Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Unknown, Occasional Notifiers from Anti-Malware


  • This topic is locked This topic is locked
10 replies to this topic

#1 ski.smitty

ski.smitty

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 02 February 2015 - 04:48 PM

I receive occasional pop ups from Avast about it blocking various virus attempts on my computer. I suspect there is a source deeper in my files generating these issues. I had java installed earlier this month for Skyrim, may have been a source of viruses? I've also found some strange log files popping up in my users/temp/roaming file that started this month (possibly from Office 2015?) and an app removal program detected a cloud drive program I definitely hadn't installed myself (yikes...what was this uploading?). Computer is relatively brand new, only operational since around Jan 1.

 

As always, the bleepingcomputer team's help is greatly appreciated. Attached is the Addition.txt.

Attached Files



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,032 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:07 AM

Posted 03 February 2015 - 11:26 AM

Hey, :)

What's with the main FRST Log?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 ski.smitty

ski.smitty
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 07 February 2015 - 01:09 AM

Oops, here it is! Spybot picks up about 10-13 items after every restart too, so definitely bugged :(.

Attached Files



#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,032 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:07 AM

Posted 07 February 2015 - 08:21 AM

Can you please post the log directly into the thread rather than attaching it? :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 ski.smitty

ski.smitty
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 07 February 2015 - 04:21 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by marsh (administrator) on MARSH-PC on 02-02-2015 13:39:07
Running from C:\Users\marsh\Downloads
Loaded Profiles: marsh (Available profiles: marsh)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(OPSWAT, Inc.) C:\Users\marsh\Downloads\AppRemover.exe
(OPSWAT, Inc.) C:\Users\marsh\AppData\Local\Temp\RarSFX0\appRemoverCore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7636696 2014-08-21] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-15] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [293872 2014-08-25] (Intel Corporation)
HKLM-x32\...\Run: [ROCCAT Savu Gaming Mouse] => C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe [872048 2012-09-10] (ROCCAT GmbH)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software)
HKLM-x32\...\RunOnce: [AppRemover Feedback] => explorer http://www.appremover.com/feedback
HKU\S-1-5-21-2745012454-68211438-2658042549-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-01-04] (Glarysoft Ltd)
HKU\S-1-5-21-2745012454-68211438-2658042549-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk *  

