014-11-27 01:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-11 17:37 - 2014-11-27 01:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-11 17:37 - 2014-11-22 03:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 17:37 - 2014-11-22 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-11 17:37 - 2014-11-22 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-11 17:37 - 2014-11-22 02:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 17:37 - 2014-11-22 02:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-11 17:37 - 2014-11-22 02:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 17:37 - 2014-11-22 02:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-11 17:37 - 2014-11-22 02:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-11 17:37 - 2014-11-22 02:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-11 17:37 - 2014-11-22 02:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-11 17:37 - 2014-11-22 02:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 17:37 - 2014-11-22 02:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-11 17:37 - 2014-11-22 02:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 17:37 - 2014-11-22 02:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-11 17:37 - 2014-11-22 02:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-11 17:37 - 2014-11-22 02:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-11 17:37 - 2014-11-22 02:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-11 17:37 - 2014-11-22 02:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-11 17:37 - 2014-11-22 02:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-11 17:37 - 2014-11-22 02:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-11 17:37 - 2014-11-22 02:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-11 17:37 - 2014-11-22 02:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-11 17:37 - 2014-11-22 02:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-11 17:37 - 2014-11-22 02:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-11 17:37 - 2014-11-22 02:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 17:37 - 2014-11-22 02:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-11 17:37 - 2014-11-22 02:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-11 17:37 - 2014-11-22 01:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-11 17:37 - 2014-11-22 01:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-11 17:37 - 2014-11-22 01:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-11 17:37 - 2014-11-22 01:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-11 17:37 - 2014-11-22 01:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 17:37 - 2014-11-22 01:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-11 17:37 - 2014-11-22 01:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-11 17:37 - 2014-11-22 01:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 17:37 - 2014-11-22 01:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-11 17:37 - 2014-11-22 01:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 17:37 - 2014-11-22 01:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-11 17:37 - 2014-11-22 01:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-11 17:37 - 2014-11-22 01:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-11 17:37 - 2014-11-22 01:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-11 17:37 - 2014-11-22 01:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-11 17:37 - 2014-11-22 01:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 17:37 - 2014-11-22 01:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-11 17:37 - 2014-11-22 01:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-11 17:37 - 2014-11-22 01:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-11 17:37 - 2014-11-22 01:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 17:37 - 2014-11-22 01:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-11 17:37 - 2014-11-22 01:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-11 17:37 - 2014-11-22 01:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-11 17:37 - 2014-11-22 00:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-11 17:37 - 2014-11-22 00:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-11 17:37 - 2014-11-11 03:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 17:37 - 2014-11-11 02:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-06 02:32 - 2014-12-06 02:32 - 00000000 ____D () C:\Users\Aaron\Desktop\VLCPortable
2014-12-05 23:23 - 2014-12-05 23:24 - 00000000 ____D () C:\Program Files (x86)\GUM33E2.tmp
2014-12-05 23:22 - 2014-12-28 00:27 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790890260-3676742486-3618971976-500UA.job
2014-12-05 23:22 - 2014-12-27 23:27 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790890260-3676742486-3618971976-500Core.job
2014-12-05 23:22 - 2014-12-05 23:22 - 00003930 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-790890260-3676742486-3618971976-500UA
2014-12-05 23:22 - 2014-12-05 23:22 - 00003534 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-790890260-3676742486-3618971976-500Core
2014-12-05 18:17 - 2014-12-05 18:18 - 00000000 ____D () C:\Users\Aaron\Desktop\Tor Browser
2014-12-03 17:08 - 2014-12-03 17:08 - 00000282 _____ () C:\Users\Administrator\openvpn-connect.json
2014-12-03 17:07 - 2014-12-03 17:07 - 00001371 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN Connect.lnk
2014-12-03 17:06 - 2014-12-03 17:07 - 05255388 _____ () C:\Users\Administrator\Downloads\openvpn-connect-2.0.7.100(1).msi
2014-12-02 17:33 - 2014-12-17 16:56 - 00000378 _____ () C:\Users\Aaron\openvpn-connect.json
2014-12-02 17:32 - 2014-12-23 09:11 - 00002608 _____ () C:\Users\Administrator\ovpntray.log
2014-12-02 17:31 - 2014-12-02 17:31 - 05251206 _____ () C:\Users\Administrator\Downloads\openvpn-connect-2.0.7.100.msi
2014-12-02 17:03 - 2014-12-28 01:22 - 00012639 _____ () C:\Users\Aaron\ovpntray.log
2014-12-02 17:02 - 2014-12-03 17:07 - 00001359 _____ () C:\Users\Public\Desktop\OpenVPN Connect.lnk
2014-12-02 17:02 - 2014-12-02 17:02 - 00000000 ____D () C:\Program Files (x86)\OpenVPN Technologies
2014-12-02 17:01 - 2014-12-05 23:23 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Mozilla
2014-12-02 16:53 - 2014-12-04 16:49 - 00000000 ____D () C:\Users\Aaron\Desktop\PuTTY
2014-11-29 01:37 - 2014-11-29 01:37 - 00002916 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Aaron

