Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Defender and Security Client issues causing me unable to boot windows 7


  • This topic is locked This topic is locked
4 replies to this topic

#1 ingen1234

ingen1234

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 29 January 2015 - 06:25 PM

Hello, This problem just started today when i restarted my pc: any help fixing and allowing me to use my desktop would be lovely ^^

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by Kristian (administrator) on OVERKILL-PC on 29-01-2015 15:04:56
Running from J:\farbar
Loaded Profiles: False (Available profiles: Kristian) <==== ATTENTION (Temporary Profile?)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Stardock Corporation) C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\VistaSrv.exe
() C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\wbvista.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\SysWOW64\ASGT.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Corsair Components  Inc) C:\Program Files (x86)\Corsair\K90 Keyboard\K90Hid.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Corsair Components  Inc) C:\Program Files (x86)\Corsair\K90 Keyboard\CorsTra.exe
(Razer USA Ltd) C:\Program Files (x86)\Razer\Razer StarCraftII\RazerStarCraftIISysTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUS) C:\Program Files (x86)\ASUS\PCE-AC66 WLAN Card Utilities\WlanMgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-26] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2015-01-06] (Razer Inc.)
HKLM-x32\...\Run: [Corsair laver] => C:\Program Files (x86)\Corsair\K90 Keyboard\K90Hid.exe [1780736 2012-05-22] (Corsair Components  Inc)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM-x32\...\Run: [Razer StarcraftII Driver] => C:\Program Files (x86)\Razer\Razer StarCraftII\RazerStarCraftIISysTray
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
Winlogon\Notify\WB: C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll [X]
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-01-20] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-01-20] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2011-10-19] (Creative Technology Ltd) [File not signed]
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [8998800 2013-05-08] (DisplayLink Corp.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
S3 HcwDevCentralService; C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDevCentralService.exe [394512 2013-12-16] (Hauppauge Computer Works, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-09] ()
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WindowBlinds; C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\VistaSrv.exe [337144 2009-06-04] (Stardock Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 CORSGKB; C:\Windows\System32\drivers\CORSGKB.sys [25600 2012-03-27] ( )
S3 DisplayLinkUsbIo_x64; C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_x64_7.2.47873.0.sys [44944 2013-05-13] ()
S3 hcwE5bda; C:\Windows\System32\drivers\hcwE5bda.sys [968792 2013-11-04] (Hauppauge Computer Work, Inc.)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R4 IOMap; C:\Windows\system32\drivers\IOMap64.sys [23680 2010-02-23] (ASUSTeK Computer Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 NVFLASH; C:\Windows\system32\drivers\nvflash.sys [15168 2012-03-10] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-12-09] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-11-17] (Razer, Inc.)
S3 SaiK1708; C:\Windows\System32\DRIVERS\SaiK1708.sys [180544 2012-09-20] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
S3 SaiU1708; C:\Windows\System32\DRIVERS\SaiU1708.sys [47168 2012-09-20] (Saitek)
R3 UHSfiltv; C:\Windows\System32\drivers\UHSfiltv.sys [23552 2013-07-19] (Creative Technology Ltd.)
R3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys 80B9412C4DE09147581FC935FB4C97AB
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asmthub3.sys 22842362DF890F5492F85AA60916A697
C:\Windows\System32\DRIVERS\asmtxhci.sys 08E2D77766CC05E75A0707207D9FC684
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcmwl664.sys 0D8DDE57275DC32806A725AF9048D9FE
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\System32\drivers\CORSGKB.sys 51E7182652A7A5AF46AFCDE6AFDDCDF5
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_x64_7.2.47873.0.sys 4FDA6E0FC01D90F7CF7EC237006ADA68
C:\Windows\system32\drivers\dlkmd.sys 04D5F6658E6B2C84B87AB268F581C63C
