Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Persistant adware/malware that keeps trying to redirect browser


  • This topic is locked This topic is locked
40 replies to this topic

#1 Maholix

Maholix

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:47 PM

Posted 11 April 2015 - 03:41 PM

Hello I've not been to a tech help forum in awhile. I wouldn't say I'm a professional in any regaurd, but as I and my friends are decent with computers, we tend to manage okay on our own normally. However, recently I've had an issue that I can't resolve and I'm hoping someone here can. I have a problem with some malware that has somehow entered my computer. It was first noticed as adware but is clearly more than that.

 

My computer is the only computer in the house atm, which is chiefly used by me and my girlfriend. It was she who first witnessed the symptoms of an infection on my computer. She claims that firefox was acting "werid." As I was not present, I'm not sure exactly what happened, but she claims it was being super slow and locking up. At some point it claimed it needed updated. She allowed this to occur and then restarted the computer, because the browser was still being slow.

 

When she booted my computer back up, firefox showed many ads and adblock plus was disabled. Hearing this, I was instantly concerned. When I got on the computer to take a look, I noticed that my adblocker was not even listed in my firefox add ons and there clear signs that my browser was being affected by adware. Ads from untrustworthy sites were showing up on all webpages (like tremdous sales for example) I was also getting redirects to fake virus scan sites. I know she doesn't go to any of these sites, as her use of the computer is usually limited to sites I know cause no trouble already, so this errounous behavior was quite obvious.

 

So right away, I suspected something had been installed on my computer. I went to my programs list in the control panel. Sure enough, I saw several programs, which I know to be adware. (like tredmous sales, BrWOWser, and incermedit to name a few) I uninstalled these and tried my browser again. No such luck, the adware was less, but still there and for some reason a google chrome window appeared although I had not clicked on chrome at all. After running anti-spyware and virus scans, it became clear I was infected with a gen of some kind, because these adware programs kept reappearing and the redirect was still present.

 

I went ahead and got the trial to avast! premier to hold everything at bay, even doing a boot scan, which did indeed pick up malware gens. Although most of the adware doesn't seem to be showing up in my programs list now, I must have something masking itself, because the infection persists. Avast firewall has to block redirects regularly. Believeing my firefox might be affected, I even reset it.. no luck. I tried to reinstall it while in safe mode, still no luck.

 

Thinking back on google chrome, I don't recall if I installed it or not. I may have, I just don't use it much. As the reinstall of firefox did not help much, I chose to look for additional tools to help me with my problem. This  led me combofix. In the spirit of full disclosuer, I did run it, because after talking with a friend of mine, I was told it can help take infections out of chrome and by this point, I was feeling rather frustrated. I hope having already run the program does not bar me from help here.. I ran it before I decided I needed to post online. 

 

Now that I know I need some assistance, I will leave chrome alone for now and my log from combofix will be made available. As per the prep work that is often asked for I installed farbar and ran it. The "addition.txt" from farbar is also available.

It is worth noting that so far, combofix appears to have deleted something off of chrome because I saw chrome files listed in the program. I no longer see the ads or the links that the adware was placing down in firefox. I do see the ocassional popup, but this could be due to the lack of an adblocker. (since I did reinstall my browser) I have left chrome alone since the combofix scan, but although my firefox browser appears fuctional again, it's not over. Avast's active protection is still needing to block several redirects, even when all I do is leave firefox open for awhile.

 

Also in case it helps, here are some of the results of my avast scans, which occured before I ran combo fix:

 

(Before boot scan)

Avast%20before%20boot%20scan.png

 

 

(Boot Scan Results)

Avast%20Boot%20Scan%20Results%201.png

Avast%20Boot%20Scan%20Results%202.png

 

 

(Example of what avast's active protection is still blocking)

Avast%20blocking%20redirect.png

Attached Files


Edited by Maholix, 11 April 2015 - 05:30 PM.


BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:47 AM

Posted 11 April 2015 - 11:27 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 Maholix

Maholix
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:47 PM

Posted 12 April 2015 - 10:47 AM

I see, you need both of the farbar logs and you need them posted directly into my reply. Okay I went ahead and ran the tool again as soon as I noticed your reply. Here are the results:

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2015
Ran by Maho (administrator) on MROREO on 12-04-2015 08:39:56
Running from C:\Users\Maho\Downloads
Loaded Profiles: Maho (Available profiles: Maho)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\afwServ.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [GamecomSound] => C:\Program Files\Plantronics\GameCom780\GameCom780.exe [776480 2013-03-22] ()
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2011-12-04] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe [636520 2012-02-06] ()
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-10] (Avast Software s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2528547947-2264141269-27911573-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-09] (Valve Corporation)
HKU\S-1-5-21-2528547947-2264141269-27911573-1000\...\Run: [Medialink Utilty] => C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe [2281488 2009-08-21] ()
HKU\S-1-5-21-2528547947-2264141269-27911573-1000\...\Run: [uTorrent] => C:\Users\Maho\AppData\Roaming\uTorrent\uTorrent.exe [1740880 2015-02-28] (BitTorrent Inc.)
HKU\S-1-5-21-2528547947-2264141269-27911573-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBA.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2528547947-2264141269-27911573-1000\...\Run: [EPLTarget\P0000000000000002] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIBE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2528547947-2264141269-27911573-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBA.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2528547947-2264141269-27911573-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Gateway.scr [456224 2010-07-29] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk
ShortcutTarget: NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files (x86)\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
Startup: C:\Users\Maho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
Startup: C:\Users\Maho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nexon Launcher.lnk
ShortcutTarget: Nexon Launcher.lnk -> C:\Program Files (x86)\Nexon\Nexon Launcher\nexon_launcher.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (Avast Software s.r.o.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2528547947-2264141269-27911573-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2528547947-2264141269-27911573-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=MAGW
HKU\S-1-5-21-2528547947-2264141269-27911573-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2528547947-2264141269-27911573-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2528547947-2264141269-27911573-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2528547947-2264141269-27911573-1000 -> {0BE81947-05FF-4356-8A50-C505F7534416} URL = http://www.bing.com/search?q={searchTerms}&r=407
SearchScopes: HKU\S-1-5-21-2528547947-2264141269-27911573-1000 -> {B3D637CD-B203-4809-95BD-A555588E5FA6} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2528547947-2264141269-27911573-1000 -> {EA37B438-6A31-4C9A-A45C-3AE4745E69A9} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-10] (Avast Software s.r.o.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-10] (Avast Software s.r.o.)

