Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Name Not Available" in Sound Mixer and other erratic system behavior


  • This topic is locked This topic is locked
2 replies to this topic

#1 ChaoticMarin

ChaoticMarin

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:19 AM

Posted 15 May 2015 - 12:33 PM

I managed to give UAC rights to a malicious program that promptly installed a bunch of malware without my knowledge or approval. I'm having some trouble removing the malware in question, as none of the free anti-viruses I've tried have been able to detect it. I believe that I have tracked down and gotten rid of a lot of it, but every once in a while audio ads will begin playing for no readily apparent reason and when I look at the audio mixer I will see a (presumably virtual) audio device called "Name Not available" responsible for playing the audio. I haven't been able to remove it on my own.

 

I have also noticed that my computer has been behaving erratically on occasion. It will slow down  and all of my programs and even windows explorer will experience stuttering. I suspect that this is the fault of malware because my computer is both brand new and vastly overqualified for the tasks being presented to it. Looking at my task manager, nothing is running at above 30% while this stuttering is occurring and yet it takes more than entire second to switch between browser tabs and multiple seconds to open a new explorer window. A reboot usually temporarily solves these issues.

 

One of the things I suspect of being a virus is a program listed in the task manager as "Media Dashboard V2". Google has given extremely contradictory results as to what this program is, but it works in the background and occasionally starts eating an enormous amount of RAM for reasons that are not clear to me. When running a scan with the free version of SpyHunter 4 I also discovered an unknown application called "AdminService Application (adminservice.exe) that I do not recognize.

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-05-2015 02
Ran by Marin (administrator) on MARIN-LAPTOP on 15-05-2015 13:12:16
Running from E:\Downloads\FRST
Loaded Profiles: Marin (Available profiles: Marin)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Insyde Software Corp.) C:\Program Files (x86)\Hotkey\Driver\x64\HKClipSvc.exe
() E:\Ad-Aware\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(CLEVO CO.) C:\Program Files (x86)\Hotkey\HotkeyService.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel® Corporation) C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\JPN\JpnIME.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() E:\Ad-Aware\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
(Flux Software LLC) C:\Users\Marin\AppData\Local\FluxSoftware\Flux\flux.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(BitTorrent Inc.) C:\Users\Marin\AppData\Roaming\uTorrent\uTorrent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(LINE Corporation) E:\Program Files (x86)\LINE\LINE.exe
(Akamai Technologies, Inc.) C:\Users\Marin\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Marin\AppData\Local\Akamai\netsession_win.exe
(CLEVO CO.) C:\Program Files (x86)\Hotkey\HkeyTray.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(Curse) C:\Users\Marin\AppData\Local\Apps\2.0\ML6W8TX1.R6G\MRR33LNX.ZKJ\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\CurseClient.exe
(CLEVO CO.) C:\Program Files (x86)\Hotkey\hotkeyrtk.exe
(Creative Technology Ltd.) C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(CLEVO CO.) C:\Program Files (x86)\Hotkey\hkysound.exe
(CLEVO CO.) C:\Program Files (x86)\Hotkey\ComboKeyTray.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2685072 2015-05-01] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13876952 2015-05-07] (Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => E:\Ad-Aware\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe [9566192 2015-03-10] ()
HKLM-x32\...\Run: [Sound Blaster X-Fi MB 3] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe [2112000 2013-06-17] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-04-22] (Razer Inc.)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5844800 2015-04-02] (IObit)
HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe [11318368 2015-04-22] (Corsair Components, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-05-04] (Raptr, Inc)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-04-14] (Malwarebytes Corporation)
HKU\S-1-5-21-1695783967-3626766517-3153716179-1001\...\Run: [f.lux] => C:\Users\Marin\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-1695783967-3626766517-3153716179-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2888384 2015-05-11] (Valve Corporation)
HKU\S-1-5-21-1695783967-3626766517-3153716179-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31283328 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1695783967-3626766517-3153716179-1001\...\Run: [EADM] => E:\Program Files (x86)\Origin\Origin.exe [3632472 2015-04-14] (Electronic Arts)
HKU\S-1-5-21-1695783967-3626766517-3153716179-1001\...\Run: [uTorrent] => C:\Users\Marin\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-05-09] (BitTorrent Inc.)
HKU\S-1-5-21-1695783967-3626766517-3153716179-1001\...\Run: [GoogleChromeAutoLaunch_5DD365D5CBE488E43EB4DD1A16FF0C43] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-05-05] (Google Inc.)
HKU\S-1-5-21-1695783967-3626766517-3153716179-1001\...\Run: [LINE] => E:\Program Files (x86)\LINE\line.exe [13421080 2015-04-14] (LINE Corporation)
HKU\S-1-5-21-1695783967-3626766517-3153716179-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Marin\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1695783967-3626766517-3153716179-1001\...\MountPoints2: {9f550c0d-e25a-11e4-8251-acd1b805869a} - "G:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-1695783967-3626766517-3153716179-1001\...\MountPoints2: {d47b199e-e25e-11e4-8252-acd1b805869a} - "G:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-1695783967-3626766517-3153716179-1001\...\MountPoints2: {d47b1c85-e25e-11e4-8252-acd1b805869a} - "G:\VZW_Software_upgrade_assistant.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk [2015-04-13]
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\HkeyTray.exe (CLEVO CO.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-04-13]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{D6E67DA7-8988-46FB-BF12-70635254B0CD}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\Users\Marin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2015-04-19] ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-04-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-04-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-04-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-04-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-04-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-04-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-04-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-04-02] (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1695783967-3626766517-3153716179-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1695783967-3626766517-3153716179-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1695783967-3626766517-3153716179-1001 -> DefaultScope {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1695783967-3626766517-3153716179-1001 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.com/search?q={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2015-04-14] (IObit)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://files.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{AE12CB8A-1265-4E88-AFD1-AAB4DB4CDF83}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{D17F8E65-D7E5-4353-A677-282AE0C313E2}: [NameServer] 8.8.8.8,8.8.4.4
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Marin\AppData\Roaming\Mozilla\Firefox\Profiles\ei0nuf5q.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google (avast)
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-17] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-17] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF SearchPlugin: C:\Users\Marin\AppData\Roaming\Mozilla\Firefox\Profiles\ei0nuf5q.default\searchplugins\google-avast.xml [2015-04-14]
FF Extension: F.B. Purity - Cleans Up Facebook - C:\Users\Marin\AppData\Roaming\Mozilla\Firefox\Profiles\ei0nuf5q.default\Extensions\fbp@fbpurity.com.xpi [2015-04-14]
FF Extension: MEGA EXTENSION - C:\Users\Marin\AppData\Roaming\Mozilla\Firefox\Profiles\ei0nuf5q.default\Extensions\firefox@mega.co.nz.xpi [2015-04-14]
FF Extension: Word Count Tool - C:\Users\Marin\AppData\Roaming\Mozilla\Firefox\Profiles\ei0nuf5q.default\Extensions\jid0-YHLk2psjhEWXNJqMKTU7dDcMJcN@jetpack.xpi [2015-04-14]
FF Extension: Google Translator for Firefox - C:\Users\Marin\AppData\Roaming\Mozilla\Firefox\Profiles\ei0nuf5q.default\Extensions\translator@zoli.bod.xpi [2015-04-14]
FF Extension: Adblock Plus - C:\Users\Marin\AppData\Roaming\Mozilla\Firefox\Profiles\ei0nuf5q.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-14]
 