C:\Windows\System32\drivers\dlkmdldr.sys 69C062163DCA5FD01169A56EE91785C4
C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\System32\DRIVERS\e1c62x64.sys E53D32044F4A03D64D6C91CF0A22A77E
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\hcwE5bda.sys 00F044118C659A318EC54553C3FA9E3F
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ANDROIDUSB.sys F47CEC45FB85791D4AB237563AD0FA8F
C:\Windows\System32\DRIVERS\HtcVComV64.sys 7C7C986776D00E575BFBDE5DCBDC615D
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys D1753C06EE17E29352B065EACF3F10D0
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys C38AFE18A40ADF005647090DD3AC24F3
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys E83BB47C3446F0497019DE7FD6C6A86F
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\IOMap64.sys A01C412699B6F21645B2885C2BAE4454
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\iusb3hcs.sys B2381712638B0B714D0EEAB9A1F7C640
C:\Windows\System32\DRIVERS\iusb3hub.sys FD2C6457232E95C014DAD21DEBC64867
C:\Windows\System32\DRIVERS\iusb3xhc.sys F6A2B5D030BE7EDF8ADC12C9A40825A8
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 41774FF331F609EF442B7398EE6202B1
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lvrs64.sys 0C85B2B6FB74B36A251792D45E0EF860
C:\Windows\System32\DRIVERS\lvuvc64.sys FF3A488924B0032B1A9CA6948C1FA9E8
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys 772A1DEEDFDBC244183B5C805D1B7D85
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpFilter.sys 6439D1E559D08BD8A1465A8943357053
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys AE3334958D8F631FF14A0AEB3D7EFB3A
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\Drivers\nx6000.sys BB590070D606AE6F008341FC9A7B2AD7
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys F9EEFFC65C68A45001D1349E652B8B6F
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvflash.sys 57C718139D52E017331806BAF4A1100A
C:\Windows\System32\drivers\nvhda64v.sys 7E4355930B28C2798D9F09AB9F81151F
C:\Windows\System32\DRIVERS\nvlddmkm.sys ED4D88A04D22E6B00DB6BC8FACDBAFED
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys 0C4A0D577A6EF1B9D353851668779944
C:\Windows\System32\drivers\nvvad64v.sys DBFE7B2DF103F74AE51840B3C5F25FE9
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\DRIVERS\PcaSp60.sys 5EACB8A19CAD7057806FBBF9550165E1
C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys 5EACB8A19CAD7057806FBBF9550165E1
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys 946010CDFA91469351B22E2620CEBCD8
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\RzDxgk.sys 652F9068C05A7FB83291DF616CDC8A8B
C:\Windows\System32\DRIVERS\rzendpt.sys 8295DB01432C1D1F3D0F4A27AB349730
C:\Windows\system32\drivers\RzFilter.sys 2CEDF1DC70CEFB415354180A507104CE
C:\Windows\system32\drivers\rzpmgrk.sys F17F84511E7DFDEEAB646F0699A006D7
C:\Windows\system32\drivers\rzpnk.sys FEF60A37301E1F5A3020FA3487FB2CD7
C:\Windows\System32\DRIVERS\rzudd.sys 77C5AB228FE307C55FEF0C575E218771
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SaiK1708.sys 20FF3D56E9BF9C8FAE2582C5EF6355F2
C:\Windows\System32\DRIVERS\SaiMini.sys B08581EDF3290210D3366CD2D992F6C2
C:\Windows\System32\drivers\SaiBus.sys D086C2F45D328C2F63FC6B4CD79FCB66
C:\Windows\System32\DRIVERS\SaiU1708.sys 79C7A79943FDB25615C97CF84AA873BE
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\serscan.sys DECACB6921DED1A38642642685D77DAC
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\synth3dvsc.sys C3A39C4079305480972D29C44B868C78
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys 70988118145F5F10EF24720B97F35F65
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\system32\drivers\terminpt.sys 2B5BDFF688EC9871D7EC5837833374E9
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\drivers\tsusbhub.sys E1748D04AE40118B62BC18AC86032192
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\UHSfiltv.sys E5DA87DAB3A32FA03F13FCFAE4255084
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240
C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\DRIVERS\VBoxDrv.sys 2A801DFB1C278104D6AFB23C456C0E89
C:\Windows\System32\DRIVERS\VBoxNetAdp.sys 16F38B18F51DBD2D32A77B3649CFC55A
C:\Windows\System32\DRIVERS\VBoxUSBMon.sys 46970F66C3F19421C37CCCDC7C2F176A
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys DF8126BD41180351A093A3AD2FC8903B
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\drivers\xspltspk.sys 377F3E3467A8BFA3CDC921AD6425D513