FireFox:
========
FF ProfilePath: C:\Users\Maho\AppData\Roaming\Mozilla\Firefox\Profiles\ghll6kw0.default-1428726798376
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-22] ()
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-10] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-22] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-10] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-12-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-12-12] (NVIDIA Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Maho\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2528547947-2264141269-27911573-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll [2012-10-24] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-2528547947-2264141269-27911573-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-02-08] ()
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Maho\AppData\Roaming\Mozilla\Firefox\Profiles\ghll6kw0.default-1428726798376\Extensions\elemhidehelper@adblockplus.org.xpi [2015-04-11]
FF Extension: Adblock Plus - C:\Users\Maho\AppData\Roaming\Mozilla\Firefox\Profiles\ghll6kw0.default-1428726798376\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-11]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2012-12-24]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-04-10]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Maho\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Maho\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-26]
CHR Extension: (Google Drive) - C:\Users\Maho\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-26]
CHR Extension: (YouTube) - C:\Users\Maho\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-26]
CHR Extension: (Google Search) - C:\Users\Maho\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-26]
CHR Extension: (Avast Online Security) - C:\Users\Maho\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-10]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-10] (Avast Software s.r.o.)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-04-10] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4030800 2015-04-10] (Avast Software)
S3 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2012-12-09] (BioWare)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2630432 2014-11-04] (IObit)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-03-30] (LogMeIn, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-11-15] ()
S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [File not signed]
R2 UDisk Monitor; C:\Program Files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe [512000 2011-05-12] () [File not signed]
S2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [307928 2013-11-11] ()
S2 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [38424 2011-07-07] (Google Inc)
S3 androidusb; C:\Windows\SysWOW64\Drivers\androidusb.sys [25728 2010-08-07] (Google Inc)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-10] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-04-10] (Avast Software s.r.o.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-10] (Avast Software s.r.o.)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449896 2015-04-10] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-10] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-10] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-10] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-10] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-10] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-10] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-02-09] ()
S3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2013-08-05] (Echobit, LLC)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-02-09] ()
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [18456 2011-07-07] (HandSet Incorporated)
S3 massfilter_hs; C:\Windows\SysWOW64\drivers\massfilter_hs.sys [9216 2010-06-28] (HandSet Incorporated) [File not signed]
S3 MBAMSwissArmy; No ImagePath
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 PlantronicsGC; C:\Windows\System32\drivers\PLTGC.sys [1328128 2013-02-07] (C-Media Electronics Inc)
S1 SDHookDriver; No ImagePath
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-04-10] (Avast Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz137; \??\C:\Users\Maho\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 netr28x; system32\DRIVERS\netr28x.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-12 08:38 - 2015-04-12 08:38 - 00000000 ____D () C:\Users\Maho\Downloads\FRST-OlderVersion
2015-04-11 11:23 - 2015-04-11 11:23 - 00056544 _____ () C:\Users\Maho\Downloads\Addition.txt
2015-04-11 11:22 - 2015-04-12 08:40 - 00021794 _____ () C:\Users\Maho\Downloads\FRST.txt
2015-04-11 11:21 - 2015-04-12 08:39 - 00000000 ____D () C:\FRST
2015-04-11 11:21 - 2015-04-12 08:38 - 02096640 _____ (Farbar) C:\Users\Maho\Downloads\FRST64.exe
2015-04-11 10:31 - 2015-04-11 10:31 - 00113101 _____ () C:\ComboFix.txt
2015-04-11 09:54 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-11 09:54 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-11 09:54 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-11 09:54 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-11 09:54 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-11 09:54 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-11 09:54 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-11 09:54 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-11 09:51 - 2015-04-11 10:31 - 00000000 ____D () C:\Qoobox
2015-04-11 09:50 - 2015-04-11 10:22 - 00000000 ____D () C:\Windows\erdnt
2015-04-11 09:50 - 2015-04-11 09:50 - 05617275 ____R (Swearware) C:\Users\Maho\Downloads\ComboFix.exe
2015-04-11 01:15 - 2015-04-11 01:15 - 00001126 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-11 01:15 - 2015-04-11 01:15 - 00001114 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-11 01:15 - 2015-04-11 01:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-11 01:00 - 2015-04-11 01:00 - 40866864 _____ () C:\Users\Maho\Downloads\Firefox Setup 37.0.1.exe
2015-04-10 21:23 - 2015-04-10 21:24 - 00000000 ____D () C:\Users\Maho\AppData\Local\{F37A7244-449B-48F5-8BCD-5E14D70CE76A}
2015-04-10 21:22 - 2015-04-10 21:22 - 00000020 _____ () C:\Users\Maho\AppData\Roaming\appdataFr3.bin
2015-04-10 01:19 - 2015-04-10 01:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2015-04-10 01:16 - 2015-04-10 01:25 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-04-10 01:16 - 2015-04-10 01:25 - 00000000 ____D () C:\Windows\system32\vbox
2015-04-10 01:16 - 2015-04-10 01:16 - 00000000 ____D () C:\Users\Maho\AppData\Roaming\AVAST Software
2015-04-10 01:15 - 2015-04-11 01:17 - 00002082 _____ () C:\Users\Public\Desktop\Avast Premier.lnk
2015-04-10 01:15 - 2015-04-10 01:15 - 00001989 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk
2015-04-10 01:15 - 2015-04-10 01:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-04-10 01:14 - 2015-04-11 01:20 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-10 01:14 - 2015-04-10 01:14 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-04-10 01:14 - 2015-04-10 01:14 - 00449896 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswNdisFlt.sys
2015-04-10 01:14 - 2015-04-10 01:14 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-04-10 01:14 - 2015-04-10 01:14 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-04-10 01:14 - 2015-04-10 01:14 - 00271200 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-04-10 01:14 - 2015-04-10 01:14 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-04-10 01:14 - 2015-04-10 01:14 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-04-10 01:14 - 2015-04-10 01:14 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-04-10 01:14 - 2015-04-10 01:14 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-04-10 01:14 - 2015-04-10 01:14 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-10 01:14 - 2015-04-10 01:14 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-10 01:14 - 2015-04-10 01:14 - 00028144 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswKbd.sys
2015-04-10 01:11 - 2015-02-23 20:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-10 01:11 - 2015-02-23 19:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-10 01:11 - 2015-02-20 17:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-10 01:11 - 2015-02-20 17:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-10 01:11 - 2015-02-20 17:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-10 01:11 - 2015-02-20 17:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-10 01:11 - 2015-02-20 16:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-10 01:11 - 2015-02-19 20:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-10 01:11 - 2015-02-19 20:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-10 01:11 - 2015-02-19 19:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-10 01:11 - 2015-02-19 19:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-10 01:11 - 2015-02-19 19:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-10 01:11 - 2015-02-19 19:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-10 01:11 - 2015-02-19 19:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-10 01:11 - 2015-02-19 19:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-10 01:11 - 2015-02-19 19:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-10 01:11 - 2015-02-19 19:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-10 01:11 - 2015-02-19 19:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-10 01:11 - 2015-02-19 19:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-10 01:11 - 2015-02-19 19:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-10 01:11 - 2015-02-19 19:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-10 01:11 - 2015-02-19 19:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-10 01:11 - 2015-02-19 19:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-10 01:11 - 2015-02-19 19:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-10 01:11 - 2015-02-19 18:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-10 01:11 - 2015-02-19 18:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-10 01:11 - 2015-02-19 18:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-10 01:11 - 2015-02-19 18:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-10 01:11 - 2015-02-19 18:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-10 01:11 - 2015-02-19 18:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-10 01:11 - 2015-02-19 18:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-10 01:11 - 2015-02-19 18:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-10 01:11 - 2015-02-19 18:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-10 01:11 - 2015-02-19 18:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-10 01:11 - 2015-02-19 18:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-10 01:11 - 2015-02-19 18:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-10 01:11 - 2015-02-19 18:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-10 01:11 - 2015-02-19 17:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-10 01:11 - 2015-02-19 17:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-10 01:10 - 2015-02-20 18:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-10 01:10 - 2015-02-20 16:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-10 01:10 - 2015-02-19 19:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-10 01:10 - 2015-02-19 19:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-10 01:10 - 2015-02-19 19:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-10 01:10 - 2015-02-19 19:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-10 01:10 - 2015-02-19 19:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-10 01:10 - 2015-02-19 19:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-10 01:10 - 2015-02-19 19:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-10 01:10 - 2015-02-19 19:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-10 01:10 - 2015-02-19 19:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-10 01:10 - 2015-02-19 19:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-10 01:10 - 2015-02-19 18:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-10 01:10 - 2015-02-19 18:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-10 01:10 - 2015-02-19 18:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-10 01:10 - 2015-02-19 18:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-10 01:10 - 2015-02-19 18:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-10 01:10 - 2015-02-12 22:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-04-10 01:10 - 2015-02-12 22:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-04-10 01:09 - 2015-04-10 01:09 - 00000000 ____D () C:\Program Files\AVAST Software
2015-04-10 01:09 - 2015-01-16 19:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-10 01:09 - 2015-01-16 19:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-04-10 01:09 - 2014-08-28 19:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-04-10 01:09 - 2014-07-16 19:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-04-10 01:09 - 2014-07-16 19:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-04-10 01:09 - 2014-07-16 19:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2015-04-10 01:09 - 2014-07-16 19:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2015-04-10 01:09 - 2014-07-16 18:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2015-04-10 01:09 - 2014-07-16 18:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-04-10 01:09 - 2014-07-16 18:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-04-10 01:08 - 2015-03-05 22:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-10 01:08 - 2015-03-05 22:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-10 01:08 - 2015-03-05 22:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-10 01:08 - 2015-03-05 22:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-10 01:08 - 2015-03-05 22:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-10 01:08 - 2015-03-05 22:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-10 01:08 - 2015-03-05 22:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-10 01:08 - 2015-03-05 22:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-10 01:08 - 2015-03-05 22:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-10 01:08 - 2015-03-05 22:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-10 01:08 - 2015-03-05 22:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-10 01:08 - 2015-03-05 22:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-10 01:08 - 2015-03-05 22:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-10 01:08 - 2015-03-05 22:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-10 01:08 - 2015-03-05 22:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-10 01:08 - 2015-03-05 22:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-10 01:08 - 2015-03-05 22:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-10 01:08 - 2015-03-05 22:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-10 01:08 - 2015-03-05 22:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-10 01:08 - 2015-03-05 22:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-10 01:08 - 2015-03-05 22:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-10 01:08 - 2015-03-05 22:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-10 01:08 - 2015-03-05 22:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-10 01:08 - 2015-03-05 22:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-10 01:08 - 2015-03-05 22:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-10 01:08 - 2015-03-05 22:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-10 01:08 - 2015-03-05 22:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-10 01:08 - 2015-03-05 22:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-10 01:08 - 2015-03-05 22:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-10 01:08 - 2015-03-05 22:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-10 01:08 - 2015-03-05 22:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-10 01:08 - 2015-02-25 20:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-04-10 01:08 - 2015-02-02 20:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-04-10 01:08 - 2015-02-02 20:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-04-10 01:08 - 2015-01-30 16:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-04-10 01:08 - 2015-01-13 23:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-10 01:08 - 2015-01-13 23:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-10 01:08 - 2015-01-13 23:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-10 01:08 - 2015-01-13 23:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-10 01:08 - 2015-01-13 22:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-10 01:08 - 2015-01-13 22:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-10 01:08 - 2015-01-13 22:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-10 01:08 - 2014-12-11 10:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-04-10 01:08 - 2014-12-07 20:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-04-10 01:08 - 2014-12-07 19:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-04-10 01:08 - 2014-11-10 20:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-04-10 01:08 - 2014-11-10 19:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-04-10 01:08 - 2014-10-24 18:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-04-10 01:08 - 2014-10-24 18:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-04-10 01:08 - 2014-10-17 19:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-04-10 01:08 - 2014-10-17 18:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-04-10 01:08 - 2014-10-02 19:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-04-10 01:08 - 2014-10-02 19:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-04-10 01:08 - 2014-10-02 19:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-04-10 01:08 - 2014-10-02 19:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-04-10 01:08 - 2014-10-02 19:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-04-10 01:08 - 2014-10-02 18:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-04-10 01:08 - 2014-10-02 18:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-04-10 01:08 - 2014-10-02 18:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-04-10 01:08 - 2014-09-03 22:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-04-10 01:08 - 2014-09-03 22:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2015-04-10 01:08 - 2014-08-29 19:10 - 06583296 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-04-10 01:08 - 2014-08-29 18:50 - 05702656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-04-10 01:08 - 2014-08-20 23:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-10 01:08 - 2014-08-20 23:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-10 01:08 - 2014-08-20 23:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-10 01:08 - 2014-08-20 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-10 01:08 - 2014-08-11 19:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-04-10 01:08 - 2014-08-11 18:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-04-10 01:04 - 2015-02-03 20:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-04-10 01:04 - 2015-02-03 19:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-04-10 00:58 - 2015-04-10 00:58 - 00003194 _____ () C:\Windows\System32\Tasks\{A3DC74B6-8B51-4C8B-9EF6-E7A6F2FCC483}
2015-04-10 00:50 - 2015-04-10 00:52 - 00000000 _____ () C:\Users\Maho\AppData\Local\Temp.dat
2015-04-09 22:37 - 2015-04-09 22:37 - 00000000 ____D () C:\ProgramData\{689688da-0f5e-81d2-6896-688da0f52368}
2015-04-09 19:24 - 2015-04-09 19:24 - 00000000 ____D () C:\Users\Maho\AppData\Local\{FDB4E24F-1A93-4BC2-82D7-412239F95C95}
2015-04-09 19:20 - 2015-04-09 19:20 - 00000579 _____ () C:\Users\Maho\Desktop\thing.txt
2015-04-09 19:19 - 2015-04-10 01:21 - 00000000 ____D () C:\Program Files (x86)\IndepthMonitor
2015-04-09 19:19 - 2015-04-10 01:21 - 00000000 ____D () C:\Program Files (x86)\BrOwserENhhance
2015-04-04 15:19 - 2015-04-04 15:19 - 00000000 ____D () C:\ProgramData\89a771bdf7c3b09e
2015-04-03 23:44 - 2015-04-03 23:44 - 02637481 _____ () C:\Users\Maho\Documents\Cause Wut Again Easter Egg.xcf
2015-04-03 23:44 - 2015-04-03 23:44 - 00006032 _____ () C:\Users\Maho\AppData\Local\recently-used.xbel
2015-04-03 23:16 - 2015-04-11 01:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-02 23:43 - 2015-04-02 23:43 - 00000893 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2015-04-02 23:43 - 2015-04-02 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-04-02 23:43 - 2015-04-02 23:43 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2015-03-31 13:26 - 2015-03-31 13:26 - 00006657 _____ () C:\Users\Maho\Dragon story.txt
2015-03-28 22:25 - 2015-03-30 19:34 - 00000000 ____D () C:\Users\Maho\AppData\Local\Warframe
2015-03-28 22:25 - 2015-03-28 22:25 - 00002307 _____ () C:\Users\Maho\Desktop\Warframe.lnk
2015-03-28 22:25 - 2015-03-28 22:25 - 00000000 ____D () C:\Users\Maho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warframe
2015-03-28 13:32 - 2015-03-31 15:42 - 00000154 _____ () C:\Users\Maho\Unmentioned.txt
2015-03-26 02:44 - 2015-03-26 02:44 - 00000000 ____D () C:\Users\Maho\AppData\Local\{07EE141C-EC36-4659-8D2D-AEA1D09B44CB}
2015-03-25 17:31 - 2015-03-25 17:31 - 00000236 _____ () C:\Users\Maho\Fallas Department codes.txt
2015-03-24 06:39 - 2015-03-25 13:07 - 00000000 ____D () C:\Users\Maho\AppData\Roaming\Omerta
2015-03-24 05:05 - 2015-03-24 05:05 - 00000000 ____D () C:\Users\Maho\AppData\Roaming\Kalypso Media
2015-03-21 03:55 - 2015-03-21 16:27 - 00000000 ____D () C:\ProgramData\PopCap Games
2015-03-21 03:55 - 2015-03-21 04:38 - 00000029 _____ () C:\Windows\popcinfo.dat
2015-03-21 03:41 - 2015-03-21 03:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcap Game Collection
2015-03-21 03:41 - 2015-03-21 03:42 - 00000000 ____D () C:\Program Files (x86)\Popcap Game Collection
2015-03-21 02:36 - 2015-03-21 02:36 - 00000000 ____D () C:\Users\Maho\AppData\Roaming\JAM Software
2015-03-21 02:36 - 2015-03-21 02:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
2015-03-21 02:36 - 2015-03-21 02:36 - 00000000 ____D () C:\Program Files (x86)\JAM Software
2015-03-19 03:04 - 2015-03-19 03:04 - 00000000 ____D () C:\Users\Maho\AppData\Roaming\.atlauncher
2015-03-15 07:24 - 2015-03-15 07:25 - 00000000 ____D () C:\Users\Maho\AppData\Local\{CE129C41-04AE-43C0-A4D9-656ECE4F7E9F}
2015-03-14 20:49 - 2015-03-18 11:37 - 00001528 _____ () C:\Users\Maho\Poke server list.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-12 08:37 - 2014-11-26 03:14 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-12 08:33 - 2013-02-20 12:00 - 00000000 ____D () C:\Users\Maho\AppData\Roaming\Skype
2015-04-12 08:32 - 2015-01-18 12:59 - 00004923 _____ () C:\Windows\setupact.log
2015-04-12 08:22 - 2012-04-05 02:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-12 07:40 - 2012-05-30 00:38 - 01944964 _____ () C:\Windows\WindowsUpdate.log
2015-04-12 01:06 - 2012-10-13 13:03 - 00000000 ____D () C:\Users\Maho\AppData\Local\LogMeIn Hamachi
2015-04-12 00:37 - 2014-11-26 03:14 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-11 14:06 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2015-04-11 12:16 - 2014-02-01 01:45 - 00000000 ____D () C:\Users\Maho\AppData\Local\Apps\2.0
2015-04-11 10:31 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Default
2015-04-11 10:22 - 2009-07-13 21:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-11 10:22 - 2009-07-13 21:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-11 10:16 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-11 10:14 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-11 10:13 - 2015-02-10 04:39 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-04-11 10:13 - 2015-01-18 12:59 - 00164334 _____ () C:\Windows\PFRO.log
2015-04-11 10:13 - 2012-12-03 21:36 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-11 10:12 - 2012-10-12 04:36 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-11 09:54 - 2015-01-15 00:37 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-11 09:50 - 2012-11-09 09:30 - 00000000 ____D () C:\Users\Maho\AppData\Roaming\uTorrent
2015-04-11 01:21 - 2014-11-24 16:37 - 00000000 ____D () C:\Users\Maho\AppData\Local\NexonLauncher
2015-04-11 01:20 - 2012-10-13 02:21 - 00000000 ____D () C:\Users\Maho\Tracing
2015-04-11 01:10 - 2014-09-06 11:14 - 00000227 _____ () C:\Users\Maho\BullseyeCoverageError.txt
2015-04-11 01:10 - 2014-09-06 11:14 - 00000000 ____D () C:\Users\Maho\AppData\Local\Unity
2015-04-11 01:07 - 2013-09-21 07:57 - 00000000 ____D () C:\bowep
2015-04-10 21:38 - 2014-01-03 17:56 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-04-10 21:24 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-04-10 21:11 - 2009-07-13 21:45 - 00299032 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-10 13:49 - 2014-09-16 01:39 - 00000000 ____D () C:\Users\Maho\Desktop\NEW TES CENTER
2015-04-10 01:52 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-10 01:49 - 2012-11-04 17:14 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-10 01:47 - 2013-09-17 08:31 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-10 01:21 - 2015-02-26 13:16 - 00000000 ____D () C:\Program Files (x86)\IncrementEdit
2015-04-10 01:08 - 2013-03-04 01:04 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-04-10 00:49 - 2015-02-08 20:31 - 00000000 ____D () C:\ProgramData\Apple
2015-04-10 00:45 - 2013-09-19 12:07 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-10 00:44 - 2015-02-10 07:10 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-04-10 00:44 - 2015-02-10 07:08 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-04-10 00:44 - 2014-08-25 22:28 - 00000000 ____D () C:\Program Files\Java
2015-04-10 00:44 - 2014-01-03 18:57 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-09 21:16 - 2012-04-05 02:41 - 00000000 ____D () C:\ProgramData\Skype
2015-04-09 19:23 - 2014-01-03 17:56 - 00000000 ____D () C:\ProgramData\ProductData
2015-04-09 19:18 - 2015-02-07 03:23 - 00000000 ____D () C:\ProgramData\{9b1946d1-f9bd-1746-9b19-946d1f9b1b47}
2015-04-09 18:19 - 2014-10-01 23:09 - 00000000 ____D () C:\Users\Maho\Downloads\Not Porn
2015-04-06 15:20 - 2014-10-01 23:08 - 00000000 ____D () C:\Users\Maho\.gimp-2.8
2015-04-06 01:16 - 2012-10-08 16:09 - 00000000 ____D () C:\Users\Maho
2015-04-04 15:19 - 2015-03-05 15:36 - 00000000 ____D () C:\Program Files (x86)\MionImUmPrice
2015-04-03 23:44 - 2014-10-01 23:17 - 00000000 ____D () C:\Users\Maho\AppData\Local\gtk-2.0
2015-03-30 15:25 - 2012-11-16 03:21 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2015-03-28 22:25 - 2015-02-08 04:08 - 00410295 _____ () C:\Windows\DirectX.log
2015-03-25 12:00 - 2012-10-12 04:43 - 00000000 ___RD () C:\Users\Maho\Desktop\Icona
2015-03-22 17:36 - 2012-10-12 17:16 - 00000000 ____D () C:\Users\Maho\Documents\My Games
2015-03-22 06:32 - 2012-10-09 22:02 - 00000000 ____D () C:\Users\Maho\AppData\Local\Adobe
2015-03-22 06:32 - 2012-04-05 02:57 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-22 06:32 - 2012-04-05 02:57 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-22 06:32 - 2012-04-05 02:57 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-21 03:47 - 2012-10-12 04:46 - 00000000 ____D () C:\Users\Maho\Desktop\Games
2015-03-21 03:41 - 2014-02-07 16:18 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-21 03:38 - 2012-11-16 10:00 - 00000000 ____D () C:\Users\Maho\Downloads\Torrential
2015-03-21 02:18 - 2013-10-01 06:00 - 00000000 ____D () C:\Users\Maho\Downloads\~Kluster
2015-03-21 01:31 - 2013-07-28 14:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-03-21 01:31 - 2012-11-26 08:00 - 00000000 ____D () C:\Users\Maho\AppData\Roaming\RenPy
2015-03-21 01:31 - 2009-07-13 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-21 01:14 - 2014-04-21 01:48 - 00000000 ____D () C:\Program Files (x86)\GamersFirst
2015-03-20 09:00 - 2014-09-18 07:11 - 00000000 ____D () C:\Users\Maho\AppData\Local\Glyph
2015-03-20 09:00 - 2014-09-18 07:11 - 00000000 ____D () C:\ProgramData\Glyph
2015-03-20 09:00 - 2014-09-18 07:11 - 00000000 ____D () C:\Program Files (x86)\Glyph
2015-03-20 08:59 - 2014-09-19 13:52 - 00000000 ____D () C:\Users\Maho\Documents\ArcheAge
2015-03-16 20:44 - 2014-08-25 22:44 - 00000091 _____ () C:\Users\Maho\.atl.properties
2015-03-16 03:34 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2015-04-10 21:22 - 2015-04-10 21:22 - 0000020 _____ () C:\Users\Maho\AppData\Roaming\appdataFr3.bin
2013-11-03 08:11 - 2014-04-19 23:25 - 0005120 _____ () C:\Users\Maho\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-02 10:53 - 2015-01-02 10:53 - 0000000 ___SH () C:\Users\Maho\AppData\Local\LumaEmu
2015-04-03 23:44 - 2015-04-03 23:44 - 0006032 _____ () C:\Users\Maho\AppData\Local\recently-used.xbel
2015-01-18 12:16 - 2015-01-18 12:16 - 0000017 _____ () C:\Users\Maho\AppData\Local\resmon.resmoncfg
2013-06-08 19:28 - 2013-06-08 19:34 - 0001660 _____ () C:\Users\Maho\AppData\Local\RT2870_{273491A8-720E-488A-BA67-8634330FD3D1}_prof
2013-06-08 19:28 - 2013-06-08 19:34 - 0000834 _____ () C:\Users\Maho\AppData\Local\RT2870_{273491A8-720E-488A-BA67-8634330FD3D1}_sta
2013-06-08 19:33 - 2013-09-19 17:33 - 0001001 _____ () C:\Users\Maho\AppData\Local\RT2870_{273491A8-720E-488A-BA67-8634330FD3D1}_wsc
2014-10-15 05:31 - 2014-10-15 05:31 - 0001001 _____ () C:\Users\Maho\AppData\Local\RT2870_{65DDC21C-8F56-4098-BCA3-ECD6742EF3FF}_wsc
2015-04-10 00:50 - 2015-04-10 00:52 - 0011742 _____ () C:\Users\Maho\AppData\Local\Temp-log.txt
2015-04-10 00:50 - 2015-04-10 00:52 - 0000000 _____ () C:\Users\Maho\AppData\Local\Temp.dat
2012-12-10 22:17 - 2012-12-10 22:17 - 0000000 _____ () C:\ProgramData\IpAndPort.fig
2012-12-10 22:17 - 2012-12-10 22:17 - 0000193 _____ () C:\ProgramData\RmUserCfg.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-04 00:31

==================== End Of Log ============================

 

 

Addition.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2015
Ran by Maho (administrator) on MROREO on 12-04-2015 08:39:56
Running from C:\Users\Maho\Downloads
Loaded Profiles: Maho (Available profiles: Maho)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\afwServ.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [GamecomSound] => C:\Program Files\Plantronics\GameCom780\GameCom780.exe [776480 2013-03-22] ()
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2011-12-04] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe [636520 2012-02-06] ()
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-10] (Avast Software s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2528547947-2264141269-27911573-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-09] (Valve Corporation)
HKU\S-1-5-21-2528547947-2264141269-27911573-1000\...\Run: [Medialink Utilty] => C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe [2281488 2009-08-21] ()
HKU\S-1-5-21-2528547947-2264141269-27911573-1000\...\Run: [uTorrent] => C:\Users\Maho\AppData\Roaming\uTorrent\uTorrent.exe [1740880 2015-02-28] (BitTorrent Inc.)
HKU\S-1-5-21-2528547947-2264141269-27911573-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBA.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2528547947-2264141269-27911573-1000\...\Run: [EPLTarget\P0000000000000002] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIBE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2528547947-2264141269-27911573-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBA.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2528547947-2264141269-27911573-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Gateway.scr [456224 2010-07-29] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk
ShortcutTarget: NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files (x86)\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
Startup: C:\Users\Maho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
Startup: C:\Users\Maho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nexon Launcher.lnk
ShortcutTarget: Nexon Launcher.lnk -> C:\Program Files (x86)\Nexon\Nexon Launcher\nexon_launcher.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (Avast Software s.r.o.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2528547947-2264141269-27911573-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2528547947-2264141269-27911573-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=MAGW
HKU\S-1-5-21-2528547947-2264141269-27911573-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2528547947-2264141269-27911573-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2528547947-2264141269-27911573-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2528547947-2264141269-27911573-1000 -> {0BE81947-05FF-4356-8A50-C505F7534416} URL = http://www.bing.com/search?q={searchTerms}&r=407
SearchScopes: HKU\S-1-5-21-2528547947-2264141269-27911573-1000 -> {B3D637CD-B203-4809-95BD-A555588E5FA6} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2528547947-2264141269-27911573-1000 -> {EA37B438-6A31-4C9A-A45C-3AE4745E69A9} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-10] (Avast Software s.r.o.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-10] (Avast Software s.r.o.)

