Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Opened a .Scr file, think I might be infected.


  • This topic is locked This topic is locked
12 replies to this topic

#1 knblatt

knblatt

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 19 January 2015 - 07:48 PM

I thought it was a game screenshot that I was looking at but after looking around I think it might have been a virus. Please help.

 

I tried running dds but it won't run. Says "can't run in compatibility mode"  and closes.



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:44 PM

Posted 20 January 2015 - 07:46 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
  
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.
 


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 knblatt

knblatt
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 20 January 2015 - 12:08 PM

Here are my logs from FRST. Was unable to run Gmer, it kept crashing up loadup.


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Kyle (administrator) on KYLE on 20-01-2015 08:57:59
Running from C:\Users\Kyle\Downloads
Loaded Profiles: Kyle (Available profiles: Kyle)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Advanced Micro Devices) C:\Program Files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Mr. John aka japamd) C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\nacl64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [11877656 2014-09-16] (Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [{1606DC18-9578-4cbd-8312-8E9868F06A1D}] => \cmdinstall.exe -cmdfile
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585048 2014-04-17] (Razer Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [377368 2014-03-29] (Power Software Ltd)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-12-08] (Raptr, Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
HKU\S-1-5-21-3278550838-1209714285-193430599-1003\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3278550838-1209714285-193430599-1003\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3278550838-1209714285-193430599-1003\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [759712 2014-09-12] (Adobe Systems Incorporated)
HKU\S-1-5-21-3278550838-1209714285-193430599-1003\...\MountPoints2: E - "E:\Autorun.exe" 
HKU\S-1-5-21-3278550838-1209714285-193430599-1003\...\MountPoints2: {d9b4df5c-c1af-11e3-826c-74d43570267c} - "E:\iLinker.exe" 
Startup: C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3278550838-1209714285-193430599-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3278550838-1209714285-193430599-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/betapit/PCPitStop.CAB
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: Hosts file not detected in the default directory

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-3278550838-1209714285-193430599-1003: DISH Anywhere.com/DISH Anywhere Video Player -> C:\Users\Kyle\AppData\Roaming\DISH Anywhere\DISH Anywhere Video Player\npNMPCBrowserPlugin.dll (Nagravision)
FF Plugin HKU\S-1-5-21-3278550838-1209714285-193430599-1003: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-08-18]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome: 
=======
CHR Profile: C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (BetterTTV) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2014-04-10]
CHR Extension: (Google Docs) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-10]
CHR Extension: (Google Drive) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-10]
CHR Extension: (Google Search) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-10]
CHR Extension: (SlingPlayer for DISH Anywhere) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcnpmlegoehfgohpkmjhpohjchokamnn [2014-04-10]
CHR Extension: (DISH Anywhere Video Player Extension) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\jddfihmdfalfpnnebhgpmopljbopmkea [2014-11-23]
CHR Extension: (Google Wallet) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-10]
CHR Extension: (Trend Micro Toolbar) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2014-04-24]
CHR Extension: (Gmail) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-10]
CHR HKLM\...\Chrome\Extension: [jddfihmdfalfpnnebhgpmopljbopmkea] - No Path
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - No Path
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]
CHR HKLM-x32\...\Chrome\Extension: [fmgckcapmffomaifonnhgkfdgljnkpgi] - No Path
CHR HKLM-x32\...\Chrome\Extension: [jddfihmdfalfpnnebhgpmopljbopmkea] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
S2 AMD FusionUtility Service; C:\Program Files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe [275832 2010-04-14] (Advanced Micro Devices, Inc.)
R2 AMD Reservation Manager; C:\Program Files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe [140160 2010-04-14] (Advanced Micro Devices)
S2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [137584 2014-01-08] ()
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-12-18] (Perfect World Entertainment Inc)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2014-12-05] (BitRaider, LLC)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-07-05] (BitRaider, LLC)
S3 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2014-10-13] (BioWare)
R2 Diskeeper; C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe [2721656 2012-07-27] (Condusiv Technologies)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-25] (Electronic Arts)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
R2 RadeonPro Support Service; C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [20608 2013-11-04] (Mr. John aka japamd) [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-09] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [105448 2014-12-06] (Razer Inc.)
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 AODDriver4.3.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [59624 2014-01-08] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2014-05-11] ()
S3 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [22568 2014-08-12] (IVT Corporation.)
R0 DKDFM; C:\Windows\System32\drivers\DKDFM.sys [40752 2012-04-05] (Condusiv Technologies)
R3 DKRtWrt; C:\Windows\System32\DRIVERS\DKRtWrt.sys [52048 2012-06-18] (Condusiv Technologies)
R0 DKTLFSMF; C:\Windows\System32\drivers\DKTLFSMF.sys [106832 2012-07-09] (Condusiv Technologies)
S3 IvtAudioBusSrv; C:\Windows\System32\Drivers\IvtBtBus.sys [27256 2012-12-24] (IVT Corporation.)
S3 IvtPanBusSrv; C:\Windows\System32\Drivers\btnetBus.sys [31480 2012-12-24] (IVT Corporation.)
S3 LADF_DHP2; C:\Windows\system32\DRIVERS\ladfDHP2amd64.sys [62168 2010-09-29] (Logitech)
S3 LADF_SBVM; C:\Windows\system32\DRIVERS\ladfSBVMamd64.sys [377176 2010-09-29] (Logitech)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2014-05-11] ()
S3 MotioninJoyXFilter; C:\Windows\System32\drivers\MijXfilt.sys [115272 2012-03-25] (MotioninJoy) [File not signed]
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [47360 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-13] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)
R3 rtl8192U; C:\Windows\system32\DRIVERS\rtl8192U.sys [1631264 2010-04-13] (Realtek Semiconductor Corporation                           )
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-10] (Razer, Inc.)
R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-10] (Razer, Inc.)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-12-09] (Razer, Inc.)
R3 tapoas; C:\Windows\system32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 BlueletAudio; \SystemRoot\system32\DRIVERS\blueletaudio.sys [X]
S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X]
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 BT; \SystemRoot\system32\DRIVERS\btnetdrv.sys [X]
S3 BTCOM; \SystemRoot\system32\DRIVERS\btcomport.sys [X]
S3 Btcsrusb; \SystemRoot\System32\Drivers\btcusb.sys [X]
S3 cpuz136; \??\C:\Users\Kyle\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 IvtComBusSrv; \SystemRoot\System32\Drivers\btcombus.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-20 08:57 - 2015-01-20 08:58 - 00000000 ____D () C:\FRST
2015-01-20 08:57 - 2015-01-20 08:57 - 02126848 _____ (Farbar) C:\Users\Kyle\Downloads\FRST64.exe
2015-01-19 20:47 - 2015-01-19 21:00 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\TS3Client
2015-01-19 20:47 - 2015-01-19 20:47 - 00000986 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2015-01-19 20:47 - 2015-01-19 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2015-01-19 20:47 - 2015-01-19 20:47 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2015-01-19 20:46 - 2015-01-19 20:46 - 30014480 _____ (TeamSpeak Systems GmbH) C:\Users\Kyle\Downloads\TeamSpeak3-Client-win64-3.0.16.exe
2015-01-19 16:41 - 2015-01-19 16:41 - 00688992 _____ (Swearware) C:\Users\Kyle\Desktop\dds (1).com
2015-01-19 16:39 - 2015-01-19 16:39 - 00688992 _____ (Swearware) C:\Users\Kyle\Downloads\dds.com
2015-01-17 12:13 - 2015-01-17 12:13 - 00000218 _____ () C:\Users\Kyle\AppData\Local\recently-used.xbel
2015-01-17 12:10 - 2015-01-17 12:10 - 00023304 _____ () C:\Users\Kyle\Downloads\H1Z1 Early Access Alpha Cracked-3DM.torrent
2015-01-15 19:53 - 2015-01-15 19:53 - 01637881 _____ () C:\Users\Kyle\Downloads\DragonAgeInquisition.CT
2015-01-07 11:38 - 2015-01-07 11:38 - 03441528 _____ (Solvusoft Corporation ) C:\Users\Kyle\Downloads\AMD_FX_6-Core_FX-6300_Driver_Update_10-2014.exe
2015-01-07 11:36 - 2015-01-07 11:36 - 05451464 _____ (Advanced Micro Devices, Inc.) C:\Users\Kyle\Downloads\autodetectutility.exe
2015-01-07 10:05 - 2015-01-07 10:05 - 00000000 ____D () C:\Windows\SysWOW64\DCS
2015-01-05 16:20 - 2015-01-05 16:20 - 03430912 _____ () C:\Users\Kyle\Downloads\PowerpointHomebuyerEducation.ppt
2015-01-02 18:49 - 2015-01-02 18:50 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-01-02 18:49 - 2015-01-02 18:49 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\Panda Security
2015-01-02 18:49 - 2015-01-02 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2015-01-02 18:49 - 2014-03-25 05:15 - 00060400 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-01-02 18:47 - 2015-01-02 18:50 - 00000000 ____D () C:\ProgramData\Panda Security
2015-01-02 18:45 - 2015-01-02 18:46 - 58043240 _____ () C:\Users\Kyle\Downloads\FREEAV.exe
2015-01-02 17:34 - 2015-01-02 17:38 - 226075384 _____ (COMODO) C:\Users\Kyle\Downloads\cispremium_installer_6100_08.exe
2015-01-02 17:28 - 2015-01-02 17:28 - 00000046 _____ () C:\Windows\wininit.ini
2015-01-02 17:27 - 2015-01-02 17:27 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2015-01-02 17:13 - 2015-01-02 17:13 - 00000000 ____D () C:\cis
2015-01-02 17:13 - 2014-12-08 16:20 - 05273816 _____ (COMODO) C:\cmdinstall.exe
2015-01-02 17:13 - 2014-12-08 16:20 - 03342552 _____ (Terra Informatica Software, Inc.) C:\cmdhtml.dll
2015-01-02 17:13 - 2014-12-08 16:20 - 02704600 _____ (COMODO) C:\cmdstat.dll
2015-01-02 17:13 - 2014-12-08 16:20 - 00281816 _____ (Igor Pavlov) C:\7za.dll
2015-01-02 17:10 - 2015-01-02 17:40 - 00001347 __RSH () C:\Windows\SysWOW64\{1606DC18-9578-4cbd-8312-8E9868F06A1D}.conf
2015-01-02 17:10 - 2015-01-02 17:40 - 00000630 _____ () C:\Windows\SysWOW64\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
2015-01-02 16:55 - 2015-01-02 16:55 - 00281104 _____ () C:\Windows\Minidump\010215-18640-01.dmp
2015-01-02 16:53 - 2015-01-02 16:53 - 00000000 ____D () C:\ProgramData\Shared Space
2015-01-02 16:52 - 2015-01-02 17:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-01-02 16:52 - 2015-01-02 16:53 - 00000000 ____D () C:\Program Files\COMODO
2015-01-02 16:52 - 2015-01-02 16:52 - 00000000 ____D () C:\Users\Kyle\AppData\Local\Comodo
2015-01-02 16:52 - 2015-01-02 16:52 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2015-01-02 16:49 - 2015-01-02 16:53 - 00000000 ____D () C:\ProgramData\Comodo
2015-01-02 16:38 - 2015-01-02 16:38 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2015-01-02 16:30 - 2015-01-02 16:37 - 226075376 _____ (COMODO) C:\Users\Kyle\Downloads\cav_installer_3269_65.exe
2015-01-02 16:25 - 2015-01-02 16:36 - 226075376 _____ (COMODO) C:\Users\Kyle\Downloads\cfw_installer_5732_83.exe
2015-01-02 16:19 - 2015-01-02 16:19 - 00162208 _____ () C:\Users\Kyle\Downloads\Antivirus_Free_Edition.exe
2014-12-30 16:03 - 2014-12-30 16:03 - 00001275 _____ () C:\Users\Public\Desktop\Razer Cortex.lnk
2014-12-30 16:03 - 2014-12-09 14:21 - 00037184 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpmgrk.sys
2014-12-30 16:02 - 2014-12-30 16:03 - 22126232 _____ (Razer Inc. ) C:\Users\Kyle\Downloads\RazerCortexSetup_5.2.22.0.exe
2014-12-30 09:30 - 2014-12-30 09:30 - 02188322 _____ () C:\Users\Kyle\Downloads\DAI SWEETFX-53-1-0.7z
2014-12-30 08:49 - 2014-12-30 08:49 - 00280992 _____ () C:\Windows\Minidump\123014-13859-01.dmp
2014-12-26 11:20 - 2014-12-26 11:20 - 00001104 _____ () C:\Users\Kyle\Desktop\Cheat Engine.lnk
2014-12-26 11:20 - 2014-12-26 11:20 - 00000000 ____D () C:\Users\Kyle\Documents\My Cheat Tables
2014-12-26 11:20 - 2014-12-26 11:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.4
2014-12-26 11:20 - 2014-12-26 11:20 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.4
2014-12-26 11:19 - 2014-12-26 11:19 - 09052192 _____ (Cheat Engine ) C:\Users\Kyle\Downloads\CheatEngine64.exe
2014-12-26 11:15 - 2014-12-26 11:15 - 00026122 _____ () C:\Users\Kyle\Downloads\DragonAgeInquisition.patch2hotfix.walkingSim_v4.CT
2014-12-25 09:44 - 2014-12-25 09:47 - 00001347 _____ () C:\Users\Public\Desktop\Dragon Age Inquisition.lnk
2014-12-25 09:44 - 2014-12-25 09:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Age Inquisition
2014-12-24 16:51 - 2014-12-24 16:51 - 00001802 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-12-24 16:51 - 2014-12-24 16:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-12-24 16:51 - 2014-12-24 16:51 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-12-24 16:51 - 2014-12-24 16:51 - 00000000 ____D () C:\Program Files\iTunes
2014-12-24 16:51 - 2014-12-24 16:51 - 00000000 ____D () C:\Program Files\iPod
2014-12-24 16:51 - 2014-12-24 16:51 - 00000000 ____D () C:\Program Files (x86)\iTunes