Chrome: 
=======
CHR Profile: C:\Users\Marin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Marin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-14]
CHR Extension: (Google Docs) - C:\Users\Marin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-14]
CHR Extension: (Google Drive) - C:\Users\Marin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-14]
CHR Extension: (YouTube) - C:\Users\Marin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-14]
CHR Extension: (Adblock Plus) - C:\Users\Marin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-04-14]
CHR Extension: (Google Search) - C:\Users\Marin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-14]
CHR Extension: (Google Sheets) - C:\Users\Marin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-14]
CHR Extension: (XKit) - C:\Users\Marin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2015-04-18]
CHR Extension: (Bookmark Manager) - C:\Users\Marin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-14]
CHR Extension: (fbQuickLogin for multiple Facebook™ accounts) - C:\Users\Marin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihpcdjelcodenkpfkbaficnkgkmljjbf [2015-04-29]
CHR Extension: (Facebook Unseen) - C:\Users\Marin\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicapmagmhahddefgokbabbgieiogjop [2015-04-29]
CHR Extension: (Video Blocker) - C:\Users\Marin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jknkjnpcbbgcbdbaampbjlhkcghmgfhk [2015-04-25]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Marin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-14]
CHR Extension: (Capture Webpage Screenshot - FireShot) - C:\Users\Marin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2015-04-15]
CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\Marin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2015-04-29]
CHR Extension: (Google Wallet) - C:\Users\Marin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-14]
CHR Extension: (Gmail) - C:\Users\Marin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 Adobe Licensing Console; C:\Windows\SysWOW64\lnsecsl.exe [1202396 2015-04-14] (                                                                                                    ) [File not signed] <==== ATTENTION
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [305664 2014-08-22] (Qualcomm Atheros) [File not signed]
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-04-19] (BitRaider, LLC)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2015-04-13] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2015-04-13] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [406016 2011-09-14] (Creative Technology Ltd) [File not signed]
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-04] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-01] (NVIDIA Corporation)
R2 HKClipSvc; C:\Program Files (x86)\Hotkey\Driver\x64\HKClipSvc.exe [246272 2014-10-29] (Insyde Software Corp.) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18584 2014-10-09] (Intel Corporation)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [878912 2015-04-02] (IObit)
R2 LavasoftAdAwareService11; E:\Ad-Aware\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe [720760 2015-03-10] ()
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2585376 2015-03-26] (IObit)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1884304 2015-05-01] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22997648 2015-05-01] (NVIDIA Corporation)
S3 Origin Client Service; E:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-14] (Electronic Arts)
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\HotkeyService.exe [23552 2014-05-27] (CLEVO CO.) [File not signed]
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [387584 2014-10-17] (Qualcomm Atheros) [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-04] ()
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026432 2015-04-26] (Enigma Software Group USA, LLC.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe [18384 2014-07-09] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AcpiCtlDrv; C:\Windows\System32\drivers\AcpiCtlDrv.sys [25880 2012-07-17] (Intel Corporation)
R3 AirplaneModeHid; C:\Windows\system32\DRIVERS\AirplaneModeHid.sys [26888 2013-06-26] (Insyde Corporation)
R3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2015-01-06] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261496 2015-01-06] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2015-01-06] (BitDefender)
R1 BdfNdisf; E:\Ad-Aware\Firewall Engine\1.6.0.0\Drivers\bdfndisf6.sys [97816 2015-01-06] (BitDefender LLC)
R1 bdfwfpf; E:\Ad-Aware\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [107080 2015-01-06] (BitDefender LLC)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [98992 2014-10-16] (Qualcomm Atheros, Inc.)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2015-04-19] (BitRaider)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation)
R3 CorsairVBusDriver; C:\Windows\System32\drivers\CorsairVBusDriver.sys [48808 2015-02-03] (Corsair)
R3 CorsairVHidDriver; C:\Windows\System32\drivers\CorsairVHidDriver.sys [22696 2015-02-03] (Corsair)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-04-26] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-04-26] ()
R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2015-03-25] (IObit)
R3 gzflt; E:\Ad-Aware\Antimalware Engine\3.0.98.0\gzflt.sys [155912 2015-01-22] (BitDefender LLC)
R3 HKKbdFltr; C:\Windows\system32\DRIVERS\HKKbdFltr.sys [41160 2014-10-29] (Insyde Software Corp.)
R3 HKMouFltr; C:\Windows\system32\DRIVERS\HKMouFltr.sys [40136 2014-10-29] (Insyde Software Corp.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-04-14] (REALiX™)
R2 iocbios2; C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [28912 2014-06-18] (Intel Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [136408 2015-05-15] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-01] (NVIDIA Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39056 2015-04-08] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-04-08] (NVIDIA Corporation)
R3 Qcamain; C:\Windows\system32\DRIVERS\Qcamainx64.sys [2242048 2014-10-15] (Qualcomm Atheros, Inc.)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2015-03-25] (IObit.com)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [788696 2015-04-14] (Realsil Semiconductor Corporation)
S3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-04] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2015-03-03] (Razer, Inc.)
R1 SvThANSP; C:\Program Files (x86)\Hotkey\SvThANSP.sys [15224 2013-10-11] (Windows ® Win 7 DDK provider)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-01-22] (BitDefender S.R.L.)
R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2015-03-25] (IObit.com)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
U0 wxuek; C:\Windows\System32\drivers\xutoy.sys [79064 2015-05-15] (Malwarebytes Corporation)
R3 XSplit_Dummy; C:\Windows\system32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-15 13:03 - 2015-05-15 13:03 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\xutoy.sys