FireFox:
========
FF ProfilePath: C:\Users\Maho\AppData\Roaming\Mozilla\Firefox\Profiles\ghll6kw0.default-1428726798376
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-22] ()
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-10] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-22] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-10] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-12-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-12-12] (NVIDIA Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Maho\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2528547947-2264141269-27911573-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll [2012-10-24] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-2528547947-2264141269-27911573-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-02-08] ()
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Maho\AppData\Roaming\Mozilla\Firefox\Profiles\ghll6kw0.default-1428726798376\Extensions\elemhidehelper@adblockplus.org.xpi [2015-04-11]
FF Extension: Adblock Plus - C:\Users\Maho\AppData\Roaming\Mozilla\Firefox\Profiles\ghll6kw0.default-1428726798376\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-11]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2012-12-24]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-04-10]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Maho\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Maho\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-26]
CHR Extension: (Google Drive) - C:\Users\Maho\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-26]
CHR Extension: (YouTube) - C:\Users\Maho\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-26]
CHR Extension: (Google Search) - C:\Users\Maho\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-26]
CHR Extension: (Avast Online Security) - C:\Users\Maho\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-10]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-10] (Avast Software s.r.o.)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-04-10] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4030800 2015-04-10] (Avast Software)
S3 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2012-12-09] (BioWare)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2630432 2014-11-04] (IObit)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-03-30] (LogMeIn, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-11-15] ()
S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [File not signed]
R2 UDisk Monitor; C:\Program Files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe [512000 2011-05-12] () [File not signed]
S2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [307928 2013-11-11] ()
S2 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [38424 2011-07-07] (Google Inc)
S3 androidusb; C:\Windows\SysWOW64\Drivers\androidusb.sys [25728 2010-08-07] (Google Inc)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-10] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-04-10] (Avast Software s.r.o.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-10] (Avast Software s.r.o.)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449896 2015-04-10] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-10] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-10] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-10] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-10] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-10] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-10] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-02-09] ()
S3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2013-08-05] (Echobit, LLC)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-02-09] ()
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [18456 2011-07-07] (HandSet Incorporated)
S3 massfilter_hs; C:\Windows\SysWOW64\drivers\massfilter_hs.sys [9216 2010-06-28] (HandSet Incorporated) [File not signed]
S3 MBAMSwissArmy; No ImagePath
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 PlantronicsGC; C:\Windows\System32\drivers\PLTGC.sys [1328128 2013-02-07] (C-Media Electronics Inc)
S1 SDHookDriver; No ImagePath
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-04-10] (Avast Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz137; \??\C:\Users\Maho\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 netr28x; system32\DRIVERS\netr28x.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-12 08:38 - 2015-04-12 08:38 - 00000000 ____D () C:\Users\Maho\Downloads\FRST-OlderVersion
2015-04-11 11:23 - 2015-04-11 11:23 - 00056544 _____ () C:\Users\Maho\Downloads\Addition.txt
2015-04-11 11:22 - 2015-04-12 08:40 - 00021794 _____ () C:\Users\Maho\Downloads\FRST.txt
2015-04-11 11:21 - 2015-04-12 08:39 - 00000000 ____D () C:\FRST
2015-04-11 11:21 - 2015-04-12 08:38 - 02096640 _____ (Farbar) C:\Users\Maho\Downloads\FRST64.exe
2015-04-11 10:31 - 2015-04-11 10:31 - 00113101 _____ () C:\ComboFix.txt
2015-04-11 09:54 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-11 09:54 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-11 09:54 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-11 09:54 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-11 09:54 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-11 09:54 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-11 09:54 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-11 09:54 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-11 09:51 - 2015-04-11 10:31 - 00000000 ____D () C:\Qoobox
2015-04-11 09:50 - 2015-04-11 10:22 - 00000000 ____D () C:\Windows\erdnt
2015-04-11 09:50 - 2015-04-11 09:50 - 05617275 ____R (Swearware) C:\Users\Maho\Downloads\ComboFix.exe
2015-04-11 01:15 - 2015-04-11 01:15 - 00001126 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-11 01:15 - 2015-04-11 01:15 - 00001114 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-11 01:15 - 2015-04-11 01:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-11 01:00 - 2015-04-11 01:00 - 40866864 _____ () C:\Users\Maho\Downloads\Firefox Setup 37.0.1.exe
2015-04-10 21:23 - 2015-04-10 21:24 - 00000000 ____D () C:\Users\Maho\AppData\Local\{F37A7244-449B-48F5-8BCD-5E14D70CE76A}
2015-04-10 21:22 - 2015-04-10 21:22 - 00000020 _____ () C:\Users\Maho\AppData\Roaming\appdataFr3.bin
2015-04-10 01:19 - 2015-04-10 01:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2015-04-10 01:16 - 2015-04-10 01:25 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-04-10 01:16 - 2015-04-10 01:25 - 00000000 ____D () C:\Windows\system32\vbox
2015-04-10 01:16 - 2015-04-10 01:16 - 00000000 ____D () C:\Users\Maho\AppData\Roaming\AVAST Software
2015-04-10 01:15 - 2015-04-11 01:17 - 00002082 _____ () C:\Users\Public\Desktop\Avast Premier.lnk
2015-04-10 01:15 - 2015-04-10 01:15 - 00001989 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk
2015-04-10 01:15 - 2015-04-10 01:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-04-10 01:14 - 2015-04-11 01:20 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-10 01:14 - 2015-04-10 01:14 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-04-10 01:14 - 2015-04-10 01:14 - 00449896 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswNdisFlt.sys
2015-04-10 01:14 - 2015-04-10 01:14 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-04-10 01:14 - 2015-04-10 01:14 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-04-10 01:14 - 2015-04-10 01:14 - 00271200 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-04-10 01:14 - 2015-04-10 01:14 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-04-10 01:14 - 2015-04-10 01:14 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-04-10 01:14 - 2015-04-10 01:14 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-04-10 01:14 - 2015-04-10 01:14 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-04-10 01:14 - 2015-04-10 01:14 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-10 01:14 - 2015-04-10 01:14 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-10 01:14 - 2015-04-10 01:14 - 00028144 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswKbd.sys
2015-04-10 01:11 - 2015-02-23 20:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-10 01:11 - 2015-02-23 19:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-10 01:11 - 2015-02-20 17:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-10 01:11 - 2015-02-20 17:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-10 01:11 - 2015-02-20 17:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-10 01:11 - 2015-02-20 17:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-10 01:11 - 2015-02-20 16:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-10 01:11 - 2015-02-19 20:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-10 01:11 - 2015-02-19 20:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-10 01:11 - 2015-02-19 19:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-10 01:11 - 2015-02-19 19:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-10 01:11 - 2015-02-19 19:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-10 01:11 - 2015-02-19 19:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-10 01:11 - 2015-02-19 19:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-10 01:11 - 2015-02-19 19:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-10 01:11 - 2015-02-19 19:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-10 01:11 - 2015-02-19 19:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-10 01:11 - 2015-02-19 19:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-10 01:11 - 2015-02-19 19:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-10 01:11 - 2015-02-19 19:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-10 01:11 - 2015-02-19 19:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-10 01:11 - 2015-02-19 19:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-10 01:11 - 2015-02-19 19:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-10 01:11 - 2015-02-19 19:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-10 01:11 - 2015-02-19 18:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-10 01:11 - 2015-02-19 18:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-10 01:11 - 2015-02-19 18:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-10 01:11 - 2015-02-19 18:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-10 01:11 - 2015-02-19 18:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-10 01:11 - 2015-02-19 18:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-10 01:11 - 2015-02-19 18:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-10 01:11 - 2015-02-19 18:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-10 01:11 - 2015-02-19 18:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-10 01:11 - 2015-02-19 18:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-10 01:11 - 2015-02-19 18:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-10 01:11 - 2015-02-19 18:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-10 01:11 - 2015-02-19 18:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-10 01:11 - 2015-02-19 17:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-10 01:11 - 2015-02-19 17:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-10 01:10 - 2015-02-20 18:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-10 01:10 - 2015-02-20 16:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-10 01:10 - 2015-02-19 19:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-10 01:10 - 2015-02-19 19:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-10 01:10 - 2015-02-19 19:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-10 01:10 - 2015-02-19 19:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-10 01:10 - 2015-02-19 19:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-10 01:10 - 2015-02-19 19:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-10 01:10 - 2015-02-19 19:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-10 01:10 - 2015-02-19 19:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-10 01:10 - 2015-02-19 19:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-10 01:10 - 2015-02-19 19:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-10 01:10 - 2015-02-19 18:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-10 01:10 - 2015-02-19 18:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-10 01:10 - 2015-02-19 18:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-10 01:10 - 2015-02-19 18:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-10 01:10 - 2015-02-19 18:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-10 01:10 - 2015-02-12 22:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-04-10 01:10 - 2015-02-12 22:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-04-10 01:09 - 2015-04-10 01:09 - 00000000 ____D () C:\Program Files\AVAST Software
2015-04-10 01:09 - 2015-01-16 19:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-10 01:09 - 2015-01-16 19:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-04-10 01:09 - 2014-08-28 19:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-04-10 01:09 - 2014-07-16 19:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-04-10 01:09 - 2014-07-16 19:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-04-10 01:09 - 2014-07-16 19:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2015-04-10 01:09 - 2014-07-16 19:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2015-04-10 01:09 - 2014-07-16 18:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2015-04-10 01:09 - 2014-07-16 18:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-04-10 01:09 - 2014-07-16 18:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-04-10 01:08 - 2015-03-05 22:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-10 01:08 - 2015-03-05 22:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-10 01:08 - 2015-03-05 22:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-10 01:08 - 2015-03-05 22:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-10 01:08 - 2015-03-05 22:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-10 01:08 - 2015-03-05 22:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-10 01:08 - 2015-03-05 22:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-10 01:08 - 2015-03-05 22:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-10 01:08 - 2015-03-05 22:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-10 01:08 - 2015-03-05 22:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-10 01:08 - 2015-03-05 22:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-10 01:08 - 2015-03-05 22:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-10 01:08 - 2015-03-05 22:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-10 01:08 - 2015-03-05 22:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-10 01:08 - 2015-03-05 22:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-10 01:08 - 2015-03-05 22:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-10 01:08 - 2015-03-05 22:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-10 01:08 - 2015-03-05 22:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-10 01:08 - 2015-03-05 22:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-10 01:08 - 2015-03-05 22:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-10 01:08 - 2015-03-05 22:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-10 01:08 - 2015-03-05 22:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-10 01:08 - 2015-03-05 22:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-10 01:08 - 2015-03-05 22:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-10 01:08 - 2015-03-05 22:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-10 01:08 - 2015-03-05 22:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-10 01:08 - 2015-03-05 22:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-10 01:08 - 2015-03-05 22:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-10 01:08 - 2015-03-05 22:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-10 01:08 - 2015-03-05 22:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-10 01:08 - 2015-03-05 22:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-10 01:08 - 2015-02-25 20:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-04-10 01:08 - 2015-02-02 20:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-04-10 01:08 - 2015-02-02 20:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-04-10 01:08 - 2015-01-30 16:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-04-10 01:08 - 2015-01-13 23:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-10 01:08 - 2015-01-13 23:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-10 01:08 - 2015-01-13 23:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-10 01:08 - 2015-01-13 23:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-10 01:08 - 2015-01-13 22:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-10 01:08 - 2015-01-13 22:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-10 01:08 - 2015-01-13 22:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-10 01:08 - 2014-12-11 10:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-04-10 01:08 - 2014-12-07 20:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-04-10 01:08 - 2014-12-07 19:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-04-10 01:08 - 2014-11-10 20:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-04-10 01:08 - 2014-11-10 19:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-04-10 01:08 - 2014-10-24 18:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-04-10 01:08 - 2014-10-24 18:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-04-10 01:08 - 2014-10-17 19:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-04-10 01:08 - 2014-10-17 18:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-04-10 01:08 - 2014-10-02 19:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-04-10 01:08 - 2014-10-02 19:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-04-10 01:08 - 2014-10-02 19:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-04-10 01:08 - 2014-10-02 19:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-04-10 01:08 - 2014-10-02 19:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-04-10 01:08 - 2014-10-02 18:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-04-10 01:08 - 2014-10-02 18:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-04-10 01:08 - 2014-10-02 18:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-04-10 01:08 - 2014-09-03 22:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-04-10 01:08 - 2014-09-03 22:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2015-04-10 01:08 - 2014-08-29 19:10 - 06583296 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-04-10 01:08 - 2014-08-29 18:50 - 05702656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-04-10 01:08 - 2014-08-20 23:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-10 01:08 - 2014-08-20 23:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-10 01:08 - 2014-08-20 23:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-10 01:08 - 2014-08-20 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-10 01:08 - 2014-08-11 19:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-04-10 01:08 - 2014-08-11 18:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-04-10 01:04 - 2015-02-03 20:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-04-10 01:04 - 2015-02-03 19:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-04-10 00:58 - 2015-04-10 00:58 - 00003194 _____ () C:\Windows\System32\Tasks\{A3DC74B6-8B51-4C8B-9EF6-E7A6F2FCC483}
2015-04-10 00:50 - 2015-04-10 00:52 - 00000000 _____ () C:\Users\Maho\AppData\Local\Temp.dat
2015-04-09 22:37 - 2015-04-09 22:37 - 00000000 ____D () C:\ProgramData\{689688da-0f5e-81d2-6896-688da0f52368}
2015-04-09 19:24 - 2015-04-09 19:24 - 00000000 ____D () C:\Users\Maho\AppData\Local\{FDB4E24F-1A93-4BC2-82D7-412239F95C95}
2015-04-09 19:20 - 2015-04-09 19:20 - 00000579 _____ () C:\Users\Maho\Desktop\thing.txt
2015-04-09 19:19 - 2015-04-10 01:21 - 00000000 ____D () C:\Program Files (x86)\IndepthMonitor
2015-04-09 19:19 - 2015-04-10 01:21 - 00000000 ____D () C:\Program Files (x86)\BrOwserENhhance
2015-04-04 15:19 - 2015-04-04 15:19 - 00000000 ____D () C:\ProgramData\89a771bdf7c3b09e
2015-04-03 23:44 - 2015-04-03 23:44 - 02637481 _____ () C:\Users\Maho\Documents\Cause Wut Again Easter Egg.xcf
2015-04-03 23:44 - 2015-04-03 23:44 - 00006032 _____ () C:\Users\Maho\AppData\Local\recently-used.xbel
2015-04-03 23:16 - 2015-04-11 01:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-02 23:43 - 2015-04-02 23:43 - 00000893 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2015-04-02 23:43 - 2015-04-02 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-04-02 23:43 - 2015-04-02 23:43 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2015-03-31 13:26 - 2015-03-31 13:26 - 00006657 _____ () C:\Users\Maho\Dragon story.txt
2015-03-28 22:25 - 2015-03-30 19:34 - 00000000 ____D () C:\Users\Maho\AppData\Local\Warframe
2015-03-28 22:25 - 2015-03-28 22:25 - 00002307 _____ () C:\Users\Maho\Desktop\Warframe.lnk
2015-03-28 22:25 - 2015-03-28 22:25 - 00000000 ____D () C:\Users\Maho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warframe
2015-03-28 13:32 - 2015-03-31 15:42 - 00000154 _____ () C:\Users\Maho\Unmentioned.txt
2015-03-26 02:44 - 2015-03-26 02:44 - 00000000 ____D () C:\Users\Maho\AppData\Local\{07EE141C-EC36-4659-8D2D-AEA1D09B44CB}
2015-03-25 17:31 - 2015-03-25 17:31 - 00000236 _____ () C:\Users\Maho\Fallas Department codes.txt
2015-03-24 06:39 - 2015-03-25 13:07 - 00000000 ____D () C:\Users\Maho\AppData\Roaming\Omerta
2015-03-24 05:05 - 2015-03-24 05:05 - 00000000 ____D () C:\Users\Maho\AppData\Roaming\Kalypso Media
2015-03-21 03:55 - 2015-03-21 16:27 - 00000000 ____D () C:\ProgramData\PopCap Games
2015-03-21 03:55 - 2015-03-21 04:38 - 00000029 _____ () C:\Windows\popcinfo.dat
2015-03-21 03:41 - 2015-03-21 03:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcap Game Collection
2015-03-21 03:41 - 2015-03-21 03:42 - 00000000 ____D () C:\Program Files (x86)\Popcap Game Collection
2015-03-21 02:36 - 2015-03-21 02:36 - 00000000 ____D () C:\Users\Maho\AppData\Roaming\JAM Software
2015-03-21 02:36 - 2015-03-21 02:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
2015-03-21 02:36 - 2015-03-21 02:36 - 00000000 ____D () C:\Program Files (x86)\JAM Software
2015-03-19 03:04 - 2015-03-19 03:04 - 00000000 ____D () C:\Users\Maho\AppData\Roaming\.atlauncher
2015-03-15 07:24 - 2015-03-15 07:25 - 00000000 ____D () C:\Users\Maho\AppData\Local\{CE129C41-04AE-43C0-A4D9-656ECE4F7E9F}
2015-03-14 20:49 - 2015-03-18 11:37 - 00001528 _____ () C:\Users\Maho\Poke server list.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-12 08:37 - 2014-11-26 03:14 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-12 08:33 - 2013-02-20 12:00 - 00000000 ____D () C:\Users\Maho\AppData\Roaming\Skype
2015-04-12 08:32 - 2015-01-18 12:59 - 00004923 _____ () C:\Windows\setupact.log
2015-04-12 08:22 - 2012-04-05 02:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-12 07:40 - 2012-05-30 00:38 - 01944964 _____ () C:\Windows\WindowsUpdate.log
2015-04-12 01:06 - 2012-10-13 13:03 - 00000000 ____D () C:\Users\Maho\AppData\Local\LogMeIn Hamachi
2015-04-12 00:37 - 2014-11-26 03:14 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-11 14:06 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2015-04-11 12:16 - 2014-02-01 01:45 - 00000000 ____D () C:\Users\Maho\AppData\Local\Apps\2.0
2015-04-11 10:31 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Default
2015-04-11 10:22 - 2009-07-13 21:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-11 10:22 - 2009-07-13 21:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-11 10:16 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-11 10:14 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-11 10:13 - 2015-02-10 04:39 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-04-11 10:13 - 2015-01-18 12:59 - 00164334 _____ () C:\Windows\PFRO.log
2015-04-11 10:13 - 2012-12-03 21:36 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-11 10:12 - 2012-10-12 04:36 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-11 09:54 - 2015-01-15 00:37 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-11 09:50 - 2012-11-09 09:30 - 00000000 ____D () C:\Users\Maho\AppData\Roaming\uTorrent
2015-04-11 01:21 - 2014-11-24 16:37 - 00000000 ____D () C:\Users\Maho\AppData\Local\NexonLauncher
2015-04-11 01:20 - 2012-10-13 02:21 - 00000000 ____D () C:\Users\Maho\Tracing
2015-04-11 01:10 - 2014-09-06 11:14 - 00000227 _____ () C:\Users\Maho\BullseyeCoverageError.txt
2015-04-11 01:10 - 2014-09-06 11:14 - 00000000 ____D () C:\Users\Maho\AppData\Local\Unity
2015-04-11 01:07 - 2013-09-21 07:57 - 00000000 ____D () C:\bowep
2015-04-10 21:38 - 2014-01-03 17:56 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-04-10 21:24 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-04-10 21:11 - 2009-07-13 21:45 - 00299032 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-10 13:49 - 2014-09-16 01:39 - 00000000 ____D () C:\Users\Maho\Desktop\NEW TES CENTER
2015-04-10 01:52 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-10 01:49 - 2012-11-04 17:14 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-10 01:47 - 2013-09-17 08:31 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-10 01:21 - 2015-02-26 13:16 - 00000000 ____D () C:\Program Files (x86)\IncrementEdit
2015-04-10 01:08 - 2013-03-04 01:04 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-04-10 00:49 - 2015-02-08 20:31 - 00000000 ____D () C:\ProgramData\Apple
2015-04-10 00:45 - 2013-09-19 12:07 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-10 00:44 - 2015-02-10 07:10 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-04-10 00:44 - 2015-02-10 07:08 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-04-10 00:44 - 2014-08-25 22:28 - 00000000 ____D () C:\Program Files\Java
2015-04-10 00:44 - 2014-01-03 18:57 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-09 21:16 - 2012-04-05 02:41 - 00000000 ____D () C:\ProgramData\Skype
2015-04-09 19:23 - 2014-01-03 17:56 - 00000000 ____D () C:\ProgramData\ProductData
2015-04-09 19:18 - 2015-02-07 03:23 - 00000000 ____D () C:\ProgramData\{9b1946d1-f9bd-1746-9b19-946d1f9b1b47}
2015-04-09 18:19 - 2014-10-01 23:09 - 00000000 ____D () C:\Users\Maho\Downloads\Not Porn
2015-04-06 15:20 - 2014-10-01 23:08 - 00000000 ____D () C:\Users\Maho\.gimp-2.8
2015-04-06 01:16 - 2012-10-08 16:09 - 00000000 ____D () C:\Users\Maho
2015-04-04 15:19 - 2015-03-05 15:36 - 00000000 ____D () C:\Program Files (x86)\MionImUmPrice
2015-04-03 23:44 - 2014-10-01 23:17 - 00000000 ____D () C:\Users\Maho\AppData\Local\gtk-2.0
2015-03-30 15:25 - 2012-11-16 03:21 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2015-03-28 22:25 - 2015-02-08 04:08 - 00410295 _____ () C:\Windows\DirectX.log
2015-03-25 12:00 - 2012-10-12 04:43 - 00000000 ___RD () C:\Users\Maho\Desktop\Icona
2015-03-22 17:36 - 2012-10-12 17:16 - 00000000 ____D () C:\Users\Maho\Documents\My Games
2015-03-22 06:32 - 2012-10-09 22:02 - 00000000 ____D () C:\Users\Maho\AppData\Local\Adobe
2015-03-22 06:32 - 2012-04-05 02:57 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-22 06:32 - 2012-04-05 02:57 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-22 06:32 - 2012-04-05 02:57 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-21 03:47 - 2012-10-12 04:46 - 00000000 ____D () C:\Users\Maho\Desktop\Games
2015-03-21 03:41 - 2014-02-07 16:18 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-21 03:38 - 2012-11-16 10:00 - 00000000 ____D () C:\Users\Maho\Downloads\Torrential
2015-03-21 02:18 - 2013-10-01 06:00 - 00000000 ____D () C:\Users\Maho\Downloads\~Kluster
2015-03-21 01:31 - 2013-07-28 14:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-03-21 01:31 - 2012-11-26 08:00 - 00000000 ____D () C:\Users\Maho\AppData\Roaming\RenPy
2015-03-21 01:31 - 2009-07-13 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-21 01:14 - 2014-04-21 01:48 - 00000000 ____D () C:\Program Files (x86)\GamersFirst
2015-03-20 09:00 - 2014-09-18 07:11 - 00000000 ____D () C:\Users\Maho\AppData\Local\Glyph
2015-03-20 09:00 - 2014-09-18 07:11 - 00000000 ____D () C:\ProgramData\Glyph
2015-03-20 09:00 - 2014-09-18 07:11 - 00000000 ____D () C:\Program Files (x86)\Glyph
2015-03-20 08:59 - 2014-09-19 13:52 - 00000000 ____D () C:\Users\Maho\Documents\ArcheAge
2015-03-16 20:44 - 2014-08-25 22:44 - 00000091 _____ () C:\Users\Maho\.atl.properties
2015-03-16 03:34 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2015-04-10 21:22 - 2015-04-10 21:22 - 0000020 _____ () C:\Users\Maho\AppData\Roaming\appdataFr3.bin
2013-11-03 08:11 - 2014-04-19 23:25 - 0005120 _____ () C:\Users\Maho\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-02 10:53 - 2015-01-02 10:53 - 0000000 ___SH () C:\Users\Maho\AppData\Local\LumaEmu
2015-04-03 23:44 - 2015-04-03 23:44 - 0006032 _____ () C:\Users\Maho\AppData\Local\recently-used.xbel
2015-01-18 12:16 - 2015-01-18 12:16 - 0000017 _____ () C:\Users\Maho\AppData\Local\resmon.resmoncfg
2013-06-08 19:28 - 2013-06-08 19:34 - 0001660 _____ () C:\Users\Maho\AppData\Local\RT2870_{273491A8-720E-488A-BA67-8634330FD3D1}_prof
2013-06-08 19:28 - 2013-06-08 19:34 - 0000834 _____ () C:\Users\Maho\AppData\Local\RT2870_{273491A8-720E-488A-BA67-8634330FD3D1}_sta
2013-06-08 19:33 - 2013-09-19 17:33 - 0001001 _____ () C:\Users\Maho\AppData\Local\RT2870_{273491A8-720E-488A-BA67-8634330FD3D1}_wsc
2014-10-15 05:31 - 2014-10-15 05:31 - 0001001 _____ () C:\Users\Maho\AppData\Local\RT2870_{65DDC21C-8F56-4098-BCA3-ECD6742EF3FF}_wsc
2015-04-10 00:50 - 2015-04-10 00:52 - 0011742 _____ () C:\Users\Maho\AppData\Local\Temp-log.txt
2015-04-10 00:50 - 2015-04-10 00:52 - 0000000 _____ () C:\Users\Maho\AppData\Local\Temp.dat
2012-12-10 22:17 - 2012-12-10 22:17 - 0000000 _____ () C:\ProgramData\IpAndPort.fig
2012-12-10 22:17 - 2012-12-10 22:17 - 0000193 _____ () C:\ProgramData\RmUserCfg.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-04 00:31