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-29 14:30 - 2015-01-29 15:04 - 00000000 ____D () C:\FRST
2015-01-29 14:28 - 2015-01-29 14:28 - 00001262 _____ () C:\Windows\SysWOW64\debug.log
2015-01-29 12:45 - 2015-01-29 12:45 - 00000000 ____D () C:\Windows\Profiles\Kristian
2015-01-29 12:32 - 2015-01-29 12:32 - 00003664 _____ () C:\bootsqm.dat
2015-01-29 10:53 - 2015-01-29 10:53 - 00000000 ____D () C:\Windows\system32\%LOCALAPPDATA%
2015-01-29 10:33 - 2015-01-29 10:33 - 00000000 ____D () C:\Windows\SysWOW64\Intel Corporation
2015-01-29 10:29 - 2015-01-29 10:30 - 00000000 ____D () C:\NVIDIA Corporation
2015-01-14 04:26 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 04:26 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 04:26 - 2014-12-11 21:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 04:26 - 2014-12-11 21:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 04:26 - 2014-12-11 21:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 04:26 - 2014-12-11 21:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 04:26 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 04:26 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 04:26 - 2014-12-11 21:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 04:26 - 2014-12-11 09:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 04:26 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 04:26 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 04:26 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2014-12-30 01:35 - 2014-12-30 01:35 - 00177832 _____ (Razer Inc) C:\Windows\system32\Drivers\rzudd.sys
2014-12-30 01:35 - 2014-12-30 01:35 - 00039592 _____ (Razer Inc) C:\Windows\system32\Drivers\rzendpt.sys
2014-12-30 01:28 - 2014-12-30 01:28 - 00990720 _____ (Razer Inc) C:\Windows\SysWOW64\rzdevicedll.dll
2014-12-30 01:28 - 2014-12-30 01:28 - 00419840 _____ (Razer Inc) C:\Windows\SysWOW64\rzaudiodll.dll
2014-12-30 01:28 - 2014-12-30 01:28 - 00155136 _____ (Razer Inc) C:\Windows\SysWOW64\rztouchdll.dll
2014-12-30 01:28 - 2014-12-30 01:28 - 00117248 _____ (Razer Inc) C:\Windows\SysWOW64\rzdisplaydll.dll
2014-12-30 01:28 - 2014-12-30 01:28 - 00089088 _____ (Razer Inc) C:\Windows\SysWOW64\rzdevinfo.dll
2014-12-30 01:28 - 2014-12-30 01:28 - 00078848 _____ (Razer Inc) C:\Windows\SysWOW64\rzvirtualdev.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-29 15:04 - 2013-04-23 19:14 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-29 15:03 - 2014-06-06 00:12 - 00043673 _____ () C:\Windows\setupact.log
2015-01-29 15:03 - 2013-04-23 18:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-29 15:03 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-29 15:02 - 2013-09-19 10:41 - 01721350 _____ () C:\Windows\WindowsUpdate.log
2015-01-29 15:01 - 2013-04-23 19:14 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-29 14:42 - 2009-07-13 20:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-29 14:42 - 2009-07-13 20:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-29 14:36 - 2013-04-23 18:55 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-29 14:36 - 2013-04-23 18:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-29 14:36 - 2013-04-23 18:55 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-29 14:33 - 2013-04-23 19:34 - 00405780 _____ () C:\Windows\system32\perfh011.dat
2015-01-29 14:33 - 2013-04-23 19:34 - 00115154 _____ () C:\Windows\system32\perfc011.dat
2015-01-29 14:33 - 2009-07-13 21:13 - 01265276 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-29 14:23 - 2014-12-10 03:17 - 00000000 ____D () C:\Windows\system32\appraiser
2015-01-29 14:23 - 2014-05-06 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-01-29 14:23 - 2013-04-23 19:32 - 00000000 ____D () C:\Windows\SysWOW64\ja
2015-01-29 14:23 - 2013-04-23 19:32 - 00000000 ____D () C:\Windows\system32\ja
2015-01-29 14:23 - 2011-04-12 00:28 - 00000000 __SHD () C:\Windows\BitLockerDiscoveryVolumeContents
2015-01-29 14:23 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
2015-01-29 14:23 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2015-01-29 14:23 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\addins
2015-01-29 14:23 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2015-01-29 14:23 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-01-29 14:23 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Windows Defender
2015-01-29 14:23 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\DVD Maker
2015-01-29 14:23 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2015-01-29 14:23 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-01-29 14:23 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 __RSD () C:\Windows\Media
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\TAPI
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\uk-UA
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\th-TH
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\sr-Latn-CS
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\sppui
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\sl-SI
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\sk-SK
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Setup
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\ro-RO
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Recovery
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\ras
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\manifeststore
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\lv-LV
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\lt-LT
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\InstallShield
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\icsxml
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\hr-HR
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\he-IL
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\et-EE
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\com
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\bg-BG
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\ar-SA
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\AdvancedInstallers
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\uk-UA
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\th-TH
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\sysprep