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2745012454-68211438-2658042549-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\marsh\AppData\Roaming\Mozilla\Firefox\Profiles\m52gx14y.default
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: Adblock Plus Pop-up Addon - C:\Users\marsh\AppData\Roaming\Mozilla\Firefox\Profiles\m52gx14y.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-12-16]
FF Extension: MEGA - C:\Users\marsh\AppData\Roaming\Mozilla\Firefox\Profiles\m52gx14y.default\Extensions\firefox@mega.co.nz.xpi [2015-01-19]
FF Extension: Adblock Plus - C:\Users\marsh\AppData\Roaming\Mozilla\Firefox\Profiles\m52gx14y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-20]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-13]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-12-13]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-04-24] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-13] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-15] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-15] (NVIDIA Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-13] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-13] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-13] ()
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [487704 2014-03-14] (Intel Corporation)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-12-08] (Glarysoft Ltd)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-12] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-02 13:39 - 2015-02-02 13:39 - 00011124 _____ () C:\Users\marsh\Downloads\FRST.txt
2015-02-02 13:38 - 2015-02-02 13:39 - 00000000 ____D () C:\FRST
2015-02-02 13:38 - 2015-02-02 13:38 - 02131456 _____ (Farbar) C:\Users\marsh\Downloads\FRST64.exe
2015-02-02 13:36 - 2015-02-02 13:36 - 11961808 _____ (OPSWAT, Inc.) C:\Users\marsh\Downloads\AppRemover.exe
2015-02-02 13:33 - 2015-02-02 13:33 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-02-02 13:33 - 2015-02-02 13:33 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-02 13:33 - 2015-02-02 13:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-02 13:33 - 2015-02-02 13:33 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-02 13:32 - 2015-02-02 13:32 - 05325208 _____ (Piriform Ltd) C:\Users\marsh\Downloads\ccsetup502.exe
2015-02-01 18:33 - 2015-02-01 18:33 - 00000000 ____D () C:\Program Files (x86)\Microsoft XNA
2015-02-01 17:42 - 2015-02-01 17:42 - 00002748 _____ () C:\Users\marsh\Desktop\Rage of dark Gods.lnk
2015-02-01 12:51 - 2015-02-01 13:03 - 677372161 _____ () C:\Users\marsh\Downloads\Merc+3.3.rar
2015-02-01 03:07 - 2015-02-01 03:38 - 01632083 _____ () C:\Users\marsh\Downloads\CoW_1_5_1_English_Translation_with_fix_menu.rar
2015-01-31 21:43 - 2015-01-31 23:24 - 00000000 ____D () C:\Users\marsh\Documents\StarCraft II
2015-01-31 21:43 - 2015-01-31 22:12 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2015-01-31 21:43 - 2015-01-31 21:43 - 00001091 _____ () C:\Users\Public\Desktop\StarCraft II.lnk
2015-01-31 21:43 - 2015-01-31 21:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2015-01-31 21:40 - 2015-02-01 22:22 - 00000000 ____D () C:\Users\marsh\AppData\Local\Battle.net
2015-01-31 21:40 - 2015-01-31 21:43 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2015-01-31 21:40 - 2015-01-31 21:42 - 00000000 ____D () C:\Users\marsh\AppData\Roaming\Battle.net
2015-01-31 21:40 - 2015-01-31 21:40 - 00000000 ____D () C:\Users\marsh\AppData\Local\Blizzard Entertainment
2015-01-31 21:40 - 2015-01-31 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2015-01-31 21:40 - 2015-01-31 21:40 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-01-31 21:39 - 2015-01-31 21:39 - 03227560 _____ (Blizzard Entertainment) C:\Users\marsh\Downloads\StarCraft-II-Setup-enUS.exe
2015-01-31 21:39 - 2015-01-31 21:39 - 00000000 ____D () C:\ProgramData\Battle.net
2015-01-31 18:17 - 2015-01-31 18:18 - 180256626 _____ () C:\Users\marsh\Downloads\Titanium_Alpha_v0.81.7z
2015-01-31 18:17 - 2015-01-31 18:17 - 39302080 _____ () C:\Users\marsh\Downloads\Titanium_Alpha_0.82_patch.7z
2015-01-31 18:17 - 2015-01-31 18:17 - 00044768 _____ () C:\Users\marsh\Downloads\Titanium_0.82_strings.bin.rar
2015-01-31 18:13 - 2015-01-31 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broken Crescent
2015-01-31 18:08 - 2015-01-31 18:08 - 00472333 _____ () C:\Users\marsh\Downloads\Update12032013.rar
2015-01-30 15:44 - 2015-01-30 15:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-30 02:13 - 2015-01-30 02:13 - 00001629 _____ () C:\Users\marsh\Desktop\Europa Barbarorum II (for Steam users - using launcher).lnk
2015-01-30 01:43 - 2015-02-01 15:37 - 00000000 ____D () C:\Users\marsh\Desktop\Total War Files
2015-01-29 21:11 - 2015-01-29 21:11 - 00014518 _____ () C:\Users\marsh\Downloads\CAI PiterAIEB21.2.rar
2015-01-29 21:11 - 2015-01-29 21:11 - 00007431 _____ () C:\Users\marsh\Downloads\PiterAIEB2ver.1.3.rar
2015-01-29 21:10 - 2015-01-29 21:11 - 84711184 _____ () C:\Users\marsh\Downloads\Vegetation and Sounds EB 2.01.rar
2015-01-29 21:10 - 2015-01-29 21:10 - 22152080 _____ () C:\Users\marsh\Downloads\Europa Barbarorum Mod Pack for EB 2.01 by b0Gia v4.1.rar
2015-01-29 19:18 - 2015-01-29 19:19 - 00000023 _____ () C:\Users\marsh\Desktop\Starbound RP Info.txt
2015-01-29 16:12 - 2015-01-29 16:14 - 663318423 _____ () C:\Users\marsh\Downloads\Warsword_Conquest_Beta-5890-Beta.rar
2015-01-28 00:42 - 2015-01-28 00:42 - 00000000 _____ () C:\Users\marsh\Desktop\New Text Document.txt
2015-01-26 22:33 - 2015-01-26 23:16 - 1036972113 _____ () C:\Users\marsh\Downloads\MelsPerisno_0.73.7z
2015-01-23 16:02 - 2015-01-09 14:27 - 00621200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-01-23 16:01 - 2015-01-12 20:15 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 32102544 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 25459856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 24765584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 20465296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 17250776 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 13295552 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 13210248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 10774544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 10714488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 10274448 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-01-23 16:01 - 2015-01-10 00:07 - 03607184 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 03245712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434725.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 01556808 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434725.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 00994712 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 00969360 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 00942736 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 00929424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 00906384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 00877488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 00496456 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 00399688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 00353040 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 00345744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 00305320 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-01-23 02:45 - 2015-01-23 02:45 - 00000000 ____D () C:\Users\marsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Third_Age_3
2015-01-23 02:07 - 2015-01-23 02:07 - 00000000 ____D () C:\Users\marsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Third Age - Total War 3.0 (Part 1of2)
2015-01-23 00:43 - 2015-01-23 00:43 - 00000000 ____D () C:\Users\marsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chivalry II - The Sicilian Vespers 3.3 (HotFix2)
2015-01-23 00:42 - 2015-01-23 00:42 - 00000000 ____D () C:\Users\marsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chivalry II - The Sicilian Vespers 3.3
2015-01-23 00:39 - 2015-01-23 00:39 - 00000000 ____D () C:\Users\marsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chivalry II - The Sicilian Vespers 3.0
2015-01-19 17:26 - 2015-01-31 18:10 - 00001677 _____ () C:\Users\Public\Desktop\Stainless Steel 6.4.lnk
2015-01-19 11:20 - 2015-01-19 11:20 - 00041984 _____ (Lee 'FordGT90Concept' Glasser) C:\Users\marsh\Desktop\Large Address Aware.exe
2015-01-19 11:19 - 2015-01-19 11:19 - 00000000 ____D () C:\Users\marsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\De Bello Mundi v1.0
2015-01-18 23:10 - 2015-01-18 23:10 - 00000000 ____D () C:\Users\marsh\AppData\Local\gtk-2.0
2015-01-18 23:08 - 2015-01-18 23:09 - 00000000 ____D () C:\Users\marsh\.gimp-2.8
2015-01-18 23:08 - 2015-01-18 23:08 - 00000000 ____D () C:\Users\marsh\AppData\Local\gegl-0.2
2015-01-18 23:00 - 2015-01-18 23:00 - 00000894 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2015-01-18 23:00 - 2015-01-18 23:00 - 00000000 ____D () C:\Program Files\GIMP 2
2015-01-13 12:45 - 2014-12-11 21:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 12:45 - 2014-12-11 21:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 12:45 - 2014-12-11 21:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 12:45 - 2014-12-11 21:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 12:45 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 12:45 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 12:45 - 2014-12-11 21:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 12:25 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 12:25 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 12:25 - 2014-12-11 09:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 12:25 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 12:25 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 12:25 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-11 04:03 - 2015-01-31 18:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stainless Steel
2015-01-11 03:53 - 2015-01-11 03:57 - 628097024 _____ () C:\Users\marsh\Downloads\SS6.3-3.bin
2015-01-11 03:53 - 2015-01-11 03:56 - 628097024 _____ () C:\Users\marsh\Downloads\SS6.3-4.bin
2015-01-11 03:53 - 2015-01-11 03:56 - 628097024 _____ () C:\Users\marsh\Downloads\SS6.3-2.bin
2015-01-11 03:53 - 2015-01-11 03:55 - 167307798 _____ (gracul ) C:\Users\marsh\Downloads\SS6.4.exe
2015-01-11 03:53 - 2015-01-11 03:54 - 69296497 _____ () C:\Users\marsh\Downloads\SS6.3-5.bin
2015-01-11 03:53 - 2015-01-11 03:53 - 03004871 _____ (gracul ) C:\Users\marsh\Downloads\SS6.3.exe
2015-01-11 03:52 - 2015-01-11 03:56 - 625092096 _____ () C:\Users\marsh\Downloads\SS6.3-1.bin
2015-01-09 17:25 - 2015-01-09 17:25 - 00000000 ____D () C:\Users\marsh\AppData\Local\M2TWLauncher
2015-01-09 17:22 - 2015-01-30 02:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Europa Barbarorum II
2015-01-09 16:12 - 2015-01-09 16:12 - 00000000 ____D () C:\Users\marsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IB2 Conqvestvs Britanniae III
2015-01-08 20:32 - 2015-01-08 20:32 - 00002174 _____ () C:\Users\marsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-01-08 20:32 - 2015-01-08 20:32 - 00002100 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-01-08 20:32 - 2015-01-08 20:32 - 00002100 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-01-08 20:32 - 2015-01-08 20:32 - 00000000 ___RD () C:\Users\marsh\OneDrive
2015-01-08 20:32 - 2015-01-08 20:32 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2015-01-08 20:32 - 2015-01-08 20:32 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
2015-01-08 20:27 - 2015-01-08 20:27 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-01-08 20:27 - 2015-01-08 20:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-01-08 20:26 - 2015-01-08 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-01-08 20:25 - 2015-01-08 20:25 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-01-08 01:45 - 2015-01-08 01:45 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-05 17:27 - 2015-01-05 17:30 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-05 17:26 - 2015-01-05 17:30 - 00000000 ____D () C:\Users\marsh\Desktop\mbar
2015-01-04 16:30 - 2015-01-29 16:15 - 00000000 ____D () C:\Users\marsh\Documents\Mount&Blade Warband Savegames
2015-01-04 16:29 - 2015-01-04 16:39 - 00000000 ____D () C:\Users\marsh\Documents\Mount&Blade Warband
2015-01-04 16:17 - 2014-11-10 17:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-01-04 16:17 - 2014-11-07 19:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-01-04 16:17 - 2014-11-07 18:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-01-04 16:17 - 2014-10-29 18:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-01-04 16:17 - 2014-10-29 17:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-01-04 16:17 - 2014-10-17 18:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-01-04 16:17 - 2014-10-17 17:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-01-04 16:17 - 2014-10-02 18:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-01-04 16:17 - 2014-10-02 18:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-01-04 16:17 - 2014-10-02 18:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-01-04 16:17 - 2014-10-02 18:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-01-04 16:17 - 2014-10-02 18:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-01-04 16:17 - 2014-10-02 17:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-01-04 16:17 - 2014-10-02 17:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-01-04 16:17 - 2014-10-02 17:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-01-04 16:17 - 2014-10-02 17:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-01-04 16:17 - 2014-10-02 17:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-01-04 16:17 - 2014-09-04 18:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-01-04 16:17 - 2014-09-04 17:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-01-04 16:17 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2015-01-04 16:17 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2015-01-04 16:17 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2015-01-04 16:17 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2015-01-04 16:17 - 2014-07-08 18:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2015-01-04 16:17 - 2014-07-08 17:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2015-01-04 16:17 - 2014-07-08 17:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2015-01-04 16:17 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2015-01-04 16:17 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2015-01-04 16:17 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2015-01-04 16:17 - 2014-07-08 14:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2015-01-04 16:17 - 2014-07-08 14:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2015-01-04 16:17 - 2014-07-06 18:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-01-04 16:17 - 2014-07-06 18:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-01-04 16:17 - 2014-07-06 18:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-01-04 16:17 - 2014-07-06 18:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-01-04 16:17 - 2014-07-06 17:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-01-04 16:17 - 2014-07-06 17:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-01-04 16:17 - 2014-07-06 17:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-01-04 16:17 - 2014-07-06 17:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-01-04 16:17 - 2014-06-26 18:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-01-04 16:17 - 2014-06-26 17:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-01-04 16:17 - 2014-06-23 19:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-01-04 16:17 - 2014-06-23 18:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-01-04 16:17 - 2013-11-23 10:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-01-04 16:17 - 2013-11-23 09:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-01-04 16:17 - 2011-03-10 22:41 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2015-01-04 16:17 - 2011-03-10 22:41 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2015-01-04 16:17 - 2011-03-10 22:41 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2015-01-04 16:17 - 2011-03-10 22:41 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2015-01-04 16:17 - 2011-03-10 22:41 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2015-01-04 16:17 - 2011-03-10 22:33 - 02565632 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2015-01-04 16:17 - 2011-03-10 22:30 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2015-01-04 16:17 - 2011-03-10 21:33 - 01699328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2015-01-04 16:17 - 2011-03-10 21:31 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2015-01-04 16:17 - 2011-03-10 20:37 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2015-01-04 16:17 - 2011-02-24 22:19 - 02871808 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-01-04 16:17 - 2011-02-24 21:30 - 02616320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-01-04 16:16 - 2012-02-10 22:36 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2015-01-04 16:16 - 2012-02-10 22:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\splwow64.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-02 13:33 - 2014-12-09 17:12 - 00000000 ____D () C:\Users\marsh\AppData\Roaming\TS3Client
2015-02-02 13:33 - 2014-12-07 22:54 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-02 13:33 - 2014-12-07 10:03 - 00000000 ____D () C:\Windows\Panther
2015-02-02 11:14 - 2014-12-29 22:38 - 01260027 ____N () C:\Windows\WindowsUpdate.log
2015-02-02 07:36 - 2009-07-13 20:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-02 07:36 - 2009-07-13 20:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-01 18:34 - 2014-12-09 17:00 - 00000000 ____D () C:\Users\marsh\Documents\My Games
2015-02-01 12:16 - 2009-07-13 21:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-01 12:12 - 2014-12-08 13:11 - 00000332 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2015-02-01 12:11 - 2014-12-08 13:11 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2015-02-01 12:10 - 2014-12-07 22:47 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-01 12:10 - 2014-12-07 22:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-01 12:10 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-29 23:27 - 2014-12-14 00:52 - 00000000 ____D () C:\Users\marsh\AppData\Roaming\vlc
2015-01-29 19:20 - 2014-12-13 18:10 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-29 19:20 - 2014-12-13 18:10 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-29 19:20 - 2014-12-08 00:42 - 00000000 ____D () C:\Users\marsh\AppData\Local\Adobe
2015-01-29 13:24 - 2014-12-13 18:08 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-28 00:59 - 2014-12-08 16:22 - 00000000 ____D () C:\Users\marsh\AppData\Local\SR22.1.7
2015-01-25 22:05 - 2014-12-09 17:00 - 00000000 ____D () C:\Users\marsh\AppData\Local\Skyrim
2015-01-23 16:02 - 2014-12-07 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-01-23 02:58 - 2014-12-10 12:01 - 00000934 _____ () C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2015-01-22 16:19 - 2014-12-10 12:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2015-01-22 16:19 - 2014-12-10 12:01 - 00000000 ____D () C:\Program Files\Nexus Mod Manager
2015-01-22 16:16 - 2014-12-07 22:22 - 00774592 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-18 23:08 - 2014-12-07 21:34 - 00000000 ____D () C:\Users\marsh
2015-01-15 22:41 - 2014-12-07 22:35 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-01-15 22:41 - 2014-12-07 22:35 - 01514528 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-01-15 22:41 - 2014-12-07 22:35 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-01-15 22:41 - 2014-12-07 22:35 - 01278920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-01-14 15:50 - 2014-12-09 17:00 - 00000000 ____D () C:\Users\marsh\Documents\Nexus Mod Manager
2015-01-14 01:43 - 2014-12-07 23:17 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 01:42 - 2014-12-07 23:17 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 22:30 - 2014-12-10 12:22 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-12 20:55 - 2014-12-13 18:06 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-10 00:07 - 2014-12-29 11:36 - 16009120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-01-10 00:07 - 2014-12-29 11:36 - 02902456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-01-10 00:07 - 2014-12-07 22:47 - 18566296 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-01-10 00:07 - 2014-12-07 22:47 - 14115944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-01-10 00:07 - 2014-12-07 22:47 - 03298816 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-01-10 00:07 - 2014-12-07 22:47 - 00073872 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-01-10 00:07 - 2014-12-07 22:47 - 00060744 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-01-10 00:07 - 2014-12-07 22:47 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-01-09 15:30 - 2014-12-07 22:47 - 06860432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-01-09 15:30 - 2014-12-07 22:47 - 03517256 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-01-09 15:29 - 2014-12-07 22:47 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-01-09 15:29 - 2014-12-07 22:47 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-01-09 15:29 - 2014-12-07 22:47 - 00385352 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-01-09 15:29 - 2014-12-07 22:47 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-01-09 11:47 - 2014-12-07 22:47 - 04173527 _____ () C:\Windows\system32\nvcoproc.bin
2015-01-09 01:44 - 2014-12-08 18:16 - 00070872 _____ () C:\Users\marsh\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-08 22:39 - 2009-07-13 20:45 - 00329064 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-08 20:33 - 2014-12-13 18:06 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-08 20:27 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-06 16:25 - 2014-12-08 13:11 - 00002628 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
2015-01-06 16:25 - 2014-12-08 13:11 - 00001092 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2015-01-06 16:25 - 2014-12-08 13:11 - 00001080 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2015-01-06 04:36 - 2010-11-20 19:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 17:37 - 2014-12-07 22:28 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-05 17:37 - 2014-12-07 22:28 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-05 08:38 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2015-01-04 16:47 - 2014-12-10 13:14 - 00001451 _____ () C:\Users\marsh\Desktop\Warband Battle Sizer.lnk
2015-01-04 16:32 - 2014-12-16 03:23 - 00000000 ___HD () C:\Windows\msdownld.tmp
2015-01-04 16:32 - 2014-12-16 03:23 - 00000000 ____D () C:\Windows\SysWOW64\directx