==================== End Of Log ============================



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:47 AM

Posted 12 April 2015 - 11:37 AM

OK.

Step 1
  • Please download and install revouninstaller.pngRevo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s) to remove it:
    IncrementEdit
    ManticoreInspector
    Search Protection
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish
Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.

Edited by deeprybka, 12 April 2015 - 11:39 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 Maholix

Maholix
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:47 PM

Posted 12 April 2015 - 12:44 PM

Did as requested. Uninstalled IncrementEdit and ManticoreInspector using Revo, however search protection failed to show up as a listed program, so I'm not sure what to do about that. It does appear that adw cleaner found it though.

 

 

Adwcleaner Log:

# AdwCleaner v4.201 - Logfile created 12/04/2015 at 10:32:29
# Updated 08/04/2015 by Xplode
# Database : 2015-04-08.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Maho - MROREO
# Running from : C:\Users\Maho\Downloads\adwcleaner_4.201.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\89a771bdf7c3b09e
Folder Deleted : C:\Program Files (x86)\MionImUmPrice
Folder Deleted : C:\Program Files (x86)\unisAles
Folder Deleted : C:\Users\Maho\AppData\Local\PackageAware
Folder Deleted : C:\Users\Maho\AppData\Local\DriverTuner
Folder Deleted : C:\Users\Maho\AppData\Roaming\Search Protection

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKCU\Software\5f48fdae234e845
Key Deleted : HKLM\SOFTWARE\c1e9ec2b-538e-0e64-c1cd-21a00fd3cc89
Key Deleted : HKLM\SOFTWARE\f2acc2bf-1454-f41f-7d5c-abd284f548a3
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{41F978F3-431A-4464-A789-5C0692D562FB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\DriverTuner_Init
Key Deleted : HKCU\Software\DriverTuner
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CA1838EF-A497-194E-3850-37A62CEE398B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\playsushi.com

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Mozilla Firefox v37.0.1 (x86 en-US)


-\\ Google Chrome v41.0.2272.118

[C:\Users\Maho\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

-\\ Chromium v


*************************

AdwCleaner[R0].txt - [3141 bytes] - [12/04/2015 10:29:48]
AdwCleaner[S0].txt - [2945 bytes] - [12/04/2015 10:32:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3004  bytes] ##########


Edited by Maholix, 12 April 2015 - 12:46 PM.


#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:47 AM

Posted 12 April 2015 - 12:54 PM

:thumbup2:

warning.gif P2P warning

Going over your logs I noticed that you have µTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via hidden2.png > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.
 
Step 1

v21logo.PNG

Please download and install Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif

Step 2

revouninstaller.pngRevo Uninstaller Free
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), to remove it:
    Google Chrome 
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish
Step 3

Reinstall Google Chrome. Download

Step 4

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 Maholix

Maholix
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:47 PM

Posted 12 April 2015 - 01:24 PM

Malwarebytes Log:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/12/2015
Scan Time: 10:58:37 AM
Logfile:
Administrator: Yes

Version: 2.01.4.1018
Malware Database: v2015.03.09.05
Rootkit Database: v2015.03.31.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Maho

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 389325
Time Elapsed: 11 min, 59 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.Multiplug, HKU\S-1-5-21-2528547947-2264141269-27911573-1000_Classes\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}, Quarantined, [c3b6b78cfa902c0ad7fa0c0eb44f1be5],
PUP.Optional.Multiplug, HKU\S-1-5-21-2528547947-2264141269-27911573-1000_Classes\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}, Quarantined, [c3b6b78cfa902c0ad7fa0c0eb44f1be5],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.TheAdBlock.A, C:\ProgramData\TheAdBlock, Quarantined, [1d5c350eee9c1026c12349497192956b],

Files: 2
PUP.Optional.OpenCandy, C:\Windows\Temp\avast_ash\GOM Media Player\GOMPLAYERENSETUP.EXE, Quarantined, [6d0c54ef74166fc75ecb0008e6209070],
PUP.Optional.TheAdBlock.A, C:\ProgramData\TheAdBlock\TheAdBlock.exe, Quarantined, [1d5c350eee9c1026c12349497192956b],

Physical Sectors: 0
(No malicious items detected)


(end)



Will now move on to revo to uninstall chrome as requested.



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:47 AM

Posted 12 April 2015 - 01:31 PM

Please follow my instructions more carefully:

 

1. rootkit-detection wasn't enabled.

2. database wasn't up-to-date

 

Please rerun Malwarebytes as instructed.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 Maholix

Maholix
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:47 PM

Posted 12 April 2015 - 01:46 PM

Hmm it says it's updated and the scan for rootkits is checked, but your right, the log clearly shows it as disabled. Would it be a good idea to run revo on malwarebytes and reinstall it?



#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:47 AM

Posted 12 April 2015 - 01:50 PM

Have you tried the "update now" option?


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 Maholix

Maholix
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:47 PM

Posted 12 April 2015 - 01:54 PM

I have. It comes back as "database is up to date" and the "scan for rootkits" option in settings is checked. But the log file shows that rootkit scans are disabled. I wonder if I have a curropt reg value.


Edited by Maholix, 12 April 2015 - 01:55 PM.


#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:47 AM

Posted 12 April 2015 - 01:59 PM

OK, please go ahead with the other steps.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 Maholix

Maholix
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:47 PM

Posted 12 April 2015 - 02:03 PM

I see that the farbar scan is saying "boot mode normal" in this log.. I know I right clicked the icon and told it to run as admin. I hope it's reading properly.