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\sppui
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\sl-SI
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\sk-SK
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\Setup
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\ro-RO
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\ras
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\oobe
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\migwiz
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\manifeststore
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\lv-LV
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\lt-LT
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\icsxml
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\ias
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\hr-HR
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\he-IL
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\et-EE
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\com
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\bg-BG
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\ar-SA
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\servicing
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\L2Schemas
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\IME
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Cursors
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-29 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\Services
2015-01-29 14:22 - 2014-12-02 11:13 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-29 14:22 - 2014-12-01 22:05 - 00000000 ____D () C:\Program Files (x86)\Overwolf
2015-01-29 14:22 - 2014-07-29 19:57 - 00000000 ____D () C:\NVIDIA
2015-01-29 14:22 - 2014-06-18 16:34 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-01-29 14:22 - 2014-02-16 14:21 - 00000000 ____D () C:\64bit
2015-01-29 14:22 - 2014-02-16 14:21 - 00000000 ____D () C:\32bit
2015-01-29 14:22 - 2014-02-15 14:49 - 00000000 ____D () C:\Program Files\GIMP 2
2015-01-29 14:22 - 2014-01-20 18:52 - 00000000 ____D () C:\Program Files\Creative
2015-01-29 14:22 - 2014-01-20 18:52 - 00000000 ____D () C:\Program Files (x86)\Creative
2015-01-29 14:22 - 2013-12-30 00:40 - 00000000 ____D () C:\Program Files (x86)\puush
2015-01-29 14:22 - 2013-12-27 17:59 - 00000000 ____D () C:\Program Files\OBS
2015-01-29 14:22 - 2013-12-27 17:59 - 00000000 ____D () C:\Program Files (x86)\OBS
2015-01-29 14:22 - 2013-12-27 16:35 - 00000000 ____D () C:\Program Files\Microsoft LifeCam
2015-01-29 14:22 - 2013-12-27 16:35 - 00000000 ____D () C:\Program Files (x86)\Microsoft LifeCam
2015-01-29 14:22 - 2013-12-26 23:27 - 00000000 ____D () C:\Program Files (x86)\Hauppauge
2015-01-29 14:22 - 2013-12-21 00:16 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-29 14:22 - 2013-10-30 16:32 - 00000000 ____D () C:\Windows\Razer Core
2015-01-29 14:22 - 2013-10-25 01:15 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-29 14:22 - 2013-10-25 01:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-29 14:22 - 2013-10-22 14:49 - 00000000 ____D () C:\Program Files\SmartTechnology
2015-01-29 14:22 - 2013-10-02 20:49 - 00000000 ____D () C:\Program Files (x86)\XBMC
2015-01-29 14:22 - 2013-09-23 14:13 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2015-01-29 14:22 - 2013-09-23 14:13 - 00000000 ____D () C:\Program Files\iTunes
2015-01-29 14:22 - 2013-09-23 14:13 - 00000000 ____D () C:\Program Files\iPod
2015-01-29 14:22 - 2013-09-23 14:13 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-29 14:22 - 2013-09-23 14:12 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-29 14:22 - 2013-09-23 14:12 - 00000000 ____D () C:\Program Files\Bonjour
2015-01-29 14:22 - 2013-09-23 14:12 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-01-29 14:22 - 2013-09-23 14:12 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-01-29 14:22 - 2013-08-12 12:41 - 00000000 ____D () C:\Program Files (x86)\Mumble
2015-01-29 14:22 - 2013-07-01 08:40 - 00000000 ____D () C:\Windows\Downloaded Installations
2015-01-29 14:22 - 2013-06-18 15:46 - 00000000 ____D () C:\Techno Mi
2015-01-29 14:22 - 2013-06-18 10:54 - 00000000 ____D () C:\Program Files\Common Files\logishrd
2015-01-29 14:22 - 2013-04-30 16:40 - 00000000 ____D () C:\Program Files\DisplayLink Core Software
2015-01-29 14:22 - 2013-04-23 22:18 - 00000000 ____D () C:\Program Files\Tclock
2015-01-29 14:22 - 2013-04-23 21:25 - 00000000 ____D () C:\Program Files\StartKiller
2015-01-29 14:22 - 2013-04-23 21:23 - 00000000 ____D () C:\Program Files (x86)\Razer
2015-01-29 14:22 - 2013-04-23 20:43 - 00000000 ____D () C:\Program Files (x86)\Launchy
2015-01-29 14:22 - 2013-04-23 20:41 - 00000000 ____D () C:\Program Files\PeaZip
2015-01-29 14:22 - 2013-04-23 20:38 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2015-01-29 14:22 - 2013-04-23 20:38 - 00000000 ____D () C:\Program Files\Realtek
2015-01-29 14:22 - 2013-04-23 20:37 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-01-29 14:22 - 2013-04-23 20:36 - 00000000 ____D () C:\Windows\Chipset
2015-01-29 14:22 - 2013-04-23 20:36 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-29 14:22 - 2013-04-23 20:33 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-29 14:22 - 2013-04-23 20:33 - 00000000 ____D () C:\Program Files (x86)\ASM104xUSB3
2015-01-29 14:22 - 2013-04-23 20:00 - 00000000 ____D () C:\Games
2015-01-29 14:22 - 2013-04-23 19:32 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2015-01-29 14:22 - 2013-04-23 19:17 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack
2015-01-29 14:22 - 2013-04-23 18:56 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-01-29 14:22 - 2013-04-23 18:56 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-01-29 14:22 - 2013-04-23 18:55 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-01-29 14:22 - 2013-04-23 18:55 - 00000000 ____D () C:\Windows\system32\Macromed
2015-01-29 14:22 - 2013-04-23 18:53 - 00000000 ____D () C:\Program Files\Intel
2015-01-29 14:22 - 2011-04-12 00:17 - 00000000 ____D () C:\Windows\SysWOW64\winrm
2015-01-29 14:22 - 2011-04-12 00:17 - 00000000 ____D () C:\Windows\SysWOW64\WCN
2015-01-29 14:22 - 2011-04-12 00:17 - 00000000 ____D () C:\Windows\SysWOW64\slmgr