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 05:00

==================== End Of Log ============================

 

 

Here is the Addition.txt:

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by marsh at 2015-02-02 13:39:19
Running from C:\Users\marsh\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2745012454-68211438-2658042549-1000\...\uTorrent) (Version: 3.4.2.36802 - BitTorrent Inc.)
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Broken Crescent version 2.3 (HKLM-x32\...\{B5E6D105-DFB4-46B4-88BF-9DC52686DBE7}_is1) (Version: 2.3 - Broken Crescent team)
Broken Crescent version 2.3 (HKLM-x32\...\{C41F1ACF-6424-4AF9-BCDE-926BC8E93840}_is1) (Version: 2.3 - Broken Crescent team)
Broken Crescent version 2.3 (HKLM-x32\...\{D0549B3F-23A2-478B-8DAA-C67095448447}_is1) (Version: 2.3 - Broken Crescent team)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
EB II 2.0 (HKLM-x32\...\{F9D83333-7E36-4964-877F-E058E512B9BF}_is1) (Version: 2.0 - The Europa Barbarorum Team)
Europa Universalis IV (HKLM-x32\...\Steam App 236850) (Version:  - Paradox Development Studio)
Far Cry 4 (HKLM-x32\...\Uplay Install 420) (Version:  - Ubisoft)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Glary Utilities 5.16 (HKLM-x32\...\Glary Utilities 5) (Version: 5.16.0.29 - Glarysoft Ltd)
Intel® Chipset Device Software (x32 Version: 10.0.20 - Intel® Corporation) Hidden
Intel® Network Connections 19.1.51.0 (HKLM\...\PROSetDX) (Version: 19.1.51.0 - Intel)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.1.41 - Intel Corporation)
LOOT (HKLM-x32\...\LOOT) (Version: 0.6.0 - LOOT Development Team)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Medieval II: Total War (HKLM-x32\...\Steam App 4700) (Version:  - The Creative Assembly)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2745012454-68211438-2658042549-1000\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MOS Full Install version 1.6.2 (HKLM-x32\...\{CF78D28A-188D-4EC8-8C61-E9659ADC41FA}_is1) (Version: 1.6.2 - MOS)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version:  - TaleWorlds Entertainment)
Mozilla Firefox 36.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0 (x86 en-US)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.53.2 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.25 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.25 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Prison Architect (HKLM-x32\...\Steam App 233450) (Version:  - Introversion Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7326 - Realtek Semiconductor Corp.)
Savu Mouse (HKLM-x32\...\{6F4B8EA6-4546-4160-A05F-0706F7DC1EFF}) (Version: 1.1.9 - ROCCAT GmbH)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Sonic Radar II (HKLM\...\{203BCA8D-BC00-4DD5-85DF-2F84DB803B57}) (Version: 2.1.701 - ASUSTeKcomputer.Inc)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Forest (HKLM-x32\...\Steam App 242760) (Version:  - Endnight Games Ltd)
Uplay (HKLM-x32\...\Uplay) (Version: 4.9 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 0.3.0.5 - Wrye & Wrye Bash Development Team)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2745012454-68211438-2658042549-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\marsh\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2745012454-68211438-2658042549-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\marsh\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2745012454-68211438-2658042549-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\marsh\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2745012454-68211438-2658042549-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\marsh\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2745012454-68211438-2658042549-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\marsh\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

29-01-2015 18:30:54 Windows Update
01-02-2015 18:33:19 Installed Microsoft XNA Framework Redistributable 4.0

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0EF571A5-BFE6-443D-BD96-1970050F3B75} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-13] (AVAST Software)
Task: {22E21E9F-C1FD-44A1-BFA6-91E604A71587} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {388C4DFC-AD7B-4459-89DB-688CAC395AD1} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {640A5704-0F4F-4669-8C8D-B9F91BE78781} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2015-01-04] (Glarysoft Ltd)
Task: {66EF0D01-C27F-4132-B586-765F50A12E14} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {7EEFA3AA-F326-4938-95A2-F1C8CF8B5263} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {961CE024-9EE8-4FC7-9973-61801C6C84BE} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-01-04] (Glarysoft Ltd)
Task: {AECE7AA8-5897-421A-965D-9EE501FD4531} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {C56F8D83-D9F5-43AB-8A1C-C2286F943B21} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {D1BCF303-A209-4D69-BB19-EA928ECFDB82} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {E2B3BCBF-B792-4D87-9092-C10AE33232B1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {F318454A-C6FE-464F-8F02-93DED0CD1C05} - System32\Tasks\{99B889EF-BE52-4FB9-9BFB-D892BACD6CC9} => pcalua.exe -a "C:\Users\marsh\Downloads\Post Process Injector 2_1 Installer-131-2-1.exe" -d C:\Users\marsh\Downloads
Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe

==================== Loaded Modules (whitelisted) =============

2014-12-07 22:47 - 2015-01-09 15:29 - 00117392 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-12-07 22:21 - 2014-01-28 11:16 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2014-12-07 22:21 - 2014-04-24 14:29 - 01360016 _____ () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
2015-01-08 20:25 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-01-08 20:27 - 2015-01-08 20:27 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-12-07 22:22 - 2013-06-21 11:01 - 00109848 _____ () C:\Windows\system32\AcpiServiceVnA64.dll
2014-12-07 22:22 - 2014-05-22 16:24 - 00096568 _____ () C:\Windows\system32\audioLibVc.dll
2015-02-01 03:10 - 2015-02-01 03:10 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15020100\algo.dll
2015-02-01 12:11 - 2015-02-01 12:11 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15020101\algo.dll
2015-02-02 11:33 - 2015-02-02 11:33 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15020201\algo.dll
2014-12-07 22:21 - 2015-02-01 12:10 - 00043664 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2014-12-07 22:21 - 2014-01-28 11:16 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2014-12-13 18:08 - 2014-12-13 18:08 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-12-07 22:59 - 2014-12-01 13:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-12-07 22:59 - 2014-12-01 13:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-12-07 22:59 - 2014-12-01 13:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-12-07 22:59 - 2014-12-01 13:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-12-07 22:59 - 2014-11-11 10:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-19 15:31 - 2014-12-01 16:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-19 15:31 - 2014-12-01 16:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-19 15:31 - 2014-12-01 16:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-12-07 22:59 - 2015-01-23 14:34 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll
2014-12-07 22:59 - 2014-12-01 13:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2014-12-07 22:59 - 2015-01-23 14:33 - 00696512 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-12-07 22:59 - 2015-01-15 15:42 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-12-07 22:59 - 2015-01-15 15:42 - 01709960 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2745012454-68211438-2658042549-500 - Administrator - Disabled)
Guest (S-1-5-21-2745012454-68211438-2658042549-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2745012454-68211438-2658042549-1002 - Limited - Enabled)
marsh (S-1-5-21-2745012454-68211438-2658042549-1000 - Administrator - Enabled) => C:\Users\marsh