 

Farbar Scan Log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2015
Ran by Maho (administrator) on MROREO on 12-04-2015 12:00:46
Running from C:\Users\Maho\Downloads
Loaded Profiles: Maho (Available profiles: Maho)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\afwServ.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Plantronics\GameCom780\GameCom780.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
() C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHBA.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIIBE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHBA.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
() C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [GamecomSound] => C:\Program Files\Plantronics\GameCom780\GameCom780.exe [776480 2013-03-22] ()
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2011-12-04] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe [636520 2012-02-06] ()
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-10] (Avast Software s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2528547947-2264141269-27911573-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-09] (Valve Corporation)
HKU\S-1-5-21-2528547947-2264141269-27911573-1000\...\Run: [Medialink Utilty] => C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe [2281488 2009-08-21] ()
HKU\S-1-5-21-2528547947-2264141269-27911573-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBA.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2528547947-2264141269-27911573-1000\...\Run: [EPLTarget\P0000000000000002] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIBE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2528547947-2264141269-27911573-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBA.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2528547947-2264141269-27911573-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Gateway.scr [456224 2010-07-29] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk
ShortcutTarget: NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files (x86)\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
Startup: C:\Users\Maho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
Startup: C:\Users\Maho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nexon Launcher.lnk
ShortcutTarget: Nexon Launcher.lnk -> C:\Program Files (x86)\Nexon\Nexon Launcher\nexon_launcher.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (Avast Software s.r.o.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2528547947-2264141269-27911573-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2528547947-2264141269-27911573-1

 

 

Addition Log

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2015
Ran by Maho (administrator) on MROREO on 12-04-2015 12:00:46
Running from C:\Users\Maho\Downloads
Loaded Profiles: Maho (Available profiles: Maho)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\afwServ.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Plantronics\GameCom780\GameCom780.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
() C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHBA.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIIBE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHBA.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
() C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [GamecomSound] => C:\Program Files\Plantronics\GameCom780\GameCom780.exe [776480 2013-03-22] ()
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2011-12-04] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe [636520 2012-02-06] ()
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-10] (Avast Software s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2528547947-2264141269-27911573-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-09] (Valve Corporation)
HKU\S-1-5-21-2528547947-2264141269-27911573-1000\...\Run: [Medialink Utilty] => C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe [2281488 2009-08-21] ()
HKU\S-1-5-21-2528547947-2264141269-27911573-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBA.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2528547947-2264141269-27911573-1000\...\Run: [EPLTarget\P0000000000000002] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIBE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2528547947-2264141269-27911573-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBA.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2528547947-2264141269-27911573-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Gateway.scr [456224 2010-07-29] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk
ShortcutTarget: NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files (x86)\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
Startup: C:\Users\Maho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
Startup: C:\Users\Maho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nexon Launcher.lnk
ShortcutTarget: Nexon Launcher.lnk -> C:\Program Files (x86)\Nexon\Nexon Launcher\nexon_launcher.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (Avast Software s.r.o.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2528547947-2264141269-27911573-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2528547947-2264141269-27911573-1


Edited by Maholix, 12 April 2015 - 02:05 PM.


#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:47 AM

Posted 12 April 2015 - 02:10 PM

Please post the logs complete. :)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 Maholix

Maholix
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:47 PM

Posted 12 April 2015 - 02:18 PM


Sorry I thought I had it all. :blush:  This is why select all was invented! Let's try that again.

 

Farbar scan:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2015
Ran by Maho (administrator) on MROREO on 12-04-2015 12:00:46
Running from C:\Users\Maho\Downloads
Loaded Profiles: Maho (Available profiles: Maho)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\afwServ.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Plantronics\GameCom780\GameCom780.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
() C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHBA.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIIBE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHBA.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
() C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [GamecomSound] => C:\Program Files\Plantronics\GameCom780\GameCom780.exe [776480 2013-03-22] ()
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2011-12-04] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe [636520 2012-02-06] ()
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-10] (Avast Software s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2528547947-2264141269-27911573-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-09] (Valve Corporation)
HKU\S-1-5-21-2528547947-2264141269-27911573-1000\...\Run: [Medialink Utilty] => C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe [2281488 2009-08-21] ()
HKU\S-1-5-21-2528547947-2264141269-27911573-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBA.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2528547947-2264141269-27911573-1000\...\Run: [EPLTarget\P0000000000000002] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIBE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2528547947-2264141269-27911573-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBA.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2528547947-2264141269-27911573-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Gateway.scr [456224 2010-07-29] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk
ShortcutTarget: NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files (x86)\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
Startup: C:\Users\Maho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
Startup: C:\Users\Maho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nexon Launcher.lnk
ShortcutTarget: Nexon Launcher.lnk -> C:\Program Files (x86)\Nexon\Nexon Launcher\nexon_launcher.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (Avast Software s.r.o.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2528547947-2264141269-27911573-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2528547947-2264141269-27911573-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=MAGW
HKU\S-1-5-21-2528547947-2264141269-27911573-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2528547947-2264141269-27911573-1000 -> {0BE81947-05FF-4356-8A50-C505F7534416} URL = http://www.bing.com/search?q={searchTerms}&r=407
SearchScopes: HKU\S-1-5-21-2528547947-2264141269-27911573-1000 -> {B3D637CD-B203-4809-95BD-A555588E5FA6} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2528547947-2264141269-27911573-1000 -> {EA37B438-6A31-4C9A-A45C-3AE4745E69A9} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-10] (Avast Software s.r.o.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-10] (Avast Software s.r.o.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Maho\AppData\Roaming\Mozilla\Firefox\Profiles\ghll6kw0.default-1428726798376
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-22] ()
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-10] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-22] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-10] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-12-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-12-12] (NVIDIA Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Maho\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-12] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2528547947-2264141269-27911573-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll [2012-10-24] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-2528547947-2264141269-27911573-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-02-08] ()
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Maho\AppData\Roaming\Mozilla\Firefox\Profiles\ghll6kw0.default-1428726798376\Extensions\elemhidehelper@adblockplus.org.xpi [2015-04-11]
FF Extension: Adblock Plus - C:\Users\Maho\AppData\Roaming\Mozilla\Firefox\Profiles\ghll6kw0.default-1428726798376\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-11]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2012-12-24]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-04-10]