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-20 08:58 - 2014-11-18 17:05 - 00023837 _____ () C:\Users\Kyle\Downloads\FRST.txt
2015-01-20 08:58 - 2014-04-10 03:26 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3278550838-1209714285-193430599-1003
2015-01-20 08:56 - 2014-03-26 02:38 - 01125390 _____ () C:\Windows\WindowsUpdate.log
2015-01-20 08:55 - 2014-08-19 14:08 - 00003752 _____ () C:\Windows\System32\Tasks\AutoKMS
2015-01-20 08:55 - 2014-04-10 05:34 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-20 08:54 - 2014-04-10 03:36 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\Raptr
2015-01-20 08:53 - 2014-04-10 05:03 - 00000000 __RDO () C:\Users\Kyle\SkyDrive
2015-01-20 08:53 - 2014-04-10 03:39 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-19 21:00 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\sru
2015-01-19 20:58 - 2014-04-13 19:13 - 00000000 ____D () C:\Users\Kyle\AppData\Local\Battle.net
2015-01-19 20:33 - 2014-06-25 18:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-19 20:04 - 2014-04-10 03:39 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-19 16:11 - 2014-12-09 12:21 - 00000000 ____D () C:\Users\Kyle\AppData\Local\CrashDumps
2015-01-19 11:26 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-19 06:46 - 2014-05-28 09:50 - 00000000 ____D () C:\Fraps
2015-01-17 15:07 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-16 21:16 - 2014-04-23 15:12 - 00000000 ____D () C:\ProgramData\Origin
2015-01-16 15:58 - 2014-04-23 15:12 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-01-16 10:40 - 2014-04-14 06:33 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2015-01-14 18:05 - 2014-04-10 03:40 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-13 10:33 - 2014-06-25 18:08 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-12 21:29 - 2014-04-10 03:20 - 00000000 ____D () C:\Users\Kyle
2015-01-12 13:53 - 2013-08-22 06:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-11 20:29 - 2013-11-23 01:25 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-07 18:31 - 2014-08-19 13:45 - 00000000 ____D () C:\Users\Kyle\Desktop\Resumes
2015-01-07 18:31 - 2014-04-10 03:21 - 00000000 ____D () C:\Users\Kyle\AppData\Local\Packages
2015-01-07 11:28 - 2013-08-22 05:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-01-02 21:33 - 2014-12-08 04:15 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\Condusiv_Technologies
2015-01-02 21:33 - 2014-12-08 04:15 - 00000000 ____D () C:\Users\Kyle\AppData\Local\Condusiv_Technologies
2015-01-02 21:17 - 2013-08-22 06:44 - 00531648 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-02 19:41 - 2014-04-11 10:51 - 00007590 _____ () C:\Users\Kyle\AppData\Local\Resmon.ResmonCfg
2015-01-02 17:39 - 2013-11-16 04:46 - 00671548 _____ () C:\Windows\PFRO.log
2015-01-02 17:01 - 2014-07-24 09:52 - 00002090 _____ () C:\Users\Kyle\Desktop\Zygor Guides Client.lnk
2015-01-02 16:59 - 2014-04-13 20:35 - 00000000 ____D () C:\Program Files\WhoCrashed
2015-01-02 16:55 - 2014-08-24 06:40 - 625504907 _____ () C:\Windows\MEMORY.DMP
2015-01-02 16:55 - 2014-04-13 19:05 - 00000000 ____D () C:\Windows\Minidump
2015-01-02 16:38 - 2014-04-10 05:00 - 00000000 ____D () C:\ProgramData\Trend Micro
2015-01-02 16:38 - 2013-08-22 07:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-01-02 16:38 - 2013-08-22 07:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-01-02 16:38 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-01-02 16:37 - 2014-04-10 05:00 - 00000000 ____D () C:\Users\Kyle\AppData\Local\Trend Micro
2014-12-30 16:56 - 2014-04-11 13:36 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2014-12-30 16:04 - 2014-08-24 13:41 - 00000000 ____D () C:\Users\Kyle\AppData\Local\Razer_Inc
2014-12-30 16:03 - 2014-04-25 14:58 - 00000000 ____D () C:\Users\Kyle\AppData\Local\Razer
2014-12-30 16:03 - 2014-04-25 14:58 - 00000000 ____D () C:\ProgramData\Razer
2014-12-30 16:03 - 2014-04-25 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2014-12-30 16:03 - 2014-04-25 14:58 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-12-27 09:38 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-12-25 09:51 - 2014-04-23 15:59 - 00000000 ____D () C:\Users\Kyle\Documents\BioWare
2014-12-25 08:02 - 2014-04-23 15:13 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-12-24 16:51 - 2014-04-15 16:46 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-12-24 16:51 - 2014-04-15 16:46 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-12-24 16:43 - 2013-08-22 06:46 - 00035383 _____ () C:\Windows\setupact.log
2014-12-24 15:35 - 2013-11-16 04:52 - 00876144 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-23 15:16 - 2014-12-20 09:01 - 00000000 ____D () C:\Users\Kyle\Downloads\Guardians of the Galaxy (2014) [1080p]
2014-12-23 11:39 - 2014-11-26 17:30 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\deluge

==================== Files in the root of some directories =======
2014-04-10 04:59 - 2014-04-10 04:59 - 0000036 _____ () C:\Users\Kyle\AppData\Local\housecall.guid.cache
2015-01-17 12:13 - 2015-01-17 12:13 - 0000218 _____ () C:\Users\Kyle\AppData\Local\recently-used.xbel
2014-04-11 10:51 - 2015-01-02 19:41 - 0007590 _____ () C:\Users\Kyle\AppData\Local\Resmon.ResmonCfg

Some content of TEMP:
====================
C:\Users\Kyle\AppData\Local\Temp\AutoDetectUtilApp.exe
C:\Users\Kyle\AppData\Local\Temp\bbbicabecbhj.exe
C:\Users\Kyle\AppData\Local\Temp\bitool.dll
C:\Users\Kyle\AppData\Local\Temp\hcuninstaller_20141211_110028_6192.exe
C:\Users\Kyle\AppData\Local\Temp\ICReinstall_Free_Download_Setup.exe
C:\Users\Kyle\AppData\Local\Temp\ICSW_0W1L1G0Z1L1E.exe
C:\Users\Kyle\AppData\Local\Temp\lowproc.exe
C:\Users\Kyle\AppData\Local\Temp\SRLDetectionLibrary7279545998900247964.dll
C:\Users\Kyle\AppData\Local\Temp\stubhelper.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-16 11:53