2015-05-15 13:01 - 2015-05-15 13:01 - 00051164 _____ () C:\Users\Marin\AppData\Local\recently-used.xbel
2015-05-15 06:16 - 2015-05-15 12:21 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-15 06:16 - 2015-05-15 06:21 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-13 16:10 - 2015-05-13 16:10 - 00003104 _____ () C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1695783967-3626766517-3153716179-1001
2015-05-13 13:43 - 2015-05-05 13:59 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-13 13:43 - 2015-05-05 13:59 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-13 13:43 - 2015-04-30 16:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 13:43 - 2015-04-30 16:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 09:21 - 2015-04-30 19:05 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 09:21 - 2015-04-30 18:48 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 09:21 - 2015-04-21 13:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 09:21 - 2015-04-21 12:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 09:21 - 2015-04-21 12:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 09:21 - 2015-04-21 12:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 09:21 - 2015-04-21 12:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 09:21 - 2015-04-21 12:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 09:21 - 2015-04-21 12:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 09:21 - 2015-04-21 12:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 09:21 - 2015-04-21 12:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-05-13 09:21 - 2015-04-21 12:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 09:21 - 2015-04-21 12:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 09:21 - 2015-04-21 12:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 09:21 - 2015-04-21 12:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-05-13 09:21 - 2015-04-21 12:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 09:21 - 2015-04-21 12:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 09:21 - 2015-04-21 11:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-05-13 09:21 - 2015-04-21 11:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 09:21 - 2015-04-21 11:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-05-13 09:21 - 2015-04-21 11:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 09:21 - 2015-04-21 11:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 09:21 - 2015-04-21 11:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 09:21 - 2015-04-21 11:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 09:21 - 2015-04-21 11:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 09:21 - 2015-04-21 11:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 09:21 - 2015-04-21 11:37 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-05-13 09:21 - 2015-04-21 11:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 09:21 - 2015-04-21 11:32 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-05-13 09:21 - 2015-04-21 11:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 09:21 - 2015-04-21 11:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-05-13 09:21 - 2015-04-21 11:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 09:21 - 2015-04-21 11:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 09:21 - 2015-04-21 11:26 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 09:21 - 2015-04-21 11:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 09:21 - 2015-04-21 11:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 09:21 - 2015-04-21 11:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 09:21 - 2015-04-21 11:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 09:21 - 2015-04-21 11:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 09:21 - 2015-04-21 10:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 09:21 - 2015-04-21 10:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 09:21 - 2015-04-13 18:48 - 04180480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 09:21 - 2015-04-09 21:00 - 01996800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 09:21 - 2015-04-09 20:50 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 09:21 - 2015-04-09 20:26 - 01560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 09:21 - 2015-04-08 18:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 09:21 - 2015-03-30 01:47 - 00561928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-13 09:21 - 2015-03-26 23:27 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 09:21 - 2015-03-26 22:50 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 09:21 - 2015-03-26 22:48 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-11 03:27 - 2015-05-11 11:34 - 00000000 ____D () C:\Users\Marin\AppData\Local\Turbine
2015-05-11 03:27 - 2015-05-11 03:28 - 00000000 ____D () C:\Users\Marin\AppData\Local\Akamai
2015-05-11 03:27 - 2015-05-11 03:27 - 00000000 ____D () C:\Users\Marin\Documents\The Lord of the Rings Online
2015-05-11 03:27 - 2015-05-11 03:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Turbine
2015-05-11 02:51 - 2015-05-11 02:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQUARE ENIX
2015-05-10 23:53 - 2015-05-10 23:53 - 00000000 ____D () C:\Users\Marin\AppData\Local\LINE
2015-05-10 23:52 - 2015-05-10 23:52 - 00000703 _____ () C:\Users\Public\Desktop\LINE.lnk
2015-05-10 23:52 - 2015-05-10 23:52 - 00000703 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\LINE.lnk
2015-05-10 23:52 - 2015-05-10 23:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LINE
2015-05-09 11:11 - 2015-04-09 20:34 - 02256896 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-09 11:11 - 2015-04-09 20:11 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-09 11:11 - 2015-04-01 18:22 - 02985984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2015-05-09 11:11 - 2015-04-01 18:20 - 04417536 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2015-05-09 11:11 - 2015-03-31 23:45 - 01491456 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2015-05-09 11:11 - 2015-03-31 22:31 - 01207296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2015-05-09 11:11 - 2015-03-19 21:56 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-05-09 11:11 - 2015-03-12 20:29 - 00410017 _____ () C:\Windows\system32\ApnDatabase.xml
2015-05-09 11:11 - 2015-03-10 21:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-09 11:11 - 2015-03-10 21:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-08 21:23 - 2015-05-08 21:23 - 00000000 ____D () C:\Users\Marin\AppData\Local\Blizzard
2015-05-08 21:15 - 2015-05-08 21:15 - 00000895 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2015-05-08 21:15 - 2015-05-08 21:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2015-05-07 00:28 - 2015-05-07 00:28 - 04664792 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-05-07 00:28 - 2015-05-07 00:28 - 03182104 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-05-07 00:28 - 2015-05-07 00:28 - 02907864 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-05-07 00:28 - 2015-05-07 00:28 - 02846936 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2015-05-07 00:28 - 2015-05-07 00:28 - 02702040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-05-07 00:28 - 2015-05-07 00:28 - 01990874 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-05-07 00:28 - 2015-05-07 00:28 - 01945856 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO264.dll