Chrome:
=======
CHR Profile: C:\Users\Maho\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Maho\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-12]
CHR Extension: (Docs) - C:\Users\Maho\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-12]
CHR Extension: (Google Drive) - C:\Users\Maho\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-12]
CHR Extension: (YouTube) - C:\Users\Maho\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-12]
CHR Extension: (Google Search) - C:\Users\Maho\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-12]
CHR Extension: (Google Wallet) - C:\Users\Maho\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-12]
CHR Extension: (Gmail) - C:\Users\Maho\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-12]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-10] (Avast Software s.r.o.)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-04-10] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4030800 2015-04-10] (Avast Software)
S3 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2012-12-09] (BioWare)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2630432 2014-11-04] (IObit)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-03-30] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-11-15] ()
S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [File not signed]
R2 UDisk Monitor; C:\Program Files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe [512000 2011-05-12] () [File not signed]
S2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [307928 2013-11-11] ()
S2 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [38424 2011-07-07] (Google Inc)
S3 androidusb; C:\Windows\SysWOW64\Drivers\androidusb.sys [25728 2010-08-07] (Google Inc)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-10] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-04-10] (Avast Software s.r.o.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-10] (Avast Software s.r.o.)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449896 2015-04-10] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-10] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-10] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-10] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-10] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-10] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-10] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-02-09] ()
S3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2013-08-05] (Echobit, LLC)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-02-09] ()
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [18456 2011-07-07] (HandSet Incorporated)
S3 massfilter_hs; C:\Windows\SysWOW64\drivers\massfilter_hs.sys [9216 2010-06-28] (HandSet Incorporated) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 PlantronicsGC; C:\Windows\System32\drivers\PLTGC.sys [1328128 2013-02-07] (C-Media Electronics Inc)
S1 SDHookDriver; No ImagePath
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-04-10] (Avast Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz137; \??\C:\Users\Maho\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 netr28x; system32\DRIVERS\netr28x.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-12 11:35 - 2015-04-12 11:41 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-12 11:35 - 2015-04-12 11:40 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-12 11:35 - 2015-04-12 11:35 - 00880208 _____ (Google Inc.) C:\Users\Maho\Downloads\ChromeSetup.exe
2015-04-12 11:35 - 2015-04-12 11:35 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-04-12 11:35 - 2015-04-12 11:35 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-04-12 11:35 - 2015-04-12 11:35 - 00002222 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-12 11:35 - 2015-04-12 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-12 11:31 - 2015-04-12 11:31 - 00000000 __SHD () C:\Users\Maho\AppData\Local\EmieBrowserModeList
2015-04-12 10:58 - 2015-04-12 11:41 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-12 10:58 - 2015-04-12 10:58 - 00001069 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-12 10:58 - 2015-04-12 10:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-12 10:58 - 2015-04-12 10:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-12 10:58 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-12 10:58 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-12 10:58 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-12 10:57 - 2015-04-12 10:57 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Maho\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-12 10:29 - 2015-04-12 10:32 - 00000000 ____D () C:\AdwCleaner
2015-04-12 10:28 - 2015-04-12 10:28 - 02217984 _____ () C:\Users\Maho\Downloads\adwcleaner_4.201.exe
2015-04-12 10:09 - 2015-04-12 10:09 - 00001231 _____ () C:\Users\Maho\Desktop\Revo Uninstaller.lnk
2015-04-12 10:09 - 2015-04-12 10:09 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-04-12 10:08 - 2015-04-12 10:08 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Maho\Downloads\revosetup.exe
2015-04-12 08:38 - 2015-04-12 08:38 - 00000000 ____D () C:\Users\Maho\Downloads\FRST-OlderVersion
2015-04-11 11:23 - 2015-04-12 11:43 - 00058138 _____ () C:\Users\Maho\Downloads\Addition.txt
2015-04-11 11:22 - 2015-04-12 12:00 - 00022969 _____ () C:\Users\Maho\Downloads\FRST.txt
2015-04-11 11:21 - 2015-04-12 12:00 - 00000000 ____D () C:\FRST
2015-04-11 11:21 - 2015-04-12 08:38 - 02096640 _____ (Farbar) C:\Users\Maho\Downloads\FRST64.exe
2015-04-11 10:31 - 2015-04-11 10:31 - 00113101 _____ () C:\ComboFix.txt
2015-04-11 09:54 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-11 09:54 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-11 09:54 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-11 09:54 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-11 09:54 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-11 09:54 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-11 09:54 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-11 09:54 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-11 09:51 - 2015-04-11 10:31 - 00000000 ____D () C:\Qoobox
2015-04-11 09:50 - 2015-04-11 10:22 - 00000000 ____D () C:\Windows\erdnt
2015-04-11 09:50 - 2015-04-11 09:50 - 05617275 ____R (Swearware) C:\Users\Maho\Downloads\ComboFix.exe
2015-04-11 01:15 - 2015-04-11 01:15 - 00001126 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-11 01:15 - 2015-04-11 01:15 - 00001114 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-11 01:15 - 2015-04-11 01:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-11 01:00 - 2015-04-11 01:00 - 40866864 _____ () C:\Users\Maho\Downloads\Firefox Setup 37.0.1.exe
2015-04-10 21:23 - 2015-04-10 21:24 - 00000000 ____D () C:\Users\Maho\AppData\Local\{F37A7244-449B-48F5-8BCD-5E14D70CE76A}
2015-04-10 21:22 - 2015-04-10 21:22 - 00000020 _____ () C:\Users\Maho\AppData\Roaming\appdataFr3.bin
2015-04-10 01:19 - 2015-04-10 01:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2015-04-10 01:16 - 2015-04-10 01:25 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-04-10 01:16 - 2015-04-10 01:25 - 00000000 ____D () C:\Windows\system32\vbox
2015-04-10 01:16 - 2015-04-10 01:16 - 00000000 ____D () C:\Users\Maho\AppData\Roaming\AVAST Software
2015-04-10 01:15 - 2015-04-11 01:17 - 00002082 _____ () C:\Users\Public\Desktop\Avast Premier.lnk
2015-04-10 01:15 - 2015-04-10 01:15 - 00001989 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk
2015-04-10 01:15 - 2015-04-10 01:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-04-10 01:14 - 2015-04-12 11:40 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-10 01:14 - 2015-04-10 01:14 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-04-10 01:14 - 2015-04-10 01:14 - 00449896 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswNdisFlt.sys
2015-04-10 01:14 - 2015-04-10 01:14 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-04-10 01:14 - 2015-04-10 01:14 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-04-10 01:14 - 2015-04-10 01:14 - 00271200 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-04-10 01:14 - 2015-04-10 01:14 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-04-10 01:14 - 2015-04-10 01:14 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-04-10 01:14 - 2015-04-10 01:14 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-04-10 01:14 - 2015-04-10 01:14 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-04-10 01:14 - 2015-04-10 01:14 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-10 01:14 - 2015-04-10 01:14 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-10 01:14 - 2015-04-10 01:14 - 00028144 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswKbd.sys
2015-04-10 01:11 - 2015-02-23 20:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-10 01:11 - 2015-02-23 19:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-10 01:11 - 2015-02-20 17:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-10 01:11 - 2015-02-20 17:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-10 01:11 - 2015-02-20 17:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-10 01:11 - 2015-02-20 17:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-10 01:11 - 2015-02-20 16:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-10 01:11 - 2015-02-19 20:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-10 01:11 - 2015-02-19 20:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-10 01:11 - 2015-02-19 19:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-10 01:11 - 2015-02-19 19:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-10 01:11 - 2015-02-19 19:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-10 01:11 - 2015-02-19 19:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-10 01:11 - 2015-02-19 19:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-10 01:11 - 2015-02-19 19:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-10 01:11 - 2015-02-19 19:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-10 01:11 - 2015-02-19 19:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-10 01:11 - 2015-02-19 19:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-10 01:11 - 2015-02-19 19:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-10 01:11 - 2015-02-19 19:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-10 01:11 - 2015-02-19 19:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-10 01:11 - 2015-02-19 19:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-10 01:11 - 2015-02-19 19:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-10 01:11 - 2015-02-19 19:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-10 01:11 - 2015-02-19 18:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-10 01:11 - 2015-02-19 18:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-10 01:11 - 2015-02-19 18:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-10 01:11 - 2015-02-19 18:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-10 01:11 - 2015-02-19 18:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-10 01:11 - 2015-02-19 18:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-10 01:11 - 2015-02-19 18:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-10 01:11 - 2015-02-19 18:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-10 01:11 - 2015-02-19 18:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-10 01:11 - 2015-02-19 18:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-10 01:11 - 2015-02-19 18:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-10 01:11 - 2015-02-19 18:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-10 01:11 - 2015-02-19 18:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-10 01:11 - 2015-02-19 17:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-10 01:11 - 2015-02-19 17:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-10 01:10 - 2015-02-20 18:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-10 01:10 - 2015-02-20 16:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-10 01:10 - 2015-02-19 19:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-10 01:10 - 2015-02-19 19:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-10 01:10 - 2015-02-19 19:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-10 01:10 - 2015-02-19 19:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-10 01:10 - 2015-02-19 19:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-10 01:10 - 2015-02-19 19:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-10 01:10 - 2015-02-19 19:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-10 01:10 - 2015-02-19 19:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-10 01:10 - 2015-02-19 19:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-10 01:10 - 2015-02-19 19:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-10 01:10 - 2015-02-19 18:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-10 01:10 - 2015-02-19 18:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-10 01:10 - 2015-02-19 18:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-10 01:10 - 2015-02-19 18:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-10 01:10 - 2015-02-19 18:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-10 01:10 - 2015-02-12 22:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-04-10 01:10 - 2015-02-12 22:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-04-10 01:09 - 2015-04-10 01:09 - 00000000 ____D () C:\Program Files\AVAST Software
2015-04-10 01:09 - 2015-01-16 19:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-10 01:09 - 2015-01-16 19:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-04-10 01:09 - 2014-08-28 19:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-04-10 01:09 - 2014-07-16 19:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-04-10 01:09 - 2014-07-16 19:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-04-10 01:09 - 2014-07-16 19:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2015-04-10 01:09 - 2014-07-16 19:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2015-04-10 01:09 - 2014-07-16 18:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2015-04-10 01:09 - 2014-07-16 18:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-04-10 01:09 - 2014-07-16 18:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-04-10 01:08 - 2015-03-05 22:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-10 01:08 - 2015-03-05 22:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-10 01:08 - 2015-03-05 22:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-10 01:08 - 2015-03-05 22:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-10 01:08 - 2015-03-05 22:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-10 01:08 - 2015-03-05 22:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-10 01:08 - 2015-03-05 22:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-10 01:08 - 2015-03-05 22:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-10 01:08 - 2015-03-05 22:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-10 01:08 - 2015-03-05 22:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-10 01:08 - 2015-03-05 22:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-10 01:08 - 2015-03-05 22:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-10 01:08 - 2015-03-05 22:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-10 01:08 - 2015-03-05 22:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-10 01:08 - 2015-03-05 22:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-10 01:08 - 2015-03-05 22:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-10 01:08 - 2015-03-05 22:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-10 01:08 - 2015-03-05 22:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-10 01:08 - 2015-03-05 22:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-10 01:08 - 2015-03-05 22:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-10 01:08 - 2015-03-05 22:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-10 01:08 - 2015-03-05 22:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-10 01:08 - 2015-03-05 22:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-10 01:08 - 2015-03-05 22:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-10 01:08 - 2015-03-05 22:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-10 01:08 - 2015-03-05 22:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-10 01:08 - 2015-03-05 22:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-10 01:08 - 2015-03-05 22:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-10 01:08 - 2015-03-05 22:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-10 01:08 - 2015-03-05 22:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-10 01:08 - 2015-03-05 22:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-10 01:08 - 2015-02-25 20:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-04-10 01:08 - 2015-02-02 20:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-04-10 01:08 - 2015-02-02 20:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-04-10 01:08 - 2015-01-30 16:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-04-10 01:08 - 2015-01-13 23:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-10 01:08 - 2015-01-13 23:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-10 01:08 - 2015-01-13 23:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-10 01:08 - 2015-01-13 23:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-10 01:08 - 2015-01-13 22:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-10 01:08 - 2015-01-13 22:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-10 01:08 - 2015-01-13 22:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-10 01:08 - 2014-12-11 10:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-04-10 01:08 - 2014-12-07 20:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-04-10 01:08 - 2014-12-07 19:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-04-10 01:08 - 2014-11-10 20:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-04-10 01:08 - 2014-11-10 19:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-04-10 01:08 - 2014-10-24 18:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-04-10 01:08 - 2014-10-24 18:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-04-10 01:08 - 2014-10-17 19:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-04-10 01:08 - 2014-10-17 18:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-04-10 01:08 - 2014-10-02 19:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-04-10 01:08 - 2014-10-02 19:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-04-10 01:08 - 2014-10-02 19:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-04-10 01:08 - 2014-10-02 19:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-04-10 01:08 - 2014-10-02 19:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-04-10 01:08 - 2014-10-02 18:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-04-10 01:08 - 2014-10-02 18:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-04-10 01:08 - 2014-10-02 18:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-04-10 01:08 - 2014-09-03 22:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-04-10 01:08 - 2014-09-03 22:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2015-04-10 01:08 - 2014-08-29 19:10 - 06583296 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-04-10 01:08 - 2014-08-29 18:50 - 05702656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-04-10 01:08 - 2014-08-20 23:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-10 01:08 - 2014-08-20 23:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-10 01:08 - 2014-08-20 23:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-10 01:08 - 2014-08-20 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-10 01:08 - 2014-08-11 19:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-04-10 01:08 - 2014-08-11 18:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-04-10 01:04 - 2015-02-03 20:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-04-10 01:04 - 2015-02-03 19:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-04-10 00:58 - 2015-04-10 00:58 - 00003194 _____ () C:\Windows\System32\Tasks\{A3DC74B6-8B51-4C8B-9EF6-E7A6F2FCC483}
2015-04-10 00:50 - 2015-04-10 00:52 - 00000000 _____ () C:\Users\Maho\AppData\Local\Temp.dat
2015-04-09 22:37 - 2015-04-09 22:37 - 00000000 ____D () C:\ProgramData\{689688da-0f5e-81d2-6896-688da0f52368}
2015-04-09 19:24 - 2015-04-09 19:24 - 00000000 ____D () C:\Users\Maho\AppData\Local\{FDB4E24F-1A93-4BC2-82D7-412239F95C95}
2015-04-09 19:20 - 2015-04-09 19:20 - 00000579 _____ () C:\Users\Maho\Desktop\thing.txt
2015-04-09 19:19 - 2015-04-10 01:21 - 00000000 ____D () C:\Program Files (x86)\IndepthMonitor
2015-04-09 19:19 - 2015-04-10 01:21 - 00000000 ____D () C:\Program Files (x86)\BrOwserENhhance
2015-04-03 23:44 - 2015-04-03 23:44 - 02637481 _____ () C:\Users\Maho\Documents\Cause Wut Again Easter Egg.xcf
2015-04-03 23:44 - 2015-04-03 23:44 - 00006032 _____ () C:\Users\Maho\AppData\Local\recently-used.xbel
2015-04-03 23:16 - 2015-04-11 01:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-02 23:43 - 2015-04-02 23:43 - 00000893 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2015-04-02 23:43 - 2015-04-02 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-04-02 23:43 - 2015-04-02 23:43 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2015-03-31 13:26 - 2015-03-31 13:26 - 00006657 _____ () C:\Users\Maho\Dragon story.txt
2015-03-28 22:25 - 2015-03-30 19:34 - 00000000 ____D () C:\Users\Maho\AppData\Local\Warframe
2015-03-28 22:25 - 2015-03-28 22:25 - 00002307 _____ () C:\Users\Maho\Desktop\Warframe.lnk
2015-03-28 22:25 - 2015-03-28 22:25 - 00000000 ____D () C:\Users\Maho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warframe
2015-03-28 13:32 - 2015-03-31 15:42 - 00000154 _____ () C:\Users\Maho\Unmentioned.txt
2015-03-26 02:44 - 2015-03-26 02:44 - 00000000 ____D () C:\Users\Maho\AppData\Local\{07EE141C-EC36-4659-8D2D-AEA1D09B44CB}
2015-03-25 17:31 - 2015-03-25 17:31 - 00000236 _____ () C:\Users\Maho\Fallas Department codes.txt
2015-03-24 06:39 - 2015-03-25 13:07 - 00000000 ____D () C:\Users\Maho\AppData\Roaming\Omerta
2015-03-24 05:05 - 2015-03-24 05:05 - 00000000 ____D () C:\Users\Maho\AppData\Roaming\Kalypso Media
2015-03-21 03:55 - 2015-03-21 16:27 - 00000000 ____D () C:\ProgramData\PopCap Games
2015-03-21 03:55 - 2015-03-21 04:38 - 00000029 _____ () C:\Windows\popcinfo.dat
2015-03-21 03:41 - 2015-03-21 03:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcap Game Collection
2015-03-21 03:41 - 2015-03-21 03:42 - 00000000 ____D () C:\Program Files (x86)\Popcap Game Collection
2015-03-21 02:36 - 2015-03-21 02:36 - 00000000 ____D () C:\Users\Maho\AppData\Roaming\JAM Software
2015-03-21 02:36 - 2015-03-21 02:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
2015-03-21 02:36 - 2015-03-21 02:36 - 00000000 ____D () C:\Program Files (x86)\JAM Software
2015-03-19 03:04 - 2015-03-19 03:04 - 00000000 ____D () C:\Users\Maho\AppData\Roaming\.atlauncher
2015-03-15 07:24 - 2015-03-15 07:25 - 00000000 ____D () C:\Users\Maho\AppData\Local\{CE129C41-04AE-43C0-A4D9-656ECE4F7E9F}
2015-03-14 20:49 - 2015-03-18 11:37 - 00001528 _____ () C:\Users\Maho\Poke server list.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-12 11:58 - 2012-10-13 13:03 - 00000000 ____D () C:\Users\Maho\AppData\Local\LogMeIn Hamachi
2015-04-12 11:47 - 2009-07-13 21:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-12 11:47 - 2009-07-13 21:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-12 11:44 - 2012-05-30 00:38 - 01959901 _____ () C:\Windows\WindowsUpdate.log
2015-04-12 11:42 - 2014-11-24 16:37 - 00000000 ____D () C:\Users\Maho\AppData\Local\NexonLauncher
2015-04-12 11:41 - 2012-10-12 04:36 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-12 11:38 - 2015-01-18 12:59 - 00005315 _____ () C:\Windows\setupact.log
2015-04-12 11:38 - 2012-12-03 21:36 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-12 11:38 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-12 11:37 - 2015-01-18 12:59 - 00165338 _____ () C:\Windows\PFRO.log
2015-04-12 11:37 - 2013-02-20 12:00 - 00000000 ____D () C:\Users\Maho\AppData\Roaming\Skype
2015-04-12 11:37 - 2009-07-13 20:20 - 00000000 __RSD () C:\Windows\Media
2015-04-12 11:36 - 2014-11-26 03:14 - 00000000 ____D () C:\Users\Maho\AppData\Local\Google
2015-04-12 11:35 - 2014-11-26 03:14 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-12 11:22 - 2012-04-05 02:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-12 11:01 - 2012-11-09 09:30 - 00000000 ____D () C:\Users\Maho\AppData\Roaming\uTorrent
2015-04-12 10:37 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-04-11 14:06 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2015-04-11 12:16 - 2014-02-01 01:45 - 00000000 ____D () C:\Users\Maho\AppData\Local\Apps\2.0
2015-04-11 10:31 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Default
2015-04-11 10:16 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-11 10:13 - 2015-02-10 04:39 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-04-11 09:54 - 2015-01-15 00:37 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-11 01:20 - 2012-10-13 02:21 - 00000000 ____D () C:\Users\Maho\Tracing
2015-04-11 01:10 - 2014-09-06 11:14 - 00000227 _____ () C:\Users\Maho\BullseyeCoverageError.txt
2015-04-11 01:10 - 2014-09-06 11:14 - 00000000 ____D () C:\Users\Maho\AppData\Local\Unity
2015-04-11 01:07 - 2013-09-21 07:57 - 00000000 ____D () C:\bowep
2015-04-10 21:38 - 2014-01-03 17:56 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-04-10 21:11 - 2009-07-13 21:45 - 00299032 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-10 13:49 - 2014-09-16 01:39 - 00000000 ____D () C:\Users\Maho\Desktop\NEW TES CENTER
2015-04-10 01:52 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-10 01:49 - 2012-11-04 17:14 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-10 01:47 - 2013-09-17 08:31 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-10 01:21 - 2015-02-26 13:16 - 00000000 ____D () C:\Program Files (x86)\IncrementEdit
2015-04-10 01:08 - 2013-03-04 01:04 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-04-10 00:49 - 2015-02-08 20:31 - 00000000 ____D () C:\ProgramData\Apple
2015-04-10 00:45 - 2013-09-19 12:07 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-10 00:44 - 2015-02-10 07:10 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-04-10 00:44 - 2015-02-10 07:08 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-04-10 00:44 - 2014-08-25 22:28 - 00000000 ____D () C:\Program Files\Java
2015-04-10 00:44 - 2014-01-03 18:57 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-09 21:16 - 2012-04-05 02:41 - 00000000 ____D () C:\ProgramData\Skype
2015-04-09 19:23 - 2014-01-03 17:56 - 00000000 ____D () C:\ProgramData\ProductData
2015-04-09 19:18 - 2015-02-07 03:23 - 00000000 ____D () C:\ProgramData\{9b1946d1-f9bd-1746-9b19-946d1f9b1b47}
2015-04-09 18:19 - 2014-10-01 23:09 - 00000000 ____D () C:\Users\Maho\Downloads\Not Porn
2015-04-06 15:20 - 2014-10-01 23:08 - 00000000 ____D () C:\Users\Maho\.gimp-2.8
2015-04-06 01:16 - 2012-10-08 16:09 - 00000000 ____D () C:\Users\Maho
2015-04-03 23:44 - 2014-10-01 23:17 - 00000000 ____D () C:\Users\Maho\AppData\Local\gtk-2.0
2015-03-30 15:25 - 2012-11-16 03:21 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2015-03-28 22:25 - 2015-02-08 04:08 - 00410295 _____ () C:\Windows\DirectX.log
2015-03-25 12:00 - 2012-10-12 04:43 - 00000000 ___RD () C:\Users\Maho\Desktop\Icona
2015-03-22 17:36 - 2012-10-12 17:16 - 00000000 ____D () C:\Users\Maho\Documents\My Games
2015-03-22 06:32 - 2012-10-09 22:02 - 00000000 ____D () C:\Users\Maho\AppData\Local\Adobe
2015-03-22 06:32 - 2012-04-05 02:57 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-22 06:32 - 2012-04-05 02:57 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-22 06:32 - 2012-04-05 02:57 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-21 03:47 - 2012-10-12 04:46 - 00000000 ____D () C:\Users\Maho\Desktop\Games
2015-03-21 03:41 - 2014-02-07 16:18 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-21 03:38 - 2012-11-16 10:00 - 00000000 ____D () C:\Users\Maho\Downloads\Torrential
2015-03-21 02:18 - 2013-10-01 06:00 - 00000000 ____D () C:\Users\Maho\Downloads\~Kluster
2015-03-21 01:31 - 2013-07-28 14:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-03-21 01:31 - 2012-11-26 08:00 - 00000000 ____D () C:\Users\Maho\AppData\Roaming\RenPy
2015-03-21 01:31 - 2009-07-13 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-21 01:14 - 2014-04-21 01:48 - 00000000 ____D () C:\Program Files (x86)\GamersFirst
2015-03-20 09:00 - 2014-09-18 07:11 - 00000000 ____D () C:\Users\Maho\AppData\Local\Glyph
2015-03-20 09:00 - 2014-09-18 07:11 - 00000000 ____D () C:\ProgramData\Glyph
2015-03-20 09:00 - 2014-09-18 07:11 - 00000000 ____D () C:\Program Files (x86)\Glyph
2015-03-20 08:59 - 2014-09-19 13:52 - 00000000 ____D () C:\Users\Maho\Documents\ArcheAge
2015-03-16 20:44 - 2014-08-25 22:44 - 00000091 _____ () C:\Users\Maho\.atl.properties
2015-03-16 03:34 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2015-04-10 21:22 - 2015-04-10 21:22 - 0000020 _____ () C:\Users\Maho\AppData\Roaming\appdataFr3.bin
2013-11-03 08:11 - 2014-04-19 23:25 - 0005120 _____ () C:\Users\Maho\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-02 10:53 - 2015-01-02 10:53 - 0000000 ___SH () C:\Users\Maho\AppData\Local\LumaEmu
2015-04-03 23:44 - 2015-04-03 23:44 - 0006032 _____ () C:\Users\Maho\AppData\Local\recently-used.xbel
2015-01-18 12:16 - 2015-01-18 12:16 - 0000017 _____ () C:\Users\Maho\AppData\Local\resmon.resmoncfg
2013-06-08 19:28 - 2013-06-08 19:34 - 0001660 _____ () C:\Users\Maho\AppData\Local\RT2870_{273491A8-720E-488A-BA67-8634330FD3D1}_prof
2013-06-08 19:28 - 2013-06-08 19:34 - 0000834 _____ () C:\Users\Maho\AppData\Local\RT2870_{273491A8-720E-488A-BA67-8634330FD3D1}_sta
2013-06-08 19:33 - 2013-09-19 17:33 - 0001001 _____ () C:\Users\Maho\AppData\Local\RT2870_{273491A8-720E-488A-BA67-8634330FD3D1}_wsc
2014-10-15 05:31 - 2014-10-15 05:31 - 0001001 _____ () C:\Users\Maho\AppData\Local\RT2870_{65DDC21C-8F56-4098-BCA3-ECD6742EF3FF}_wsc
2015-04-10 00:50 - 2015-04-10 00:52 - 0011742 _____ () C:\Users\Maho\AppData\Local\Temp-log.txt
2015-04-10 00:50 - 2015-04-10 00:52 - 0000000 _____ () C:\Users\Maho\AppData\Local\Temp.dat
2012-12-10 22:17 - 2012-12-10 22:17 - 0000000 _____ () C:\ProgramData\IpAndPort.fig
2012-12-10 22:17 - 2012-12-10 22:17 - 0000193 _____ () C:\ProgramData\RmUserCfg.ini

Some content of TEMP:
====================
C:\Users\Maho\AppData\Local\Temp\Quarantine.exe
C:\Users\Maho\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-04 00:31

==================== End Of Log ============================

 

 