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Kyle at 2015-01-20 08:59:00
Running from C:\Users\Kyle\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {5FD6C936-849B-5CE2-14BA-709E1D6FD1DA}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Free Antivirus (Enabled - Up to date) {E4B728D2-A2A1-536C-2E0A-4BEC66E89B67}
FW: Panda Firewall (Disabled) {67ED4813-CEF4-5DBA-3FE5-D9ABE3BC96A1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.09 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Fusion Utility (HKLM-x32\...\{2E9CBC83-B021-4118-8BB9-40FFF1179C3C}) (Version: 2.0.1.117 - Advanced Micro Devices, Inc.)
AMD OverDrive (HKLM-x32\...\{34D5220A-58D0-473C-90E4-15136C3FB0E3}) (Version: 4.3.1.0690 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Archeage Beta (HKLM-x32\...\Glyph Archeage Beta) (Version:  - Trion Worlds, Inc.)
Assassin's Creed II (HKLM-x32\...\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}) (Version: 1.01 - Ubisoft)
Batman: Arkham City GOTY (HKLM-x32\...\Steam App 200260) (Version:  - Rocksteady Studios)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Belkin N Wireless USB Adapter Setup (HKLM-x32\...\{4EE9A620-46A0-4BCF-82AC-950D2BBED982}) (Version: 2.20 - Belkin)
Bigasoft Audio Converter 4.2.8.5275 (HKLM-x32\...\{E6333CE4-9DC0-455C-9D43-E011CE33F5FA}_is1) (Version:  - Bigasoft Corporation)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 - Game Of The Year Edition (HKLM-x32\...\Borderlands 2 - Game Of The Year Edition_is1) (Version: Borderlands 2 - Game Of The Year Edition - )
BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
CPUID CPU-Z 1.69 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Crusader No Regret (HKLM-x32\...\Crusader No Regret_is1) (Version:  - GOG.com)
Crusader No Remorse (HKLM-x32\...\{2AEA735F-B393-4D89-93EF-5849CB72B4A3}) (Version: 1.0.0.2 - Electronic Arts)
Curse Client (HKU\S-1-5-21-3278550838-1209714285-193430599-1003\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse)
Deluge 1.3.10 (HKLM-x32\...\Deluge) (Version:  - )
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DISH Anywhere Video Player (HKLM-x32\...\{80940219-E895-4311-B541-3FB8E7AFD392}) (Version: 2.18.0 - DISH Anywhere)
DISH Anywhere Video Player Installer (x32 Version: 0.0.0.42 - Sling Media) Hidden
DishAnywhereDesktop (HKLM-x32\...\{08a64f52-18b8-47f8-a98c-ada6d5696dca}) (Version: 0.0.0.42 - Sling Media)
Diskeeper 12 Professional (HKLM\...\{2C0222FA-7DBD-4AED-862B-1672848539F4}) (Version: 16.0.1017.64 - Condusiv Technologies)
DisplayShare (HKLM-x32\...\{9E72D298-A015-4EB5-B11A-7B24A53A652F}) (Version: 1.1.0 - Golden Signals)
Dolphin (HKLM-x32\...\Dolphin) (Version: 4.0.2 - Dolphin Development Team)
Dragon Age: Origins - Ultimate Edition (HKLM-x32\...\Steam App 47810) (Version:  - BioWare)
Dragon Age™ II (HKLM-x32\...\{4D565319-8B91-41CB-961C-0DDC86101AC5}) (Version: 1.04.8524.0 - Electronic Arts)
Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.3 - Electronic Arts)
Driver Fusion Premium (HKLM-x32\...\Driver Fusion) (Version: 2.1 - Treexy)
DriverAgent by eSupport.com (HKLM-x32\...\DriverAgent_is1) (Version:  - Copyright © 2013 eSupport.com, Inc • All Rights Reserved)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
EPSON NX430 Series Printer Uninstall (HKLM\...\EPSON NX430 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Evolve (HKLM-x32\...\Steam App 273350) (Version:  - Turtle Rock Studios)
Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version:  - Q, Timeslip)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Flawless Widescreen version 1.0.15 (HKLM-x32\...\{7348D82E-8C68-48FF-BA2D-8C97B5B4B3D8}_is1) (Version: 1.0.15 - Flawless Widescreen)
FOOK2 (HKLM-x32\...\FOOK2 v1.0) (Version: v1.0 - FOOK Team)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
GameFly Download Manager (HKU\S-1-5-21-3278550838-1209714285-193430599-1003\...\7998bdbe8c95db7f) (Version: 1.0.0.98 - GameFly)
Glare (HKLM-x32\...\Steam App 243140) (Version:  - Phobic Studios)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
H1Z1 (HKLM-x32\...\Steam App 295110) (Version:  - Sony Online Entertainment)
Happy Cloud Client (HKU\S-1-5-21-3278550838-1209714285-193430599-1003\...\HappyCloud) (Version: 4.54 - Happy Cloud, Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Kingdoms of Amalur: Reckoning (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.0.0.0 - Electronic Arts)
Kits Configuration Installer (x32 Version: 8.100.25984 - Microsoft) Hidden
Landmark Beta (HKU\S-1-5-21-3278550838-1209714285-193430599-1003\...\SOE-Landmark Beta) (Version: 1.0.3.183 - Sony Online Entertainment)
LEGO Lord of the Rings (HKLM-x32\...\Steam App 214510) (Version:  - Traveller's Tales)
LIMBO (HKU\S-1-5-21-3278550838-1209714285-193430599-1003\...\Limbo) (Version:  - )
Logitech Gaming Software 8.56 (HKLM\...\Logitech Gaming Software) (Version: 8.56.109 - Logitech Inc.)
LOOT (HKLM-x32\...\LOOT) (Version: 0.5.0 - LOOT Development Team)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Middle-earth: Shadow of Mordor (HKLM-x32\...\Steam App 241930) (Version:  - Monolith Productions, Inc.)
Minion (HKU\S-1-5-21-3278550838-1209714285-193430599-1003\...\{Minion}}_is1) (Version: 2.0 - ZAM Network LLC)
MotioninJoy Gamepad tool 0.7.0000 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.0000 - www.motioninjoy.com)
MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
MSI Kombustor 2.5.0 (HKLM-x32\...\{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1) (Version:  - MSI Co., LTD)
Neverwinter (HKLM-x32\...\Steam App 109600) (Version:  - Cryptic Studios)
New Vegas Configator version 1.6 (HKLM-x32\...\New Vegas Configator_is1) (Version: 1.6 - Rudolf Enberg)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.3 - Black Tree Gaming)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.00.04.0000 - Panda Security)
Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) Hidden
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version:  - )
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
Plague Inc Evolved v0.7.5.1 (2014) (HKLM-x32\...\Plague Inc Evolved v0.7.5.1 (2014)0.7.5.1) (Version: 0.7.5.1 - Friends in War)
Playfire (HKLM-x32\...\{01052d57-5e05-455f-9b02-dcf6f53962df}) (Version: 0.0.58.0 - Playfire)
Playfire (x32 Version: 0.0.58.0 - Playfire) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.9 - Power Software Ltd)
RadeonPro 1.0 (Build 1.1.1.0) (HKLM-x32\...\RadeonPro_is1) (Version:  - )
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.66 - Razer Inc)
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 5.2.22.0 - Razer Inc.)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.02 - Razer Inc.)
RIFT (HKLM-x32\...\Glyph RIFT) (Version:  - Trion Worlds, Inc.)
Risen - ModStarter 1.3.4.1 (Online Mods DB version) (HKLM-x32\...\Risen - ModStarter_is1) (Version:  - LordOfWAR(WorldOfRisen.de), Odin68(Mighty DWARF Mod-Team))
Risen (HKLM-x32\...\Steam App 40300) (Version:  - Piranha – Bytes)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Scrolls (HKLM-x32\...\{AA53ACF4-5893-4F7C-8589-32F6A4266125}) (Version: 1.0.0.0 - Mojang)
SDK Debuggers (x32 Version: 8.100.26629 - Microsoft Corporation) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
SlingPlayer for Web (HKLM-x32\...\{EF471CCE-B371-4BCC-AE8C-86F93D917184}) (Version: 2.4.0113 - Sling Media)
Spec Ops: The Line (HKLM-x32\...\Steam App 50300) (Version:  - Yager)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 8.0.0.0 - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
StreamTorrent 1.0 (HKLM-x32\...\StreamTorrent 1.0) (Version:  - )
System Checkup 3.5 (HKLM-x32\...\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1) (Version: 3.5.0.23 - iolo technologies, LLC)
System Requirements Lab CYRI (HKLM-x32\...\{2DF5765E-5386-4540-9383-DBC9A0A596F9}) (Version: 6.0.15.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Uplay (HKLM-x32\...\Uplay) (Version: 4.5 - Ubisoft)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Virtual Audio Cable 4.14 (HKLM\...\Virtual Audio Cable 4.14) (Version:  - )
Walking Dead (HKLM-x32\...\Walking Dead_is1) (Version:  - Audioslave)
Walking Dead 2 (HKLM-x32\...\Walking Dead 2_is1) (Version:  - Audioslave)
Wasteland 2 (HKLM-x32\...\Wasteland 2_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, ProZorg_tm)
Watch_Dogs (HKLM-x32\...\Uplay Install 274) (Version:  - Ubisoft)
WhoCrashed 5.01 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
WildStar (HKLM-x32\...\WildStar) (Version:  - NCSOFT)
Windows Software Development Kit for Windows 8.1 (HKLM-x32\...\{57334b90-51ab-4979-a6e4-ab0f7632479a}) (Version: 8.100.26654 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
WPT Redistributables (x32 Version: 8.100.26654 - Microsoft) Hidden
WPTx64 (x32 Version: 8.100.26629 - Microsoft) Hidden
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3278550838-1209714285-193430599-1003_Classes\CLSID\{c7f2efbd-3b68-4452-9e89-6e73cea35eb4}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)

==================== Restore Points  =========================

06-01-2015 11:40:29 Scheduled Checkpoint
11-01-2015 20:29:25 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {098E8238-3343-47C2-AC6E-AB8C006E7110} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-10] (Google Inc.)
Task: {3E372331-4A84-421F-B64C-E4E942534676} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3278550838-1209714285-193430599-1003 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe
Task: {44DA9F03-F606-48BB-824B-1085C8C28B6D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-10] (Google Inc.)
Task: {778B5BE1-E383-40D2-B892-3EADE38511CA} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {AA22ADD5-CAA6-4DEC-87D1-2B645B91096D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {AA6143A5-42A3-4F3A-A8F1-37A51ABE5973} - System32\Tasks\iolo System Checkup => C:\ProgramData\iolo\scustask.lnk [2014-05-02] ()
Task: {C005B47A-C684-4DCA-8907-5DBDF5A5302C} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3278550838-1209714285-193430599-1003 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe
Task: {D68BFF48-78D0-482B-8407-4CE6DB6ABC57} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-10] (Microsoft Corporation)
Task: {DEB4D3D9-D7AA-4B3A-8367-FD97CF05AF46} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)
Task: {EBDA1413-00B8-41CE-9002-3DC8D26B00DE} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-08-19] ()
Task: {F0A88F17-BB2C-49BA-9586-D91669633594} - System32\Tasks\{32F92831-AAB4-49C3-9073-FDB4CD0AAA41} => pcalua.exe -a "C:\Program Files (x86)\Steam\SteamApps\common\Fallout New Vegas\fnv4gb.exe" -d "C:\Program Files (x86)\Steam\SteamApps\common\Fallout New Vegas"
Task: {FB8A385B-066E-4AA0-8980-8FBFA4E7B001} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-11-20 21:23 - 2014-11-20 21:23 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2014-11-20 21:23 - 2014-11-20 21:23 - 00127488 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-12-09 14:22 - 2014-12-09 14:22 - 00186048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2014-10-14 23:27 - 2014-10-14 23:27 - 08897696 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-09-16 13:02 - 2014-09-16 13:02 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-09-16 13:02 - 2014-09-16 13:02 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-16 13:02 - 2014-09-16 13:02 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-09-16 13:02 - 2014-09-16 13:02 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-11-20 21:23 - 2014-11-20 21:23 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-12 09:23 - 2013-04-12 09:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2010-11-22 14:56 - 2010-11-22 14:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-22 14:56 - 2010-11-22 14:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-22 14:56 - 2010-11-22 14:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-05-13 15:26 - 2014-05-13 15:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-05-13 15:26 - 2014-05-13 15:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-05-13 15:26 - 2014-05-13 15:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-05-13 15:26 - 2014-05-13 15:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 14:57 - 2010-11-22 14:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-22 14:56 - 2010-11-22 14:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-22 14:56 - 2010-11-22 14:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-22 14:56 - 2010-11-22 14:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-22 14:57 - 2010-11-22 14:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-22 14:57 - 2010-11-22 14:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-22 14:56 - 2010-11-22 14:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 10:17 - 2011-02-15 10:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-22 14:57 - 2010-11-22 14:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2014-05-13 15:26 - 2014-05-13 15:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 14:56 - 2010-11-22 14:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2010-11-22 14:56 - 2010-11-22 14:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2010-11-22 14:56 - 2010-11-22 14:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-22 14:57 - 2010-11-22 14:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd
2014-08-13 16:37 - 2014-08-13 16:37 - 00113171 _____ () C:\Program Files (x86)\Raptr\libvlc.dll
2014-08-13 16:37 - 2014-08-13 16:37 - 02396691 _____ () C:\Program Files (x86)\Raptr\libvlccore.dll
2010-11-22 14:56 - 2010-11-22 14:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2010-11-22 14:57 - 2010-11-22 14:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2010-11-22 14:56 - 2010-11-22 14:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
2013-11-20 16:05 - 2013-11-20 16:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
2010-11-22 14:57 - 2010-11-22 14:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2014-06-17 16:56 - 2014-06-17 16:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 10:17 - 2011-02-15 10:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-22 15:06 - 2010-11-22 15:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-09 15:52 - 2013-05-09 15:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-09 15:52 - 2013-05-09 15:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-09 15:52 - 2013-05-09 15:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 10:57 - 2013-05-03 10:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 10:56 - 2013-05-03 10:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 10:56 - 2013-05-03 10:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 10:57 - 2013-05-03 10:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 10:56 - 2013-05-03 10:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 10:57 - 2013-05-03 10:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 10:57 - 2013-05-03 10:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 10:57 - 2013-05-03 10:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 10:57 - 2013-05-03 10:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
2014-10-01 12:21 - 2014-12-01 13:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-10-01 12:21 - 2014-12-01 13:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-10-01 12:21 - 2014-12-01 13:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-10-01 12:21 - 2014-12-01 13:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-04-10 05:34 - 2014-11-11 10:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-12-06 17:50 - 2014-12-01 16:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll
2014-05-23 08:22 - 2015-01-19 10:49 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll
2014-12-06 17:50 - 2014-12-01 16:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2014-12-06 17:50 - 2014-12-01 16:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-10-01 12:21 - 2014-12-01 13:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2014-05-11 15:20 - 2015-01-19 10:49 - 00696000 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-05-11 15:20 - 2015-01-15 15:42 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-07-24 14:17 - 2015-01-15 15:42 - 01709960 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
2015-01-14 18:05 - 2015-01-08 16:35 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
2015-01-14 18:05 - 2015-01-08 16:35 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll
2015-01-14 18:05 - 2015-01-08 16:35 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll
2015-01-14 18:05 - 2015-01-08 16:35 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
2015-01-14 18:05 - 2015-01-08 16:35 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:05E9FFE5
AlternateDataStreams: C:\Users\Kyle\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\64858768.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\64858768.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKU\S-1-5-21-3278550838-1209714285-193430599-1003\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"
HKU\S-1-5-21-3278550838-1209714285-193430599-1003\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-3278550838-1209714285-193430599-1003\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"