2015-01-29 14:22 - 2011-04-12 00:17 - 00000000 ____D () C:\Windows\SysWOW64\Printing_Admin_Scripts
2015-01-29 14:22 - 2011-04-12 00:17 - 00000000 ____D () C:\Windows\system32\winrm
2015-01-29 14:22 - 2011-04-12 00:17 - 00000000 ____D () C:\Windows\system32\WCN
2015-01-29 14:22 - 2011-04-12 00:17 - 00000000 ____D () C:\Windows\system32\slmgr
2015-01-29 14:22 - 2011-04-12 00:17 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts
2015-01-29 14:22 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\SysWOW64\WindowsPowerShell
2015-01-29 14:22 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\system32\WindowsPowerShell
2015-01-29 14:22 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\system32\restore
2015-01-29 14:22 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\Performance
2015-01-29 14:22 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Reference Assemblies
2015-01-29 14:22 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\MSBuild
2015-01-29 14:22 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-01-29 14:22 - 2009-07-13 20:45 - 00000000 ____D () C:\Windows\Setup
2015-01-29 14:22 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\spp
2015-01-29 14:22 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Speech
2015-01-29 14:22 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\NetworkList
2015-01-29 14:22 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2015-01-29 14:22 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Msdtc
2015-01-29 14:22 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\IME
2015-01-29 14:22 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\spp
2015-01-29 14:22 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\spool
2015-01-29 14:22 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\Speech
2015-01-29 14:22 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\SMI
2015-01-29 14:22 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NetworkList
2015-01-29 14:22 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-29 14:22 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\MUI
2015-01-29 14:22 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\IME
2015-01-29 14:22 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Speech
2015-01-29 14:22 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\security
2015-01-29 14:22 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\schemas
2015-01-29 14:22 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Resources
2015-01-29 14:22 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PLA
2015-01-29 14:22 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Help
2015-01-29 14:22 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Globalization
2015-01-29 14:22 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Branding
2015-01-29 14:22 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat
2015-01-29 14:22 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Windows NT
2015-01-29 14:22 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-29 14:22 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files (x86)\Windows NT
2015-01-29 14:21 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2015-01-29 14:19 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Web
2015-01-29 14:19 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Vss
2015-01-29 14:17 - 2014-10-09 18:23 - 00000000 ____D () C:\skype
2015-01-29 14:16 - 2014-10-16 02:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2015-01-29 14:16 - 2014-01-26 18:21 - 00000000 ____D () C:\Program Files (x86)\Mionix
2015-01-29 14:16 - 2014-01-20 18:53 - 00000000 ___HD () C:\Program Files (x86)\Creative Installation Information
2015-01-29 14:16 - 2013-12-27 19:27 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-01-29 14:16 - 2013-12-26 23:27 - 00000000 ____D () C:\Program Files (x86)\ArcSoft
2015-01-29 14:16 - 2013-11-21 00:15 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2015-01-29 14:16 - 2013-07-04 18:04 - 00000000 ____D () C:\Program Files\CPUID
2015-01-29 14:16 - 2013-07-01 08:40 - 00000000 ____D () C:\Program Files (x86)\ASUS
2015-01-29 14:16 - 2013-06-18 15:30 - 00000000 ____D () C:\Program Files (x86)\Stardock
2015-01-29 14:16 - 2013-06-14 10:59 - 00000000 ____D () C:\Program Files\HP
2015-01-29 14:16 - 2013-06-14 10:59 - 00000000 ____D () C:\Program Files (x86)\HP
2015-01-29 14:16 - 2013-04-23 21:49 - 00000000 ____D () C:\Program Files (x86)\Corsair
2015-01-29 14:16 - 2013-04-23 20:42 - 00000000 ____D () C:\Program Files (x86)\Foxit Software
2015-01-29 14:16 - 2013-04-23 20:02 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-01-29 14:16 - 2013-04-23 19:14 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-29 14:16 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2015-01-29 14:16 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\SpeechEngines
2015-01-16 16:59 - 2014-06-06 00:12 - 00274704 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-16 16:57 - 2014-07-09 09:36 - 00271710 _____ () C:\Windows\DPINST.LOG
2015-01-15 03:02 - 2013-08-15 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 03:00 - 2013-04-23 19:22 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-31 03:14 - 2010-11-20 19:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2013-06-14 10:59 - 2013-06-14 10:59 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume3
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {879fb798-ac90-11e2-8bc8-fd21afe9b9e6}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {879fb79a-ac90-11e2-8bc8-fd21afe9b9e6}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {879fb798-ac90-11e2-8bc8-fd21afe9b9e6}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {879fb79a-ac90-11e2-8bc8-fd21afe9b9e6}
device                  ramdisk=[C:]\Recovery\879fb79a-ac90-11e2-8bc8-fd21afe9b9e6\Winre.wim,{879fb79b-ac90-11e2-8bc8-fd21afe9b9e6}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\879fb79a-ac90-11e2-8bc8-fd21afe9b9e6\Winre.wim,{879fb79b-ac90-11e2-8bc8-fd21afe9b9e6}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {879fb798-ac90-11e2-8bc8-fd21afe9b9e6}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume3
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {879fb79b-ac90-11e2-8bc8-fd21afe9b9e6}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\879fb79a-ac90-11e2-8bc8-fd21afe9b9e6\boot.sdi