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/01/2015 00:10:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/31/2015 05:08:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: eu4.exe, version: 1.0.0.0, time stamp: 0x5489a604
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x41570000
Faulting process id: 0x24e8
Faulting application start time: 0xeu4.exe0
Faulting application path: eu4.exe1
Faulting module path: eu4.exe2
Report Id: eu4.exe3

Error: (01/30/2015 02:55:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/29/2015 11:29:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: starbound.exe, version: 0.9.0.0, time stamp: 0xc0300000
Faulting module name: starbound.exe, version: 0.9.0.0, time stamp: 0xc0300000
Exception code: 0x40000015
Fault offset: 0x00500049
Faulting process id: 0x172c
Faulting application start time: 0xstarbound.exe0
Faulting application path: starbound.exe1
Faulting module path: starbound.exe2
Report Id: starbound.exe3

Error: (01/29/2015 10:51:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program starbound.exe version 0.9.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1274

Start Time: 01d03c5918bde6ae

Termination Time: 12

Application Path: C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe

Report Id: 68dcc27d-a84c-11e4-88e4-54a050e80e75

Error: (01/29/2015 10:50:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program starbound.exe version 0.9.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 94c

Start Time: 01d03c58f6c06255

Termination Time: 13

Application Path: C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe

Report Id: 5084ddcd-a84c-11e4-88e4-54a050e80e75

Error: (01/29/2015 10:47:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/29/2015 01:22:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/29/2015 01:21:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: eu4.exe, version: 1.0.0.0, time stamp: 0x5489a604
Faulting module name: eu4.exe, version: 1.0.0.0, time stamp: 0x5489a604
Exception code: 0xc0000005
Fault offset: 0x008d100c
Faulting process id: 0x1780
Faulting application start time: 0xeu4.exe0
Faulting application path: eu4.exe1
Faulting module path: eu4.exe2
Report Id: eu4.exe3

Error: (01/28/2015 10:03:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: eu4.exe, version: 1.0.0.0, time stamp: 0x5489a604
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x745f7472
Faulting process id: 0xc74
Faulting application start time: 0xeu4.exe0
Faulting application path: eu4.exe1
Faulting module path: eu4.exe2
Report Id: eu4.exe3


System errors:
=============
Error: (01/29/2015 04:13:10 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (01/27/2015 00:27:29 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:25:50 AM on ‎1/‎27/‎2015 was unexpected.

Error: (01/26/2015 09:18:58 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

Error: (01/23/2015 09:48:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (01/23/2015 09:48:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (01/19/2015 05:22:15 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (01/19/2015 03:57:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (01/19/2015 03:57:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (01/14/2015 03:43:07 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:42:16 AM on ‎1/‎14/‎2015 was unexpected.

Error: (01/09/2015 11:38:30 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:03:31 AM on ‎1/‎9/‎2015 was unexpected.


Microsoft Office Sessions:
=========================
Error: (02/01/2015 00:10:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/31/2015 05:08:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: eu4.exe1.0.0.05489a604unknown0.0.0.000000000c00000054157000024e801d03d90e6261fe3C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exeunknownc774a706-a9ae-11e4-bb30-54a050e80e75

Error: (01/30/2015 02:55:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/29/2015 11:29:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: starbound.exe0.9.0.0c0300000starbound.exe0.9.0.0c03000004000001500500049172c01d03c5e6c05ded6C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exeC:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exeac25f390-a851-11e4-88e4-54a050e80e75

Error: (01/29/2015 10:51:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: starbound.exe0.9.0.0127401d03c5918bde6ae12C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe68dcc27d-a84c-11e4-88e4-54a050e80e75

Error: (01/29/2015 10:50:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: starbound.exe0.9.0.094c01d03c58f6c0625513C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe5084ddcd-a84c-11e4-88e4-54a050e80e75

Error: (01/29/2015 10:47:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/29/2015 01:22:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/29/2015 01:21:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: eu4.exe1.0.0.05489a604eu4.exe1.0.0.05489a604c0000005008d100c178001d03b8953e671adC:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exeC:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe2994a4cf-a798-11e4-b06e-54a050e80e75

Error: (01/28/2015 10:03:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: eu4.exe1.0.0.05489a604unknown0.0.0.000000000c0000005745f7472c7401d03b83734bba91C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exeunknown8dab410e-a77c-11e4-b06e-54a050e80e75
 



#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,032 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:07 AM

Posted 07 February 2015 - 04:44 PM

Hey, :)

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 ski.smitty

ski.smitty
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 07 February 2015 - 10:49 PM

# AdwCleaner v4.110 - Logfile created 07/02/2015 at 19:36:11
# Updated 05/02/2015 by Xplode
# Database : 2015-02-05.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : marsh - MARSH-PC
# Running from : C:\Users\marsh\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v35.0.1 (x86 en-US)


-\\ Chromium v


*************************

AdwCleaner[R0].txt - [828 bytes] - [07/02/2015 19:27:54]
AdwCleaner[R1].txt - [886 bytes] - [07/02/2015 19:29:41]
AdwCleaner[R2].txt - [945 bytes] - [07/02/2015 19:35:39]
AdwCleaner[S0].txt - [953 bytes] - [07/02/2015 19:30:29]
AdwCleaner[S1].txt - [873 bytes] - [07/02/2015 19:36:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [931  bytes] ##########
 

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/7/2015
Scan Time: 7:38:44 PM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.08.02
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: marsh