========================= Accounts: ==========================

Administrator (S-1-5-21-3278550838-1209714285-193430599-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3278550838-1209714285-193430599-1019 - Limited - Enabled)
Guest (S-1-5-21-3278550838-1209714285-193430599-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3278550838-1209714285-193430599-1005 - Limited - Enabled)
Kyle (S-1-5-21-3278550838-1209714285-193430599-1003 - Administrator - Enabled) => C:\Users\Kyle

==================== Faulty Device Manager Devices =============

Name: Logitech_LGVirHid49713
Description: Logitech_LGVirHid49713
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: High Definition Audio Device
Description: High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HdAudAddService
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Logitech_LGVirHid49714
Description: Logitech_LGVirHid49714
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Realtek PCIe GBE Family Controller #2
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8168
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/19/2015 04:11:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Steam.exe version 2.58.33.56 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 8324

Start Time: 01d0344214113ffc

Termination Time: 14

Application Path: C:\Program Files (x86)\Steam\Steam.exe

Report Id: ea0272b0-a038-11e4-82dd-fdf241a96521

Faulting package full name: 

Faulting package-relative application ID:

Error: (01/19/2015 04:11:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17284, time stamp: 0x53f816dc
Faulting module name: msvcrt.dll, version: 7.0.9600.16384, time stamp: 0x5215f944
Exception code: 0x40000015
Fault offset: 0x0000000000055326
Faulting process id: 0x7740
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5

Error: (01/17/2015 08:56:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Diablo III.exe version 2.1.2.28709 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 8bb4

Start Time: 01d032d7a704d317

Termination Time: 78

Application Path: C:\Program Files (x86)\Diablo III\Diablo III.exe

Report Id: 5fba612b-9ece-11e4-82dd-fdf241a96521

Faulting package full name: 

Faulting package-relative application ID:

Error: (01/16/2015 00:01:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1562

Error: (01/16/2015 00:01:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1562

Error: (01/16/2015 00:01:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/16/2015 10:14:07 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)

Error: (01/14/2015 00:55:09 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)

Error: (01/14/2015 08:43:48 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)

Error: (01/12/2015 07:23:58 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)


System errors:
=============
Error: (01/20/2015 08:53:40 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (01/20/2015 08:53:38 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (01/19/2015 03:46:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053

Error: (01/19/2015 03:46:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (01/19/2015 01:03:37 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (01/19/2015 01:03:37 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (01/19/2015 00:54:19 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (01/19/2015 00:54:18 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (01/19/2015 00:36:08 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (01/19/2015 00:36:07 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.


Microsoft Office Sessions:
=========================
Error: (01/19/2015 04:11:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Steam.exe2.58.33.56832401d0344214113ffc14C:\Program Files (x86)\Steam\Steam.exeea0272b0-a038-11e4-82dd-fdf241a96521

Error: (01/19/2015 04:11:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1728453f816dcmsvcrt.dll7.0.9600.163845215f944400000150000000000055326774001d033f69bcaff2eC:\Windows\Explorer.EXEC:\Windows\system32\msvcrt.dlldc900547-a038-11e4-82dd-fdf241a96521

Error: (01/17/2015 08:56:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Diablo III.exe2.1.2.287098bb401d032d7a704d31778C:\Program Files (x86)\Diablo III\Diablo III.exe5fba612b-9ece-11e4-82dd-fdf241a96521

Error: (01/16/2015 00:01:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1562

Error: (01/16/2015 00:01:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1562

Error: (01/16/2015 00:01:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/16/2015 10:14:07 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x8898008d

Error: (01/14/2015 00:55:09 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x8898008d

Error: (01/14/2015 08:43:48 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x8898008d

Error: (01/12/2015 07:23:58 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x8898008d


CodeIntegrity Errors:
===================================
  Date: 2015-01-02 18:50:17.914
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 18:50:17.792
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 18:50:17.671
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 18:50:17.537
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 18:50:17.421
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 18:50:17.302
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 18:50:16.839
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 18:41:42.876
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 18:41:42.766
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 18:41:42.641
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: AMD FX(tm)-6300 Six-Core Processor 
Percentage of memory in use: 33%
Total physical RAM: 8189.55 MB
Available physical RAM: 5472.47 MB
Total Pagefile: 20189.55 MB
Available Pagefile: 16980.14 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:926.19 GB) (Free:275.52 GB) NTFS
Drive d: (DA Inquisition 4) (CDROM) (Total:6.06 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D1D65A1D)
Partition 1: (Active) - (Size=450 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=926.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=4.9 GB) - (Type=27)

==================== End Of Log ============================



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:44 PM

Posted 21 January 2015 - 06:20 AM

Your logs show obvious signs of having cracked software on your system. This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Referring to the Forum Rules which you should have read at the time of Registering at this forum, this forum does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine

Having said that we can help you clean your machine this time BUT this would be a ONCE ONLY offer on the understanding that all cracks are removed. This would apply not only here but at many other Malware Support forums if you were to appear again with cracks onboard, as many of us analysts work at multiple support sites. Please remove all cracked software and illegally obtained copyrighted material you have on the system so we may continue with the clean up.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 knblatt

knblatt
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 21 January 2015 - 12:24 PM

Ok all cracked software has been deleted



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:44 PM

Posted 22 January 2015 - 03:55 AM

Please rescan with FRST (create a new addition.txt as well) and post the logs.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 knblatt