LastRegBack: 2015-01-24 22:50

==================== End Of Log ============================


Edited by Chris Cosgrove, 29 January 2015 - 06:35 PM.
Moved to 'Virus, trojan, etc. Logs', FRST report included.


BC AdBot (Login to Remove)

 


m

#2 ingen1234

ingen1234
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 29 January 2015 - 06:28 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-01-2015
Ran by Kristian at 2015-01-29 15:05:13
Running from J:\farbar
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft ShowBiz (HKLM-x32\...\{4653DA78-3DB2-4F38-A35D-675CA0AF49CA}) (Version:  - ArcSoft)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.1.7.1 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.1.7.1 - ASUSTek COMPUTER INC.) Hidden
ASUS PCE-AC66 WLAN Card Utilities/Driver (HKLM-x32\...\{68209E06-26F0-4C69-AAEA-044605307CAC}) (Version: 2.0.2.4 - ASUS)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Corsair K90 Gaming Keyboard Driver V1.0 (HKLM-x32\...\{E87D1F6D-954D-4BB4-B49D-D394EB460A09}_is1) (Version:  - )
CPUID CPU-Z 1.65.0 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Creative System Information (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
DesktopX (HKLM-x32\...\DesktopX) (Version:  - )
DisplayLink Core Software (HKLM\...\{DAA61D41-4809-46C6-9AE4-13A61C54FA23}) (Version: 7.2.47873.0 - DisplayLink Corp.)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.0.2.413 - Foxit Corporation)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hauppauge Capture (HKLM-x32\...\Hauppauge Capture) (Version: 1.0.31351 - Hauppauge Computer Works)
Hauppauge Device Central (HKLM-x32\...\Hauppauge Device Central) (Version: 1.3.31349 - Hauppauge Computer Works, Inc.)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Intel® Network Connections 17.0.200.2 (HKLM\...\PROSetDX) (Version: 17.0.200.2 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
iTunes (HKLM\...\{F73A118B-8271-47E2-8790-0C636B2539C5}) (Version: 11.1.0.126 - Apple Inc.)
K-Lite Mega Codec Pack 9.8.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.8.5 - )
Launchy 2.6 Beta 2 (HKLM-x32\...\Launchy_21344213_is1) (Version:  - Code Jelly)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mumble 1.2.4 (HKLM-x32\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig)
Mumble 1.3.0 (HKLM\...\{3FB8F110-4369-4FAA-958D-AE6D05C0E716}) (Version: 1.3.0 - The Mumble team)
NAOS8200 Software (HKLM-x32\...\{70477FFB-B4EB-4BC1-A9E2-378F7F7FD5D3}) (Version: 1.01 - Mionix)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Oracle VM VirtualBox 4.3.20 (HKLM\...\{DD8F7A7A-852F-4648-8A73-B8FC1DF5F082}) (Version: 4.3.20 - Oracle Corporation)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PeaZip 4.9.1 (WIN64) (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version:  - Giorgio Tani)
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
Razer Banshee Firmware Updater (HKLM-x32\...\{3C517B07-2206-46A9-BD5D-B6B5C4CFA856}) (Version: 3.53.00 - Razer USA Ltd.)
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.66 - Razer Inc)
Razer StarCraft II (HKLM-x32\...\{CA050D8C-770A-41A7-B966-0056456EA27E}) (Version: 1.02.01 - Razer USA Ltd.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.23944 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6570 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
SkinStudio 7 (HKLM-x32\...\SkinStudio 7) (Version: 7.30 - Stardock Corporation)
SkinStudio 7 (x32 Version: 7.30 - Stardock Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smart Technology Programming Software 7.0.27.13 (HKLM\...\{BD90BC1C-115D-47E1-B85C-07AE182C3AB8}) (Version: 7.0.27.13 - Mad Catz)
Sound Blaster Tactic(3D) (HKLM-x32\...\{92000C16-939B-44CA-802F-0D552019D7C8}) (Version: 1.0 - Creative Technology Limited)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Stardock IconPackager (HKLM-x32\...\Stardock IconPackager) (Version: 5.10 - Stardock Software, Inc.)
Start Killer (HKLM\...\{D43908B1-76F6-42FB-B97D-0F4694769ACF}) (Version: 3.2 - Tordex)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer)
WindowBlinds (HKLM-x32\...\WindowBlinds) (Version: 7.41.1 - Stardock Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
XSplit Gamecaster (HKLM-x32\...\{260A5533-07F4-4B35-A73E-BF90127BDEC4}) (Version: 2.1.1412.1616 - SplitmediaLabs)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