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 324735
Time Elapsed: 3 min, 15 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by marsh on Sat 02/07/2015 at 19:43:27.92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\marsh\AppData\Roaming\mozilla\firefox\profiles\m52gx14y.default\minidumps [4 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 02/07/2015 at 19:48:37.47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2015
Ran by marsh (administrator) on MARSH-PC on 07-02-2015 19:50:40
Running from C:\Users\marsh\Downloads
Loaded Profiles: marsh (Available profiles: marsh)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7636696 2014-08-21] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-15] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [293872 2014-08-25] (Intel Corporation)
HKLM-x32\...\Run: [ROCCAT Savu Gaming Mouse] => C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe [872048 2012-09-10] (ROCCAT GmbH)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5767488 2015-01-16] (IObit)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2745012454-68211438-2658042549-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-02-01] (Glarysoft Ltd)
HKU\S-1-5-21-2745012454-68211438-2658042549-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk *  sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2745012454-68211438-2658042549-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\marsh\AppData\Roaming\Mozilla\Firefox\Profiles\m52gx14y.default
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: Adblock Plus Pop-up Addon - C:\Users\marsh\AppData\Roaming\Mozilla\Firefox\Profiles\m52gx14y.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-12-16]
FF Extension: MEGA - C:\Users\marsh\AppData\Roaming\Mozilla\Firefox\Profiles\m52gx14y.default\Extensions\firefox@mega.co.nz.xpi [2015-01-19]
FF Extension: Adblock Plus - C:\Users\marsh\AppData\Roaming\Mozilla\Firefox\Profiles\m52gx14y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-20]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-13]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-12-13]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-04-24] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-13] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [174112 2015-02-05] (EasyAntiCheat Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-15] (NVIDIA Corporation)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [344864 2015-01-13] (IObit)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2724128 2015-01-16] (IObit)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-15] (NVIDIA Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-13] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-13] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-13] ()
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [487704 2014-03-14] (Intel Corporation)
R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2014-11-10] (IObit)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-12-08] (Glarysoft Ltd)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2014-11-10] (IObit.com)
R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2014-11-10] (IObit.com)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-07 19:50 - 2015-02-07 19:50 - 00000000 ____D () C:\Users\marsh\Downloads\FRST-OlderVersion
2015-02-07 19:48 - 2015-02-07 19:48 - 00000764 _____ () C:\Users\marsh\Desktop\JRT.txt
2015-02-07 19:42 - 2015-02-07 19:42 - 00001054 _____ () C:\Users\marsh\Desktop\MBAM.txt
2015-02-07 19:36 - 2015-02-07 19:36 - 00001010 _____ () C:\Users\marsh\Desktop\AdwCleaner[S1].txt
2015-02-07 19:27 - 2015-02-07 19:36 - 00000000 ____D () C:\AdwCleaner
2015-02-07 19:15 - 2015-02-07 19:36 - 00000504 _____ () C:\Windows\setupact.log
2015-02-07 19:15 - 2015-02-07 19:15 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-07 19:08 - 2015-02-07 19:08 - 01388274 _____ (Thisisu) C:\Users\marsh\Desktop\JRT.exe
2015-02-07 19:07 - 2015-02-07 19:07 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\marsh\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-07 19:07 - 2015-02-07 19:07 - 02112512 _____ () C:\Users\marsh\Desktop\AdwCleaner.exe
2015-02-07 18:47 - 2015-02-07 19:10 - 559924436 _____ () C:\Users\marsh\Downloads\MountBlade_Warband_Ottoman_Scenario.rar
2015-02-07 03:38 - 2015-02-07 13:25 - 00000000 ____D () C:\Windows\Minidump
2015-02-06 22:37 - 2015-02-06 22:37 - 00000000 ____D () C:\Users\marsh\Documents\Banished
2015-02-05 16:29 - 2015-02-05 16:28 - 00174112 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2015-02-04 04:45 - 2015-02-04 04:45 - 00000000 ____D () C:\Users\marsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AGOT
2015-02-04 04:44 - 2015-02-04 04:45 - 228940280 _____ (AGOT TEAM ) C:\Users\marsh\Downloads\CK2-AGOT_setup_0.9.2.exe
2015-02-03 14:05 - 2015-02-03 14:05 - 00003435 _____ () C:\Users\marsh\Desktop\Rage of the Dark Gods.lnk
2015-02-02 23:30 - 2015-02-02 23:30 - 00008176 _____ () C:\Users\marsh\AppData\Local\recently-used.xbel
2015-02-02 22:10 - 2015-02-02 22:10 - 00000136 _____ () C:\Users\marsh\.gtk-bookmarks
2015-02-02 21:52 - 2015-02-02 21:52 - 00000941 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\MinGW Installation Manager.lnk
2015-02-02 21:51 - 2015-02-02 21:57 - 00000000 ____D () C:\MinGW
2015-02-02 21:43 - 2015-02-02 21:43 - 00000894 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2015-02-02 21:43 - 2015-02-02 21:43 - 00000000 ____D () C:\Program Files\GIMP 2
2015-02-02 21:17 - 2015-02-02 21:17 - 00000000 ____D () C:\Users\marsh\.thumbnails
2015-02-02 21:14 - 2015-02-02 21:14 - 00002736 _____ () C:\Users\marsh\Desktop\IB2 Conqvestvs Britanniae III.lnk
2015-02-02 21:11 - 2015-02-02 21:13 - 91931728 ____R (The GIMP Team ) C:\Users\marsh\Downloads\gimp-2.8.14-setup-1.exe
2015-02-02 21:10 - 2015-02-02 21:10 - 00000831 _____ () C:\Users\marsh\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-02-02 21:09 - 2015-02-07 13:25 - 00000000 ____D () C:\Users\marsh\AppData\Roaming\uTorrent
2015-02-02 21:09 - 2015-02-02 21:09 - 01740880 _____ (BitTorrent Inc.) C:\Users\marsh\Downloads\uTorrent.exe
2015-02-02 21:04 - 2015-02-02 21:07 - 708232292 _____ () C:\Users\marsh\Downloads\IB2 Conqvestvs Britanniae III.exe
2015-02-02 20:54 - 2015-02-06 21:23 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-02 20:54 - 2015-02-02 20:58 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-02 20:54 - 2015-02-02 20:54 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-02-02 20:54 - 2015-02-02 20:54 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-02-02 20:54 - 2015-02-02 20:54 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-02-02 20:54 - 2015-02-02 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-02-02 20:54 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-02-02 20:53 - 2015-02-02 20:53 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\marsh\Downloads\Spybot_Search_Destroy_v2.4.exe
2015-02-02 20:53 - 2015-02-02 20:53 - 00001173 _____ () C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2015-02-02 20:53 - 2015-02-02 20:53 - 00000000 ____D () C:\Users\marsh\AppData\Roaming\ProductData
2015-02-02 20:53 - 2015-02-02 20:53 - 00000000 ____D () C:\Users\marsh\AppData\Roaming\IObit
2015-02-02 20:53 - 2015-02-02 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2015-02-02 20:53 - 2015-02-02 20:53 - 00000000 ____D () C:\ProgramData\IObit
2015-02-02 20:53 - 2015-02-02 20:53 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-02-02 20:52 - 2015-02-02 20:52 - 27612568 _____ (IObit ) C:\Users\marsh\Downloads\IObit_Malware_Fighter_v3.0.1.19.exe
2015-02-02 20:26 - 2015-02-02 20:26 - 14920448 _____ () C:\Users\marsh\Downloads\Glary_Utilities_v5.18.0.31.exe
2015-02-02 20:24 - 2015-02-02 20:24 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-02 20:24 - 2015-02-02 20:24 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-02 20:24 - 2015-02-02 20:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-02 20:24 - 2015-02-02 20:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-02 20:23 - 2015-02-02 20:23 - 39894936 _____ () C:\Users\marsh\Downloads\Firefox-Setup-35-0-1_EN.exe
2015-02-02 18:29 - 2015-02-05 23:04 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-02 18:29 - 2015-02-05 23:04 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-02 13:39 - 2015-02-07 19:50 - 00013146 _____ () C:\Users\marsh\Downloads\FRST.txt
2015-02-02 13:39 - 2015-02-02 13:39 - 00026432 _____ () C:\Users\marsh\Downloads\Addition.txt
2015-02-02 13:38 - 2015-02-07 19:50 - 02132992 _____ (Farbar) C:\Users\marsh\Downloads\FRST64.exe
2015-02-02 13:38 - 2015-02-07 19:50 - 00000000 ____D () C:\FRST
2015-02-02 13:36 - 2015-02-02 13:36 - 11961808 _____ (OPSWAT, Inc.) C:\Users\marsh\Downloads\AppRemover.exe
2015-02-02 13:33 - 2015-02-02 23:23 - 00000866 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-02 13:33 - 2015-02-02 13:33 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-02-02 13:33 - 2015-02-02 13:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-02 13:33 - 2015-02-02 13:33 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-02 13:32 - 2015-02-02 13:32 - 05325208 _____ (Piriform Ltd) C:\Users\marsh\Downloads\ccsetup502.exe
2015-02-01 18:33 - 2015-02-01 18:33 - 00000000 ____D () C:\Program Files (x86)\Microsoft XNA
2015-02-01 12:51 - 2015-02-01 13:03 - 677372161 _____ () C:\Users\marsh\Downloads\Merc+3.3.rar
2015-02-01 03:07 - 2015-02-01 03:38 - 01632083 _____ () C:\Users\marsh\Downloads\CoW_1_5_1_English_Translation_with_fix_menu.rar
2015-01-31 21:43 - 2015-01-31 23:24 - 00000000 ____D () C:\Users\marsh\Documents\StarCraft II
2015-01-31 21:43 - 2015-01-31 22:12 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2015-01-31 21:43 - 2015-01-31 21:43 - 00001091 _____ () C:\Users\Public\Desktop\StarCraft II.lnk
2015-01-31 21:43 - 2015-01-31 21:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2015-01-31 21:40 - 2015-02-06 22:13 - 00000000 ____D () C:\Users\marsh\AppData\Local\Battle.net
2015-01-31 21:40 - 2015-02-06 21:34 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-01-31 21:40 - 2015-01-31 21:43 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2015-01-31 21:40 - 2015-01-31 21:42 - 00000000 ____D () C:\Users\marsh\AppData\Roaming\Battle.net
2015-01-31 21:40 - 2015-01-31 21:40 - 00000000 ____D () C:\Users\marsh\AppData\Local\Blizzard Entertainment
2015-01-31 21:40 - 2015-01-31 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2015-01-31 21:39 - 2015-01-31 21:39 - 00000000 ____D () C:\ProgramData\Battle.net
2015-01-31 18:13 - 2015-02-02 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broken Crescent
2015-01-30 02:13 - 2015-01-30 02:13 - 00001629 _____ () C:\Users\marsh\Desktop\Europa Barbarorum II (for Steam users - using launcher).lnk
2015-01-30 01:43 - 2015-02-02 23:59 - 00000000 ____D () C:\Users\marsh\Desktop\Total War Files
2015-01-29 21:11 - 2015-01-29 21:11 - 00014518 _____ () C:\Users\marsh\Downloads\CAI PiterAIEB21.2.rar
2015-01-29 21:11 - 2015-01-29 21:11 - 00007431 _____ () C:\Users\marsh\Downloads\PiterAIEB2ver.1.3.rar
2015-01-29 21:10 - 2015-01-29 21:11 - 84711184 _____ () C:\Users\marsh\Downloads\Vegetation and Sounds EB 2.01.rar
2015-01-29 21:10 - 2015-01-29 21:10 - 22152080 _____ () C:\Users\marsh\Downloads\Europa Barbarorum Mod Pack for EB 2.01 by b0Gia v4.1.rar
2015-01-29 19:18 - 2015-01-29 19:19 - 00000023 _____ () C:\Users\marsh\Desktop\Starbound RP Info.txt
2015-01-29 16:12 - 2015-01-29 16:14 - 663318423 _____ () C:\Users\marsh\Downloads\Warsword_Conquest_Beta-5890-Beta.rar
2015-01-26 22:33 - 2015-01-26 23:16 - 1036972113 _____ () C:\Users\marsh\Downloads\MelsPerisno_0.73.7z
2015-01-23 16:02 - 2015-01-09 14:27 - 00621200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-01-23 16:01 - 2015-01-12 20:15 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 32102544 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 25459856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 24765584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 20465296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 17250776 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 13295552 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 13210248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 10774544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 10714488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 10274448 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-01-23 16:01 - 2015-01-10 00:07 - 03607184 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 03245712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434725.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 01556808 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434725.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 00994712 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 00969360 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 00942736 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 00929424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 00906384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 00877488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 00496456 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 00399688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 00353040 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 00345744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 00305320 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-01-23 02:45 - 2015-02-02 20:25 - 00000000 ____D () C:\Users\marsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Third_Age_3
2015-01-23 02:07 - 2015-02-02 20:25 - 00000000 ____D () C:\Users\marsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Third Age - Total War 3.0 (Part 1of2)
2015-01-23 00:43 - 2015-02-02 20:25 - 00000000 ____D () C:\Users\marsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chivalry II - The Sicilian Vespers 3.3 (HotFix2)
2015-01-23 00:42 - 2015-02-02 20:25 - 00000000 ____D () C:\Users\marsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chivalry II - The Sicilian Vespers 3.3
2015-01-23 00:39 - 2015-02-02 20:25 - 00000000 ____D () C:\Users\marsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chivalry II - The Sicilian Vespers 3.0
2015-01-19 17:26 - 2015-01-31 18:10 - 00001677 _____ () C:\Users\Public\Desktop\Stainless Steel 6.4.lnk
2015-01-19 11:20 - 2015-01-19 11:20 - 00041984 _____ (Lee 'FordGT90Concept' Glasser) C:\Users\marsh\Desktop\Large Address Aware.exe
2015-01-19 11:19 - 2015-02-02 20:25 - 00000000 ____D () C:\Users\marsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\De Bello Mundi v1.0
2015-01-18 23:10 - 2015-02-02 23:29 - 00000000 ____D () C:\Users\marsh\AppData\Local\gtk-2.0
2015-01-18 23:08 - 2015-02-02 23:31 - 00000000 ____D () C:\Users\marsh\.gimp-2.8
2015-01-18 23:08 - 2015-01-18 23:08 - 00000000 ____D () C:\Users\marsh\AppData\Local\gegl-0.2
2015-01-13 12:45 - 2014-12-11 21:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 12:45 - 2014-12-11 21:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 12:45 - 2014-12-11 21:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 12:45 - 2014-12-11 21:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 12:45 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 12:45 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 12:45 - 2014-12-11 21:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 12:25 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 12:25 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 12:25 - 2014-12-11 09:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 12:25 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 12:25 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 12:25 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-11 04:03 - 2015-02-02 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stainless Steel
2015-01-09 17:25 - 2015-01-09 17:25 - 00000000 ____D () C:\Users\marsh\AppData\Local\M2TWLauncher
2015-01-09 17:22 - 2015-01-30 02:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Europa Barbarorum II
2015-01-09 16:12 - 2015-02-02 21:14 - 00000000 ____D () C:\Users\marsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IB2 Conqvestvs Britanniae III
2015-01-08 20:32 - 2015-01-08 20:32 - 00002174 _____ () C:\Users\marsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-01-08 20:32 - 2015-01-08 20:32 - 00002100 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-01-08 20:32 - 2015-01-08 20:32 - 00002100 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-01-08 20:32 - 2015-01-08 20:32 - 00000000 ___RD () C:\Users\marsh\OneDrive
2015-01-08 20:32 - 2015-01-08 20:32 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2015-01-08 20:32 - 2015-01-08 20:32 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
2015-01-08 20:27 - 2015-01-08 20:27 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-01-08 20:27 - 2015-01-08 20:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-01-08 20:26 - 2015-01-08 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-01-08 20:25 - 2015-01-08 20:25 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-01-08 01:45 - 2015-01-08 01:45 - 00000000 ____D () C:\Program Files (x86)\Java