knblatt
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 22 January 2015 - 12:12 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Kyle (administrator) on KYLE on 22-01-2015 08:22:52
Running from C:\Users\Kyle\Downloads
Loaded Profiles: Kyle (Available profiles: Kyle)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Advanced Micro Devices) C:\Program Files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Mr. John aka japamd) C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(Beepa P/L) C:\Fraps\fraps.exe
() C:\Windows\AutoKMS\AutoKMS.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Beepa P/L) C:\Fraps\fraps64.dat
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\nacl64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [11877656 2014-09-16] (Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [{1606DC18-9578-4cbd-8312-8E9868F06A1D}] => \cmdinstall.exe -cmdfile
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585048 2014-04-17] (Razer Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [377368 2014-03-29] (Power Software Ltd)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-12-08] (Raptr, Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
HKU\S-1-5-21-3278550838-1209714285-193430599-1003\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3278550838-1209714285-193430599-1003\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3278550838-1209714285-193430599-1003\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [759712 2014-09-12] (Adobe Systems Incorporated)
HKU\S-1-5-21-3278550838-1209714285-193430599-1003\...\MountPoints2: E - "E:\Autorun.exe" 
HKU\S-1-5-21-3278550838-1209714285-193430599-1003\...\MountPoints2: {d9b4df5c-c1af-11e3-826c-74d43570267c} - "E:\iLinker.exe" 
Startup: C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3278550838-1209714285-193430599-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3278550838-1209714285-193430599-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/betapit/PCPitStop.CAB
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-3278550838-1209714285-193430599-1003: DISH Anywhere.com/DISH Anywhere Video Player -> C:\Users\Kyle\AppData\Roaming\DISH Anywhere\DISH Anywhere Video Player\npNMPCBrowserPlugin.dll (Nagravision)
FF Plugin HKU\S-1-5-21-3278550838-1209714285-193430599-1003: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-08-18]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome: 
=======
CHR Profile: C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (BetterTTV) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2014-04-10]
CHR Extension: (Google Docs) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-10]
CHR Extension: (Google Drive) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-10]
CHR Extension: (Google Search) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-10]
CHR Extension: (SlingPlayer for DISH Anywhere) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcnpmlegoehfgohpkmjhpohjchokamnn [2014-04-10]
CHR Extension: (DISH Anywhere Video Player Extension) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\jddfihmdfalfpnnebhgpmopljbopmkea [2014-11-23]
CHR Extension: (Google Wallet) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-10]
CHR Extension: (Trend Micro Toolbar) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2014-04-24]
CHR Extension: (Gmail) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-10]
CHR HKLM\...\Chrome\Extension: [jddfihmdfalfpnnebhgpmopljbopmkea] - No Path
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - No Path
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]
CHR HKLM-x32\...\Chrome\Extension: [fmgckcapmffomaifonnhgkfdgljnkpgi] - No Path
CHR HKLM-x32\...\Chrome\Extension: [jddfihmdfalfpnnebhgpmopljbopmkea] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
S2 AMD FusionUtility Service; C:\Program Files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe [275832 2010-04-14] (Advanced Micro Devices, Inc.)
R2 AMD Reservation Manager; C:\Program Files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe [140160 2010-04-14] (Advanced Micro Devices)
S2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [137584 2014-01-08] ()
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-12-18] (Perfect World Entertainment Inc)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2014-12-05] (BitRaider, LLC)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-07-05] (BitRaider, LLC)
S3 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2014-10-13] (BioWare)
R2 Diskeeper; C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe [2721656 2012-07-27] (Condusiv Technologies)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-25] (Electronic Arts)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
R2 RadeonPro Support Service; C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [20608 2013-11-04] (Mr. John aka japamd) [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-09] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [105448 2014-12-06] (Razer Inc.)
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 AODDriver4.3.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [59624 2014-01-08] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2014-05-11] ()
S3 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [22568 2014-08-12] (IVT Corporation.)
R0 DKDFM; C:\Windows\System32\drivers\DKDFM.sys [40752 2012-04-05] (Condusiv Technologies)
R3 DKRtWrt; C:\Windows\System32\DRIVERS\DKRtWrt.sys [52048 2012-06-18] (Condusiv Technologies)
R0 DKTLFSMF; C:\Windows\System32\drivers\DKTLFSMF.sys [106832 2012-07-09] (Condusiv Technologies)
S3 IvtAudioBusSrv; C:\Windows\System32\Drivers\IvtBtBus.sys [27256 2012-12-24] (IVT Corporation.)
S3 IvtPanBusSrv; C:\Windows\System32\Drivers\btnetBus.sys [31480 2012-12-24] (IVT Corporation.)
S3 LADF_DHP2; C:\Windows\system32\DRIVERS\ladfDHP2amd64.sys [62168 2010-09-29] (Logitech)
S3 LADF_SBVM; C:\Windows\system32\DRIVERS\ladfSBVMamd64.sys [377176 2010-09-29] (Logitech)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2014-05-11] ()
S3 MotioninJoyXFilter; C:\Windows\System32\drivers\MijXfilt.sys [115272 2012-03-25] (MotioninJoy) [File not signed]
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [47360 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-13] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-03-11] ()
R3 rtl8192U; C:\Windows\system32\DRIVERS\rtl8192U.sys [1631264 2010-04-13] (Realtek Semiconductor Corporation                           )
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-10] (Razer, Inc.)
R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-10] (Razer, Inc.)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-12-09] (Razer, Inc.)
R3 tapoas; C:\Windows\system32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 BlueletAudio; \SystemRoot\system32\DRIVERS\blueletaudio.sys [X]
S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X]
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 BT; \SystemRoot\system32\DRIVERS\btnetdrv.sys [X]
S3 BTCOM; \SystemRoot\system32\DRIVERS\btcomport.sys [X]
S3 Btcsrusb; \SystemRoot\System32\Drivers\btcusb.sys [X]
S3 cpuz136; \??\C:\Users\Kyle\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 IvtComBusSrv; \SystemRoot\System32\Drivers\btcombus.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
U3 pgldqpow; \??\C:\Users\Kyle\AppData\Local\Temp\pgldqpow.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-22 08:21 - 2015-01-22 08:21 - 00000000 ___SH () C:\DkHyperbootSync
2015-01-21 09:49 - 2015-01-22 08:21 - 00003128 _____ () C:\Windows\System32\Tasks\FRAPS
2015-01-20 09:04 - 2015-01-20 09:04 - 00380416 _____ () C:\Users\Kyle\Downloads\uq7cgbuw.exe
2015-01-20 09:02 - 2015-01-20 09:02 - 00380416 _____ () C:\Users\Kyle\Downloads\z7q4297q.exe
2015-01-20 08:59 - 2015-01-20 08:59 - 00044399 _____ () C:\Users\Kyle\Downloads\Addition.txt
2015-01-20 08:57 - 2015-01-22 08:22 - 00000000 ____D () C:\FRST
2015-01-20 08:57 - 2015-01-20 08:57 - 02126848 _____ (Farbar) C:\Users\Kyle\Downloads\FRST64.exe
2015-01-19 20:47 - 2015-01-21 20:40 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\TS3Client
2015-01-19 20:47 - 2015-01-19 20:47 - 00000986 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2015-01-19 20:47 - 2015-01-19 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2015-01-19 20:47 - 2015-01-19 20:47 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2015-01-19 20:46 - 2015-01-19 20:46 - 30014480 _____ (TeamSpeak Systems GmbH) C:\Users\Kyle\Downloads\TeamSpeak3-Client-win64-3.0.16.exe
2015-01-19 16:41 - 2015-01-19 16:41 - 00688992 _____ (Swearware) C:\Users\Kyle\Desktop\dds (1).com
2015-01-19 16:39 - 2015-01-19 16:39 - 00688992 _____ (Swearware) C:\Users\Kyle\Downloads\dds.com
2015-01-17 12:13 - 2015-01-17 12:13 - 00000218 _____ () C:\Users\Kyle\AppData\Local\recently-used.xbel
2015-01-15 19:53 - 2015-01-15 19:53 - 01637881 _____ () C:\Users\Kyle\Downloads\DragonAgeInquisition.CT
2015-01-07 11:38 - 2015-01-07 11:38 - 03441528 _____ (Solvusoft Corporation ) C:\Users\Kyle\Downloads\AMD_FX_6-Core_FX-6300_Driver_Update_10-2014.exe
2015-01-07 11:36 - 2015-01-07 11:36 - 05451464 _____ (Advanced Micro Devices, Inc.) C:\Users\Kyle\Downloads\autodetectutility.exe
2015-01-07 10:05 - 2015-01-07 10:05 - 00000000 ____D () C:\Windows\SysWOW64\DCS
2015-01-05 16:20 - 2015-01-05 16:20 - 03430912 _____ () C:\Users\Kyle\Downloads\PowerpointHomebuyerEducation.ppt
2015-01-02 18:49 - 2015-01-02 18:50 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-01-02 18:49 - 2015-01-02 18:49 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\Panda Security
2015-01-02 18:49 - 2015-01-02 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2015-01-02 18:49 - 2014-03-25 05:15 - 00060400 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-01-02 18:47 - 2015-01-02 18:50 - 00000000 ____D () C:\ProgramData\Panda Security
2015-01-02 18:45 - 2015-01-02 18:46 - 58043240 _____ () C:\Users\Kyle\Downloads\FREEAV.exe
2015-01-02 17:34 - 2015-01-02 17:38 - 226075384 _____ (COMODO) C:\Users\Kyle\Downloads\cispremium_installer_6100_08.exe
2015-01-02 17:28 - 2015-01-02 17:28 - 00000046 _____ () C:\Windows\wininit.ini
2015-01-02 17:27 - 2015-01-02 17:27 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2015-01-02 17:13 - 2015-01-02 17:13 - 00000000 ____D () C:\cis
2015-01-02 17:13 - 2014-12-08 16:20 - 05273816 _____ (COMODO) C:\cmdinstall.exe
2015-01-02 17:13 - 2014-12-08 16:20 - 03342552 _____ (Terra Informatica Software, Inc.) C:\cmdhtml.dll
2015-01-02 17:13 - 2014-12-08 16:20 - 02704600 _____ (COMODO) C:\cmdstat.dll
2015-01-02 17:13 - 2014-12-08 16:20 - 00281816 _____ (Igor Pavlov) C:\7za.dll
2015-01-02 17:10 - 2015-01-02 17:40 - 00001347 __RSH () C:\Windows\SysWOW64\{1606DC18-9578-4cbd-8312-8E9868F06A1D}.conf
2015-01-02 17:10 - 2015-01-02 17:40 - 00000630 _____ () C:\Windows\SysWOW64\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
2015-01-02 16:55 - 2015-01-02 16:55 - 00281104 _____ () C:\Windows\Minidump\010215-18640-01.dmp
2015-01-02 16:53 - 2015-01-02 16:53 - 00000000 ____D () C:\ProgramData\Shared Space
2015-01-02 16:52 - 2015-01-02 17:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-01-02 16:52 - 2015-01-02 16:53 - 00000000 ____D () C:\Program Files\COMODO
2015-01-02 16:52 - 2015-01-02 16:52 - 00000000 ____D () C:\Users\Kyle\AppData\Local\Comodo
2015-01-02 16:52 - 2015-01-02 16:52 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2015-01-02 16:49 - 2015-01-02 16:53 - 00000000 ____D () C:\ProgramData\Comodo
2015-01-02 16:38 - 2015-01-02 16:38 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2015-01-02 16:30 - 2015-01-02 16:37 - 226075376 _____ (COMODO) C:\Users\Kyle\Downloads\cav_installer_3269_65.exe
2015-01-02 16:25 - 2015-01-02 16:36 - 226075376 _____ (COMODO) C:\Users\Kyle\Downloads\cfw_installer_5732_83.exe
2015-01-02 16:19 - 2015-01-02 16:19 - 00162208 _____ () C:\Users\Kyle\Downloads\Antivirus_Free_Edition.exe
2014-12-30 16:03 - 2014-12-30 16:03 - 00001275 _____ () C:\Users\Public\Desktop\Razer Cortex.lnk
2014-12-30 16:03 - 2014-12-09 14:21 - 00037184 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpmgrk.sys
2014-12-30 16:02 - 2014-12-30 16:03 - 22126232 _____ (Razer Inc. ) C:\Users\Kyle\Downloads\RazerCortexSetup_5.2.22.0.exe
2014-12-30 09:30 - 2014-12-30 09:30 - 02188322 _____ () C:\Users\Kyle\Downloads\DAI SWEETFX-53-1-0.7z
2014-12-30 08:49 - 2014-12-30 08:49 - 00280992 _____ () C:\Windows\Minidump\123014-13859-01.dmp
2014-12-26 11:20 - 2014-12-26 11:20 - 00001104 _____ () C:\Users\Kyle\Desktop\Cheat Engine.lnk
2014-12-26 11:20 - 2014-12-26 11:20 - 00000000 ____D () C:\Users\Kyle\Documents\My Cheat Tables
2014-12-26 11:20 - 2014-12-26 11:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.4
2014-12-26 11:20 - 2014-12-26 11:20 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.4
2014-12-26 11:19 - 2014-12-26 11:19 - 09052192 _____ (Cheat Engine ) C:\Users\Kyle\Downloads\CheatEngine64.exe
2014-12-26 11:15 - 2014-12-26 11:15 - 00026122 _____ () C:\Users\Kyle\Downloads\DragonAgeInquisition.patch2hotfix.walkingSim_v4.CT
2014-12-25 09:44 - 2014-12-25 09:47 - 00001347 _____ () C:\Users\Public\Desktop\Dragon Age Inquisition.lnk
2014-12-25 09:44 - 2014-12-25 09:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Age Inquisition
2014-12-24 16:51 - 2014-12-24 16:51 - 00001802 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-12-24 16:51 - 2014-12-24 16:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-12-24 16:51 - 2014-12-24 16:51 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-12-24 16:51 - 2014-12-24 16:51 - 00000000 ____D () C:\Program Files\iTunes
2014-12-24 16:51 - 2014-12-24 16:51 - 00000000 ____D () C:\Program Files\iPod
2014-12-24 16:51 - 2014-12-24 16:51 - 00000000 ____D () C:\Program Files (x86)\iTunes