2015-05-07 00:28 - 2015-05-07 00:28 - 01736408 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-05-07 00:28 - 2015-05-07 00:28 - 01713920 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO232.dll
2015-05-07 00:28 - 2015-05-07 00:28 - 01303256 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-05-07 00:28 - 2015-05-07 00:28 - 00168816 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-05-05 22:52 - 2015-05-01 12:51 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-05-05 22:52 - 2015-05-01 12:50 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-05-02 01:46 - 2015-05-15 12:34 - 00000000 ____D () C:\Users\Marin\AppData\Roaming\Skype
2015-05-01 21:10 - 2015-05-01 21:11 - 00000000 ____D () C:\Users\Marin\AppData\Roaming\Ventrilo
2015-05-01 20:55 - 2015-05-01 20:55 - 00000655 _____ () C:\Users\Marin\Desktop\Ventrilo.lnk
2015-05-01 20:55 - 2015-05-01 20:55 - 00000262 _____ () C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
2015-05-01 20:55 - 2015-05-01 20:55 - 00000000 ____D () C:\Users\Marin\AppData\Roaming\TS3Client
2015-05-01 20:55 - 2015-05-01 20:55 - 00000000 ____D () C:\Users\Marin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ventrilo
2015-05-01 02:07 - 2015-05-01 02:23 - 00000746 _____ () C:\Users\Marin\AppData\Roaming\MPQEditor.ini
2015-04-30 23:18 - 2015-05-15 10:59 - 00000000 ____D () C:\Users\Marin\AppData\Roaming\Raptr
2015-04-30 23:18 - 2015-05-05 22:33 - 00000000 ____D () C:\Program Files (x86)\Raptr
2015-04-30 23:18 - 2015-04-30 23:18 - 00001662 _____ () C:\Users\Marin\Desktop\Raptr.lnk
2015-04-30 23:18 - 2015-04-30 23:18 - 00000000 ____D () C:\Users\Marin\AppData\Roaming\library_dir
2015-04-30 23:18 - 2015-04-30 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raptr
2015-04-30 23:17 - 2015-04-30 23:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MicroVolts
2015-04-30 18:19 - 2015-04-30 18:19 - 00000844 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2015-04-30 18:19 - 2015-04-30 18:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2015-04-30 13:16 - 2015-04-30 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft Classic (Nostalrius)
2015-04-29 17:41 - 2015-05-01 23:55 - 00000188 _____ () C:\Users\Marin\.packettracer
2015-04-29 17:41 - 2015-04-29 17:41 - 00000000 ____D () C:\Users\Marin\Cisco Packet Tracer 6.2sv
2015-04-28 10:43 - 2015-04-28 10:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Packet Tracer Student
2015-04-27 15:08 - 2015-04-27 15:08 - 00000000 ____D () C:\Users\Marin\AppData\Local\Macromedia
2015-04-27 14:47 - 2015-04-27 14:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-26 21:35 - 2015-04-26 21:35 - 00000000 ____D () C:\Users\Marin\AppData\Local\webkit
2015-04-26 09:17 - 2015-05-13 13:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-04-26 09:16 - 2015-05-14 14:39 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-04-26 09:16 - 2015-05-14 14:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-04-26 09:16 - 2015-04-02 20:35 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2015-04-26 09:16 - 2015-04-02 20:14 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2015-04-26 09:16 - 2015-03-17 13:26 - 00467776 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-04-26 09:16 - 2015-03-13 00:03 - 00239424 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-04-26 09:16 - 2015-03-13 00:03 - 00154432 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2015-04-26 09:16 - 2015-03-12 22:02 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2015-04-26 09:16 - 2015-03-12 21:11 - 02162176 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2015-04-26 09:16 - 2015-03-12 20:39 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2015-04-26 09:16 - 2015-03-08 22:02 - 00057856 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys
2015-04-26 09:16 - 2015-03-05 23:08 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-04-26 09:16 - 2015-03-05 22:47 - 01696256 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2015-04-26 09:16 - 2015-03-05 22:43 - 01969664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-04-26 09:16 - 2015-03-04 19:09 - 01429504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-04-26 09:16 - 2015-03-03 21:32 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2015-04-26 09:16 - 2015-03-03 21:12 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2015-04-26 09:16 - 2015-02-17 19:19 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-04-26 09:16 - 2015-01-29 20:53 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-04-26 09:16 - 2015-01-05 23:01 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2015-04-26 09:16 - 2015-01-05 22:59 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2015-04-26 09:16 - 2015-01-05 21:12 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
2015-04-26 09:16 - 2015-01-05 21:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
2015-04-26 09:02 - 2015-04-26 09:02 - 00002318 _____ () C:\Users\Marin\Desktop\SpyHunter.lnk
2015-04-26 09:02 - 2015-04-26 09:02 - 00000000 ____D () C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2015-04-26 09:02 - 2015-04-26 09:02 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group
2015-04-26 08:59 - 2015-04-26 09:01 - 00000000 ____D () C:\ProgramData\{f61df2a4-9ac2-4f0a-f61d-df2a49acca92}
2015-04-26 08:57 - 2015-04-26 08:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Corsair Utility Engine
2015-04-26 08:57 - 2015-04-26 08:57 - 00000000 ____D () C:\Program Files (x86)\Corsair
2015-04-26 08:35 - 2015-04-26 08:35 - 00002980 _____ () C:\Users\Marin\Desktop\Rkill.txt
2015-04-26 08:24 - 2015-04-26 09:02 - 00003346 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2015-04-26 08:24 - 2015-04-26 09:02 - 00000000 ____D () C:\Users\Marin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-04-26 08:24 - 2015-04-26 09:02 - 00000000 ____D () C:\sh4ldr
2015-04-26 08:24 - 2015-04-26 08:24 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2015-04-26 08:24 - 2015-04-26 08:24 - 00000000 ____D () C:\Users\Marin\AppData\Roaming\Enigma Software Group
2015-04-26 08:24 - 2015-04-26 08:24 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-04-24 13:57 - 2015-04-24 13:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2015-04-24 02:47 - 2015-04-24 02:47 - 00001404 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-04-24 02:47 - 2015-04-24 02:47 - 00001331 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-04-24 02:47 - 2015-04-24 02:47 - 00000000 ____D () C:\Windows\PCHEALTH
2015-04-24 02:47 - 2015-04-24 02:47 - 00000000 ____D () C:\Windows\en