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-07 19:43 - 2009-07-13 21:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-07 19:43 - 2009-07-13 20:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-07 19:43 - 2009-07-13 20:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-07 19:39 - 2014-12-29 22:38 - 01421748 _____ () C:\Windows\WindowsUpdate.log
2015-02-07 19:38 - 2014-12-13 18:06 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-07 19:37 - 2014-12-13 18:06 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-07 19:37 - 2014-12-13 18:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-07 19:37 - 2014-12-13 18:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-07 19:37 - 2014-12-08 13:11 - 00000332 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2015-02-07 19:37 - 2014-12-08 13:11 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2015-02-07 19:36 - 2014-12-07 22:47 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-07 19:36 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-07 19:27 - 2014-12-07 22:54 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-07 13:20 - 2014-12-13 18:08 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-05 23:04 - 2014-12-08 00:42 - 00000000 ____D () C:\Users\marsh\AppData\Local\Adobe
2015-02-05 13:44 - 2014-12-14 00:52 - 00000000 ____D () C:\Users\marsh\AppData\Roaming\vlc
2015-02-04 02:58 - 2015-01-04 16:30 - 00000000 ____D () C:\Users\marsh\Documents\Mount&Blade Warband Savegames
2015-02-02 22:10 - 2014-12-07 21:34 - 00000000 ____D () C:\Users\marsh
2015-02-02 20:26 - 2014-12-08 13:11 - 00002628 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
2015-02-02 20:26 - 2014-12-08 13:11 - 00001092 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2015-02-02 20:26 - 2014-12-08 13:11 - 00001080 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2015-02-02 13:33 - 2014-12-09 17:12 - 00000000 ____D () C:\Users\marsh\AppData\Roaming\TS3Client
2015-02-02 13:33 - 2014-12-07 10:03 - 00000000 ____D () C:\Windows\Panther
2015-02-01 18:34 - 2014-12-09 17:00 - 00000000 ____D () C:\Users\marsh\Documents\My Games
2015-01-28 00:59 - 2014-12-08 16:22 - 00000000 ____D () C:\Users\marsh\AppData\Local\SR22.1.7
2015-01-25 22:05 - 2014-12-09 17:00 - 00000000 ____D () C:\Users\marsh\AppData\Local\Skyrim
2015-01-23 16:02 - 2014-12-07 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-01-23 02:58 - 2014-12-10 12:01 - 00000934 _____ () C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2015-01-22 16:19 - 2014-12-10 12:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2015-01-22 16:19 - 2014-12-10 12:01 - 00000000 ____D () C:\Program Files\Nexus Mod Manager
2015-01-22 16:16 - 2014-12-07 22:22 - 00774592 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-15 22:41 - 2014-12-07 22:35 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-01-15 22:41 - 2014-12-07 22:35 - 01514528 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-01-15 22:41 - 2014-12-07 22:35 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-01-15 22:41 - 2014-12-07 22:35 - 01278920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-01-14 15:50 - 2014-12-09 17:00 - 00000000 ____D () C:\Users\marsh\Documents\Nexus Mod Manager
2015-01-14 01:43 - 2014-12-07 23:17 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 01:42 - 2014-12-07 23:17 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 22:30 - 2014-12-10 12:22 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-10 00:07 - 2014-12-29 11:36 - 16009120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-01-10 00:07 - 2014-12-29 11:36 - 02902456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-01-10 00:07 - 2014-12-07 22:47 - 18566296 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-01-10 00:07 - 2014-12-07 22:47 - 14115944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-01-10 00:07 - 2014-12-07 22:47 - 03298816 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-01-10 00:07 - 2014-12-07 22:47 - 00073872 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-01-10 00:07 - 2014-12-07 22:47 - 00060744 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-01-10 00:07 - 2014-12-07 22:47 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-01-09 15:30 - 2014-12-07 22:47 - 06860432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-01-09 15:30 - 2014-12-07 22:47 - 03517256 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-01-09 15:29 - 2014-12-07 22:47 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-01-09 15:29 - 2014-12-07 22:47 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-01-09 15:29 - 2014-12-07 22:47 - 00385352 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-01-09 15:29 - 2014-12-07 22:47 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-01-09 11:47 - 2014-12-07 22:47 - 04173527 _____ () C:\Windows\system32\nvcoproc.bin
2015-01-09 01:44 - 2014-12-08 18:16 - 00070872 _____ () C:\Users\marsh\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-08 22:39 - 2009-07-13 20:45 - 00329064 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-08 20:27 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared

==================== Files in the root of some directories =======

2015-02-02 23:30 - 2015-02-02 23:30 - 0008176 _____ () C:\Users\marsh\AppData\Local\recently-used.xbel

Some content of TEMP:
====================
C:\Users\marsh\AppData\Local\Temp\Quarantine.exe
C:\Users\marsh\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 14:50

==================== End Of Log ============================


Edited by ski.smitty, 07 February 2015 - 10:51 PM.


#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,032 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:07 AM

Posted 08 February 2015 - 06:36 AM

Hey, :)

Step 1: FRST Fix
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    EmptyTemp:
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 ski.smitty

ski.smitty
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 09 February 2015 - 08:48 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-02-2015
Ran by marsh at 2015-02-08 12:35:06 Run:1
Running from C:\Users\marsh\Desktop
Loaded Profiles: marsh (Available profiles: marsh)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
EmptyTemp:
*****************

"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
EmptyTemp: => Removed 398 MB temporary data.


The system needed a reboot.