06-01-2015 20:16:11 Installed Mumble 1.3.0
09-01-2015 09:44:41 Windows Update
13-01-2015 04:42:54 Windows Update
15-01-2015 03:00:10 Windows Update
18-01-2015 04:53:42 Windows Update
19-01-2015 21:23:32 Installed Mumble 1.3.0
21-01-2015 06:29:19 Windows Update
24-01-2015 21:58:26 Windows Update
28-01-2015 06:11:01 Windows Update
29-01-2015 14:39:05 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0E4E43D6-D8A0-458C-8B98-57A90367A978} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-23] (Google Inc.)
Task: {183A3AE4-D511-4749-B99F-6AA89271582A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {2C5D21B3-2066-4A85-AE1E-BF788FFB650D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {491AB193-EFCF-4215-A77C-73696227F4E3} - System32\Tasks\{36907AC3-FC07-4AF7-B2BE-4BF5BD979054} => Chrome.exe http://ui.skype.com/ui/0/6.21.0.104/en/go/help.faq.installer?source=lightinstaller&amp;LastError=1603
Task: {8933DCDB-D781-4CA7-A4CB-348CE6EF9D07} - System32\Tasks\{BAD98770-44F2-430D-AE44-9265C80C2369} => Chrome.exe http://ui.skype.com/ui/0/6.21.0.104/en/go/help.faq.installer?source=lightinstaller&amp;LastError=1603
Task: {9116851D-E4AD-4FD4-AC95-EA47D4CE8003} - System32\Tasks\{746AF632-79DA-4725-92E4-5BD509E6A0B1} => Chrome.exe http://ui.skype.com/ui/0/6.21.0.104/en/go/help.faq.installer?source=lightinstaller&amp;LastError=1603
Task: {97261FA2-65B0-4742-91EB-01D65A21A37A} - System32\Tasks\PCEAC66WLANMGR => C:\Program Files (x86)\ASUS\PCE-AC66 WLAN Card Utilities\WlanMgr.exe [2013-01-24] (ASUS)
Task: {A47218C9-3216-4A3C-9415-58FA334DE0C4} - System32\Tasks\{F4EB4A7C-F1E6-4409-AB8F-F891286D9AAA} => Chrome.exe http://ui.skype.com/ui/0/6.21.59.104/en/go/help.faq.installer?LastError=1603
Task: {BD1389D1-1D92-40D7-8AE2-98174A6E17E9} - System32\Tasks\{BB8CAFFA-165E-4A30-86A7-189485374D3E} => Chrome.exe http://ui.skype.com/ui/0/6.21.59.104/en/go/help.faq.installer?LastError=1603
Task: {C50B1FBE-E06C-42A6-AE07-B62B3ECCF09D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-29] (Adobe Systems Incorporated)
Task: {C533C32B-77C5-406D-A65C-E7DFB13810DB} - System32\Tasks\{86A1A9DA-0E7D-46C5-8604-955F6A130E46} => Chrome.exe http://ui.skype.com/ui/0/6.21.0.104/en/go/help.faq.installer?source=lightinstaller&amp;LastError=1603
Task: {CA2CAFA9-3956-4DD8-BEF2-6F9FAB004C20} - System32\Tasks\{FC324BB6-579F-4439-8BC4-F8C2FF3CC53E} => Chrome.exe http://ui.skype.com/ui/0/6.21.0.104/en/go/help.faq.installer?source=lightinstaller&amp;LastError=1603
Task: {E7F59691-5D04-4689-8FFF-A3AAB52F79F9} - System32\Tasks\Amazon Music Helper => D:\Users\Kristian\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
Task: {F92C91AA-C209-4CE1-92DE-E4E9617ED20E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-23] (Google Inc.)
Task: {FF43A2B5-49CB-4ADF-87E8-05982BEADB32} - System32\Tasks\{958C21AD-0E50-403D-B3DB-0B889BD7402F} => Chrome.exe http://ui.skype.com/ui/0/6.20.0.104/en/go/help.faq.installer?LastError=1603
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-06-18 20:39 - 2011-09-29 11:09 - 00100656 _____ () C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\wbvista.exe
2013-04-23 18:59 - 2014-12-13 00:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-01-17 10:24 - 2012-01-17 10:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe
2014-12-09 14:22 - 2014-12-09 14:22 - 00186048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2405145446-109688287-2398137518-500 - Administrator - Disabled)
Guest (S-1-5-21-2405145446-109688287-2398137518-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2405145446-109688287-2398137518-1002 - Limited - Enabled)
Kristian (S-1-5-21-2405145446-109688287-2398137518-1000 - Administrator - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/29/2015 03:04:01 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: OverKill-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

 DETAIL - Access is denied.

Error: (01/29/2015 03:04:01 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: OverKill-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

 DETAIL - Access is denied.

Error: (01/29/2015 02:39:05 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2405145446-109688287-2398137518-1000.bak).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {21568e78-2334-406c-8c37-290a9a4a7f16}

Error: (01/29/2015 02:28:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/29/2015 02:27:23 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: OverKill-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

 DETAIL - Access is denied.