2015-04-24 02:47 - 2015-04-24 02:47 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2015-04-24 02:47 - 2015-04-24 02:47 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2015-04-24 02:46 - 2015-04-30 10:13 - 00000000 ____D () C:\Users\Marin\AppData\Local\Windows Live
2015-04-22 14:03 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-22 14:03 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-22 14:03 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-21 16:55 - 2015-04-21 16:55 - 00000985 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-04-21 16:55 - 2015-04-21 16:55 - 00000973 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-04-21 13:55 - 2015-04-21 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bulk Rename Utility
2015-04-21 13:36 - 2015-04-21 13:36 - 00000000 ____D () C:\Users\Marin\AppData\Roaming\Mp3tag
2015-04-21 13:35 - 2015-04-21 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2015-04-20 16:32 - 2015-04-20 16:49 - 00001318 _____ () C:\Windows\Synaptics.log
2015-04-20 16:01 - 2015-04-20 16:01 - 00000000 ____D () C:\Spacekace
2015-04-20 15:57 - 2015-04-20 15:57 - 00385080 _____ () C:\Windows\Minidump\042015-6609-01.dmp
2015-04-20 15:45 - 2015-04-20 15:45 - 00000000 ____D () C:\Users\Marin\Emulation
2015-04-20 15:45 - 2015-04-20 15:45 - 00000000 ____D () C:\Users\Marin\AppData\Roaming\higan
2015-04-20 15:45 - 2015-04-20 15:45 - 00000000 ____D () C:\Users\Marin\AppData\Roaming\ananke
2015-04-20 15:35 - 2015-04-20 15:35 - 00000577 _____ () C:\Users\Marin\Desktop\puyo3.exe.lnk
2015-04-20 15:35 - 2015-04-20 15:35 - 00000000 ____D () C:\Users\Marin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Puyo Puyo Sun
2015-04-20 15:35 - 2015-04-20 15:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puyo Puyo Sun
2015-04-20 11:53 - 2015-05-15 13:12 - 00000000 ____D () C:\FRST
2015-04-19 23:03 - 2015-04-20 15:57 - 1849655591 _____ () C:\Windows\MEMORY.DMP
2015-04-19 23:03 - 2015-04-20 15:57 - 00000000 ____D () C:\Windows\Minidump
2015-04-19 23:03 - 2015-04-19 23:03 - 00385344 _____ () C:\Windows\Minidump\041915-6328-01.dmp
2015-04-19 20:52 - 2015-04-19 20:52 - 00000000 ____D () C:\Users\Marin\AppData\Local\SWTOR
2015-04-19 19:10 - 2015-04-19 19:10 - 00000000 ____D () C:\Users\Marin\AppData\Roaming\OpenOffice
2015-04-19 13:29 - 2015-04-19 13:29 - 00000000 ____D () C:\Users\Public\Documents\BitRaider
2015-04-19 13:29 - 2015-04-19 13:29 - 00000000 ____D () C:\ProgramData\BitRaider
2015-04-19 13:28 - 2015-04-19 13:28 - 00000000 ____D () C:\Users\Marin\AppData\Local\SWTORPerf
2015-04-19 13:27 - 2015-04-19 13:27 - 00014979 _____ () C:\Users\Marin\Documents\Install STAR WARS The Old Republic.log
2015-04-19 13:27 - 2015-04-19 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
2015-04-19 03:32 - 2015-04-19 03:32 - 00000000 ____D () C:\Users\Marin\AppData\Roaming\Process Hacker 2
2015-04-19 03:31 - 2015-04-19 03:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
2015-04-19 02:10 - 2015-04-19 02:10 - 00000000 ____D () C:\Users\Marin\Documents\My Curse
2015-04-19 02:09 - 2015-04-19 02:10 - 00000000 ____D () C:\Users\Marin\AppData\Roaming\Curse Advertising
2015-04-19 02:09 - 2015-04-19 02:09 - 00000318 _____ () C:\Users\Marin\Desktop\Curse Client.appref-ms
2015-04-19 02:09 - 2015-04-19 02:09 - 00000000 ____D () C:\Users\Marin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
2015-04-19 02:08 - 2015-05-15 13:01 - 00000000 ____D () C:\Users\Marin\AppData\Local\Deployment
2015-04-19 02:08 - 2015-04-19 02:08 - 00000000 ____D () C:\Users\Marin\AppData\Local\Apps\2.0
2015-04-18 12:57 - 2003-06-12 23:25 - 00007062 _____ () C:\Windows\SysWOW64\audiopid.vxd
2015-04-18 09:46 - 2015-05-14 22:58 - 00000000 ___DO () C:\Users\Marin\OneDrive
2015-04-18 00:48 - 2015-04-18 00:48 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2015-04-18 00:48 - 2015-04-18 00:48 - 00000000 ____D () C:\ProgramData\Battle.net
2015-04-17 20:48 - 2015-04-17 20:48 - 00001872 _____ () C:\Users\Marin\Desktop\FF7 BootLoader.lnk
2015-04-17 20:48 - 2015-04-17 20:48 - 00000000 ____D () C:\Users\Marin\AppData\Roaming\WinRAR
2015-04-17 20:48 - 2015-04-17 20:48 - 00000000 ____D () C:\Users\Marin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Final Fantasy VII
2015-04-17 17:56 - 2015-05-02 22:37 - 00000000 ____D () C:\Users\Marin\AppData\Roaming\OBS
2015-04-17 17:56 - 2015-04-17 17:56 - 00000951 _____ () C:\Users\Marin\Desktop\Open Broadcaster Software.lnk
2015-04-17 17:56 - 2015-04-17 17:56 - 00000000 ____D () C:\Users\Marin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2015-04-17 17:56 - 2015-04-17 17:56 - 00000000 ____D () C:\Program Files\OBS
2015-04-17 17:56 - 2015-04-17 17:56 - 00000000 ____D () C:\Program Files (x86)\OBS
2015-04-17 17:47 - 2015-04-17 17:47 - 00000000 ____D () C:\Users\Marin\AppData\Local\IsolatedStorage
2015-04-17 17:45 - 2015-04-17 17:45 - 00001256 _____ () C:\Users\Public\Desktop\XSplit Gamecaster.lnk
2015-04-17 17:45 - 2015-04-17 17:45 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2015-04-17 17:45 - 2015-04-17 17:45 - 00000000 ____D () C:\ProgramData\SplitMediaLabs
2015-04-17 17:45 - 2015-04-17 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
2015-04-17 17:45 - 2015-04-17 17:45 - 00000000 ____D () C:\Program Files (x86)\SplitmediaLabs
2015-04-17 17:44 - 2015-04-17 17:44 - 00000000 ____D () C:\Users\Marin\AppData\Roaming\SplitmediaLabs
2015-04-17 16:08 - 2015-04-17 16:08 - 00000000 ____D () C:\Users\Marin\AppData\Roaming\Corsair
2015-04-17 16:08 - 2015-04-17 16:08 - 00000000 ____D () C:\Users\Marin\AppData\Local\Corsair
2015-04-17 15:58 - 2015-05-15 12:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-17 15:58 - 2015-04-17 20:04 - 00000000 ____D () C:\Users\Marin\AppData\Local\Adobe
2015-04-17 15:58 - 2015-04-17 20:03 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-17 15:56 - 2015-04-18 00:48 - 00001278 _____ () C:\Users\Public\Desktop\World of Warcraft.lnk
2015-04-17 15:56 - 2015-04-17 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2015-04-17 15:51 - 2015-05-02 21:27 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2015-04-17 15:48 - 2015-05-15 12:45 - 00000000 ____D () C:\Users\Marin\AppData\Local\Battle.net
2015-04-17 15:48 - 2015-05-11 13:52 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-04-17 15:48 - 2015-04-17 15:50 - 00000000 ____D () C:\Users\Marin\AppData\Roaming\Battle.net
2015-04-17 15:48 - 2015-04-17 15:48 - 00000000 ____D () C:\Users\Marin\AppData\Local\Blizzard Entertainment
2015-04-17 15:48 - 2015-04-17 15:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2015-04-17 15:08 - 2015-04-17 21:36 - 00001679 _____ () C:\Users\Marin\Desktop\Final Fantasy VII.lnk
2015-04-17 15:08 - 2015-04-17 15:08 - 00001561 _____ () C:\Users\Marin\Desktop\FF7Config.lnk
2015-04-17 15:07 - 2015-04-19 13:27 - 00000000 ____D () C:\Games
2015-04-17 15:06 - 2015-04-17 15:06 - 00000000 ____D () C:\Users\Marin\Documents\Square Enix