==== End of Fixlog 12:35:14 ====

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2015
Ran by marsh (administrator) on MARSH-PC on 09-02-2015 17:48:04
Running from C:\Users\marsh\Desktop
Loaded Profiles: marsh (Available profiles: marsh)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7636696 2014-08-21] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-15] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [293872 2014-08-25] (Intel Corporation)
HKLM-x32\...\Run: [ROCCAT Savu Gaming Mouse] => C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe [872048 2012-09-10] (ROCCAT GmbH)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5767488 2015-01-16] (IObit)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-2745012454-68211438-2658042549-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-02-01] (Glarysoft Ltd)
HKU\S-1-5-21-2745012454-68211438-2658042549-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk *  sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2745012454-68211438-2658042549-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\marsh\AppData\Roaming\Mozilla\Firefox\Profiles\m52gx14y.default
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: Adblock Plus Pop-up Addon - C:\Users\marsh\AppData\Roaming\Mozilla\Firefox\Profiles\m52gx14y.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-12-16]
FF Extension: MEGA - C:\Users\marsh\AppData\Roaming\Mozilla\Firefox\Profiles\m52gx14y.default\Extensions\firefox@mega.co.nz.xpi [2015-01-19]
FF Extension: Adblock Plus - C:\Users\marsh\AppData\Roaming\Mozilla\Firefox\Profiles\m52gx14y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-20]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-13]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-12-13]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-04-24] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-13] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [174112 2015-02-05] (EasyAntiCheat Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-15] (NVIDIA Corporation)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [344864 2015-01-13] (IObit)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2724128 2015-01-16] (IObit)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-15] (NVIDIA Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-13] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-13] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-13] ()
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [487704 2014-03-14] (Intel Corporation)
S4 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2014-11-10] (IObit)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-12-08] (Glarysoft Ltd)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2014-11-10] (IObit.com)
S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2014-11-10] (IObit.com)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-08 12:39 - 2015-02-08 12:39 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-08 12:36 - 2015-02-08 12:36 - 00020094 _____ () C:\Users\marsh\Desktop\Addition.txt
2015-02-08 12:35 - 2015-02-08 12:35 - 00000666 _____ () C:\Windows\PFRO.log
2015-02-07 19:50 - 2015-02-07 19:50 - 00000000 ____D () C:\Users\marsh\Downloads\FRST-OlderVersion
2015-02-07 19:48 - 2015-02-07 19:48 - 00000764 _____ () C:\Users\marsh\Desktop\JRT.txt
2015-02-07 19:42 - 2015-02-07 19:42 - 00001054 _____ () C:\Users\marsh\Desktop\MBAM.txt
2015-02-07 19:36 - 2015-02-07 19:36 - 00001010 _____ () C:\Users\marsh\Desktop\AdwCleaner[S1].txt
2015-02-07 19:27 - 2015-02-07 19:36 - 00000000 ____D () C:\AdwCleaner
2015-02-07 19:15 - 2015-02-09 12:30 - 00001008 _____ () C:\Windows\setupact.log
2015-02-07 19:15 - 2015-02-07 19:15 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-07 19:08 - 2015-02-07 19:08 - 01388274 _____ (Thisisu) C:\Users\marsh\Desktop\JRT.exe
2015-02-07 19:07 - 2015-02-07 19:07 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\marsh\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-07 19:07 - 2015-02-07 19:07 - 02112512 _____ () C:\Users\marsh\Desktop\AdwCleaner.exe
2015-02-07 18:47 - 2015-02-07 19:10 - 559924436 _____ () C:\Users\marsh\Downloads\MountBlade_Warband_Ottoman_Scenario.rar
2015-02-07 03:38 - 2015-02-07 13:25 - 00000000 ____D () C:\Windows\Minidump
2015-02-06 22:37 - 2015-02-06 22:37 - 00000000 ____D () C:\Users\marsh\Documents\Banished
2015-02-05 16:29 - 2015-02-05 16:28 - 00174112 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2015-02-04 04:45 - 2015-02-04 04:45 - 00000000 ____D () C:\Users\marsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AGOT
2015-02-04 04:44 - 2015-02-04 04:45 - 228940280 _____ (AGOT TEAM ) C:\Users\marsh\Downloads\CK2-AGOT_setup_0.9.2.exe
2015-02-03 14:05 - 2015-02-03 14:05 - 00003435 _____ () C:\Users\marsh\Desktop\Rage of the Dark Gods.lnk
2015-02-02 23:30 - 2015-02-02 23:30 - 00008176 _____ () C:\Users\marsh\AppData\Local\recently-used.xbel
2015-02-02 22:10 - 2015-02-02 22:10 - 00000136 _____ () C:\Users\marsh\.gtk-bookmarks
2015-02-02 21:52 - 2015-02-02 21:52 - 00000941 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\MinGW Installation Manager.lnk
2015-02-02 21:51 - 2015-02-02 21:57 - 00000000 ____D () C:\MinGW
2015-02-02 21:43 - 2015-02-02 21:43 - 00000894 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2015-02-02 21:43 - 2015-02-02 21:43 - 00000000 ____D () C:\Program Files\GIMP 2
2015-02-02 21:17 - 2015-02-02 21:17 - 00000000 ____D () C:\Users\marsh\.thumbnails
2015-02-02 21:14 - 2015-02-02 21:14 - 00002736 _____ () C:\Users\marsh\Desktop\IB2 Conqvestvs Britanniae III.lnk
2015-02-02 21:11 - 2015-02-02 21:13 - 91931728 ____R (The GIMP Team ) C:\Users\marsh\Downloads\gimp-2.8.14-setup-1.exe
2015-02-02 21:10 - 2015-02-02 21:10 - 00000831 _____ () C:\Users\marsh\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-02-02 21:09 - 2015-02-07 13:25 - 00000000 ____D () C:\Users\marsh\AppData\Roaming\uTorrent
2015-02-02 21:09 - 2015-02-02 21:09 - 01740880 _____ (BitTorrent Inc.) C:\Users\marsh\Downloads\uTorrent.exe
2015-02-02 21:04 - 2015-02-02 21:07 - 708232292 _____ () C:\Users\marsh\Downloads\IB2 Conqvestvs Britanniae III.exe
2015-02-02 20:54 - 2015-02-06 21:23 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-02 20:54 - 2015-02-02 20:58 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-02 20:54 - 2015-02-02 20:54 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-02-02 20:54 - 2015-02-02 20:54 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-02-02 20:54 - 2015-02-02 20:54 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-02-02 20:54 - 2015-02-02 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-02-02 20:54 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-02-02 20:53 - 2015-02-02 20:53 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\marsh\Downloads\Spybot_Search_Destroy_v2.4.exe
2015-02-02 20:53 - 2015-02-02 20:53 - 00001173 _____ () C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2015-02-02 20:53 - 2015-02-02 20:53 - 00000000 ____D () C:\Users\marsh\AppData\Roaming\ProductData
2015-02-02 20:53 - 2015-02-02 20:53 - 00000000 ____D () C:\Users\marsh\AppData\Roaming\IObit
2015-02-02 20:53 - 2015-02-02 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2015-02-02 20:53 - 2015-02-02 20:53 - 00000000 ____D () C:\ProgramData\IObit
2015-02-02 20:53 - 2015-02-02 20:53 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-02-02 20:52 - 2015-02-02 20:52 - 27612568 _____ (IObit ) C:\Users\marsh\Downloads\IObit_Malware_Fighter_v3.0.1.19.exe
2015-02-02 20:26 - 2015-02-02 20:26 - 14920448 _____ () C:\Users\marsh\Downloads\Glary_Utilities_v5.18.0.31.exe
2015-02-02 20:24 - 2015-02-02 20:24 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-02 20:24 - 2015-02-02 20:24 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-02 20:24 - 2015-02-02 20:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-02 20:24 - 2015-02-02 20:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-02 20:23 - 2015-02-02 20:23 - 39894936 _____ () C:\Users\marsh\Downloads\Firefox-Setup-35-0-1_EN.exe
2015-02-02 18:29 - 2015-02-05 23:04 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-02 18:29 - 2015-02-05 23:04 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-02 13:39 - 2015-02-09 17:48 - 00012725 _____ () C:\Users\marsh\Desktop\FRST.txt
2015-02-02 13:39 - 2015-02-02 13:39 - 00026432 _____ () C:\Users\marsh\Downloads\Addition.txt
2015-02-02 13:38 - 2015-02-09 17:48 - 00000000 ____D () C:\FRST
2015-02-02 13:38 - 2015-02-07 19:50 - 02132992 _____ (Farbar) C:\Users\marsh\Desktop\FRST64.exe
2015-02-02 13:36 - 2015-02-02 13:36 - 11961808 _____ (OPSWAT, Inc.) C:\Users\marsh\Downloads\AppRemover.exe
2015-02-02 13:33 - 2015-02-02 23:23 - 00000866 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-02 13:33 - 2015-02-02 13:33 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-02-02 13:33 - 2015-02-02 13:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-02 13:33 - 2015-02-02 13:33 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-02 13:32 - 2015-02-02 13:32 - 05325208 _____ (Piriform Ltd) C:\Users\marsh\Downloads\ccsetup502.exe
2015-02-01 18:33 - 2015-02-01 18:33 - 00000000 ____D () C:\Program Files (x86)\Microsoft XNA
2015-02-01 12:51 - 2015-02-01 13:03 - 677372161 _____ () C:\Users\marsh\Downloads\Merc+3.3.rar
2015-02-01 03:07 - 2015-02-01 03:38 - 01632083 _____ () C:\Users\marsh\Downloads\CoW_1_5_1_English_Translation_with_fix_menu.rar
2015-01-31 21:43 - 2015-01-31 23:24 - 00000000 ____D () C:\Users\marsh\Documents\StarCraft II
2015-01-31 21:43 - 2015-01-31 22:12 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2015-01-31 21:43 - 2015-01-31 21:43 - 00001091 _____ () C:\Users\Public\Desktop\StarCraft II.lnk
2015-01-31 21:43 - 2015-01-31 21:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2015-01-31 21:40 - 2015-02-08 14:46 - 00000000 ____D () C:\Users\marsh\AppData\Local\Battle.net
2015-01-31 21:40 - 2015-02-06 21:34 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-01-31 21:40 - 2015-01-31 21:43 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2015-01-31 21:40 - 2015-01-31 21:42 - 00000000 ____D () C:\Users\marsh\AppData\Roaming\Battle.net
2015-01-31 21:40 - 2015-01-31 21:40 - 00000000 ____D () C:\Users\marsh\AppData\Local\Blizzard Entertainment
2015-01-31 21:40 - 2015-01-31 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2015-01-31 21:39 - 2015-01-31 21:39 - 00000000 ____D () C:\ProgramData\Battle.net
2015-01-31 18:13 - 2015-02-02 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broken Crescent
2015-01-30 02:13 - 2015-01-30 02:13 - 00001629 _____ () C:\Users\marsh\Desktop\Europa Barbarorum II (for Steam users - using launcher).lnk
2015-01-30 01:43 - 2015-02-02 23:59 - 00000000 ____D () C:\Users\marsh\Desktop\Total War Files
2015-01-29 21:11 - 2015-01-29 21:11 - 00014518 _____ () C:\Users\marsh\Downloads\CAI PiterAIEB21.2.rar
2015-01-29 21:11 - 2015-01-29 21:11 - 00007431 _____ () C:\Users\marsh\Downloads\PiterAIEB2ver.1.3.rar
2015-01-29 21:10 - 2015-01-29 21:11 - 84711184 _____ () C:\Users\marsh\Downloads\Vegetation and Sounds EB 2.01.rar
2015-01-29 21:10 - 2015-01-29 21:10 - 22152080 _____ () C:\Users\marsh\Downloads\Europa Barbarorum Mod Pack for EB 2.01 by b0Gia v4.1.rar
2015-01-29 19:18 - 2015-01-29 19:19 - 00000023 _____ () C:\Users\marsh\Desktop\Starbound RP Info.txt
2015-01-29 16:12 - 2015-01-29 16:14 - 663318423 _____ () C:\Users\marsh\Downloads\Warsword_Conquest_Beta-5890-Beta.rar
2015-01-26 22:33 - 2015-01-26 23:16 - 1036972113 _____ () C:\Users\marsh\Downloads\MelsPerisno_0.73.7z
2015-01-23 16:02 - 2015-01-09 14:27 - 00621200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-01-23 16:01 - 2015-01-12 20:15 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 32102544 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 25459856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 24765584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 20465296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 17250776 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 13295552 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 13210248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 10774544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 10714488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 10274448 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-01-23 16:01 - 2015-01-10 00:07 - 03607184 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 03245712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434725.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 01556808 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434725.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 00994712 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 00969360 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 00942736 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 00929424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 00906384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 00877488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 00496456 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 00399688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 00353040 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 00345744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 00305320 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-01-23 16:01 - 2015-01-10 00:07 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-01-23 02:45 - 2015-02-02 20:25 - 00000000 ____D () C:\Users\marsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Third_Age_3
2015-01-23 02:07 - 2015-02-02 20:25 - 00000000 ____D () C:\Users\marsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Third Age - Total War 3.0 (Part 1of2)
2015-01-23 00:43 - 2015-02-02 20:25 - 00000000 ____D () C:\Users\marsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chivalry II - The Sicilian Vespers 3.3 (HotFix2)
2015-01-23 00:42 - 2015-02-02 20:25 - 00000000 ____D () C:\Users\marsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chivalry II - The Sicilian Vespers 3.3
2015-01-23 00:39 - 2015-02-02 20:25 - 00000000 ____D () C:\Users\marsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chivalry II - The Sicilian Vespers 3.0
2015-01-19 17:26 - 2015-01-31 18:10 - 00001677 _____ () C:\Users\Public\Desktop\Stainless Steel 6.4.lnk
2015-01-19 11:20 - 2015-01-19 11:20 - 00041984 _____ (Lee 'FordGT90Concept' Glasser) C:\Users\marsh\Desktop\Large Address Aware.exe
2015-01-19 11:19 - 2015-02-02 20:25 - 00000000 ____D () C:\Users\marsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\De Bello Mundi v1.0
2015-01-18 23:10 - 2015-02-02 23:29 - 00000000 ____D () C:\Users\marsh\AppData\Local\gtk-2.0
2015-01-18 23:08 - 2015-02-02 23:31 - 00000000 ____D () C:\Users\marsh\.gimp-2.8
2015-01-18 23:08 - 2015-01-18 23:08 - 00000000 ____D () C:\Users\marsh\AppData\Local\gegl-0.2
2015-01-13 12:45 - 2014-12-11 21:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 12:45 - 2014-12-11 21:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 12:45 - 2014-12-11 21:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 12:45 - 2014-12-11 21:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 12:45 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 12:45 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 12:45 - 2014-12-11 21:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 12:25 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 12:25 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 12:25 - 2014-12-11 09:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 12:25 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 12:25 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 12:25 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-11 04:03 - 2015-02-02 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stainless Steel