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-22 08:22 - 2014-11-18 17:05 - 00023779 _____ () C:\Users\Kyle\Downloads\FRST.txt
2015-01-22 08:22 - 2014-04-10 03:36 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\Raptr
2015-01-22 08:21 - 2014-05-28 09:50 - 00000000 ____D () C:\Fraps
2015-01-22 08:21 - 2014-04-10 05:03 - 00000000 __RDO () C:\Users\Kyle\SkyDrive
2015-01-22 08:21 - 2014-04-10 03:39 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-22 08:21 - 2014-03-26 02:38 - 01458325 _____ () C:\Windows\WindowsUpdate.log
2015-01-22 08:21 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\sru
2015-01-21 21:04 - 2014-04-10 03:39 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-21 20:33 - 2014-06-25 18:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-21 11:48 - 2014-04-10 03:26 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3278550838-1209714285-193430599-1003
2015-01-21 09:31 - 2014-04-10 05:34 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-21 09:14 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-21 09:06 - 2014-08-19 14:08 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS
2015-01-20 15:51 - 2014-04-11 10:51 - 00007590 _____ () C:\Users\Kyle\AppData\Local\Resmon.ResmonCfg
2015-01-20 09:05 - 2014-12-09 12:21 - 00000000 ____D () C:\Users\Kyle\AppData\Local\CrashDumps
2015-01-19 20:58 - 2014-04-13 19:13 - 00000000 ____D () C:\Users\Kyle\AppData\Local\Battle.net
2015-01-19 11:26 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-16 21:16 - 2014-04-23 15:12 - 00000000 ____D () C:\ProgramData\Origin
2015-01-16 15:58 - 2014-04-23 15:12 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-01-16 10:40 - 2014-04-14 06:33 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2015-01-14 18:05 - 2014-04-10 03:40 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-13 10:33 - 2014-06-25 18:08 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-12 21:29 - 2014-04-10 03:20 - 00000000 ____D () C:\Users\Kyle
2015-01-12 13:53 - 2013-08-22 06:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-11 20:29 - 2013-11-23 01:25 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-07 18:31 - 2014-08-19 13:45 - 00000000 ____D () C:\Users\Kyle\Desktop\Resumes
2015-01-07 18:31 - 2014-04-10 03:21 - 00000000 ____D () C:\Users\Kyle\AppData\Local\Packages
2015-01-07 11:28 - 2013-08-22 05:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-01-02 21:33 - 2014-12-08 04:15 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\Condusiv_Technologies
2015-01-02 21:33 - 2014-12-08 04:15 - 00000000 ____D () C:\Users\Kyle\AppData\Local\Condusiv_Technologies
2015-01-02 21:17 - 2013-08-22 06:44 - 00531648 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-02 17:39 - 2013-11-16 04:46 - 00671548 _____ () C:\Windows\PFRO.log
2015-01-02 16:59 - 2014-04-13 20:35 - 00000000 ____D () C:\Program Files\WhoCrashed
2015-01-02 16:55 - 2014-08-24 06:40 - 625504907 _____ () C:\Windows\MEMORY.DMP
2015-01-02 16:55 - 2014-04-13 19:05 - 00000000 ____D () C:\Windows\Minidump
2015-01-02 16:38 - 2014-04-10 05:00 - 00000000 ____D () C:\ProgramData\Trend Micro
2015-01-02 16:38 - 2013-08-22 07:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-01-02 16:38 - 2013-08-22 07:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-01-02 16:38 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-01-02 16:37 - 2014-04-10 05:00 - 00000000 ____D () C:\Users\Kyle\AppData\Local\Trend Micro
2014-12-30 16:56 - 2014-04-11 13:36 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2014-12-30 16:04 - 2014-08-24 13:41 - 00000000 ____D () C:\Users\Kyle\AppData\Local\Razer_Inc
2014-12-30 16:03 - 2014-04-25 14:58 - 00000000 ____D () C:\Users\Kyle\AppData\Local\Razer
2014-12-30 16:03 - 2014-04-25 14:58 - 00000000 ____D () C:\ProgramData\Razer
2014-12-30 16:03 - 2014-04-25 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2014-12-30 16:03 - 2014-04-25 14:58 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-12-27 09:38 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-12-25 09:51 - 2014-04-23 15:59 - 00000000 ____D () C:\Users\Kyle\Documents\BioWare
2014-12-25 08:02 - 2014-04-23 15:13 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-12-24 16:51 - 2014-04-15 16:46 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-12-24 16:51 - 2014-04-15 16:46 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-12-24 16:43 - 2013-08-22 06:46 - 00035383 _____ () C:\Windows\setupact.log
2014-12-24 15:35 - 2013-11-16 04:52 - 00876144 _____ () C:\Windows\system32\PerfStringBackup.INI

==================== Files in the root of some directories =======
2014-04-10 04:59 - 2014-04-10 04:59 - 0000036 _____ () C:\Users\Kyle\AppData\Local\housecall.guid.cache
2015-01-17 12:13 - 2015-01-17 12:13 - 0000218 _____ () C:\Users\Kyle\AppData\Local\recently-used.xbel
2014-04-11 10:51 - 2015-01-20 15:51 - 0007590 _____ () C:\Users\Kyle\AppData\Local\Resmon.ResmonCfg

Some content of TEMP:
====================
C:\Users\Kyle\AppData\Local\Temp\AutoDetectUtilApp.exe
C:\Users\Kyle\AppData\Local\Temp\bbbicabecbhj.exe
C:\Users\Kyle\AppData\Local\Temp\bitool.dll
C:\Users\Kyle\AppData\Local\Temp\hcuninstaller_20141211_110028_6192.exe
C:\Users\Kyle\AppData\Local\Temp\ICReinstall_Free_Download_Setup.exe
C:\Users\Kyle\AppData\Local\Temp\ICSW_0W1L1G0Z1L1E.exe
C:\Users\Kyle\AppData\Local\Temp\lowproc.exe
C:\Users\Kyle\AppData\Local\Temp\SRLDetectionLibrary7279545998900247964.dll
C:\Users\Kyle\AppData\Local\Temp\stubhelper.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-16 11:53

==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Kyle at 2015-01-22 08:24:15
Running from C:\Users\Kyle\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {5FD6C936-849B-5CE2-14BA-709E1D6FD1DA}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Free Antivirus (Enabled - Up to date) {E4B728D2-A2A1-536C-2E0A-4BEC66E89B67}
FW: Panda Firewall (Disabled) {67ED4813-CEF4-5DBA-3FE5-D9ABE3BC96A1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.09 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Fusion Utility (HKLM-x32\...\{2E9CBC83-B021-4118-8BB9-40FFF1179C3C}) (Version: 2.0.1.117 - Advanced Micro Devices, Inc.)
AMD OverDrive (HKLM-x32\...\{34D5220A-58D0-473C-90E4-15136C3FB0E3}) (Version: 4.3.1.0690 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Archeage Beta (HKLM-x32\...\Glyph Archeage Beta) (Version:  - Trion Worlds, Inc.)
Batman: Arkham City GOTY (HKLM-x32\...\Steam App 200260) (Version:  - Rocksteady Studios)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Belkin N Wireless USB Adapter Setup (HKLM-x32\...\{4EE9A620-46A0-4BCF-82AC-950D2BBED982}) (Version: 2.20 - Belkin)
Bigasoft Audio Converter 4.2.8.5275 (HKLM-x32\...\{E6333CE4-9DC0-455C-9D43-E011CE33F5FA}_is1) (Version:  - Bigasoft Corporation)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
CPUID CPU-Z 1.69 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Crusader No Regret (HKLM-x32\...\Crusader No Regret_is1) (Version:  - GOG.com)
Crusader No Remorse (HKLM-x32\...\{2AEA735F-B393-4D89-93EF-5849CB72B4A3}) (Version: 1.0.0.2 - Electronic Arts)
Curse Client (HKU\S-1-5-21-3278550838-1209714285-193430599-1003\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DISH Anywhere Video Player (HKLM-x32\...\{80940219-E895-4311-B541-3FB8E7AFD392}) (Version: 2.18.0 - DISH Anywhere)
DISH Anywhere Video Player Installer (x32 Version: 0.0.0.42 - Sling Media) Hidden
DishAnywhereDesktop (HKLM-x32\...\{08a64f52-18b8-47f8-a98c-ada6d5696dca}) (Version: 0.0.0.42 - Sling Media)
Diskeeper 12 Professional (HKLM\...\{2C0222FA-7DBD-4AED-862B-1672848539F4}) (Version: 16.0.1017.64 - Condusiv Technologies)
DisplayShare (HKLM-x32\...\{9E72D298-A015-4EB5-B11A-7B24A53A652F}) (Version: 1.1.0 - Golden Signals)
Dragon Age: Origins - Ultimate Edition (HKLM-x32\...\Steam App 47810) (Version:  - BioWare)
Dragon Age™ II (HKLM-x32\...\{4D565319-8B91-41CB-961C-0DDC86101AC5}) (Version: 1.04.8524.0 - Electronic Arts)
Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.3 - Electronic Arts)
Driver Fusion Premium (HKLM-x32\...\Driver Fusion) (Version: 2.1 - Treexy)
DriverAgent by eSupport.com (HKLM-x32\...\DriverAgent_is1) (Version:  - Copyright © 2013 eSupport.com, Inc • All Rights Reserved)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
EPSON NX430 Series Printer Uninstall (HKLM\...\EPSON NX430 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Evolve (HKLM-x32\...\Steam App 273350) (Version:  - Turtle Rock Studios)
Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version:  - Q, Timeslip)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Flawless Widescreen version 1.0.15 (HKLM-x32\...\{7348D82E-8C68-48FF-BA2D-8C97B5B4B3D8}_is1) (Version: 1.0.15 - Flawless Widescreen)
FOOK2 (HKLM-x32\...\FOOK2 v1.0) (Version: v1.0 - FOOK Team)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
GameFly Download Manager (HKU\S-1-5-21-3278550838-1209714285-193430599-1003\...\7998bdbe8c95db7f) (Version: 1.0.0.98 - GameFly)
Glare (HKLM-x32\...\Steam App 243140) (Version:  - Phobic Studios)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
H1Z1 (HKLM-x32\...\Steam App 295110) (Version:  - Sony Online Entertainment)
Happy Cloud Client (HKU\S-1-5-21-3278550838-1209714285-193430599-1003\...\HappyCloud) (Version: 4.54 - Happy Cloud, Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Kingdoms of Amalur: Reckoning (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.0.0.0 - Electronic Arts)
Kits Configuration Installer (x32 Version: 8.100.25984 - Microsoft) Hidden
Landmark Beta (HKU\S-1-5-21-3278550838-1209714285-193430599-1003\...\SOE-Landmark Beta) (Version: 1.0.3.183 - Sony Online Entertainment)
LEGO Lord of the Rings (HKLM-x32\...\Steam App 214510) (Version:  - Traveller's Tales)
Logitech Gaming Software 8.56 (HKLM\...\Logitech Gaming Software) (Version: 8.56.109 - Logitech Inc.)
LOOT (HKLM-x32\...\LOOT) (Version: 0.5.0 - LOOT Development Team)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Middle-earth: Shadow of Mordor (HKLM-x32\...\Steam App 241930) (Version:  - Monolith Productions, Inc.)
Minion (HKU\S-1-5-21-3278550838-1209714285-193430599-1003\...\{Minion}}_is1) (Version: 2.0 - ZAM Network LLC)
MotioninJoy Gamepad tool 0.7.0000 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.0000 - www.motioninjoy.com)
MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
MSI Kombustor 2.5.0 (HKLM-x32\...\{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1) (Version:  - MSI Co., LTD)
Neverwinter (HKLM-x32\...\Steam App 109600) (Version:  - Cryptic Studios)
New Vegas Configator version 1.6 (HKLM-x32\...\New Vegas Configator_is1) (Version: 1.6 - Rudolf Enberg)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.3 - Black Tree Gaming)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.00.04.0000 - Panda Security)
Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) Hidden
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
Playfire (HKLM-x32\...\{01052d57-5e05-455f-9b02-dcf6f53962df}) (Version: 0.0.58.0 - Playfire)
Playfire (x32 Version: 0.0.58.0 - Playfire) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.9 - Power Software Ltd)
RadeonPro 1.0 (Build 1.1.1.0) (HKLM-x32\...\RadeonPro_is1) (Version:  - )
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.66 - Razer Inc)
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 5.2.22.0 - Razer Inc.)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.02 - Razer Inc.)
RIFT (HKLM-x32\...\Glyph RIFT) (Version:  - Trion Worlds, Inc.)
Risen - ModStarter 1.3.4.1 (Online Mods DB version) (HKLM-x32\...\Risen - ModStarter_is1) (Version:  - LordOfWAR(WorldOfRisen.de), Odin68(Mighty DWARF Mod-Team))
Risen (HKLM-x32\...\Steam App 40300) (Version:  - Piranha – Bytes)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Scrolls (HKLM-x32\...\{AA53ACF4-5893-4F7C-8589-32F6A4266125}) (Version: 1.0.0.0 - Mojang)
SDK Debuggers (x32 Version: 8.100.26629 - Microsoft Corporation) Hidden
SlingPlayer for Web (HKLM-x32\...\{EF471CCE-B371-4BCC-AE8C-86F93D917184}) (Version: 2.4.0113 - Sling Media)
Spec Ops: The Line (HKLM-x32\...\Steam App 50300) (Version:  - Yager)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 8.0.0.0 - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
System Checkup 3.5 (HKLM-x32\...\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1) (Version: 3.5.0.23 - iolo technologies, LLC)
System Requirements Lab CYRI (HKLM-x32\...\{2DF5765E-5386-4540-9383-DBC9A0A596F9}) (Version: 6.0.15.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Uplay (HKLM-x32\...\Uplay) (Version: 4.5 - Ubisoft)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Virtual Audio Cable 4.14 (HKLM\...\Virtual Audio Cable 4.14) (Version:  - )
Watch_Dogs (HKLM-x32\...\Uplay Install 274) (Version:  - Ubisoft)
WhoCrashed 5.01 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
WildStar (HKLM-x32\...\WildStar) (Version:  - NCSOFT)
Windows Software Development Kit for Windows 8.1 (HKLM-x32\...\{57334b90-51ab-4979-a6e4-ab0f7632479a}) (Version: 8.100.26654 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
WPT Redistributables (x32 Version: 8.100.26654 - Microsoft) Hidden
WPTx64 (x32 Version: 8.100.26629 - Microsoft) Hidden
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3278550838-1209714285-193430599-1003_Classes\CLSID\{c7f2efbd-3b68-4452-9e89-6e73cea35eb4}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)