2015-04-17 15:06 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2015-04-17 15:06 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-04-17 15:06 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2015-04-17 15:06 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2015-04-17 15:06 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-04-17 15:06 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2015-04-17 15:06 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2015-04-17 15:06 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2015-04-16 22:42 - 2015-04-16 22:42 - 00000000 ____D () C:\Users\Marin\Documents\Top Quality
2015-04-15 19:38 - 2015-04-15 19:38 - 00002964 _____ () C:\Users\Marin\Desktop\GenerateFNISforUsers.lnk
2015-04-15 19:33 - 2015-05-15 13:11 - 00000000 ____D () C:\Users\Marin\AppData\Roaming\uTorrent
2015-04-15 19:33 - 2015-04-15 19:33 - 00000839 _____ () C:\Users\Marin\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-04-15 15:53 - 2015-04-15 15:53 - 00000000 ____D () C:\Users\Marin\AppData\Local\Nexus
2015-04-15 15:23 - 2015-04-20 15:45 - 00000000 ____D () C:\Users\Marin\AppData\Roaming\NVIDIA
2015-04-15 15:04 - 2015-04-15 15:04 - 00001290 _____ () C:\Users\Marin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ModOrganizer.lnk
2015-04-15 14:51 - 2015-04-26 17:04 - 00000000 ____D () C:\Program Files (x86)\Mod Organizer
2015-04-15 14:25 - 2015-04-15 14:25 - 00000000 _____ () C:\Windows\SysWOW64\RENAE13.tmp
2015-04-15 14:25 - 2015-04-15 14:24 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-04-15 01:42 - 2014-11-15 15:05 - 00801584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-04-15 01:42 - 2014-11-15 02:29 - 00962216 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-04-15 01:42 - 2014-11-14 02:57 - 01027584 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2015-04-15 01:42 - 2014-11-14 01:03 - 00885760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2015-04-15 01:42 - 2014-11-10 14:06 - 02485056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-04-15 01:42 - 2014-11-10 14:06 - 00473408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-04-15 01:42 - 2014-11-10 14:06 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-04-15 01:42 - 2014-11-10 14:06 - 00136512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2015-04-15 01:42 - 2014-11-09 22:57 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
2015-04-15 01:42 - 2014-11-09 21:37 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2015-04-15 01:42 - 2014-11-09 21:34 - 01084416 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-04-15 01:42 - 2014-11-09 21:26 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-04-15 01:42 - 2014-11-09 21:20 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2015-04-15 01:42 - 2014-11-09 21:09 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-04-15 01:42 - 2014-11-09 21:08 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2015-04-15 01:42 - 2014-11-09 21:06 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-04-15 01:42 - 2014-11-09 20:57 - 00624640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2015-04-15 01:42 - 2014-11-09 20:57 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-04-15 01:42 - 2014-11-08 00:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys
2015-04-15 01:42 - 2014-11-07 23:58 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys
2015-04-15 01:42 - 2014-11-07 23:56 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp
2015-04-15 01:42 - 2014-11-07 23:56 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
2015-04-15 01:42 - 2014-11-07 23:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
2015-04-15 01:42 - 2014-11-07 23:24 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll
2015-04-15 01:42 - 2014-11-07 23:13 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kmddsp.tsp
2015-04-15 01:42 - 2014-11-07 23:13 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll
2015-04-15 01:42 - 2014-11-07 23:13 - 00022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll
2015-04-15 01:42 - 2014-11-07 22:48 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdiag.dll
2015-04-15 01:42 - 2014-11-07 22:38 - 00166912 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2015-04-15 01:42 - 2014-11-07 22:17 - 00143360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2015-04-15 01:42 - 2014-11-07 22:03 - 00733696 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2015-04-15 01:42 - 2014-11-07 21:58 - 04837376 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2015-04-15 01:42 - 2014-11-07 21:49 - 01154048 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2015-04-15 01:42 - 2014-11-06 23:58 - 00952896 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2015-04-15 01:42 - 2014-11-06 23:20 - 00786120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2015-04-15 01:42 - 2014-11-04 22:12 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\QSHVHOST.DLL
2015-04-15 01:42 - 2014-11-04 22:12 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\QSVRMGMT.DLL
2015-04-15 01:42 - 2014-11-04 22:06 - 00514048 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairing.dll
2015-04-15 01:42 - 2014-11-04 21:44 - 00657920 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-04-15 01:42 - 2014-11-04 21:43 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2015-04-15 01:42 - 2014-11-04 21:41 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2015-04-15 01:42 - 2014-11-04 21:39 - 00155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QSHVHOST.DLL
2015-04-15 01:42 - 2014-11-04 21:39 - 00094208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QSVRMGMT.DLL
2015-04-15 01:42 - 2014-11-04 21:33 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairing.dll
2015-04-15 01:42 - 2014-11-04 21:21 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2015-04-15 01:42 - 2014-11-04 21:20 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2015-04-15 01:42 - 2014-11-04 21:18 - 00507392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2015-04-15 01:42 - 2014-11-04 21:14 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll
2015-04-15 01:42 - 2014-11-04 21:06 - 00555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2015-04-15 01:42 - 2014-11-04 15:33 - 00058176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2015-04-15 01:42 - 2014-11-04 15:25 - 00059712 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys
2015-04-15 01:42 - 2014-11-04 15:25 - 00051008 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys
2015-04-15 01:42 - 2014-11-04 02:55 - 00026112 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys
2015-04-15 01:42 - 2014-11-04 02:54 - 00108544 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys
2015-04-15 01:42 - 2014-11-04 02:54 - 00032256 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys
2015-04-15 01:42 - 2014-11-04 02:54 - 00030208 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys
2015-04-15 01:42 - 2014-11-04 02:27 - 00128512 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2015-04-15 01:42 - 2014-11-04 01:01 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2015-04-15 01:42 - 2014-10-30 20:51 - 18823168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2015-04-15 01:42 - 2014-10-30 20:10 - 15158784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2015-04-15 01:42 - 2014-10-28 23:05 - 00551232 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2015-04-15 01:42 - 2014-10-28 21:55 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2015-04-15 01:42 - 2014-10-28 21:13 - 00169984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2015-04-15 01:42 - 2014-10-20 21:59 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\eventcls.dll
2015-04-15 01:42 - 2014-10-20 21:19 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eventcls.dll
2015-04-15 01:42 - 2014-10-20 20:50 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\vsstrace.dll
2015-04-15 01:42 - 2014-10-20 20:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll
2015-04-15 01:42 - 2014-10-20 20:31 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vsstrace.dll
2015-04-15 01:42 - 2014-10-20 20:30 - 01454080 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2015-04-15 01:42 - 2014-10-20 20:20 - 01142272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vssapi.dll
2015-04-15 01:42 - 2014-10-17 00:56 - 00039744 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2015-04-15 01:42 - 2014-10-16 23:35 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2015-04-15 00:56 - 2015-04-15 00:56 - 00000000 ____D () C:\Windows\system32\appraiser
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-15 13:03 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\SchCache
2015-05-15 13:01 - 2015-04-14 11:05 - 00000000 ____D () C:\Users\Marin\AppData\Local\gtk-2.0
2015-05-15 13:01 - 2015-04-14 11:03 - 00000000 ____D () C:\Users\Marin\.gimp-2.8
2015-05-15 13:00 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru
2015-05-15 12:56 - 2015-04-14 14:19 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-15 07:45 - 2015-04-13 21:36 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F30B91D5-0670-4733-951B-D02E531B1BAD}
2015-05-15 06:16 - 2015-04-14 00:11 - 00003904 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-15 06:16 - 2015-04-14 00:11 - 00003668 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-15 03:48 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\rescache
2015-05-15 00:32 - 2015-04-13 21:34 - 01635980 _____ () C:\Windows\WindowsUpdate.log
2015-05-14 23:01 - 2014-11-21 04:44 - 00865408 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-14 22:59 - 2015-04-14 23:25 - 00000000 ____D () C:\ProgramData\Origin
2015-05-14 22:59 - 2015-04-14 14:34 - 00002882 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (Marin)
2015-05-14 22:58 - 2015-04-14 00:12 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-14 22:56 - 2015-04-14 14:34 - 00000105 _____ () C:\Windows\SysWOW64\get.dat
2015-05-14 22:56 - 2015-04-14 13:05 - 00000937 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-05-14 22:55 - 2015-04-14 14:28 - 00007372 _____ () C:\Windows\setupact.log
2015-05-14 22:54 - 2015-04-13 23:46 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-14 22:54 - 2013-08-22 10:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-14 22:54 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-05-14 22:53 - 2015-04-14 00:28 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-14 22:53 - 2015-04-14 00:28 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-14 22:53 - 2013-08-22 11:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-05-14 20:53 - 2015-04-13 21:39 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1695783967-3626766517-3153716179-1001
2015-05-14 16:03 - 2015-04-14 00:11 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-14 16:03 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-05-14 16:01 - 2015-04-14 00:11 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-14 15:16 - 2015-04-14 00:11 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-14 14:52 - 2015-04-14 14:34 - 00002168 _____ () C:\Users\Public\Desktop\Driver Booster 2.lnk
2015-05-14 14:42 - 2013-08-22 10:44 - 00373792 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-13 13:40 - 2014-11-21 04:25 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-12 23:25 - 2015-04-14 13:16 - 00000000 ____D () C:\ProgramData\ProductData
2015-05-12 11:14 - 2015-04-13 21:34 - 00000000 ____D () C:\Users\Marin
2015-05-11 03:27 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-11 03:04 - 2015-04-14 00:35 - 00000000 ____D () C:\Users\Marin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-05-11 02:51 - 2015-04-14 22:27 - 00000000 ____D () C:\Users\Marin\Documents\My Games
2015-05-11 02:51 - 2015-04-13 23:43 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-09 11:15 - 2015-04-13 23:50 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2015-05-08 03:14 - 2015-04-14 00:12 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-05-03 21:08 - 2015-04-14 00:13 - 00000000 ____D () C:\Users\Marin\AppData\Roaming\Foxit Software
2015-05-02 01:46 - 2015-04-14 00:30 - 00000000 ____D () C:\Users\Marin\AppData\Roaming\Skype_old
2015-05-02 01:37 - 2015-04-14 00:13 - 00000000 ____D () C:\ProgramData\Skype
2015-05-01 12:51 - 2015-04-13 23:47 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-05-01 12:50 - 2015-04-13 23:47 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-04-29 17:33 - 2015-04-14 14:28 - 00553636 _____ () C:\Windows\PFRO.log
2015-04-29 17:33 - 2015-04-14 00:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-26 09:25 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2015-04-26 09:17 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-04-26 07:36 - 2015-04-14 23:26 - 00000000 ____D () C:\Users\Marin\AppData\Roaming\Origin
2015-04-24 02:47 - 2015-04-14 22:27 - 00027882 _____ () C:\Windows\DirectX.log
2015-04-24 02:47 - 2015-04-13 23:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-04-24 02:47 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-04-22 14:03 - 2015-04-14 14:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-21 14:59 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-04-18 12:57 - 2015-04-13 23:43 - 00000000 ____D () C:\Program Files (x86)\Creative
2015-04-18 09:46 - 2015-04-13 21:34 - 00000000 ____D () C:\Users\Marin\AppData\Local\Packages
2015-04-18 09:19 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-16 20:16 - 2015-04-13 23:57 - 00000000 ____D () C:\ProgramData\Qualcomm
2015-04-16 02:41 - 2015-04-14 12:59 - 00000000 ____D () C:\ProgramData\6ba3b6bbebfb4c96b6c6f22617b5d6af
2015-04-15 14:25 - 2015-04-14 00:11 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-15 14:25 - 2015-04-14 00:11 - 00000000 ____D () C:\Program Files\Java
2015-04-15 14:25 - 2015-04-14 00:11 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-15 14:10 - 2015-04-14 13:44 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-04-15 06:51 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppCompat
2015-04-15 01:43 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\SysWOW64\setup
2015-04-15 01:43 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\setup
2015-04-15 00:56 - 2014-11-21 11:56 - 00000000 ___SD () C:\Windows\system32\CompatTel
 