Error: (01/29/2015 02:27:23 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: OverKill-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

 DETAIL - The system cannot find the path specified.

Error: (01/29/2015 02:27:23 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1501) (User: OverKill-PC)
Description: Windows cannot create a temporary profile directory. This problem may be caused by insufficient security rights.

 DETAIL - The system cannot find the path specified.

Error: (01/29/2015 02:27:23 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: OverKill-PC)
Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.

Error: (01/29/2015 02:11:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 39.0.2171.99, time stamp: 0x54aef409
Faulting module name: chrome.dll, version: 39.0.2171.99, time stamp: 0x54aef01a
Exception code: 0x80000003
Fault offset: 0x0051f7f8
Faulting process id: 0x5bc
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (01/29/2015 02:11:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/29/2015 03:04:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BCM42RLY service failed to start due to the following error:
%%2

Error: (01/29/2015 03:04:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BCM42RLY service failed to start due to the following error:
%%2

Error: (01/29/2015 03:04:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BCM42RLY service failed to start due to the following error:
%%2

Error: (01/29/2015 03:04:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BCM42RLY service failed to start due to the following error:
%%2

Error: (01/29/2015 03:04:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BCM42RLY service failed to start due to the following error:
%%2

Error: (01/29/2015 03:04:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BCM42RLY service failed to start due to the following error:
%%2

Error: (01/29/2015 03:04:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BCM42RLY service failed to start due to the following error:
%%2

Error: (01/29/2015 03:03:57 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (01/29/2015 03:03:54 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 22) (User: NT AUTHORITY)
Description: The event logging service encountered an error while initializing publishing resources for channel Security. If channel type is Analytic or Debug, then this could mean there was an error initializing logging resources as well.

Error: (01/29/2015 03:03:54 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 22) (User: NT AUTHORITY)
Description: The event logging service encountered an error while initializing publishing resources for channel Security. If channel type is Analytic or Debug, then this could mean there was an error initializing logging resources as well.


Microsoft Office Sessions:
=========================
Error: (01/29/2015 03:04:01 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: OverKill-PC)
Description: Access is denied.

Error: (01/29/2015 03:04:01 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: OverKill-PC)
Description: Access is denied.

Error: (01/29/2015 02:39:05 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-2405145446-109688287-2398137518-1000.bak)0x80070539, The security ID structure is invalid.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {21568e78-2334-406c-8c37-290a9a4a7f16}

Error: (01/29/2015 02:28:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/29/2015 02:27:23 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: OverKill-PC)
Description: Access is denied.

Error: (01/29/2015 02:27:23 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: OverKill-PC)
Description: The system cannot find the path specified.

Error: (01/29/2015 02:27:23 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1501) (User: OverKill-PC)
Description: The system cannot find the path specified.

Error: (01/29/2015 02:27:23 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: OverKill-PC)
Description:

Error: (01/29/2015 02:11:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe39.0.2171.9954aef409chrome.dll39.0.2171.9954aef01a800000030051f7f85bc01d03c10802d64f7C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\chrome.dllbddc5137-a803-11e4-a228-08002700c083

Error: (01/29/2015 02:11:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel® Core™ i7-3770K CPU @ 3.50GHz
Percentage of memory in use: 8%
Total physical RAM: 32460.92 MB
Available physical RAM: 29757.67 MB
Total Pagefile: 64920.02 MB
Available Pagefile: 62104.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:465.66 GB) (Free:326.27 GB) NTFS
Drive f: (Fraps) (Fixed) (Total:931.51 GB) (Free:930.99 GB) NTFS
Drive g: (New Volume) (Fixed) (Total:1863.01 GB) (Free:1823.61 GB) NTFS
Drive i: (New Volume) (Fixed) (Total:1863.01 GB) (Free:1862.08 GB) NTFS
Drive j: (USB20FD) (Removable) (Total:30.46 GB) (Free:27.32 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 32043779)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: D26DF444)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 7F8EEEFF)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 7F8EEEFC)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows XP) (Size: 30.5 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=30.5 GB) - (Type=0C)

==================== End Of Log ============================

Attached Files



#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,574 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:32 PM

Posted 02 February 2015 - 04:17 PM

Greetings ingen1234 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please do the following for me.

===================================================

Selecting Previous System Restore Point Windows 7/Vista

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type rstrui and press Enter
  • Patiently wait for the System Restore window to appear
  • Click Next
  • If necessary check Show more restore points to expose the following Restore Point
  • Left click on a restore point dated 24-01-2015 21:58:26 Windows Update
  • Click Next, then Finish
  • Allow your computer to reboot and complete the process
  • Attempt to log on with your normal user name (Kristian?)
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did System Restore run properly?
  • Are you able to log in properly?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,574 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:32 PM

Posted 05 February 2015 - 09:57 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,574 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:32 PM

Posted 07 February 2015 - 08:39 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users