==================== Restore Points  =========================

06-01-2015 11:40:29 Scheduled Checkpoint
11-01-2015 20:29:25 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
21-01-2015 11:54:15 Scheduled Checkpoint

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {098E8238-3343-47C2-AC6E-AB8C006E7110} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-10] (Google Inc.)
Task: {0B22C179-C9B6-4CD8-837D-1656F02DEFBA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-10] (Microsoft Corporation)
Task: {34C80515-1A6E-40BC-9F99-802B0CB0F5AB} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-08-19] ()
Task: {38A7DB14-BC69-4DBF-B343-EF735BBD6CCB} - System32\Tasks\FRAPS => C:\Fraps\fraps.exe [2013-02-25] (Beepa P/L)
Task: {3E372331-4A84-421F-B64C-E4E942534676} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3278550838-1209714285-193430599-1003 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe
Task: {44DA9F03-F606-48BB-824B-1085C8C28B6D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-10] (Google Inc.)
Task: {778B5BE1-E383-40D2-B892-3EADE38511CA} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {AA22ADD5-CAA6-4DEC-87D1-2B645B91096D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {AA6143A5-42A3-4F3A-A8F1-37A51ABE5973} - System32\Tasks\iolo System Checkup => C:\ProgramData\iolo\scustask.lnk [2014-05-02] ()
Task: {C005B47A-C684-4DCA-8907-5DBDF5A5302C} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3278550838-1209714285-193430599-1003 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe
Task: {DEB4D3D9-D7AA-4B3A-8367-FD97CF05AF46} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)
Task: {F0A88F17-BB2C-49BA-9586-D91669633594} - System32\Tasks\{32F92831-AAB4-49C3-9073-FDB4CD0AAA41} => pcalua.exe -a "C:\Program Files (x86)\Steam\SteamApps\common\Fallout New Vegas\fnv4gb.exe" -d "C:\Program Files (x86)\Steam\SteamApps\common\Fallout New Vegas"
Task: {FB8A385B-066E-4AA0-8980-8FBFA4E7B001} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-11-20 21:23 - 2014-11-20 21:23 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2014-11-20 21:23 - 2014-11-20 21:23 - 00127488 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-12-09 14:22 - 2014-12-09 14:22 - 00186048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2014-08-19 14:08 - 2014-08-19 14:08 - 03727360 _____ () C:\Windows\AutoKMS\AutoKMS.exe
2014-10-14 23:27 - 2014-10-14 23:27 - 08897696 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-09-16 13:02 - 2014-09-16 13:02 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-09-16 13:02 - 2014-09-16 13:02 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-16 13:02 - 2014-09-16 13:02 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-09-16 13:02 - 2014-09-16 13:02 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-12 09:23 - 2013-04-12 09:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2015-01-14 18:05 - 2015-01-08 16:35 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
2015-01-14 18:05 - 2015-01-08 16:35 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll
2010-11-22 14:56 - 2010-11-22 14:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-22 14:56 - 2010-11-22 14:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-22 14:56 - 2010-11-22 14:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-05-13 15:26 - 2014-05-13 15:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-05-13 15:26 - 2014-05-13 15:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-05-13 15:26 - 2014-05-13 15:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-05-13 15:26 - 2014-05-13 15:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 14:57 - 2010-11-22 14:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-22 14:56 - 2010-11-22 14:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-22 14:56 - 2010-11-22 14:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-22 14:56 - 2010-11-22 14:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-22 14:57 - 2010-11-22 14:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-22 14:57 - 2010-11-22 14:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-22 14:56 - 2010-11-22 14:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 10:17 - 2011-02-15 10:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-22 14:57 - 2010-11-22 14:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2014-05-13 15:26 - 2014-05-13 15:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 14:56 - 2010-11-22 14:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2010-11-22 14:56 - 2010-11-22 14:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2010-11-22 14:56 - 2010-11-22 14:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-22 14:57 - 2010-11-22 14:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd
2014-08-13 16:37 - 2014-08-13 16:37 - 00113171 _____ () C:\Program Files (x86)\Raptr\libvlc.dll
2014-08-13 16:37 - 2014-08-13 16:37 - 02396691 _____ () C:\Program Files (x86)\Raptr\libvlccore.dll
2010-11-22 14:56 - 2010-11-22 14:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2010-11-22 14:57 - 2010-11-22 14:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2010-11-22 14:56 - 2010-11-22 14:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
2013-11-20 16:05 - 2013-11-20 16:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
2010-11-22 14:57 - 2010-11-22 14:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2014-06-17 16:56 - 2014-06-17 16:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 10:17 - 2011-02-15 10:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-22 15:06 - 2010-11-22 15:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-09 15:52 - 2013-05-09 15:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-09 15:52 - 2013-05-09 15:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-09 15:52 - 2013-05-09 15:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 10:57 - 2013-05-03 10:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 10:56 - 2013-05-03 10:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 10:56 - 2013-05-03 10:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 10:57 - 2013-05-03 10:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 10:56 - 2013-05-03 10:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 10:57 - 2013-05-03 10:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 10:57 - 2013-05-03 10:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 10:57 - 2013-05-03 10:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 10:57 - 2013-05-03 10:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
2015-01-14 18:05 - 2015-01-08 16:35 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll
2015-01-14 18:05 - 2015-01-08 16:35 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
2015-01-14 18:05 - 2015-01-08 16:35 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:05E9FFE5
AlternateDataStreams: C:\Users\Kyle\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\64858768.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\64858768.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKU\S-1-5-21-3278550838-1209714285-193430599-1003\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"
HKU\S-1-5-21-3278550838-1209714285-193430599-1003\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-3278550838-1209714285-193430599-1003\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"

========================= Accounts: ==========================

Administrator (S-1-5-21-3278550838-1209714285-193430599-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3278550838-1209714285-193430599-1019 - Limited - Enabled)
Guest (S-1-5-21-3278550838-1209714285-193430599-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3278550838-1209714285-193430599-1005 - Limited - Enabled)
Kyle (S-1-5-21-3278550838-1209714285-193430599-1003 - Administrator - Enabled) => C:\Users\Kyle

==================== Faulty Device Manager Devices =============

Name: Logitech_LGVirHid49713
Description: Logitech_LGVirHid49713
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: High Definition Audio Device
Description: High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HdAudAddService
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Logitech_LGVirHid49714
Description: Logitech_LGVirHid49714
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Realtek PCIe GBE Family Controller #2
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8168
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/21/2015 08:02:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program H1Z1.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ef24

Start Time: 01d035f806f2a2cc

Termination Time: 22

Application Path: C:\Program Files (x86)\Steam\steamapps\common\H1Z1\H1Z1.exe

Report Id: 6eeba61f-a1eb-11e4-82dd-fdf241a96521

Faulting package full name: 

Faulting package-relative application ID:

Error: (01/21/2015 09:13:50 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/20/2015 06:41:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program H1Z1.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 9b48

Start Time: 01d03523a608311d

Termination Time: 34

Application Path: C:\Program Files (x86)\Steam\steamapps\common\H1Z1\H1Z1.exe

Report Id: 05c69bc1-a117-11e4-82dd-fdf241a96521

Faulting package full name: 

Faulting package-relative application ID:

Error: (01/20/2015 09:05:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: uq7cgbuw.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Faulting module name: uq7cgbuw.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Exception code: 0xc0000005
Fault offset: 0x000011aa
Faulting process id: 0xb130
Faulting application start time: 0xuq7cgbuw.exe0
Faulting application path: uq7cgbuw.exe1
Faulting module path: uq7cgbuw.exe2
Report Id: uq7cgbuw.exe3
Faulting package full name: uq7cgbuw.exe4
Faulting package-relative application ID: uq7cgbuw.exe5

Error: (01/20/2015 09:04:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: z7q4297q.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Faulting module name: z7q4297q.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Exception code: 0xc0000005
Fault offset: 0x000011aa
Faulting process id: 0xbfac
Faulting application start time: 0xz7q4297q.exe0
Faulting application path: z7q4297q.exe1
Faulting module path: z7q4297q.exe2
Report Id: z7q4297q.exe3
Faulting package full name: z7q4297q.exe4
Faulting package-relative application ID: z7q4297q.exe5

Error: (01/20/2015 09:03:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: z7q4297q.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Faulting module name: z7q4297q.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Exception code: 0xc0000005
Fault offset: 0x000011aa
Faulting process id: 0x8bc0
Faulting application start time: 0xz7q4297q.exe0
Faulting application path: z7q4297q.exe1
Faulting module path: z7q4297q.exe2
Report Id: z7q4297q.exe3
Faulting package full name: z7q4297q.exe4
Faulting package-relative application ID: z7q4297q.exe5

Error: (01/20/2015 09:03:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: z7q4297q.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Faulting module name: z7q4297q.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Exception code: 0xc0000005
Fault offset: 0x000011aa
Faulting process id: 0x9960
Faulting application start time: 0xz7q4297q.exe0
Faulting application path: z7q4297q.exe1
Faulting module path: z7q4297q.exe2
Report Id: z7q4297q.exe3
Faulting package full name: z7q4297q.exe4
Faulting package-relative application ID: z7q4297q.exe5

Error: (01/19/2015 04:11:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Steam.exe version 2.58.33.56 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 8324

Start Time: 01d0344214113ffc

Termination Time: 14

Application Path: C:\Program Files (x86)\Steam\Steam.exe

Report Id: ea0272b0-a038-11e4-82dd-fdf241a96521

Faulting package full name: 

Faulting package-relative application ID:

Error: (01/19/2015 04:11:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17284, time stamp: 0x53f816dc
Faulting module name: msvcrt.dll, version: 7.0.9600.16384, time stamp: 0x5215f944
Exception code: 0x40000015
Fault offset: 0x0000000000055326
Faulting process id: 0x7740
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5

Error: (01/17/2015 08:56:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Diablo III.exe version 2.1.2.28709 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 8bb4

Start Time: 01d032d7a704d317

Termination Time: 78

Application Path: C:\Program Files (x86)\Diablo III\Diablo III.exe

Report Id: 5fba612b-9ece-11e4-82dd-fdf241a96521

Faulting package full name: 

Faulting package-relative application ID:


System errors:
=============
Error: (01/22/2015 08:21:12 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (01/22/2015 08:21:11 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (01/21/2015 09:04:06 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (01/21/2015 09:04:03 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (01/20/2015 06:18:09 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (01/20/2015 06:18:07 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (01/20/2015 08:53:40 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (01/20/2015 08:53:38 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (01/19/2015 03:46:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053

Error: (01/19/2015 03:46:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.