==================== Files in the root of some directories =======
 
2015-05-01 02:07 - 2015-05-01 02:23 - 0000746 _____ () C:\Users\Marin\AppData\Roaming\MPQEditor.ini
2015-04-14 12:58 - 2015-04-14 12:58 - 0000064 _____ () C:\Users\Marin\AppData\Local\20d4f989a47ca17d660b14d705ffe1d4
2015-04-13 23:56 - 2015-04-13 23:56 - 0000000 _____ () C:\Users\Marin\AppData\Local\Driver_11ACPresent.flag
2015-04-14 14:16 - 2015-04-14 14:16 - 0628688 _____ (CMI Limited) C:\Users\Marin\AppData\Local\nsoB1F5.tmp
2015-05-15 13:01 - 2015-05-15 13:01 - 0051164 _____ () C:\Users\Marin\AppData\Local\recently-used.xbel
 
Some content of TEMP:
====================
C:\Users\Marin\AppData\Local\Temp\5D84EE79-1DC1-4D63-3D2B-8E771C04CE2F.dll
C:\Users\Marin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpt3rthl.dll
C:\Users\Marin\AppData\Local\Temp\genteert.dll
C:\Users\Marin\AppData\Local\Temp\raptrpatch.exe
C:\Users\Marin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Marin\AppData\Local\Temp\SpOrder.dll
C:\Users\Marin\AppData\Local\Temp\sqlite3.dll
C:\Users\Marin\AppData\Local\Temp\__pythonRunner.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-14 04:19
 
==================== End Of Log ============================

Attached Files


Edited by ChaoticMarin, 15 May 2015 - 12:38 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:19 AM

Posted 19 May 2015 - 10:22 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CreateRestorePoint:
CloseProcesses:

HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1695783967-3626766517-3153716179-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF DefaultSearchEngine.US: Google (avast)
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SearchPlugin: C:\Users\Marin\AppData\Roaming\Mozilla\Firefox\Profiles\ei0nuf5q.default\searchplugins\google-avast.xml [2015-04-14]
S2 Adobe Licensing Console; C:\Windows\SysWOW64\lnsecsl.exe [1202396 2015-04-14] (                                                                                                    ) [File not signed] <==== ATTENTION
U0 wxuek; C:\Windows\System32\drivers\xutoy.sys [79064 2015-05-15] (Malwarebytes Corporation)
C:\Windows\System32\drivers\xutoy.sys
C:\Windows\SysWOW64\lnsecsl.exe
C:\Users\Marin\AppData\Local\Temp\5D84EE79-1DC1-4D63-3D2B-8E771C04CE2F.dll
C:\Users\Marin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpt3rthl.dll
C:\Users\Marin\AppData\Local\Temp\genteert.dll
C:\Users\Marin\AppData\Local\Temp\raptrpatch.exe
C:\Users\Marin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Marin\AppData\Local\Temp\SpOrder.dll
C:\Users\Marin\AppData\Local\Temp\sqlite3.dll
C:\Users\Marin\AppData\Local\Temp\__pythonRunner.dll
Task: {13DA1AC9-AF71-49C8-A96F-69E4C5698833} - \CIMT_daily_S-1-5-21-1695783967-3626766517-3153716179-1001 No Task File <==== ATTENTION
Task: {D76AD971-FDFF-4CAB-A79C-4B81BB18167D} - \Bidaily Synchronize Task No Task File <==== ATTENTION
Task: {F250E220-7BA8-45C5-936D-4A0571D1E5B9} - \CIMT_S-1-5-21-1695783967-3626766517-3153716179-1001 No Task File <==== ATTENTION
Task: {FFE5497B-D74E-4745-BC5F-E18B5AB61C8E} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
C:\Program Files (x86)\OLBPre

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:19 AM

Posted 24 May 2015 - 06:58 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users