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-28 01:26 - 2014-10-07 16:15 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\Skype
2014-12-28 01:23 - 2013-04-12 08:27 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-12-28 01:22 - 2014-08-01 06:53 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-12-28 01:22 - 2013-03-18 04:41 - 00002960 _____ () C:\Windows\System32\Tasks\AsrXTU
2014-12-28 01:21 - 2014-10-02 16:08 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-12-28 01:21 - 2014-01-29 16:49 - 01645120 _____ () C:\Windows\WindowsUpdate.log
2014-12-28 01:21 - 2013-12-20 16:56 - 00000000 ____D () C:\ProgramData\VMware
2014-12-28 01:21 - 2013-03-17 21:37 - 00087946 _____ () C:\Windows\PFRO.log
2014-12-28 01:21 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-28 01:03 - 2014-07-30 10:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-27 15:31 - 2009-07-14 05:13 - 00786022 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-27 15:31 - 2009-07-14 04:45 - 00033664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-27 15:31 - 2009-07-14 04:45 - 00033664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-27 15:25 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\schemas
2014-12-27 11:25 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\tracing
2014-12-27 03:00 - 2014-05-28 11:57 - 00002040 ____H () C:\Users\Aaron\Documents\Default.rdp
2014-12-24 22:21 - 2013-03-20 17:44 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\FileZilla
2014-12-24 13:27 - 2014-10-25 12:09 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-12-23 20:24 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
2014-12-23 16:05 - 2013-04-20 09:37 - 00000000 ____D () C:\Users\Aaron\.VirtualBox
2014-12-23 15:39 - 2013-12-20 17:07 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\VMware
2014-12-23 14:43 - 2009-07-14 05:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-12-23 08:34 - 2013-05-17 15:58 - 00000000 ____D () C:\Users\Aaron\Documents\My Games
2014-12-23 08:26 - 2009-07-14 05:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-22 12:32 - 2014-01-20 19:09 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\IObit
2014-12-22 12:06 - 2013-03-18 04:32 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-12-22 11:56 - 2013-03-23 08:56 - 00507680 _____ () C:\Windows\DirectX.log
2014-12-22 11:52 - 2014-09-30 17:13 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-12-19 12:21 - 2014-10-28 08:18 - 00000000 ____D () C:\Users\Aaron\Desktop\Teamspeak 3
2014-12-19 00:48 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-12-18 23:55 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-12-18 23:55 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\ar-SA
2014-12-18 22:19 - 2013-12-28 12:15 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\Bioshock
2014-12-13 13:33 - 2013-03-17 21:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-13 10:42 - 2009-07-14 04:45 - 05054648 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-13 00:12 - 2014-07-18 15:55 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-12-13 00:12 - 2014-07-18 15:55 - 01291464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-12-13 00:12 - 2013-11-28 18:25 - 02824504 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-12-13 00:12 - 2013-11-28 18:25 - 02210040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-12-12 17:43 - 2013-03-18 04:13 - 00000000 ____D () C:\Users\Aaron
2014-12-12 16:54 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-12 16:53 - 2013-05-17 22:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-11 18:36 - 2013-03-17 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-12-11 18:35 - 2013-08-14 17:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 18:32 - 2013-04-10 08:54 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 18:03 - 2014-07-30 10:41 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 18:03 - 2014-07-30 10:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 18:03 - 2014-07-30 10:41 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-03 17:08 - 2014-08-19 08:16 - 00000000 ____D () C:\Users\Administrator
2014-12-03 16:41 - 2009-07-14 05:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-29 03:17 - 2013-07-09 15:44 - 00000000 ____D () C:\ProgramData\Origin
2014-11-29 03:17 - 2009-07-14 07:46 - 00000000 ____D () C:\Windows\ShellNew
2014-11-29 03:17 - 2009-07-14 05:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-11-29 03:17 - 2009-07-14 03:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-29 01:38 - 2013-03-28 17:21 - 00000000 ____D () C:\Program Files\Plantronics
2014-11-29 01:38 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system
2014-11-29 01:08 - 2013-11-30 11:10 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-11-29 00:40 - 2013-04-20 10:23 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-11-28 19:22 - 2013-12-13 22:16 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-11-28 19:07 - 2014-05-28 21:18 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-11-28 17:48 - 2013-07-09 15:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-25 11:09

==================== End Of Log ============================

 

 

How is my PC running?

My PC was always running fine, I'm running this malware hunting procedre due to another forum members recommendation. On a side note, likely not too related, after around 15-30min of playing any game, there will be lag spikes of around 20fps, then it will go back up to 60-200fps, depending on the game.

 

EDIT: I accidentally submitted this post without the ESET scan, I will post that as a new post(so it notifies you) when it's done - sorry about that.


Edited by Stannaz, 27 December 2014 - 08:52 PM.


#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,901 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:06 PM

Posted 28 December 2014 - 07:25 AM

EDIT: I accidentally submitted this post without the ESET scan, I will post that as a new post(so it notifies you) when it's done - sorry about that.

OK. Don't worry.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 Stannaz

Stannaz
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 28 December 2014 - 08:52 AM

ESET.txt

 

C:\Users\Aaron\AppData\Local\Temp\A056.tmp    Win32/Somoto.Q potentially unwanted application    deleted - quarantined
 

 

 

Thanks :)



#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,901 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:06 PM

Posted 28 December 2014 - 09:34 AM

On a side note, likely not too related, after around 15-30min of playing any game, there will be lag spikes of around 20fps, then it will go back up to 60-200fps, depending on the game.

This could be driver related.

Which graphic card do you have?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#13 Stannaz

Stannaz
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 29 December 2014 - 07:17 AM

I have the NVIDIA GeForce GTX 660.



#14 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,901 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:06 PM

Posted 29 December 2014 - 08:49 AM

Please post your computer specs.

Which graphic driver do you have installed?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#15 Stannaz

Stannaz
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 29 December 2014 - 08:54 AM

CPU: AMD FX-8120

GPU: NVIDIA GeForce GTX 660

Motherboard: ASRock Extreme4 970

RAM: 16GB DDR3

Main OS Disk: 60gb OCZ SSD

Secondary Data Disk: 2TB HDD 7200rpm

 

I just updated the drivers and played about 70minutes, and it didn't occur, so I believe that may have possibly fixed it, I'll get back to you. However, the PhysX installation failed a couple times, however I think it is now successful. I am using driver version 347.09.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users