Addition log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-04-2015
Ran by Maho at 2015-04-12 12:01:06
Running from C:\Users\Maho\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
A Game of Dwarves (HKLM-x32\...\A Game of Dwarves_is1) (Version:  - )
AC3Filter 2.5b (HKLM-x32\...\AC3Filter_is1) (Version: 2.5b - Alexander Vigovsky)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Agarest Generations of War Zero (HKLM-x32\...\QWdhcmVzdEdlbmVyYXRpb25zb2ZXYXJaZXJv_is1) (Version: 1 - )
Alan Wake (HKLM-x32\...\Steam App 108710) (Version:  - Remedy Entertainment)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Analogue: A Hate Story (HKLM-x32\...\Steam App 209370) (Version:  - )
Android USB Driver (HKLM-x32\...\Android USB Driver_is1) (Version:  - )
Audiosurf (HKLM-x32\...\Steam App 12900) (Version:  - BestGameEver)
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 3.5 - Auslogics Software Pty Ltd)
Avast Premier (HKLM-x32\...\Avast) (Version: 10.2.2215 - AVAST Software)
Bastion (HKLM-x32\...\Steam App 107100) (Version:  - Supergiant Games)
Batman: Arkham Asylum GOTY Edition (HKLM-x32\...\Steam App 35140) (Version:  - Rocksteady Studios Ltd.)
Batman: Arkham City GOTY (HKLM-x32\...\Steam App 200260) (Version:  - Rocksteady Studios)
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version:  - The Behemoth)
Beat Hazard (HKLM-x32\...\Steam App 49600) (Version:  - Cold Beam Games)
Belkin Wireless USB Utility (x32 Version: 6.3.2.16 - Belkin) Hidden
BioShock (HKLM-x32\...\Steam App 7670) (Version:  - 2K Boston)
BioShock 2 (HKLM-x32\...\Steam App 8850) (Version:  - 2K Marin)
BioShock 2 (x32 Version: 1.0.0005.131 - Take-Two Interactive Software) Hidden
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
Black and White (HKLM-x32\...\{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}) (Version:  - )
BloodRayne 2 (HKLM-x32\...\BloodRayne 2_is1) (Version:  - GOG.com)
Borderlands (HKLM-x32\...\Steam App 8980) (Version:  - Gearbox Software)
Borderlands 2 (HKLM-x32\...\Borderlands 2_is1) (Version:  - )
Borderlands.2.v1.3.1-v1.3.2.Updates-=AviaRa=- 1.00 (HKLM-x32\...\Borderlands.2.v1.3.1-v1.3.2.Updates-=AviaRa=- 1.00) (Version:  - )
BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
Cave Story+ (HKLM-x32\...\Steam App 200900) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Cloudbuilt (HKLM-x32\...\Cloudbuilt_is1) (Version:  - )
Cogs (HKLM-x32\...\Steam App 26500) (Version:  - Lazy 8 Studios)
Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ The Ultimate Collection Additional Content (HKLM-x32\...\{1A882F29-BC18-4AC2-A71E-0FC30FA32568}) (Version: 1.0.0.0 - Electronic Arts)
Confrontation (HKLM-x32\...\Steam App 204560) (Version:  - Cyanide Studio)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
Crossfire 1.9 (HKU\S-1-5-21-2528547947-2264141269-27911573-1000\...\Crossfire 1.9) (Version: 1.90.00.00 - SWAT-Portal)
Crossfire1.9 (remove only) (HKLM-x32\...\Crossfire) (Version:  - )
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1720_38230 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.3313.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dead Space (HKLM-x32\...\Steam App 17470) (Version:  - EA Redwood Shores)
DEFCON (HKLM-x32\...\Steam App 1520) (Version:  - Introversion Software)
Deus Ex: Human Revolution - The Missing Link (HKLM-x32\...\Steam App 201280) (Version:  - Eidos Montreal)
Deus Ex: Human Revolution (HKLM-x32\...\Steam App 28050) (Version:  - Eidos Montreal)
Dishonored © Bethesda Softworks version 1 (HKLM-x32\...\Dishonored © Bethesda Softworks_is1) (Version: 1 - )
Dishonored (HKLM-x32\...\Dishonored_is1) (Version:  - )
DMC Devi May Cry © Capcom version 1 (HKLM-x32\...\DMC Devi May Cry © Capcom_is1) (Version: 1 - )
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - )
Dragon Age: Origins - Ultimate Edition (HKLM-x32\...\Steam App 47810) (Version:  - BioWare)
Elemental: Fallen Enchantress (HKLM-x32\...\Elemental: Fallen Enchantress) (Version: 1.00.072 - Stardock Entertainment, Inc.)
Elemental: Fallen Enchantress (x32 Version: 1.00.072 - Stardock Entertainment, Inc.) Hidden
Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{32136776-FE3F-453D-80DA-CDD993BDB2A3}) (Version: 11.1.20810.00 - Microsoft Corporation)
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.1.1 - SEIKO EPSON CORPORATION)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
Epson E-Web Print (HKLM-x32\...\{FB897D16-F0A7-4674-96F1-1C26963BA244}) (Version: 1.15.0000 - SEIKO EPSON CORPORATION)
EPSON NX430 Series Printer Uninstall (HKLM\...\EPSON NX430 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-400 Series Printer Uninstall (HKLM\...\EPSON XP-400 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
Everlasting Summer (HKLM-x32\...\Steam App 331470) (Version:  - Soviet Games)
Evernote v. 4.5.2 (HKLM-x32\...\{F77EF646-19EB-11E1-9A9E-984BE15F174E}) (Version: 4.5.2.5866 - Evernote Corp.)
Explorer Suite III (HKLM\...\Explorer Suite_is1) (Version:  - )
Fable - The Lost Chapters (HKLM-x32\...\InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}) (Version: 1.00.0000 - Microsoft Game Studios)
Fable - The Lost Chapters (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version:  - Q, Timeslip)
Fallout New Vegas (HKLM-x32\...\Fallout New Vegas_is1) (Version:  - )
Far Cry 2 (HKLM-x32\...\Steam App 19900) (Version:  - Ubisoft Montreal)
Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.04 - Ubisoft)
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
Far Cry® 3 Blood Dragon (HKLM-x32\...\Steam App 233270) (Version:  - Ubisoft Montreal)
Fooz Kids (HKLM-x32\...\FoozKids) (Version: 3.1.2 - FUHU, Inc.)
Fooz Kids (x32 Version: 3.1.2 - FUHU, Inc.) Hidden
Fooz Kids Platform (HKLM-x32\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.)
FORCED (HKLM-x32\...\Steam App 249990) (Version:  - BetaDwarf)
Freelancer (HKLM-x32\...\Freelancer 1.0) (Version:  - )
Freespace 2 (HKLM-x32\...\Freespace 2_is1) (Version:  - GOG.com)
Frozen Synapse (HKLM-x32\...\Steam App 98200) (Version:  - )
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - )
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Game Dev Tycoon v1.3.9 (HKLM-x32\...\Game Dev Tycoon v1.3.91.3.9) (Version: 1.3.9 - Friends in War)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3507 - Gateway Incorporated)
Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.04.3506 - Gateway Incorporated)
Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.1.0225.2011 - Gateway Incorporated)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
GOM Audio (HKLM-x32\...\GomAudio) (Version: 2.0.7.0873 - Gretech Corporation)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.64.5211 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Gothic (HKLM-x32\...\Steam App 65540) (Version:  - )
Gothic II: Gold Edition (HKLM-x32\...\Steam App 39510) (Version:  - Piranha Bytes)
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar)
Hammerwatch (HKLM-x32\...\Steam App 239070) (Version:  - Crackshell)
Hate Plus (HKLM-x32\...\Steam App 239700) (Version:  - Love Conquers All Games)
Hatoful Boyfriend (HKLM-x32\...\Steam App 310080) (Version:  - Mediatonic)
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3510 - Gateway Incorporated)
HuniePop (HKLM-x32\...\Steam App 339800) (Version:  - HuniePot)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Gateway Incorporated)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel® Network Connections 18.6.110.0 (HKLM\...\PROSetDX) (Version: 18.6.110.0 - Intel)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2598 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.0.199 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.1.5.24 - IObit)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Java 7 Update 75 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417075FF}) (Version: 7.0.750 - Oracle)
Java 7 Update 75 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217075FF}) (Version: 7.0.750 - Oracle)
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Just Cause (HKLM-x32\...\Steam App 6880) (Version:  - Eidos)
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche Studios)
Kenshi (HKLM-x32\...\Steam App 233860) (Version:  - Lo-Fi Games)
Kenshi 0.22.0 (HKLM-x32\...\Kenshi 0.22.0) (Version:  - )
Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version:  - Squad)
Kingdoms of Amalur Reckoning (HKLM-x32\...\Kingdoms of Amalur Reckoning_is1) (Version:  - )
L.A. Noire (HKLM-x32\...\{915726DF-7891-444A-AA03-0DF1D64F561A}) (Version: 1.00.0000 - Rockstar Games)
Left 4 Dead (HKLM-x32\...\Steam App 500) (Version:  - Valve)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Legend of Grimrock (HKLM-x32\...\Steam App 207170) (Version:  - Almost Human Games)
Life Is Strange™ (HKLM-x32\...\Steam App 319630) (Version:  - DONTNOD Entertainment)
Little Inferno 1.00 (HKLM-x32\...\Little Inferno 1.00) (Version: 1.00 - Cat-A-Cat)
Logitech Gaming Software 8.50 (HKLM\...\Logitech Gaming Software) (Version: 8.50.281 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.328 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.328 - LogMeIn, Inc.) Hidden
LOOT (HKLM-x32\...\LOOT) (Version: 0.6.0 - LOOT Development Team)
Mafia II (HKLM-x32\...\Steam App 50130) (Version:  - 2K Czech)
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Medieval Total War (HKLM-x32\...\Medieval Total War) (Version:  - )
Melody's Escape (HKLM-x32\...\Steam App 270210) (Version:  - Icetesy SPRL)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20828.01) (HKLM-x32\...\{4F2B8233-35EE-4197-8C3B-EACCBF712029}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01) (HKLM-x32\...\{FAE0523E-08A4-4717-8E8E-6EC6F32CBE88}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio Express 2012 for Windows Desktop - ENU (HKLM-x32\...\{e0efdce9-a486-4676-8aa5-65bb08cbf34c}) (Version: 11.0.50727.42 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.29 - mIRC Co. Ltd.)
Mount & Blade (HKLM-x32\...\Steam App 22100) (Version:  - Tale Worlds)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version:  - Tale Worlds)
Mount & Blade: With Fire and Sword (HKLM-x32\...\Steam App 48720) (Version:  - TaleWorlds)
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
Mp3tag v2.58 (HKLM-x32\...\Mp3tag) (Version: v2.58 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Need for Speed Most Wanted (black edition) (HKLM-x32\...\Need for Speed Most Wanted (black edition)) (Version: 1.3 - Electronic Arts)
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.8.11100.9.100 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.4.10500.1.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10700.5.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.6.10300 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{68AFA3A7-9265-4ABD-994A-ACA413E3715C}) (Version: 10.6.10400 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.6.10500.3.100 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10600.4.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.10900.31.0 - Nero AG)
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 2.2.0.3 - NETGEAR)
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 1.1.1 - Nexon)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.53.2 - Black Tree Gaming)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX (Legacy) (HKLM-x32\...\{6F9D5A0B-202C-4161-BC7F-0664EA39E7E7}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.2.0416 - Bethesda Softworks)
Oblivion mod manager 1.1.12 (HKLM-x32\...\Oblivion mod manager_is1) (Version:  - Timeslip)
Omerta - City of Gangsters (HKLM-x32\...\Steam App 208520) (Version:  - Haemimont Games)
Omnitool version 14 (HKLM-x32\...\{C639B1D2-D1FB-454C-BB28-C5348B2EB95C}_is1) (Version: 14 - Fabian Dill)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.3.2637 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{fe1a82f7-4c22-45f9-bc84-68d91e884c8f}) (Version: latest - ppy Pty Ltd)
Plantronics® GameCom 780 Software for Dolby® Headphone (HKLM-x32\...\{EB3C9064-9140-4279-9E51-965119402151}) (Version: 3.00.0001 - Plantronics)
PlayBack 1.0.1.15 (HKLM-x32\...\PlayBack) (Version: 1.0.1.15 - )
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Popcap Game Collection (HKLM-x32\...\{69EA986B-B172-4FAA-B54D-853BD3A2B264}) (Version: 1.00.0000 - Popcap)
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Prerequisites for SSDT  (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.6-1.0.12972.94 - raidcall.com)
Ralink RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.31.0 - Ralink)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Recettear: An Item Shop's Tale (HKLM-x32\...\Steam App 70400) (Version:  - EasyGameStation)
Red Faction (HKLM-x32\...\Steam App 20530) (Version:  - )
Remember Me (HKLM-x32\...\Remember Me_is1) (Version: 1.0.1 - Capcom)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Risen (HKLM-x32\...\{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}) (Version: 1.00.0000 - Deep Silver)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
Roommates (HKLM-x32\...\Steam App 317300) (Version:  - Winter Wolves)
Runespell: Overture (HKLM-x32\...\Steam App 102200) (Version:  - Mystic Box)
Saints Row 2 (HKLM-x32\...\Steam App 9480) (Version:  - Volition)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version:  - Deep Silver Volition)
Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version:  - Volition)
Scribblenauts Unlimited (HKLM-x32\...\Scribblenauts Unlimited_is1) (Version:  - )
Shadowrun Returns (HKLM-x32\...\Steam App 234650) (Version:  - Harebrained Schemes)
Shadowrun: Dragonfall - Director's Cut (HKLM-x32\...\Steam App 300550) (Version:  - Harebrained Schemes)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Sins of a Solar Empire: Rebellion (HKLM-x32\...\Steam App 204880) (Version:  - )
Sins of a Solar Empire: Trinity (HKLM-x32\...\Steam App 201290) (Version:  - )
Skullgirls (HKLM-x32\...\Skullgirls_is1) (Version:  - )
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Sleeping Dogs: Definitive Edition (HKLM-x32\...\Steam App 307690) (Version:  - United Front Games)
Smooth Operators - Indie Gala Edition (HKU\S-1-5-21-2528547947-2264141269-27911573-1000\...\6b0b0d2561055daf) (Version: 1.0.0.14 - Heydeck Games)
Software Updater (HKLM-x32\...\{6DFBE8A2-CDBF-453E-B34C-32F202FCEE4C}) (Version: 4.2.1 - SEIKO EPSON CORPORATION)
Sonic Generations (HKLM-x32\...\Sonic Generations_is1) (Version: 1.0 - SEGA)
SPORE (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.05.0001 - Electronic Arts)
SPORE・Creepy & Cute Parts Pack (HKLM-x32\...\{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}) (Version: 1.00.0000 - Electronic Arts)
SPORE™ Galactic Adventures (HKLM-x32\...\{63CEA2E4-4FE7-4F2C-B388-C1313D24157C}) (Version: 1.01.0001 - Electronic Arts)
Stacking (HKLM-x32\...\Steam App 115110) (Version:  - Double Fine Productions)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Steins;Gate version 1.0 (HKLM\...\{2A05A52B-BDD8-4FD5-A65A-687CB10D98DF}_is1) (Version: 1.0 - JAST USA)
Sunrider: Mask of Arcadius (HKLM-x32\...\Steam App 313730) (Version:  - Love in Space)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
tConfig version 0.27.2 (HKLM-x32\...\{224E185A-DCC7-45C5-B04D-77E6CE82D83E}_is1) (Version: 0.27.2 - Surfpup)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.38846 - TeamViewer)
TEdit 3 (HKLM-x32\...\{629321C7-65DC-4F59-BB36-32740D228A94}) (Version: 1.0.0.0 - BinaryConstruct)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - )
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - )
The Elder Scrolls V Skyrim Dragonborn © Bethesda Softworks version 1 (HKLM-x32\...\The Elder Scrolls V Skyrim Dragonborn © Bethes~300CD4A2_is1) (Version: 1 - )
The Legend of Heroes: Trails in the Sky (HKLM-x32\...\Steam App 251150) (Version:  - Nihon Falcom)
The Saboteur™ (HKLM-x32\...\{5C9A7E65-5B71-4C7F-876A-8C6AF9E9E23D}) (Version: 1.0.0.0 - Electronic Arts)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD Projekt RED)
The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version:  - CD Projekt RED)
To the Moon (HKLM-x32\...\Steam App 206440) (Version:  - )
Torchlight (HKLM-x32\...\Steam App 41500) (Version:  - Runic Games, Inc.)
Towns (HKLM-x32\...\Steam App 221020) (Version:  - )
TreeSize Free V3.3 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.3 - JAM Software)
True Remembrance 1.04E (HKLM-x32\...\True Remembrance) (Version: 1.04E - insani)
Two Worlds (HKLM-x32\...\Two Worlds_is1) (Version:  - GOG.com)
Unofficial Oblivion Patch v3.2.0 (HKLM-x32\...\Unofficial Oblivion Patch_is1) (Version: 3.2.0 - Quarn and Kivan)
Unofficial Official Mods Patch v16 (HKLM-x32\...\Unofficial Official Mods Patch_is1) (Version: v11 - Quarn and Kivan)
Unofficial Shivering Isles Patch v1.5.0 (HKLM-x32\...\Unofficial Shivering Isles Patch_is1) (Version: 1.5.0 - Quarn and Kivan)
Unreal Gold (HKLM-x32\...\Steam App 13250) (Version:  - Epic Games)
Unreal II: The Awakening (HKLM-x32\...\Steam App 13200) (Version:  - Epic Games)
Unreal Tournament 2004 (HKLM-x32\...\Steam App 13230) (Version:  - Epic Games)
Unreal Tournament 3: Black Edition (HKLM-x32\...\Steam App 13210) (Version:  - Epic Games)
Unreal Tournament: Game of the Year Edition (HKLM-x32\...\Steam App 13240) (Version:  - Epic Games)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Vampire - The Masquerade Bloodlines (HKLM-x32\...\InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}) (Version: 1.00.0000 - Activision)
Vampire - The Masquerade Bloodlines (x32 Version: 1.00.0000 - Activision) Hidden
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
Warframe (HKLM-x32\...\{14C25CC2-D3E2-4298-B927-32B22760754B}) (Version: 1.0.0 - Digital Extremes)
Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.02.3507 - Gateway Incorporated)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Ys Origin (HKLM-x32\...\Steam App 207350) (Version:  - Falcom)
ZTE 3GPhone USB Driver 5.2066.1.6 (HKLM\...\{8472455A-0658-4A6A-98F8-EF3FF6163B59}_is1) (Version: 5.2066.1.6 - ZTE Corporation)
ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version:  - ZTE Corporation)
ZTE Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2066.1.9B04 - ZTE Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2528547947-2264141269-27911573-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Maho\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File