Microsoft Office Sessions:
=========================
Error: (01/21/2015 08:02:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: H1Z1.exe0.0.0.0ef2401d035f806f2a2cc22C:\Program Files (x86)\Steam\steamapps\common\H1Z1\H1Z1.exe6eeba61f-a1eb-11e4-82dd-fdf241a96521

Error: (01/21/2015 09:13:50 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Kyle\Downloads\SoftonicDownloader_for_bluetooth-driver-installer.exe

Error: (01/20/2015 06:41:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: H1Z1.exe0.0.0.09b4801d03523a608311d34C:\Program Files (x86)\Steam\steamapps\common\H1Z1\H1Z1.exe05c69bc1-a117-11e4-82dd-fdf241a96521

Error: (01/20/2015 09:05:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: uq7cgbuw.exe2.1.19357.052e7ea83uq7cgbuw.exe2.1.19357.052e7ea83c0000005000011aab13001d034d3385365b6C:\Users\Kyle\Downloads\uq7cgbuw.exeC:\Users\Kyle\Downloads\uq7cgbuw.exe8bc0196c-a0c6-11e4-82dd-fdf241a96521

Error: (01/20/2015 09:04:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: z7q4297q.exe2.1.19357.052e7ea83z7q4297q.exe2.1.19357.052e7ea83c0000005000011aabfac01d034d31d9c5250C:\Users\Kyle\Downloads\z7q4297q.exeC:\Users\Kyle\Downloads\z7q4297q.exe70779956-a0c6-11e4-82dd-fdf241a96521

Error: (01/20/2015 09:03:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: z7q4297q.exe2.1.19357.052e7ea83z7q4297q.exe2.1.19357.052e7ea83c0000005000011aa8bc001d034d2ff3bb164C:\Users\Kyle\Downloads\z7q4297q.exeC:\Users\Kyle\Downloads\z7q4297q.exe521809a9-a0c6-11e4-82dd-fdf241a96521

Error: (01/20/2015 09:03:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: z7q4297q.exe2.1.19357.052e7ea83z7q4297q.exe2.1.19357.052e7ea83c0000005000011aa996001d034d2e4e3af22C:\Users\Kyle\Downloads\z7q4297q.exeC:\Users\Kyle\Downloads\z7q4297q.exe37d90e40-a0c6-11e4-82dd-fdf241a96521

Error: (01/19/2015 04:11:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Steam.exe2.58.33.56832401d0344214113ffc14C:\Program Files (x86)\Steam\Steam.exeea0272b0-a038-11e4-82dd-fdf241a96521

Error: (01/19/2015 04:11:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1728453f816dcmsvcrt.dll7.0.9600.163845215f944400000150000000000055326774001d033f69bcaff2eC:\Windows\Explorer.EXEC:\Windows\system32\msvcrt.dlldc900547-a038-11e4-82dd-fdf241a96521

Error: (01/17/2015 08:56:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Diablo III.exe2.1.2.287098bb401d032d7a704d31778C:\Program Files (x86)\Diablo III\Diablo III.exe5fba612b-9ece-11e4-82dd-fdf241a96521


CodeIntegrity Errors:
===================================
  Date: 2015-01-02 18:50:17.914
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 18:50:17.792
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 18:50:17.671
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 18:50:17.537
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 18:50:17.421
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 18:50:17.302
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 18:50:16.839
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 18:41:42.876
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 18:41:42.766
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 18:41:42.641
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: AMD FX(tm)-6300 Six-Core Processor 
Percentage of memory in use: 29%
Total physical RAM: 8189.55 MB
Available physical RAM: 5734.92 MB
Total Pagefile: 20189.55 MB
Available Pagefile: 17130.93 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:926.19 GB) (Free:275.41 GB) NTFS
Drive d: (DA Inquisition 4) (CDROM) (Total:6.06 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D1D65A1D)
Partition 1: (Active) - (Size=450 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=926.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=4.9 GB) - (Type=27)

==================== End Of Log ============================


#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:44 PM

Posted 23 January 2015 - 05:35 AM

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

 

 

 

Scan with ESET Online Scan

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
  • Click the blue Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
  • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 knblatt

knblatt
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 23 January 2015 - 02:53 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by Kyle at 2015-01-23 09:20:19 Run:1
Running from C:\Users\Kyle\Downloads
Loaded Profiles: Kyle (Available profiles: Kyle)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
AlternateDataStreams: C:\ProgramData\TEMP:05E9FFE5
CHR HKLM-x32\...\Chrome\Extension: [fmgckcapmffomaifonnhgkfdgljnkpgi] - No Path
CHR HKLM-x32\...\Chrome\Extension: [jddfihmdfalfpnnebhgpmopljbopmkea] - No Path
CHR HKLM\...\Chrome\Extension: [jddfihmdfalfpnnebhgpmopljbopmkea] - No Path
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - No Path
CHR Extension: (SlingPlayer for DISH Anywhere) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcnpmlegoehfgohpkmjhpohjchokamnn [2014-04-10]
CHR Extension: (DISH Anywhere Video Player Extension) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\jddfihmdfalfpnnebhgpmopljbopmkea [2014-11-23]
CHR Extension: (BetterTTV) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2014-04-10]
FF Plugin HKU\S-1-5-21-3278550838-1209714285-193430599-1003: DISH Anywhere.com/DISH Anywhere Video Player -> C:\Users\Kyle\AppData\Roaming\DISH Anywhere\DISH Anywhere Video Player\npNMPCBrowserPlugin.dll (Nagravision)
Task: {34C80515-1A6E-40BC-9F99-802B0CB0F5AB} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-08-19] ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

C:\Users\Kyle\AppData\Roaming\DISH Anywhere
C:\Windows\AutoKMS

EmptyTemp:

*****************

C:\ProgramData\TEMP => ":05E9FFE5" ADS removed successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fmgckcapmffomaifonnhgkfdgljnkpgi" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jddfihmdfalfpnnebhgpmopljbopmkea" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\jddfihmdfalfpnnebhgpmopljbopmkea" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee" => Key deleted successfully.
C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcnpmlegoehfgohpkmjhpohjchokamnn => Moved successfully.
C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\jddfihmdfalfpnnebhgpmopljbopmkea => Moved successfully.
C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped => Moved successfully.
"HKU\S-1-5-21-3278550838-1209714285-193430599-1003\Software\MozillaPlugins\DISH Anywhere.com/DISH Anywhere Video Player" => Key deleted successfully.
C:\Users\Kyle\AppData\Roaming\DISH Anywhere\DISH Anywhere Video Player\npNMPCBrowserPlugin.dll => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34C80515-1A6E-40BC-9F99-802B0CB0F5AB} => Key not found. 
C:\Windows\System32\Tasks\AutoKMS => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
C:\Users\Kyle\AppData\Roaming\DISH Anywhere => Moved successfully.
C:\Windows\AutoKMS => Moved successfully.
EmptyTemp: => Removed 4.9 GB temporary data.


The system needed a reboot. 

==== End of Fixlog 09:21:26 ====
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/23/2015
Scan Time: 9:33:17 AM
Logfile: 
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.23.06
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Kyle

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 345614
Time Elapsed: 11 min, 0 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.Softonic.A, HKU\S-1-5-21-3278550838-1209714285-193430599-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic, Quarantined, [99394dadaddc86b0630b215dc340619f], 

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 3
PUP.Optional.InstallCore, C:\Users\Kyle\Downloads\CR_Downloader_per_final-fantasy-xii.exe, Quarantined, [e5ed27d3f990a5911be56d7d8b76f10f], 
PUP.Optional.Softonic, C:\Users\Kyle\Downloads\SoftonicDownloader_for_bluetooth-driver-installer.exe, Quarantined, [f5dd62986d1c8babb4fcfd5d5ba5f907], 
PUP.Optional.AZLyrics.A, C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage, Quarantined, [884a1ae0f792013558c0146bd82bac54], 

Physical Sectors: 0
(No malicious items detected)


(end)

C:\Program Files (x86)\Cheat Engine 6.4\standalonephase1.dat	a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application
C:\Program Files (x86)\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe	a variant of Win32/Toolbar.Visicom.A potentially unwanted application



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:44 PM

Posted 26 January 2015 - 06:21 AM

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.




SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK Mirror (if the link is down)

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread (Note: Do NOT post this one into a code box!





Are any problems left or may I post the final reply? :)


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 knblatt

knblatt
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 26 January 2015 - 11:41 AM

# AdwCleaner v4.109 - Report created 26/01/2015 at 08:21:11
# Updated 24/01/2015 by Xplode
# Database : 2015-01-25.1 [Live]
# Operating System : Windows 8.1  (64 bits)
# Username : Kyle - KYLE
# Running from : C:\Users\Kyle\Downloads\adwcleaner_4.109.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSupport.com
Folder Deleted : C:\Program Files (x86)\eSupport.com
Folder Deleted : C:\Users\Kyle\AppData\Local\eSupport.com
File Deleted : C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKCU\Software\eSupport.com
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Google Chrome v40.0.2214.91


-\\ Comodo Dragon v


*************************

AdwCleaner[R0].txt - [1416 octets] - [26/01/2015 08:19:12]
AdwCleaner[S0].txt - [1303 octets] - [26/01/2015 08:21:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1363 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 x64
Ran by Kyle on Mon 01/26/2015 at  8:26:47.72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/26/2015 at  8:29:47.90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 Results of screen317's Security Check version 0.99.95  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Panda Free Antivirus   
Windows Defender       
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 31  
 Java version 32-bit out of Date! 
  Java 64-bit 8 Update 31  
 Adobe Flash Player 16.0.0.296  
 Adobe Reader XI  
 Google Chrome (39.0.2171.99) 
 Google Chrome (40.0.2214.91) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 


#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:44 PM

Posted 27 January 2015 - 09:31 AM

Your system is clean now! :)

 

 

Java runtime Environment out of date

Your Java runtime environment is outdated. We will fix this.

  • Get the actual JRE from here
  • Save jxpiinstall.exe to your desktop
  • Close all running programs, especially your browser(s)
  • Run jxpiinstall.exe. This will download the newest JRE installer and install the software
  • when finished, go to
    Start-->control panel-->add/remove programs and remove all older Java versions. (if existing)
  • When finished, reboot your computer.

After the reboot
  • Open control panel again and click the java symbol.
  • Click Settings under Temporary Internet Files.
    The Temporary Files Settings dialog box appears.
  • Click Delete Files.
    The Delete Temporary Files dialog box appears
  • Click OK on Delete Temporary Files window.
  • Click OK again.

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  • In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  • In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  • In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process
  • If there is still something left please delete it manualy.




Delete System Restore Points

To ensure your System Restore Points are free of malware, we will delete all of them but the most recent or create a new one.

On Windows Vista: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows 7/8: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows XP: Please follow these instructions to delete all but the most common System Protection Restore Points.




Temp File Cleaner

We need to download Temp File Cleaner (TFC) by OldTimer:
  • Please download TFC.exe by Oldtimer at one of the two links: Link 1 Link 2
  • Save and close all running applications
  • Double-click on TFC.exe to run the program
  • Click on Start to begin the cleaning process note: this program may close running applications, make your screen disappear temporarily, or require a reboot of your PC - this is normal and part of the cleanup
  • When the scan is complete, if you were not asked to reboot the computer, please do so now
More Information can be found about the tool here: http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/

 

 

 

Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.

  • Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:

  • Backup
    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system.
  • Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.
    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:44 PM

Posted 03 July 2015 - 02:22 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users