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-09 17:23 - 2014-12-14 00:52 - 00000000 ____D () C:\Users\marsh\AppData\Roaming\vlc
2015-02-09 16:57 - 2014-12-29 22:38 - 01464041 _____ () C:\Windows\WindowsUpdate.log
2015-02-09 14:11 - 2014-12-07 22:54 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-09 12:37 - 2009-07-13 20:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-09 12:37 - 2009-07-13 20:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-09 12:36 - 2009-07-13 21:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-09 12:32 - 2014-12-08 13:11 - 00000332 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2015-02-09 12:31 - 2014-12-08 13:11 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2015-02-09 12:30 - 2014-12-07 22:47 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-09 12:30 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-07 19:38 - 2014-12-13 18:06 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-07 19:37 - 2014-12-13 18:06 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-07 19:37 - 2014-12-13 18:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-07 19:37 - 2014-12-13 18:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-07 13:20 - 2014-12-13 18:08 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-05 23:04 - 2014-12-08 00:42 - 00000000 ____D () C:\Users\marsh\AppData\Local\Adobe
2015-02-04 02:58 - 2015-01-04 16:30 - 00000000 ____D () C:\Users\marsh\Documents\Mount&Blade Warband Savegames
2015-02-02 22:10 - 2014-12-07 21:34 - 00000000 ____D () C:\Users\marsh
2015-02-02 21:14 - 2015-01-09 16:12 - 00000000 ____D () C:\Users\marsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IB2 Conqvestvs Britanniae III
2015-02-02 20:26 - 2014-12-08 13:11 - 00002628 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
2015-02-02 20:26 - 2014-12-08 13:11 - 00001092 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2015-02-02 20:26 - 2014-12-08 13:11 - 00001080 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2015-02-02 13:33 - 2014-12-09 17:12 - 00000000 ____D () C:\Users\marsh\AppData\Roaming\TS3Client
2015-02-02 13:33 - 2014-12-07 10:03 - 00000000 ____D () C:\Windows\Panther
2015-02-01 18:34 - 2014-12-09 17:00 - 00000000 ____D () C:\Users\marsh\Documents\My Games
2015-01-30 02:13 - 2015-01-09 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Europa Barbarorum II
2015-01-28 00:59 - 2014-12-08 16:22 - 00000000 ____D () C:\Users\marsh\AppData\Local\SR22.1.7
2015-01-25 22:05 - 2014-12-09 17:00 - 00000000 ____D () C:\Users\marsh\AppData\Local\Skyrim
2015-01-23 16:02 - 2014-12-07 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-01-23 02:58 - 2014-12-10 12:01 - 00000934 _____ () C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2015-01-22 16:19 - 2014-12-10 12:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2015-01-22 16:19 - 2014-12-10 12:01 - 00000000 ____D () C:\Program Files\Nexus Mod Manager
2015-01-22 16:16 - 2014-12-07 22:22 - 00774592 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-15 22:41 - 2014-12-07 22:35 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-01-15 22:41 - 2014-12-07 22:35 - 01514528 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-01-15 22:41 - 2014-12-07 22:35 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-01-15 22:41 - 2014-12-07 22:35 - 01278920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-01-14 15:50 - 2014-12-09 17:00 - 00000000 ____D () C:\Users\marsh\Documents\Nexus Mod Manager
2015-01-14 01:43 - 2014-12-07 23:17 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 01:42 - 2014-12-07 23:17 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 22:30 - 2014-12-10 12:22 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-10 00:07 - 2014-12-29 11:36 - 16009120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-01-10 00:07 - 2014-12-29 11:36 - 02902456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-01-10 00:07 - 2014-12-07 22:47 - 18566296 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-01-10 00:07 - 2014-12-07 22:47 - 14115944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-01-10 00:07 - 2014-12-07 22:47 - 03298816 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-01-10 00:07 - 2014-12-07 22:47 - 00073872 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-01-10 00:07 - 2014-12-07 22:47 - 00060744 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-01-10 00:07 - 2014-12-07 22:47 - 00027441 _____ () C:\Windows\system32\nvinfo.pb

==================== Files in the root of some directories =======

2015-02-02 23:30 - 2015-02-02 23:30 - 0008176 _____ () C:\Users\marsh\AppData\Local\recently-used.xbel

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 14:50

==================== End Of Log ============================

 

 

 

 

 

 

Eset Found nothing, so had no file to export. Computer seems to be running great, no issues that I can personally detect.



#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,032 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:07 AM

Posted 10 February 2015 - 12:17 PM

Hello,
in my opinion your PC is clean. :) My help is of course completely free of charge but if you would like to donate some money to me that I can buy some beer, then click on the button paypal.gif. I'd really appreciate it, my friend. :)


We need to remove the tools we've used during cleaning your machine.
  • Download Delfix from here and run it (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the Delfix icon and select Run as Administrator).
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

 

Exercise common sense

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to look before you leap. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully and look at the file extensions to make sure that you know what you're getting. Using peer-to-peer file sharing programs or downloading cracks and keygens is something else to avoid - the files you will be downloading are infected in the vast majority of cases, and the benefits simply aren't worth the risk to your computer.

Keep up on Windows updates

Along with keeping all of the security programs that you choose to use updated, it is also important to keep up on system updates from Microsoft, as these patch critical security vulnerabilities and help to keep you safe. Typically the windows update icon will appear in your taskbar when new updates are available, whenever you see it you should open the menu up and install the updates that are available. Although it may be an annoyance, that little bit of extra time it takes to stay updated is very well worth it instead of getting infected from an exploit and having to clean your PC again.

Slow computer?

If your computer begins to slow down again in the future for no particular reason, your first step should not be to come back to the malware forum. As your computer ages and is used, its parts wear, files and programs accumulate, and its performance speed can decrease. To restore your computer's performance to its best possible level, follow the steps in this guide written by tech expert Artellos.

Keep Safe! :thumbsup:

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,032 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:07 AM

Posted 14 February 2015 - 07:10 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users