==================== Restore Points  =========================

09-04-2015 01:53:25 Scheduled Checkpoint
10-04-2015 00:47:13 Removed Apple Application Support (32-bit)
10-04-2015 00:48:03 Removed Apple Application Support (64-bit)
10-04-2015 00:48:37 Removed Apple Mobile Device Support
10-04-2015 00:49:02 Removed Apple Application Support (64-bit)
10-04-2015 00:49:34 Removed Apple Software Update
10-04-2015 00:50:11 Removed Bonjour
10-04-2015 01:09:25 avast! antivirus system restore point
10-04-2015 01:13:00 Windows Update
12-04-2015 10:13:44 Revo Uninstaller's restore point - IncrementEdit
12-04-2015 10:22:30 Revo Uninstaller's restore point - ManticoreInspector
12-04-2015 11:30:26 Revo Uninstaller's restore point - Google Chrome

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2015-04-11 10:16 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05336288-3F8D-4557-AB4D-0031AEE44B92} - System32\Tasks\UALU notificatin => C:\Program Files\Gateway\Gateway Updater\UALU.exe [2012-02-06] (Acer Incorporated)
Task: {0FDE2215-21EA-47BB-A5B6-4A058334C02A} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2011-05-20] (CyberLink)
Task: {13C75EBD-EE07-47CB-9B83-BE7F33E8C1D1} - System32\Tasks\{B7A495AE-2C81-4418-8BCF-4A953BDB7F2A} => C:\Program Files (x86)\Steam\steamapps\common\Bioshock\Builds\Release\Bioshock.exe [2012-12-09] ()
Task: {1C5799E3-3A5A-46DB-95D1-53DF8F5DB82A} - System32\Tasks\{1C8C265E-282C-4907-9DCB-49AE11BDFC9E} => pcalua.exe -a "C:\Users\Maho\Downloads\Portal Mod Installer.exe" -d C:\Users\Maho\Downloads
Task: {2D02FE8B-0AF9-4E55-A8E1-FA89AB333607} - System32\Tasks\NBAgent => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2012-01-16] (Nero AG)
Task: {3453CBDD-0D8B-4D98-BFC8-09D4C4B9926D} - System32\Tasks\{3317F7FE-3D72-49CB-967C-4A5CF26D644C} => C:\Program Files (x86)\Steam\steamapps\common\Bioshock\Builds\Release\Bioshock.exe [2012-12-09] ()
Task: {359F2125-C834-42FE-9D48-14C6E27CBCF1} - System32\Tasks\{48FA477C-EDB8-4406-8EBF-D8B68B6D6A53} => pcalua.exe -a D:\autorun.exe -d D:\
Task: {467646CE-65AF-42D7-8BE2-4B91F09BD42C} - System32\Tasks\{B51915FD-1F68-4FCC-A50F-AA6AAEDF9BBB} => pcalua.exe -a "C:\Users\Maho\Downloads\Classy Dyes and Furniture 1.1.1\Classy Dyes and Furniture 1.1.1 Installer.exe" -d "C:\Users\Maho\Downloads\Classy Dyes and Furniture 1.1.1"
Task: {544A0519-6E23-4C98-9770-D6E716089794} - System32\Tasks\{97A1B6B5-FB8F-4B2D-9890-B5090C88333E} => C:\Program Files (x86)\GOG.com\Two Worlds\TwoWorlds.exe [2008-04-22] (Reality Pump)
Task: {5D228DFA-2C28-45DF-9971-5B04B44575BA} - System32\Tasks\{0263D486-427D-49C4-BB34-E4E4E01475B5} => pcalua.exe -a "C:\Users\Maho\Downloads\YYY Final Cheat Menu\YYY Final Cheat Menu Installer.exe" -d "C:\Users\Maho\Downloads\YYY Final Cheat Menu"
Task: {62AD65AA-E6D2-414B-B76B-DD6E3EBC084C} - System32\Tasks\{EA261A64-349B-46D5-846D-38809B17C2E0} => C:\Users\Maho\Downloads\Torrential\The.Elder.Scrolls.V.Skyrim.Update.11-RELOADED\SkyrimLauncher.exe
Task: {65213CC0-0A73-4674-9F73-D489F0FB26BB} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Gateway\Gateway Recovery Management\NotificationCenter\Notification.exe [2012-01-18] (Acer)
Task: {6E64628A-655C-48D4-B15D-A29DDE924EAD} - System32\Tasks\{034FC883-7CE1-4EB2-8AEC-1E0B6BD35445} => pcalua.exe -a "C:\Users\Maho\Downloads\Quest Mod r5.exe" -d C:\Users\Maho\Downloads
Task: {7319FB71-C06A-4258-AEFF-04F1663886FA} - System32\Tasks\{7E7973E4-B3C1-423A-AC63-664862FF80DE} => C:\Users\Maho\Desktop\ROM Command\~Emulators\DS Emu\NO.2.6a\NO.6a\NO.EXE
Task: {74276ED8-BE4A-4B80-BC98-8C3D5F4B4012} - System32\Tasks\{69F42F8A-FB92-4B58-B6EB-07D684E9F0A6} => C:\Program Files (x86)\Dust An Elysian Tail\DustAET.exe
Task: {7D81C54E-01C0-433E-866A-1380ABB9B96D} - System32\Tasks\{E462E7AC-4601-4B6D-8191-EAFD46A38E68} => pcalua.exe -a "C:\Users\Maho\Downloads\Health Up! r1.exe" -d C:\Users\Maho\Downloads
Task: {89C574E1-B184-44E8-9882-30BFBD39FB0E} - System32\Tasks\{99672CE6-7E5D-423B-BF83-B0E963ADB854} => pcalua.exe -a "C:\Users\Maho\Downloads\Never-Ending Christmas r1.exe" -d C:\Users\Maho\Downloads
Task: {90BA1D74-0ACC-498E-8232-4F3ADB40B8A4} - System32\Tasks\ASC8_SkipUac_Maho => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe
Task: {9A90EE3B-E76B-4262-99B2-1F4481A592A5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-10] (Avast Software s.r.o.)
Task: {9ABD07A4-DF6A-4B39-9D8A-C2B2372C898E} - System32\Tasks\{A3DC74B6-8B51-4C8B-9EF6-E7A6F2FCC483} => pcalua.exe -a "C:\Program Files (x86)\DiscountExt\DiscountExt.exe" -c /s /n /i:"ExecuteCommands;UninstallCommands" ""
Task: {A94004CE-16F9-476A-91EC-5E21FFA1EAE9} - System32\Tasks\{D272AAB8-85A1-4576-9B28-D526FFBA7615} => C:\Program Files (x86)\GOG.com\Two Worlds\TwoWorlds.exe [2008-04-22] (Reality Pump)
Task: {B0F8427C-7CCE-480A-8D55-A5B938A9FB57} - System32\Tasks\{2D85FA28-3286-4E50-B5A0-0AD9F83924AB} => C:\Program Files (x86)\Dust An Elysian Tail\DustAET.exe
Task: {B25C15EB-DF5A-4F9A-ABDD-6B642B2B4690} - System32\Tasks\{20F2E765-D684-4B92-8B78-ACC7FCD848A8} => pcalua.exe -a "C:\Users\Maho\Downloads\Classy Extras 1.1\Classy Extras Installer 1.1.exe" -d "C:\Users\Maho\Downloads\Classy Extras 1.1"
Task: {B2855119-5ECF-4FC3-9804-340D53B03F5A} - System32\Tasks\{46210F45-7F19-4380-9EF6-720023722765} => pcalua.exe -a "C:\Users\Maho\Downloads\Accessory Slots+ r2.exe" -d C:\Users\Maho\Downloads
Task: {B7BE361E-2E69-4284-B671-8497575B01FB} - System32\Tasks\{0EDC5EF8-B2D7-4218-AFEA-CB105AD78EFF} => pcalua.exe -a H:\AUTOSTARTER.EXE -d H:\
Task: {BEDD1A8A-DC96-455E-BF61-831494DF4657} - System32\Tasks\{AF4351D5-C620-4E3E-8554-F469BE0EB3C2} => C:\Users\Maho\Desktop\ROM Command\~Emulators\DS Emu\NO.2.6a\NO.6a\NO.EXE
Task: {C097E2AC-DF0C-4945-8803-1AEF438570F4} - System32\Tasks\{A536172E-4B9C-49F1-9FC9-715FA957C648} => pcalua.exe -a "C:\Users\Maho\Downloads\Peaceful Mode\Peaceful Mode\Peaceful Mode Installer.exe" -d "C:\Users\Maho\Downloads\Peaceful Mode\Peaceful Mode"
Task: {C343CBC5-622B-4BAC-AE3F-BE4656F822DA} - System32\Tasks\Uninstaller_SkipUac_Maho => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-11-04] (IObit)
Task: {CD677DCD-BCA2-41DD-A437-154E5E9B26FC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {D4E1E692-7BDA-45C0-B574-3BEF5B0A9D85} - System32\Tasks\{71D03E5F-714F-473E-B3AC-5BC70294F890} => pcalua.exe -a "C:\Users\Maho\Downloads\YYY Holowires NEW\YYY Holowires NEW\YYY Holowires Installer.exe" -d "C:\Users\Maho\Downloads\YYY Holowires NEW\YYY Holowires NEW"
Task: {D6C30E0A-8721-4D72-8EB8-11D5D113A582} - System32\Tasks\Wake Up => C:\Users\Maho\Downloads\The New Music Center\Disturbed\Indestructible\01 Indestructible.wma [2010-09-15] ()
Task: {DD169AC8-2322-4BDE-94DD-97E89DF40C37} - System32\Tasks\{E6E577AA-742B-4A62-9B7D-702ADCE5ACEF} => C:\Users\Maho\Back Up File (10-8-2012)\Musical Complex\~Needs Sorted\pipedream\PIPE.EXE
Task: {E00871C0-6347-421F-A9C7-36E9A01071DF} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
Task: {E2DF65B4-7B0E-41C4-8678-81614194ACAB} - System32\Tasks\{C9FCB212-A529-4C01-B258-366F6F174E68} => C:\Users\Maho\Back Up File (10-8-2012)\Musical Complex\~Needs Sorted\pipedream\PIPE.EXE
Task: {E85C851F-F3D6-4A22-B508-67992873C9CB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-12] (Google Inc.)
Task: {E8E3321E-A516-4E28-9E54-97D18774BF87} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-12] (Google Inc.)
Task: {EBF5E93F-5DA1-4360-BEDC-32FE6A3F343F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-22] (Adobe Systems Incorporated)
Task: {EF7AF7FA-0094-4DB5-9050-A8B0D3F9D219} - System32\Tasks\{9B1EB829-7E74-4D37-B487-DE1947E2FEED} => C:\Program Files (x86)\Lionhead Studios Ltd\Black &amp; White\runblack.exe
Task: {FC985A17-377C-4AEC-8615-DA95AC1A162D} - System32\Tasks\{477AEF83-745F-4BE6-9A9B-91ADB80D5115} => C:\Users\Maho\Desktop\ROM Command\~Emulators\Snes Emu\zsnesw151\zsnesw.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-03-31 19:11 - 2014-12-13 01:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-02-02 20:54 - 2014-11-15 20:12 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-10-28 09:35 - 2011-05-12 13:23 - 00512000 _____ () C:\Program Files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe
2013-08-09 19:55 - 2013-03-22 09:56 - 00776480 ____N () C:\Program Files\Plantronics\GameCom780\GameCom780.exe
2013-06-08 19:27 - 2009-08-21 14:44 - 02281488 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe
2012-02-06 19:17 - 2012-02-06 19:17 - 00636520 _____ () C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
2014-10-23 15:31 - 2013-12-09 17:01 - 08385240 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
2015-04-10 01:14 - 2015-04-10 01:14 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-10 01:14 - 2015-04-10 01:14 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-04-12 01:00 - 2015-04-12 01:00 - 02925568 _____ () C:\Program Files\AVAST Software\Avast\defs\15041200\algo.dll
2015-04-12 11:41 - 2015-04-12 11:41 - 02925568 _____ () C:\Program Files\AVAST Software\Avast\defs\15041201\algo.dll
2013-08-09 19:55 - 2013-03-22 09:56 - 00149792 ____N () C:\Program Files\Plantronics\GameCom780\VmixPLGC.dll
2014-01-03 17:56 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2014-01-03 17:56 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2014-01-03 17:56 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2013-06-08 19:27 - 2007-12-06 09:24 - 01167360 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\acAuth.dll
2013-06-08 19:27 - 2009-04-06 14:27 - 00098304 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\dllPublicFunc.dll
2013-06-08 19:27 - 2009-01-05 19:12 - 00159744 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\dllCommonCtrl.dll
2013-06-08 19:27 - 2009-04-06 14:27 - 00032768 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\dllMultiLanguage.dll
2012-02-06 19:18 - 2012-02-06 19:18 - 00151656 _____ () C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyHook.dll
2014-10-23 15:31 - 2013-11-01 17:31 - 00278528 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvcLib.dll
2014-10-15 05:04 - 2013-09-23 16:48 - 01210672 _____ () C:\Program Files (x86)\Ralink\Common\RaWLAPI.dll
2015-04-10 01:14 - 2015-04-10 01:14 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-10-04 19:34 - 2014-10-04 19:34 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\4361e26af57c86003751ac77cce1c827\IsdiInterop.ni.dll
2012-05-30 00:46 - 2011-11-29 20:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-05-30 00:50 - 2012-02-07 18:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2528547947-2264141269-27911573-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Maho\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-2528547947-2264141269-27911573-500 - Administrator - Disabled)
Guest (S-1-5-21-2528547947-2264141269-27911573-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2528547947-2264141269-27911573-1002 - Limited - Enabled)
Maho (S-1-5-21-2528547947-2264141269-27911573-1000 - Administrator - Enabled) => C:\Users\Maho

==================== Faulty Device Manager Devices =============

Name: Hook Test Driver
Description: Hook Test Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SDHookDriver
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/12/2015 11:39:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2015 10:35:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2015 09:22:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GOM.EXE, version: 2.2.64.5211, time stamp: 0x542532fc
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000008
Fault offset: 0x00082915
Faulting process id: 0x1450
Faulting application start time: 0xGOM.EXE0
Faulting application path: GOM.EXE1
Faulting module path: GOM.EXE2
Report Id: GOM.EXE3

Error: (04/11/2015 02:01:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (04/11/2015 10:15:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/11/2015 01:19:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/11/2015 01:17:10 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.


Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (04/11/2015 01:07:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/10/2015 09:15:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/10/2015 09:12:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/12/2015 11:42:01 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (04/12/2015 11:42:01 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (04/12/2015 11:42:01 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (04/12/2015 11:42:01 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (04/12/2015 11:42:01 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (04/12/2015 11:42:01 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (04/12/2015 11:41:51 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (04/12/2015 11:41:51 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (04/12/2015 11:41:51 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (04/12/2015 11:39:29 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)


Microsoft Office Sessions:
=========================
Error: (04/12/2015 11:39:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2015 10:35:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2015 09:22:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: GOM.EXE2.2.64.5211542532fcntdll.dll6.1.7601.18247521ea8e7c000000800082915145001d07539c564f38cC:\Program Files (x86)\GRETECH\GomPlayer\GOM.EXEC:\Windows\SysWOW64\ntdll.dll2735b7dd-e130-11e4-8af1-e840f2f7e36f

Error: (04/11/2015 02:01:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files\CCleaner\CCleaner.exe

Error: (04/11/2015 10:15:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/11/2015 01:19:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/11/2015 01:17:10 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description:
Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.

Error: (04/11/2015 01:07:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/10/2015 09:15:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/10/2015 09:12:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2015-04-11 10:07:48.092
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-04-11 10:07:48.042
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 25%
Total physical RAM: 10188.59 MB
Available physical RAM: 7626.27 MB
Total Pagefile: 20375.38 MB
Available Pagefile: 17530.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:1844.92 GB) (Free:310.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: B81947DD)
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1844.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users